Ioto Device Clouds
Device clouds are management hubs from which you can centrally operate and manage a set or fleet of devices.
Device clouds are created in your AWS account and region to manage the day-to-day communications and management with your devices.
By aggregating critical device data in one place, you can easily manage your devices and extract important data analytics and intelligence from your devices.
A device cloud stores device data, manages communications with your devices and provides a device management application to manage devices.
You can create one or more device clouds to segment your products and devices.
Device Cloud Services
The Ioto device cloud offers the following:
- Create and configure an AWS account with necessary resources for device management.
- Create a secure device manager application for managing single devices or fleets of devices.
- Automatically provision Ioto-based devices with certificates for secure communications.
- Setup MQTT communications between devices and the cloud.
- Create and maintain a cloud-based device database store for centralized management and analytics.
- Transparently create, manage and rotate dedicated AWS IAM access keys for each device.
The Ioto Device Cloud is created in your AWS account so you have total control and privacy regarding your device data. Device data goes directly from your devices to the Device Cloud in your account. The device data is not sent through EmbedThis servers or other AWS accounts. This is important as jurisdictions are increasingly requiring that data only be stored, processed and managed locally.
Unlike other IoT services, which store your device data in servers in their account, Ioto provides decreased latency by locating device data in your account in a region of your choosing. This lowers cost and boosts performance of your cloud-based management solution.
When creating a device cloud, the Builder will create all the necessary resources for IoT management. This process results in a configured, complete, integrated and live IoT cloud capability.
This includes creating:
- An AWS DynamoDB database registry of your devices.
- An AWS DynamoDB database exclusively for your device data.
- AWS DynamoDB streams to replicate device data to and from the cloud.
- An AWS API Gateway to authorize remote API access to device data.
- An AWS Cognito User Pool to authenticate user access.
- An AWS CloudFront and S3 site for the Ioto Device Manager site.
- AWS Route53 domain for the Ioto Device Manager site.
- AWS Lambda functions for cloud-side device management.
- IAM Roles to restrict remote access.
- AWS IoT Core policies and message routing rules.
- AWS IoT Things to model your devices in the cloud.
For each device cloud, Ioto creates a device manager application and site from which to manage your devices. The Ioto Device Manager app is hosted by Embedthis on a sub-domain of your choosing under the ioto.me domain. You can select a unique sub-domain that reflects your company or product's brand. Alternatively, you can register your own domain name and point that to the underlying Ioto manager site.
The Ioto Device Manager is a generic, white-labeled device manager that is uniquely configured for your devices. It can extensively customized with your logo, product name, device data and device specific screens and interface including custom logic.
Devices require X.509 certificates to securely connect and communicate with the cloud. The certificates are used to uniquely identify and authenticate devices and then to encrypt communications to prevent tampering or eavesdropping.
Ioto will automatically create and distribute the required certificates as devices are assigned to a device cloud. This eliminates much of the pain of certificate distribution.
During device provisioning, the Ioto service will setup the necessary AWS resources to enable secure efficient messaging via AWS IoT core using the MQTT protocol.
MQTT is a messaging protocol for IoT. It is a lightweight publish/subscribe messaging transport that is ideal for connecting remote devices.
When connected, your management applications can control devices, send commands and retrieve data using the MQTT messaging service.
Device Data Aggregation
Collecting, aggregating and sending device data to a central management store can be complex and costly. Ioto takes the hassle out of exporting device data to the cloud by synchronizing the Ioto device agent database with an AWS DynamoDB database in your device cloud.
Data written on the device to the management database will be transparently exported to the cloud. Similarly, data written to the cloud database will be distributed to the appropriate devices as required. No programming is required.
The database synchronization is full-duplex in that data can be modified in the device or in the cloud and it will be replicated to the other side. The synchronization is controllable on a per-device and per-table basis.
This is similar to AWS Global Tables, but instead of acting inside AWS between AWS regions, it is between an AWS region and a device.
This replicated device database is unique to Ioto and dramatically simplifies the creation of IoT solutions.
Device Access Keys
Ioto can optionally create and manage AWS IAM access keys for your devices. AWS uses IAM access keys to authenticate and authorize actors on AWS resources. The Ioto device cloud can create specific IAM keys to enable devices to issue requests to the device cloud and AWS services.
The Ioto generated temporary IAM access keys have tightly controlled access permissions. The keys are automatically reissued as required and can be centrally controlled.
If required, device logs and files can be captured and sent to AWS CloudWatch logs for storage, governance and analysis.
The Ioto agent can be configured without coding, to capture any O/S log or program output and send it to CloudWatch Logs. The Ioto agent log is similarly exportable.
Device Metrics and Analytics
AWS provides a comprehensive metric service via CloudWatch Metrics. The Ioto agent can emit metrics that will be captured by the device cloud and managed by CloudWatch.
Using these metrics, you can create detailed device analytics and dashboards to focus on any aspect of your device or fleet performance.
When your device cloud is created, Ioto configures and enables CloudTrail, which captures an audit trail of all activity on your account and device cloud. This records a complete log to AWS S3 so you can reliably audit operations and determine root cause of any security incidents.