Building Blocks of Innovation: Exploring IoT Software Architecture

An IoT system or implementation can be simply understood in terms of its components: sensing, data aggregation, gateway, and cloud. These components align with layers that describe the system's capabilities and services, ranging from perception and transport to applications and security. When it comes to the software aspect, it is relatively more challenging to generalise.

On the one hand, endpoints and gateways function similarly to embedded systems. On the other hand, they collaborate with applications and services in the cloud, encompassing various elements such as storage, analytics, and dashboards. Cloud providers typically offer Platform as a Service (PaaS), enabling customers to select and configure the applications they require. Figure 1 illustrates Microsoft Azure's IIoT cloud PaaS structure, which specifically serves as an analytics-only service for industrial manufacturing.

Women looks at tablet surrounded by IoT Architecture

Endpoint software

The software architecture of IoT endpoint devices can take various forms and must encompass multiple roles.

IoT endpoints and gateways, including edge devices, bear the responsibility of physically collecting, processing, and transmitting data within an Internet of Things (IoT) ecosystem. Basic endpoints may consist of sensors connected to an I/O port of a gateway. In an industrial IoT environment, these sensors might be legacy devices utilising a serial protocol like RS-485, directly connected to a wired port of the gateway. Alternatively, they may be modern digital sensors equipped with embedded intelligence and a wireless subsystem for short or long-range communication.

Gateway devices and smart sensors commonly operate on lightweight operating systems such as OpenWrt or Yocto Project. These operating systems are optimised for deployments with limited resources. Alternatively, they may run on a real-time operating system (RTOS) like FreeRTOS or Zephyr.

IIoT analytics on Microsoft Azure

Figure 1. IIoT analytics on Microsoft Azure

Additionally, device drivers and software interfaces play a crucial role in facilitating communication between the operating system and hardware components like sensors or communication modules. Given the increasing trend of local processing to reduce latency, conserve network bandwidth, and ensure privacy, edge devices often incorporate software for applying algorithms, filtering data, performing simple analytics, and running machine learning models.

To address security concerns and safeguard data integrity, confidentiality, and device integrity, certain measures must be in place. These include secure boot mechanisms, encryption, authentication, and authorisation mechanisms to prevent unauthorised access. Furthermore, Over-the-Air (OTA) software/firmware update mechanisms are essential for remote deployment of bug fixes, feature enhancements, and security patches.

Moreover, the software in endpoint devices must support appropriate protocols to enable seamless communication with other devices or cloud platforms. Examples of popular protocols include MQTT (Message Queuing Telemetry Transport), CoAP (Constrained Application Protocol - a lightweight protocol designed specifically for communication among devices with limited resources over the Internet), HTTP, and WebSocket.

Architectural style

The choice of communication protocols and endpoint architectural style depends on the specific purpose of the IoT application, particularly how data is presented to the cloud applications responsible for generating actions and insights, also known as data ingestion. Two commonly employed approaches are publish/subscribe and event streaming.

In the publish/subscribe model, sensors publish data to specific topics, and applications or other devices can subscribe to the topics of interest to receive the data. Topics provide a means of organising and filtering data based on various criteria, often hierarchical in nature, allowing for a structured and flexible system for managing data.

On the other hand, event streaming involves the flow of data and execution driven by events triggered by sensors, user inputs, or system events. Applications in this model do not subscribe to a stream but can read from any part of it. They are responsible for advancing their position in the stream and processing the relevant data.

We understand that the IoT can be overwhelming, so if you need support with your next IoT project or IoT security in particular, why not get in touch with our experts? Our IoT, Wireless and Connectivity teams are on hand to help you with your next IoT challenge.

Learn More

Security

Secure Provisioning

Services providing keys and certificate injection into Secure Elements or MCU for full end-to-end Security.

Learn More

Main copy cont and conclusion (LC)

Display portlet menu

Publish/subscribe

The publish/subscribe model proves effective in various applications, such as smart homes, industrial automation and control, fleet management, environmental monitoring, and smart energy management.

MQTT Broker

Figure 2. The broker acts as an intermediary and decouples publishers from subscribers.

In smart homes, devices like sensors, actuators, and smart appliances need to communicate with each other and centralised systems. The publish/subscribe model allows different devices to publish sensor data or events, such as motion detection or temperature changes, to specific topics. Subscribers, such as automation controllers or mobile apps, can receive these updates and trigger appropriate actions accordingly.

In industrial settings, IoT systems are employed for monitoring and controlling equipment, processes, and environmental conditions. Field devices, including sensors and actuators, publish data and events related to machine performance, production metrics, or equipment status. Subscribers, such as control systems or analytics platforms, can subscribe to relevant topics and receive real-time updates for monitoring, analysis, and decision-making purposes.

In fleet management and logistics applications, vehicles equipped with IoT devices can publish telemetry data, such as location data and vehicle health information, to relevant topics. Subscribers, which may include dispatch systems, logistics platforms, mobile applications, or others, can subscribe to this data to track vehicle locations, monitor performance, and optimise fleet operations.

The publish/subscribe architecture facilitates efficient and scalable communication between devices and applications. Publishers and subscribers rely on a message broker, serving as an intermediary. When a new message is published on a subscribed topic, the broker forwards it to the appropriate subscribers. The presence of the broker in the publish/subscribe architecture enables efficient information sharing without requiring direct point-to-point connections. It also decouples the publishers and subscribers, allowing for easy scaling, dynamic addition or removal of endpoints, and differentiation of quality of service (QoS) to ensure reliable message delivery.

Exchanging publish/subscribe messages

Figure 2 illustrates how IoT devices interact with a message broker using the MQTT protocol, which is widely used for publish/subscribe exchanges. The broker can be hosted on a cloud-based server, virtual server, or it can be self-hosted on local hardware. Alternatively, a managed broker service like AWS IoT Core can be utilised.

To communicate with the message broker, each endpoint requires a client library or Software Development Kit (SDK). These libraries provide APIs and functions, including the protocol stack necessary to establish a connection with the messaging broker, publish messages, and subscribe to topics. The libraries handle the underlying protocol details, message serialisation/deserialization, and communication with the broker. Security mechanisms such as Transport Layer Security (TLS) or Secure Sockets Layer (SSL) are also essential to establish encrypted connections and ensure that only authorised devices can publish or subscribe to specific topics.

Event streaming

Event streaming may be a preferable choice over publish/subscribe in certain IoT applications, particularly those that require real-time performance. However, the suitability of publish/subscribe should be assessed based on factors such as data volume, frequency, and the need for guaranteed message delivery.

In event streaming, data is ingested, analysed, and acted upon immediately upon arrival, enabling fast response times and decision-making. Data flows continuously, which is advantageous in time-critical applications where immediate actions or alerts are necessary based on incoming data. Conversely, in the publish/subscribe model, messages may not be processed in real-time.

For event streaming, an event streaming platform such as Apache Kafka is required. Kafka is capable of handling large-scale event ingestion and processing, providing high throughput, fault tolerance, and scalability. Event streaming is particularly suitable for IoT applications that deal with a substantial influx of data from numerous devices. Frameworks like Kafka Connect can be utilised to stream large data sets into and out of Kafka. Additionally, streaming platforms often offer data storage capabilities, whereas in the publish/subscribe model, the responsibility of data storage lies with the subscribers.

Due to these characteristics, event streaming is frequently chosen for applications like real-time industrial control, energy management in smart grids, traffic monitoring, congestion detection, and adaptive signal control in smart cities. Other applications include fleet management and logistics, where real-time tracking of vehicles enables efficient route optimisation, proactive maintenance, and timely response to incidents or delays.

To communicate with the event-streaming platform, typically hosted in the cloud, IoT devices can utilise device-to-cloud protocols like MQTT or CoAP. However, these protocols are designed for low-power devices and may not be suitable for handling large data sets. For Big Data deployments, platforms like Kafka are often employed. Additional management tools and APIs may be necessary to facilitate large-scale interactions with the streaming platform and assist with device management and distribution of authentication credentials.

Conclusion

Implementing an IoT deployment can vary in scale, ranging from a small number of sensors within a home or small building to thousands of sensors spread across a vast geographical area. Various protocols and data-ingestion models are available and selected based on criteria such as data volume, endpoint message-processing capability, real-time response requirements, and the types of cloud applications utilised. The software-developer community offers a plethora of products, including message brokers and data-handling platforms, in different variations to cater to this diversity.

Whatever the choice made between Event streaming and publish/subscribe, the security (authentication, integrity and confidentiality) must be ensured by the appropriate methodology.

Security

Secure Elements

Hardware Root of Trust used for crypto operations and key storage.

Learn More

Security

Secure Library

Software Root of Trust integrated into any MCU/MPU used for crypto operations and key storage.

Learn More

Security

Secure MCU

MCU with built in security features and key storage.

Learn More

Service

See IoTConnect

The IoT can be overwhelming. You need to leverage new technologies like AI, deep learning and data mining to make the most of your investment. Let us help you.

Learn More