Building a Secure IoT Solution
Building a Secure IoT Solution
This Red Hat presentation covers security in an enterprise IoT setting and considers architecture decisions and layering security defenses.
Join the DZone community and get the full member experience.Join For Free
How do customers build an end-to-end IoT solution using commercial grade, open source products? This is the question we (Patrick Steiner, Maggie Wu, and I) wanted to address with our session at the Red Hat Summit, Boston. The end-to-end solution is based on three-tier Enterprise IoT Architecture, which integrates IoT data with existing business processes and the human element.
To keep it real, we not only prescribed the recipe but also demonstrated this end-to-end solution through an interactive demo. The use case envisioned an offshore oil drilling platform with tens of thousands of sensors needed to monitor critical equipment and personnel. We chose a combination of Red Hat infrastructure, middleware, and mobile products to showcase the ease of building a comprehensive solution with enterprise grade products. The challenge of consuming data from end devices was handled by Intelligent IoT Gateway. The Intelligent IoT Gateway built on the secure foundation (Red Hat Enterprise Linux) can not only, transform and route the sensor data (JBOSS A-MQ, JBOSS Fuse) but also provides real-time decision making (JBOSS BRMS). The Gateway sends aggregated data to the datacenter for complex event processing (JBOSS BRMS) and an in-memory database (JBOSS DataGrid). In case the data indicates a failure, a work order is created (JBOSS BPM) and notification delivered to worker’s mobile device (Red Hat Mobile Application Platform).
In the live demo, when the temperature reading reached above the predefined threshold, a work order was created and alert sent to the mobile device. To make it fun, Amazon’s Echo was used for Alexa interface to interact with BPM. It was fun to ask, “Alexa what’s the status?” and it responds with the message that the “Temperature too high”. Alexa then asked if we wanted to close the work order and proceeded to do so. Everyone is the audience enjoyed how the system worked seamlessly from end-to-end.
We received many questions around the functionality of the IoT Gateway, how the message format was being transformed, for example, the incoming sensor data used MQTT protocol and but the data sent to Data Center used REST. The multi-protocol support and deployment model for message broker (JBOSS A-MQ) was also discussed, i.e. the flexibility to deploy it on-premise or in the cloud. There was also a discussion around data velocity: The incoming data (temperature/humidity) was received every few seconds but the outgoing data to backend applications was sent much less frequently and in an aggregated form. The Gateway itself was provisioned through the use of an Ansible playbook.
No discussion of enterprise IoT solutions will be complete without talking about security. The end-to-end solution needs to incorporate security at several levels, from system level security provided through SELinux, to data security via SSL, and encryption. Another element of securing the data could be through API management where the access to device and application APIs is monitored for any abnormal behavior thereby preventing unauthorized access to data.
The presentation material for the session is available below:
Published at DZone with permission of Ishu Verma , DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.