Service Assisted Device

Communications on Microsoft Azure

Rick G. Garibay

MVP Microsoft Azure

@rickggaaribay

About Me• VP, Distinguished Engineer leading the Development Platform Group at

Neudesic

• Working on IoT, Intelligent Transportation and Hospitality & Gaming

• 8-time Microsoft MVP, Microsoft Azure

• Co-Author, “Windows Server AppFabric Cookbook” by Packt Pub.

• Chairman, Co-Founder Phoenix Connected Systems User Group (PCSUG.org)

• twitter: @rickggaribay

• Official Hashtag: #azureconf

• blog: http://rickgaribay.net

• email: rick.garibay@neudesic.com | rick@rickgaribay.net

Agenda

• Internet of Things by the Numbers

• Devices, Protocols & Messaging Models

• IoT vs. “Things on the Internet”

• Service Assisted Communication on the Reykjavik Device Gateway

Internet of ThingsBy the numbers

There’s one thing analysts agree on

B5075212

OEM Revenue Opportunity | Market Forecast CY17

Source: IDC Sept 2013 and Microsoft

Auto & Trans Retail Manufacturing Healthcare Energy Computing Telecom Consumer

$7 B $16 B $197 B $3 B $27 B $908 B $179 B $356 B System Revenue

IntelligentSystems

1.7T$

The Internet of Things is the network of physical objects that contain embedded technology to communicate and interact with

their internal states or the external environment.

Devices, Protocols & Patterns

IoT Device Taxonomy

LargeLargeLargeLarge

MobileMobileMobileMobile

MicroMicroMicroMicro

SmallSmallSmallSmall

POS terminal, ATM, MRI

x86, PC-like, apps

Industry handheld, POS tablet

ARM and x86, shell experience, apps

Gateways, wearables, panels, cars

ARM and x86, diverse hardware, no shell

Controllers, fixed-use, sensors, actuators

ARM, constrained hardware, headless

5mm 5mm

Raspberry Pi

Intel Galileo

Arduino Uno

Netduino Plus 2

Gadgeteer Fez Spider

Beyond the garage, the true significance of IoT is the foundation it creates for providing insights and actions that enable new business capabilities.

Smart Products

Grid

Renewables

Oil/Gas/Coal Recovery and

Distribution

Pointsof Sale

Restaurants

Hotels

FuelStations

Patients

Clinics

Hospitals

NursingHomes

MobileCare

SafetySecurity

ComfortLighting

Automation

Manufacturing Integration and

AutomationRemote

Servicing

Predictive and Reactive

Maintenance

Water

Waste

PollutionControl

Fire

Emergency

PublicSafety

Law Enforcement

Letters

Packages

Containers

Tanks Bulkware

Games

Events

Sports

TelevisionStreaming

Traffic Buses

Cars

Trucks

Trains

Vessels

Aircraft

Bikes

Smart Energy

Smart Retail

Smart Mobility

Smart Logistics

Smart Factory

Smart Cities

Smart Entertain-

ment

Smart Health-

care

Smart Building Home

From IT to Operational Technology

IT

Servers, Applications, Systems

OT

Devices, Telemetry, Command & Control

Data-Driven Insight + Action at a Distance

Data Driven Insight + Action at a Distance

Data –> Information –> Insight ($+)

• Make more efficient use of resources

• Provide more targeted products and services

• Discover patterns, trends that lead to new business insights

Action at a Distance

• Acting on Data Insights (Real-Time and At Rest)

• The ability to act remotely –automatically and intelligently

• Remote control is a source of efficiency

• Enables new forms of customer interaction and engagement

19

Manufacturing: Consumer PRM

20

Insight

• Mineralization reads• # of daily work cycles• Flavor trends

Action

• Request permission to conduct descaling task

• Upsell to more robust model • New alliances, e-coupons,

etc.

Transportation : Smart Parking

21

Insight

• Vehicle ingress/egress from parking spot

• Meter payment• Meter expiry

Action

• Dynamic pricing adjustment based on parking saturation

• Extending meter time remotely via smart phone

• Directed enforcement of ticketing

Retail: Product Placement

22

Insight

• iBeacon signatures • Area/isle/product interaction• * Not just opt-in!

Action

• Triangulation• Customer Experience• Product placement

Message Types

Voluntary information flow from device to

another system.

Requests for information

from device to other systems.

Instructions from other

systems to a device.

Information flow from other systems to the

device.

Telemetry Inquires Commands Notifications

Various Protocols

2G

Wi-Fi

RFID

GPRS SMS

3G

LTE

WiMax

ZigBee

NFC

TCP

UDP

BLE

AMQP

MQTT

CoAP

Custom

HTTP

…

Default Connectivity Model

• Connectivity (IPv6 + VPN)• Give every device a routable IP address• Devices expose services for control/query operations• Command Source is either on premise or remote,

enabled by a bridge of some sort. • Remote access is enabled within the VPN’s routing

domain

Default Connectivity Model

Connections are command source

initiated.

Device exposes a service/API

Command Source

Default Connectivity Challenges• Addressability

• Requires network-layer intervention• Doesn’t work for devices that are loosely connected (roaming, frequently offline)

• Security• By default, every protocol that can be routed over Ethernet can flow – and between any two nodes• SSL/TLS is not an option on many small devices. • VPN controls access to IP addresses and ports, not application endpoints (lack of granular authorization)• Many devices are not VPN-capable due to resource/bandwidth constraints

• Efficient scale• VPN infrastructure is expensive and costly to maintain• Does not address device management.

• Think 1K, 10K, 100K+ devices

On-Premise Brokered Model

• Connectivity (IPv6 + VPN)• Give every device a routable IP address.• Devices participate in pub-sub messaging on-prem or

via VPN using industry standard protocol like MQTT.• Command Source is either on premise or remote,

enabled by a bridge of some sort. • Remote access is enabled within the VPN’s routing

domain.

On-Premise Brokered Model

Device subscribes to broker via TCP, etc.

Device Broker

Typically a socket connection.

Messaging happens on premise, attack surface minimized.

MQTT, etc.Command Source

Must be on premise or somehow bridged.

On-Premise Brokered Challenges• Addressability

• Device and broker are intimately connected.

• Doesn’t work for devices that are loosely connected (roaming, frequently offline).

• Security• SSL/TLS is not an option on many small devices.

• Many devices are not VPN-capable due to resource/bandwidth constraints.

• Efficient scale• VPN infrastructure is expensive and costly to maintain.

• External commands require some kind of a gateway service.

• Does not address device management.

• Think 1K, 10K, 100K+ devices

Service Assisted Communications Model

• Devices connect via open standard protocols• AMQP 1.0 and HTTP supported natively by the Service Bus

• MQTT, CoAP and others can be implemented via custom gateway/adapter model

• Sockets secured via TLS (or a lightweight variant)

• Each device has a dedicated Inbox/Outbox on the Gateway• Device sends telemetry/alerts and routes service invocations via its Outbox

• Device receives commands and queries from its Inbox

• Correlated request/reply patterns can be implemented on top of these two messaging channels

• The device knows, and has access to, only its own specific inbox/outbox endpoints (URI’s)

Backend Components

Cloud Gateway

Inbox

Outbox

Co

mm

and

AP

I

Pro

toco

l H

ead

Device

Service-Assisted Communications

Connections are device-initiated and

outbound

NAT/Firewall Device (Router)

IP NAT

Cloud Gateway

Command Source

Port mapping is automatic, outbound

Device does not listen for unsolicited

traffic

No inbound ports open, attack surface

is minimized

Access-controlled command API

Secure, managed hosting platform

Outbound

DNSmyapp.cloudapp.net

Telemetry Routing with the Azure Service Bus

� Split the stream

� Enable parallel processing

� Implement different Q QoS levels

� Level and balance the load

Topic SubsFilters

Service Bus

Device 2

Receiver 2b

Device 1

Device 3Receiver 2a

Alerts

Data

Receiver 1Alert Processor

StoragePre-processor

Routing Commands with the Azure Service Bus

TopicSubs Filters

Service Bus

Device 2

Device 1

Device 3Sender 2

Model A

Device 3

Sender 1

Model TModel T

Model A

� Target individuals or groups

� Set delivery timeouts (TTL)

� Deal with spotty connectivity

� Traverse NATs/firewalls securely

Event Hub for IoT: Big Data Ingestion

Event Sources Cloud Services

Storage & Analytics

Custom Code & 3rd Party Services

Web/Mobile User Interfaces

Integration Services

Event Hub

- Hyper Scale -

- Fully Managed -

- Interoperable -

- Secure -

- Cost Effective -

DEMODEMODEMODEMO 1111Device-Direct Commands over Azure Service Bus Queues

Service Assisted Custom/Cloud Gateway Challenges• Device Provisioning

• From a handful to thousands of devices• Self-service, scripted, automated

• Connectivity• Addressability (non-IP devices, firewalls/NATs, online/offline, roaming)• Heterogeneity (OS/firmware, power/network constraints, protocols)• Security (identity, authorization, privacy, data integrity)• Efficient Scale (millions of devices per tenant, at a reasonable cost)

• Messaging• Telemetry (collection, filtering, routing, throughput, per-message QoS)• Notifications (targeting devices/device groups within large populations)• Command/Query and Inquiries (correlation, sessions/batching)

IoT Cloud Platform “Stack” – Abstract Model

Non-IPCapable Devices

IPCapable Devices C

lou

d G

ate

way

Custom Code

Clo

ud

Pla

tfo

rm

Serv

ices

EnterpriseSystems

Third-Party Data and Services

A B C D E F

Fie

ld

Gate

way

Azure Hosting Options

Non-IPCapable Devices

IPCapable Devices C

lou

d G

ate

way

Custom Code

Clo

ud

Pla

tfo

rm

Serv

ices

EnterpriseSystems

Third-Party Data

and Services

A B C D E F

Web Sites

Mobile Services Cloud Services

External Code

VM Roles

Fie

ld

Gate

way

Azure Platform Services

Non-IPCapable Devices

IPCapable Devices C

lou

d G

ate

way

Custom Code

Clo

ud

Pla

tfo

rm

Serv

ices

EnterpriseSystems

Third-Party Data and Services

A B C D E F

HD Insight

Azure Databases

Table/Blob Storage

BizTalk Services

Service Bus

Fie

ld

Gate

way

Media Services

Azure – IoT Cloud Gateway

Non-IPCapable Devices

IPCapable Devices C

lou

d G

ate

way

Custom Code

Clo

ud

Pla

tfo

rm

Serv

ices

EnterpriseSystems

Third-Party Data

and Services

Fie

ld

Gate

way

A B C D E FA B C D

Serv

ice B

us

A/B

Serv

ice B

us

A/B

Cu

sto

mG

W R

ole

Pattern 1: Device Direct Pattern 2: Custom Gateway

Service Assisted CommunicationsOn the Azure Cloud Gateway Accelerator – Code Name Reykjavik

Service Bus Messaging

Device Gateway Accelerator – Reference Architecture (Reykjavík)

1. Custom Protocol Gateway

2. Telemetry Pump and Adapters

3. Command Gateway

4. Provisioning Service and Metadata Store

Custom Protocol Gateway Host

MQTT CoAP …

Telemetry/Request Router

Notification/CommandRouter

Adapters Command API Host

Provisioning Service

Device Metadata and Key

Store

HD

Insi

gh

t

Biz

Talk

Orl

ean

s

Azu

re S

tora

ge

Azu

re D

bs

Serv

ice B

us HTTP

HTTP

Devices

AMQP

1

2 3

4

Configuration

HTTP

Yo

ur

Pro

cess

Device (Non-ISS)

Device (Non-ISS)

Event Hub

Azure Storage

Rich Device Registry & Object Model of “Things”

Azure

ISS

Customer Apps

HDInsights

BI Systems

3rd Party Solutions

Data Flow

Intelligent Systems Service (LP)

SQL Azure

Event Hub

Basic Device

Registry

ISS S

ecu

rity

, P

riva

cy &

Sh

ari

ng

Co

ntr

ols

IoT Rule Templates

Natural Language Query

ISS Agents

ISS Agents

ISS Agents

ISS Solution

Sin

gle

Acc

ou

nt,

Per

devi

ce B

illin

g,

etc

.

Command & Control

Azure Event Processing

ISS

Po

rtal

Device Gateway – Partition Topology

• The “Partition” is a set of resources dedicated to a specific device population (or subset thereof).

• The “Master” role manages partition deployment and device provisioning into the partitions.

PartitionMaster

Partition Repo

Command Topics

Service Bus Standard Protocol Custom Protocol

Device Repoin0000 inFFFF…in0001 in0002

AMQP HTTP MQTT Custom Protocol Host

Protocol Adapters

diagall diagall diagall diagall

Telemetry Pump/Router

N Instances

Telemetry Adapter

Telemetry Adapter

Telemetry Adapter

DeploymentRuntime

out0000 outFFFF…out0001 out0002

s0001

s0002

s03E7

s0001

s0002

s03E7

s0001

s0002

s03E7

s0001

s0002

s03E7

g0000/rte0000

g0000/rte0001

ou

t0

ou

t1

ou

t2

n Groups of m Routers

ou

t0

ou

t1

ou

t2

g0001/rte0000

g0001/rte0001

ou

t0

ou

t1

ou

t2

ou

t0

ou

t1

ou

t2

ProvisioningRuntime

Ingestion Topics or Event Hubs (Telemetry)

CommandAPI Host

DEMO 2 DEMO 2 DEMO 2 DEMO 2 –––– REYKJAVIK SNEAK PEAK!REYKJAVIK SNEAK PEAK!REYKJAVIK SNEAK PEAK!REYKJAVIK SNEAK PEAK!Reykjavik Device Gateway Deployment and Provisioning

Device Gateway – Customer Topology

• Global coverage achieved by spreading partitions across multiple Azure regions

• Reference architecture supports up to 1000 distinct partitions

• Number and distribution of partitions driven by data volumes, business continuity, legal and proximity considerations

Consumer: Space Heater

48

Insight

• Current Temperature• Current Fan Speed• Current Fan RPM

Action

• Increase/reduce fan speed• Change temperature• Change readings interval

DEMO 3 DEMO 3 DEMO 3 DEMO 3 ---- REYKJAVIK SNEAK REYKJAVIK SNEAK REYKJAVIK SNEAK REYKJAVIK SNEAK PEAK!PEAK!PEAK!PEAK!Reykjavik Device Gateway Telemetry & Commands

Event Velocity

Device telemetry• Thermostats report data

every 15 minutes

• Cars send telemetry data every minute

Application telemetry• Application perf counters are measured

every second per server

• Mobile app telemetry is captured for every action on your app!

App and operational events• Halo game engine estimate 1,000,000

messages/second

Protocol reach to devices and platforms

Windows

Azure Service Bus

Queues

Topics

Event hubs

/azure-sdk-for-python/

/azure-sdk-for-php/

/azure-sdk-for-node/

/azure-sdk-for-java/

/azure-sdk-for-ruby/

HTTP(S)HTTP(S)HTTP(S)HTTP(S)

https://github.com/windowsAzureAMQP 1.0

Other platforms

AMQP AMQP AMQP AMQP 1.01.01.01.0

EmbeddedEmbeddedEmbeddedEmbedded

Event Hub Pub-Sub Ingestion

FacetFacetFacetFacet ServiceServiceServiceService Bus Event Hub CapabilityBus Event Hub CapabilityBus Event Hub CapabilityBus Event Hub CapabilityVariety: > million publishers with HTTP/AMQPVelocity: > million EventData data ingress/secondVolume: > GB/s ingress, concurrent consumersSecurity: SAS based, unique token per publisherBuffer: Consumer provides its cursor/offsetDurable: Between 1 and 30 days retentionLatency: 50ms end-to-end durableCost: Competitive pricing, PaaS service so pay-as-you-go

52

Service Bus Messaging + Event Hubs!

Device Gateway Accelerator – Reference Architecture (Reykjavík)

1. Custom Protocol Gateway

2. Telemetry Pump and Adapters

3. Command Gateway

4. Provisioning Service and Metadata Store

Custom Protocol Gateway Host

MQTT CoAP …

Telemetry/Request Router

Notification/CommandRouter

Adapters Command API Host

Provisioning Service

Device Metadata and Key

Store

HD

Insi

gh

t

Biz

Talk

Orl

ean

s

Azu

re S

tora

ge

Azu

re D

bs

Serv

ice B

us HTTP

HTTP

Devices

AMQP

1

2 3

4

Configuration

HTTP

Yo

ur

Pro

cess

About Me

• VP, Distinguished Engineer leading the Development Platform Group at Neudesic

• Working on IoT, Intelligent Transportation and Hospitality & Gaming

• 8-time Microsoft MVP, Microsoft Azure

• Co-Author, “Windows Server AppFabric Cookbook” by Packt Pub.

• Chairman, Co-Founder Phoenix Connected Systems User Group (PCSUG.org)

• twitter: @rickggaribay

• blog: http://rickgaribay.net

• email: rick.garibay@neudesic.com | b-rigari@microsoft.com