AI Back End Cloud Infrastructure Security Services

(77) Internet of Things (IoT) Part II: Architecture

What is the Internet of Things (IoT) and what makes it different from the traditional Internet?

This is important to architects because… IoT is a key emerging set of technologies that logically extend the technologies that architects are already working with.

MULTI-PART BLOG POST – The first part of this post is available at assume that readers understand that IoT can be applied to various domains such as home devices, medicine, agriculture, and manufacturing. When we want to cite a concrete example, we’ll use the example of an Internet-enabled soda machine.

Functional (Business) vs. Non-Functional (Architectural) Requirements. The breadth of IoT is so vast that we cannot generalize business requirements for multiple IoT systems, but we can generalize architecture requirements. Example: A business requirement for our Internet-enabled soda machine would be “sell more soda” – most IoT systems don’t want to do that. An architecture requirement for the soda machine would be “protect the financial information of customers” – most IoT systems would want to do that.

Six Layer Architecture. Because IoT architecture is still emerging, it can be interpreted in many different ways. In this post, we will consider six different layers which we believe should be present in most IoT systems. This six layers are needed to address five broad requirements that we will define first, then demonstrate how the six layer architecture addresses those requirements.

Five Broad IoT Architecture Requirements

These broad requirements are not all equally important. We have listed then in the order we believe they are important. “Operational excellence” is listed first because the main difference between IoT systems and traditional distributed systems is that there is no user that can help us to monitor or administer the system.

Operational Excellence. By “operational excellence”, we are suggesting that the DevOps function for the organization managing the IoT system must be more efficient than for a corresponding non-IoT system. This is because in a traditional system the users with desktops, laptops, and smartphones can (at least partly) manage, update, and monitor their own equipment. IoT devices cannot follow complex instructions or call the help desk when something goes wrong. Perhaps more importantly, each of the devices is simply not as important as a person using the system and do not justify a lot of work from an IT specialist to manage the device. Consequently, the management of each device needs to be automated. Example: If we don’t operate efficiently, then we could have some soda machines that are not working and don’t know it.

Security. It is tempting to think that machines have less need for security than traditional IT systems, but the opposite is true. Many devices are not physically secure. Many devices also have sensitive financial and medical information on them. Perhaps more importantly, devices can typically only remember their identity by securing that identity information on the device – contrast that to a human being who can memorize a username and password. We also need to automatically assign and refresh device security credentials. Example: If we collect someone’s credit card number so they can purchase a soda, we need to ensure that we do not disclose it to a third party – even by accident.

Reliability. Systems with devices typically have a lot of devices. To ensure that we are introducing reliable systems, we must have test environments that simulate the load of the production environment. We will be getting a lot of messages from the devices at random times and have to buffer the messages to accommodate the high throughput. Each of the individual devices could experience a hardware failure, a communications failure, or a software installation failure. Example: If we have a soda machine malfunction and start sending 1000 messages per second, we need to make sure that this does not disrupt the whole system.

Performance Efficiency. There will be a lot of devices and a lot of messages being exchanged to process. If you are not careful, you could end up with a backlog of messages to process. Example: We don’t want to keep a customer longer than absolutely necessary between their swiping a credit card and our dispensing a soda.

Cost Efficiency. Cost efficiency is probably obvious. While it does not require a lot of explanation, we will consider cost efficiency on the context of the six layer model below.

IoT Six Layer Architecture

We have established five broad IoT architectural requirements above – operational excellence, security, reliability, performance efficiency, and cost efficiency. When considering our broad IoT architecture definition, we will consider “tradeoffs” between those broad requirements.

Edge. The edge layer consists of the physical hardware of the devices, the operating system of the device, and the firmware of the devices. Example: A soda machine probably has a camera to check stock, a temperature sensor, a light sensor, an open door sensor, etc.

Provisioning. The tasks of the provisioning layer are to establish and maintain unique identities for each device, install the device firmware, and configure the devices. Configuration includes maintenance and decommissioning. The unique identities are most important. The authentication devices must be authorized to send messages through the communications later, so they need unique identities. Example: When a new soda machine is plugged in and placed on a wireless network, it should automatically register for a unique identity, download any software updates, and get any configuration updates from the central servers.

Communication. The Communication layer handles the connectivity, message routing among remote devices, and routing between devices and the cloud. The Communication layer lets you establish how IoT messages are sent and received by devices, and how devices represent and store their physical state in the cloud. Example: Our vending machines may have perishable product like milk that is not selling well with one machine, but it sold out in another machine. If the machines exchange inventory information, they can instruct someone restocking the machines to move stock from one machine to another.

Ingestion. A key business driver for IoT is the ability to aggregate all the disparate data streams created by your devices and transmit the data to your IoT application in a secure and reliable manner. The ingestion layer plays a key role in collecting and aggregating important sensor information from devices while decoupling the flow of data with the communication between devices. Example: Our soda machine may have 10-12 different sensors, but we don’t want all those sensors communicating with a central server independently. Instead, we can get a single device collecting all of the sensor information and sending it to the central server periodically.

Analytics. One of the benefits of implementing IoT solutions is the ability to gain deep insights and data about what’s happening in the edge layer. A primary way of realizing contextual insights is by implementing solutions that can process and perform analytics on IoT data. Example: By monitoring machine maintenance conditions, we can optimize the schedule of preventive maintenance visits and stock of parts that are loaded into maintenance trucks in case of problems..

Application. Collecting the information from the IoT devices is not helpful to us unless we can process the data and act on it. At the application layer, we want to introduce cloud-oriented functionality that is potentially reusable outside of the IoT context. These connected capabilities include features from traditional microservices system to relational databases to create views of the IoT data. This also includes management applications to operate, inspect, secure, and manage your IoT operations. Example: If we are collecting information from multiple soda machines and see that inventories are going up or down, we can adjust prices remotely from a centralized B2C dashboard. A soda that costs $1 during the week might be worth $3.50 on Superbowl Sunday.

Architecture: Edge Layer

OS is typically a real-time OS.Not every sensor is a “device”.We are not suggesting that every sensor is an “edge” device. Modbus at Edge Gateway consists of sensor data aggregation systems called Edge Gateways that provide functionality, such as pre-processing of the data, securing connectivity to cloud, using systems such as WebSockets, the event hub, and, even in some cases, edge analytics or fog computing. Example: Turn the lights on when a user walks by

Architecture: Provisioning Layer

What is firmware?Need a unique identityX-509 CertificatesFirmware installationConfiguration, maintenance, and decommissioning

Architecture: Communication Layer

ConnectionBetween devicesBetween device and cloudHow are devices transmitted?How is state stored?

Architecture: Ingestion Layer

Aggregate data and get it to the IoT application.Decouple the flow of data with the communication between devices.Software supporting integration binds (dependent relationships) all system devices to create the body of the IoT system. It ensures the necessary cooperation and stable networking between devices. These applications are the defining software technology of the IoT network because without them, it is not an IoT system. They manage the various applications, protocols, and limitations of each device to allow communication.This software manages sensing, measurements, light data filtering, light data security, and aggregation of data. It uses certain protocols to aid sensors in connecting with real-time, machine-to-machine networks. Then it collects data from multiple devices and distributes it in accordance with settings. It also works in reverse by distributing data over devices. The system eventually transmits all collected data to a central server.

Architecture: Analytics Layer

Insights on local and edge.These applications take data or input from various devices and convert it into viable actions or clear patterns for human analysis. They analyze information based on various settings and designs in order to perform automation-related tasks or provide the data required by industry.The analytics and action delivered by IoT also help to ensure system reliability. Beyond consumption, IoT prevents system overloads or throttling. It also detects threats to system performance and stability, which protects against losses such as downtime, damaged equipment, and injuries.

Architecture: Application Layer

Operate, inspect, secure, and manage.The final tier includes the cloud application built for IoT using the microservices architecture, which are usually polyglot and inherently secure in nature using HTTPS/OAuth. It includes various database systems that store sensor data, such as time series databases or asset stores using backend data storage systems (e.g. Cassandra, Postgres). The cloud tier in most cloud-based IoT system features event queuing and messaging system that handles communication that transpires in all tiers. Some experts classified the three-tiers in the IIoT system as edge, platform, and enterprise and these are connected by proximity network, access network, and service network, respectively.Building on the Internet of things, the web of things is an architecture for the application layer of the Internet of things looking at the convergence of data from IoT devices into Web applications to create innovative use-cases. In order to program and control the flow of information in the Internet of things, a predicted architectural direction is being called BPM Everywhere which is a blending of traditional process management with process mining and special capabilities to automate the control of large numbers of coordinated devices.


Given widespread recognition of the evolving nature of the design and management of the Internet of things, sustainable and secure deployment of IoT solutions must design for “anarchic scalability.” Application of the concept of anarchic scalability can be extended to physical systems (i.e. controlled real-world objects), by virtue of those systems being designed to account for uncertain management futures. This hard anarchic scalability thus provides a pathway forward to fully realize the potential of Internet-of-things solutions by selectively constraining physical systems to allow for all management regimes without risking physical failure.Brown University computer scientist Michael Littman has argued that successful execution of the Internet of things requires consideration of the interface’s usability as well as the technology itself. These interfaces need to be not only more user-friendly but also better integrated: “If users need to learn different interfaces for their vacuums, their locks, their sprinklers, their lights, and their coffeemakers, it’s tough to say that their lives have been made any easier.”

Application and Process Extension

These applications extend the reach of existing systems and software to allow a wider, more effective system. They integrate predefined devices for specific purposes such as allowing certain mobile devices or engineering instruments access. It supports improved productivity and more accurate data collection. IoT primarily exploits standard protocols and networking technologies. However, the major enabling technologies and protocols of IoT are RFID, NFC, low-energy Bluetooth, low-energy wireless, low-energy radio protocols, LTE-A, and WiFi-Direct. These technologies support the specific networking functionality needed in an IoT system in contrast to a standard uniform network of common systems.


(1) There are five key nonfunctional requirements of operational excellence, reliability, safety, performance, and cost-effectiveness.

(2) There are six layers to our example IoT architecture – edge, provisioning, communication, ingestion, analytics, and application.

Leave a Reply

Your email address will not be published. Required fields are marked *