The figure below shows the architecture of Everyware Cloud in its main functional components.
Connectivity of devices is maintained by a Message Broker which follows the Message Queue Telemetry Transport (MQTT) protocol. MQTT is a protocol designed from the ground up for IoT applications. It is supported by several messaging systems and is an OASIS standard, ratified as ISO/IEC 20922:2016.
The MQTT protocol has been designed as a lightweight "publish/subscribe" messaging system for IoT applications. Its main benefits can be summarized as:
- Optimized for IoT applications - Only 2 bytes of overhead per packet and integrated management of "quality of service". Through a session-oriented connection to the broker, the communication latency is limited only by the available bandwidth.
- Secure - Only outbound connections originated from the devices. No need for opening ports on the device. In addition, the connection is protected by SSL and authenticated with username and password.
- Firewall friendly - The installation of devices within corporate intranets does not require the opening of additional incoming network ports since the connection is initiated by the device.
- Publish/Subscribe Messaging - A message pattern that provides a one-to-many message distribution and decoupling of message producers (Devices) from consumers (Applications).
- Session awareness - The system automatically generates events when a device disconnects abnormally and provides the ability to fully re-establish the session upon reconnection.
The Everyware Cloud IoT Platform offers a complete set of features to simplify the management of remote devices. To avoid additional complexity and requirements on the device deployment and configuration, Device Management is layered as an application over the MQTT protocol.
- Near Real-Time Device Status - Leveraging and complementing the characteristics of the MQTT protocol, Near Real-Time Device Status provides complete monitoring over the device connection status in real-time. Each device is audited in relationship to its connections to the platform and the device management operations. Detailed audit logs are maintained by the Everyware Cloud IoT Platform.
- Device Configuration Management - Provides the ability to remotely manage the configuration of applications installed on the devices. The ability to create snapshots and rollback to previous configurations is also available.
- Application Lifecycle Management - Allows the remote management of device applications, including their installation, update, and removal.
- Remote Access Device and Diagnostics - Allows remote access to devices to perform detailed diagnostic operations through a secure on-demand VPN.
The Everyware Cloud IoT Platform uses modern Web Services APIs based on Representational State Transfer (REST) to integrate with existing applications. The REST APIs expose all the platform functionality described above, including data management and device management. The REST APIs also offer a "bridge" to the MQTT broker allowing the routing of commands from applications to the devices without a specific connection to the Message Broker. Technologies such as REST/Comet are included, allowing the display of real-time data published by the devices in web pages and mobile dashboards.
Everyware Cloud IoT Platform is a multi-tenant architecture that allows the co-existence of multiple tenants on the same environment. Multitenancy reduces the costs of individual tenants. To ensure the isolation of each of the tenants, Everyware Cloud IoT Platform uses technologies such as Virtual Private Database, Topic Partitioning and, when requested, the use of dedicated instances.
All components of Everyware Cloud IoT Platform rely on a centralized security foundation layer following the Role Based Access Control (RBAC) model. Users identities can be defined and associated with one or more permissions guaranteeing the principle of "least privilege". Devices connect to the platform using credentials of one of these user identities.
The platform can manage device-side certificates that grant access to the IoT platform only to customer approved devices.
Everyware Cloud IoT Platform is designed to provide a secure and reliable mechanism for remotely managing devices. To achieve this goals, the platform offers a batch update feature that allows for the grouping of devices and the scheduling of application or configuration updates over the selected devices.
Provisioning is the process of associating an IoT gateway with an Everyware Cloud IoT Platform account. This process is normally performed during the installation phase of the IoT gateway or at the startup of the device in which the gateway is embedded. Its goal is establishing the relationship of a certain device with the final operator/customer/application.
Below are images of the Everyware Cloud IoT Platform graphical user interface. This interface provides access to platform features such as: remote introspection of the ESF framework configuration and its applications; review and update of software applications; and start remote maintenance sessions.
Everyware Cloud IoT Platform provides a VPN server that is used to create a virtual connection between devices and computers of the platforms users. This allows advanced maintenance while granting the proper set of access policies and security levels.