[wso2con eu 2017] building smart, connected products with wso2 iot platform
TRANSCRIPT
Director - IoT Architecture, WSO2
Building Smart, Connected Products with WSO2 IoT Platform
Sumedha Rubasinghe
Source : https://www.propellerhealth.com/how-it-works/
Rebecca Minkoff, New YorkSource : https://www.fungglobalretailtech.com/research/deep-dive-iot-retail-digitalizing-brick-mortar-stores/
Rio Tinto Mining● 73 Self driving Komatsu Trucks● 1billion material transferred
Source : https://qz.com/874589/rio-tinto-is-using-self-driving-416-ton-trucks-to-haul-raw-materials-around-australia/
*
Device Registration & Management
Integration
Security - Data
ScalabilityEvent Management
App/Firmware Management
Security – Device Access
App Developers
IoT Device
Admins
Purchase
Use Register
Device Owners
Develop AppsManufacture
Device Cloud
Use Monitor
Challenges in building connected products
*
Device Registration & Management
Integration
Security - Data
ScalabilityEvent Management
App/Firmware Management
Security – Device Access
App Developers
IoT Device
Admins
Purchase
Use Register
Device Owners
Develop AppsManufacture
Device Cloud
Use Monitor
Challenges in building connected products
*
Device Registration & Management
Integration
Security - Data
ScalabilityEvent Management
App/Firmware Management
Security – Device Access
App Developers
IoT Device
Admins
Purchase
Use Register
Device Owners
Develop AppsManufacture
Device Cloud
Use Monitor
Challenges in building connected products
*
Device Registration & Management
Integration
Security - Data
ScalabilityEvent Management
App/Firmware Management
Security – Device Access
App Developers
IoT Device
Admins
Purchase
Use Register
Device Owners
Develop AppsManufacture
Device Cloud
Use Monitor
Challenges in building connected products
Server side cloud Server side cloudServer side cloud
with edge computing
TCP / UDP
Ethernet WiFi MFC BluetoothLow Energy
MOTT-SN ZigBee MFC BluetoothLow Energy
MOTT-SN ZigBee
CommunicationGateway
CommunicationGateway
Edge Computing
Web / Portal Dashboard API Management
Event Processing and Analytics
Aggregation / Bus LayerESB and Message Broker
CommunicationsZigbee, BLE, MFC, MQTT-SN, MQTT, HTTP
Dev
ices
Man
ager
Iden
tity
& A
cces
s M
anag
emen
t
Reference Architecture for IoT
WSO2 IoT Platform
Device 1
Device 2
Device n
SDK
Device Binding
Hardware
SDK
Edge Computing Core
Communication
API
Applications
System
Device Management Plugins
Devices
System ApplicationsHTTP, MQTT, XMPP and Custom Transports
Aut
hent
icat
ion
and
Aut
horiz
atio
n
Analytics
Device Management Core Analytics Plugins
Devices AppsIoT Platform
WSO2 IoT Platform
Device 1
Device 2
Device n
SDK
Device Binding
Hardware
SDK
Edge Computing Core
Communication
API
Applications
System
Device Management Plugins
Devices
System ApplicationsHTTP, MQTT, XMPP and Custom Transports
Aut
hent
icat
ion
and
Aut
horiz
atio
n
Analytics
Device Management Core Analytics Plugins
Devices AppsIoT Platform
WSO2 IoT Platform
Device 1
Device 2
Device n
SDK
Device Binding
Hardware
SDK
Edge Computing Core
Communication
API
Applications
System
Device Management Plugins
Devices
System ApplicationsHTTP, MQTT, XMPP and Custom Transports
Aut
hent
icat
ion
and
Aut
horiz
atio
n
Analytics
Device Management Core Analytics Plugins
Devices AppsIoT Platform
WSO2 IoT Platform
Device 1
Device 2
Device n
SDK
Device Binding
Hardware
SDK
Edge Computing Core
Communication
API
Applications
System
Device Management Plugins
Devices
System ApplicationsHTTP, MQTT, XMPP and Custom Transports
Aut
hent
icat
ion
and
Aut
horiz
atio
n
Analytics
Device Management Core Analytics Plugins
Devices AppsIoT Platform
WSO2 IoT Platform
Device 1
Device 2
Device n
SDK
Device Binding
Hardware
SDK
Edge Computing Core
Communication
API
Applications
System
Device Management Plugins
Devices
System ApplicationsHTTP, MQTT, XMPP and Custom Transports
Aut
hent
icat
ion
and
Aut
horiz
atio
n
Analytics
Device Management Core Analytics Plugins
Devices AppsIoT Platform
WSO2 IoT Platform
Device 1
Device 2
Device n
SDK
Device Binding
Hardware
SDK
Edge Computing Core
Communication
API
Applications
System
Device Management Plugins
Devices
System ApplicationsHTTP, MQTT, XMPP and Custom Transports
Aut
hent
icat
ion
and
Aut
horiz
atio
n
Analytics
Device Management Core Analytics Plugins
Devices AppsIoT Platform
WSO2 IoT Platform
Device 1
Device 2
Device n
SDK
Device Binding
Hardware
SDK
Edge Computing Core
Communication
API
Applications
System
Device Management Plugins
Devices
System ApplicationsHTTP, MQTT, XMPP and Custom Transports
Aut
hent
icat
ion
and
Aut
horiz
atio
n
Analytics
Device Management Core Analytics Plugins
Devices AppsIoT Platform
WSO2 IoT Platform
Device 1
Device 2
Device n
SDK
Device Binding
Hardware
SDK
Edge Computing Core
Communication
API
Applications
System
Device Management Plugins
Devices
System ApplicationsHTTP, MQTT, XMPP and Custom Transports
Aut
hent
icat
ion
and
Aut
horiz
atio
n
Analytics
Device Management Core Analytics Plugins
Devices AppsIoT Platform
Building a connected lockerIt’s the journey that matters.
Source : http://www.worldofwanderlust.com/journey-matters-end/
ESP8266 nodemcu
PCF 8574T Keypad driver
Relay module
DHT11 temperature sensor
Door sensor
IR sensor
Metal detector
Solenoid lock
31NEXBOX A95XXBee on USB explorer
Arduino with XBee shield
Relay moduleDevice Gateway
Edge DevicesMix mode connectivity - XBee, Wifi
Device Management Core
Device Management Core
Device Management
Device Type Management
Configuration Management
Policy Management
Operation Management User Management
Certificate Management
Application Management
Compliance Monitoring
Push Notification Management
APNS FCM
MQTT HTTP
Plugin Management
Common plugin for custom device
types
….
Device Management Core
WSO2 APIM Store in
IoTS
Device Management
Device Group Mgt
Policy Management
Certificate Mgt
User Management
Core APIs available in IoTS
WSO2 APIMPublisher in
IoTS
Publishing REST APIs
Device Mgt Portal
Subscribing to REST APIs through API Application
Accessing the APIs though various clients
Any other client app
Obtaining an OAuth2 token for API access
curl -k -X POST https://localhost:8243/api-application-registration/register -H 'authorization: Basic <Base64 encoded username:password>' -H 'content-type: application/json' -d '{ "applicationName":"device-management-app", "tags":["device_management"]}'
curl -k -d "grant_type=password&username=admin&password=admin&scope=perm:admin:device-type perm:device-types:events perm:device-types:events:view perm:device-types:types perm:devices:operations" -H "Authorization: Basic <Base64 encoded client credentials>" -H "Content-Type: application/x-www-form-urlencoded" https://localhost:8243/token
Getting client credentials
Getting token for API access
1
32
Registering “locker” as a device type
curl -X POST http://localhost:8280/api/device-mgt/v1.0/admin/device-types -H 'authorization: Bearer <access token>' -H 'content-type: application/json' -d '{"name": "smart-lock","deviceTypeMetaDefinition": {"properties": ["lockId"],"features": [{"code": "lock_code", "name": "Set Lock Code for user", "description": "Set 4 digit lock code with comma separated username"},{"code": "Allow Open","name": "allow_open", "description": "Set true to allow open with code, false otherwise"}], "pushNotificationConfig": {"type": "MQTT", "scheduled": false}, "description": "this is a new remote control smart lock", "initialOperationConfig": {"operations": ["lock_code"]}}}'
Registering a new device type using APIs1
Device type is the extension point to introduce new type of devices to IoT platform.
{ "name":"smart-lock", "deviceTypeMetaDefinition":{ "properties":[ "lockId" ], "features":[ { "code":"lock_code", "name":"Set Lock Code", "description":"Set 4 digit lock code with comma separated username" }, { "code":"Allow Open", "name":"allow_open", "description":"Set true to allow open with code, false otherwise" } ], "pushNotificationConfig":{ "type":"MQTT", "scheduled":false }, "description":"this is a new remote control smart lock", "initialOperationConfig":{ "operations":[ "lock_code" ] } }}
{ "name":"smart-lock", "deviceTypeMetaDefinition":{ "properties":[ "lockId" ], "features":[ { "code":"lock_code", "name":"Set Lock Code", "description":"Set 4 digit lock code with comma separated username" }, { "code":"Allow Open", "name":"allow_open", "description":"Set true to allow open with code, false otherwise" } ], "pushNotificationConfig":{ "type":"MQTT", "scheduled":false }, "description":"this is a new remote control smart lock", "initialOperationConfig":{ "operations":[ "lock_code" ] } }}
Properties
{ "name":"smart-lock", "deviceTypeMetaDefinition":{ "properties":[ "lockId" ], "features":[ { "code":"lock_code", "name":"Set Lock Code", "description":"Set 4 digit lock code with comma separated username" }, { "code":"Allow Open", "name":"allow_open", "description":"Set true to allow open with code, false otherwise" } ], "pushNotificationConfig":{ "type":"MQTT", "scheduled":false }, "description":"this is a new remote control smart lock", "initialOperationConfig":{ "operations":[ "lock_code" ] } }}
Properties
Operations
{ "name":"smart-lock", "deviceTypeMetaDefinition":{ "properties":[ "lockId" ], "features":[ { "code":"lock_code", "name":"Set Lock Code", "description":"Set 4 digit lock code with comma separated username" }, { "code":"Allow Open", "name":"allow_open", "description":"Set true to allow open with code, false otherwise" } ], "pushNotificationConfig":{ "type":"MQTT", "scheduled":false }, "description":"this is a new remote control smart lock", "initialOperationConfig":{ "operations":[ "lock_code" ] } }}
Properties
Operations
Communication
Registering an event stream from ‘locker’ 1
curl -X POST http://localhost:8280/api/device-mgt/v1.0/events/locker -H 'authorization: Bearer <access token>' -H 'content-type: application/json' -d '{"eventAttributes": {"attributes": [{"name": "locker_status","type": "String"}, "transport": "MQTT"}'
Device instance will be sending events to IoT platform. These event formats need to be registered.
Keys, Certs burnt to hardware Keys, Certs burnt to firmware
TPM (Trusted Platform Module) or UUID
Device Provisioning Methodologies
Keys, Certs burnt to hardware Keys, Certs burnt to firmware
TPM (Trusted Platform Module) or UUID User initiated
Device Provisioning Methodologies
Enrolling a locker instance 1
curl -X POST /api/device-mgt/v1.0/device/agent/enroll -H 'accept: application/json' -H 'authorization: Bearer <accessToken>' -H 'content-type: application/json' -d '{ "name": "devicename", "type": "locker", "description": "description", "deviceIdentifier": "1234", "enrolmentInfo": {"ownership": "BYOD", "status": "ACTIVE"} ,"properties": [{"name": "propertyName","value": "propertyValue"}]}'
Enrolling a locker instance
curl -X POST /api/device-mgt/v1.0/device/agent/enroll -H 'accept: application/json' -H 'authorization: Bearer <accessToken>' -H 'content-type: application/json' -d '{ "name": "devicename", "type": "locker", "description": "description", "deviceIdentifier": "1234", "enrolmentInfo": {"ownership": "BYOD", "status": "ACTIVE"} ,"properties": [{"name": "propertyName","value": "propertyValue"}]}'
API endpoint
Access token
Instance name
Instance id
Pushing lock_code command to locker1
curl -X POST https://localhost:9443/api/device-mgt/v1.0/devices/locker/operations -H 'authorization: Bearer <accessToken>' -d '{ "deviceIdentifiers": ["1234"], "operation": {
"code": "lock_code", "type": "PROFILE", "status": "PENDING", "isEnabled": true, "payLoad": "1234,sumedha"
}}'
Pushing allow_open command to locker1
curl -X POST https://localhost:9443/api/device-mgt/v1.0/devices/locker/operations -H 'authorization: Bearer <accessToken>' -d '{ "deviceIdentifiers": ["1234"], "operation": {
"code": "allow_open", "type": "PROFILE", "status": "PENDING", "isEnabled": true, "payLoad": "true"
}}'
Publishing sensor data from locker - HTTP1
curl -k -X POST https://localhost:8243/api/device-mgt/v1.0/device/agent/events/publish/locker/1234
-H 'authorization: Bearer <accessToken>'
-H 'content-type: application/json'
-d '{"temperature":0.0,"humidity":0.0,"metal":false,"occupancy":false,"open":false,"attempt":"string"}'
Publishing sensor data from locker - MQTT1
MQTT Topic :carbon.super/locker/1234/events
Device Event Payload : {"temperature":0.0,"humidity":0.0,"metal":false,"occupancy":false,"open":false,"attempt":"string"
Data Stream Processing● Lock usage anomaly detection
○ object inside, door open● Lock access detection● Temperature / Humidity changes● Identifying metal objects
Event Receivers Execution Plan Event PublishersEvent Sources
Input Stream
Input Stream
Output Stream
Output Stream
Batch Processing● Lock access statistics over a month
Event ReceiversEvent Sources
Input Stream
Input Stream
Event Store
Spark Script
Result Store
Console:Spark Query
Output Stream
Event Publishers
• Devices can be moving / stationary
• Analytics on moving devices
– Real time location updates– Geo Fencing– Geo Tagging– Geo Messaging– Alerting
• Analytics on stationary devices
– Location Map– Geo location based groups
Location based services
• Why?– Safeguard privacy– Reduce latency– Minimize bandwidth usage– Avoid connectivity issues
• A platform specific packaged offering of WSO2 Siddhi, e.g. – Edge Computing Engine for Android– Edge Computing Engine for Yocto Linux
• WSO2 Siddhi– Lightweight, easy-to-use open source CEP engine– https://github.com/wso2/siddhi
• Centralized distribution of rules and offline execution mode
Edge / Fog Computing
• Firebase Cloud Messaging (FCM) or local push notifications
• Auto enroll device with mutual SSL
• Integrate with Android system service apps (sign with vendor firmware signing key)
– Reboot, firmware upgrade, silent app install/update/remove
• Data containerization
• Android for work support
• Device ownership application via device owner APIs (for COPE)
Android-Based Device Management