Architectural Features of IoT Cloud Platforms

IoT platforms are an essential part of IoT solutions today. They help accelerate the development of IoT applications and also ensure the requisite level of security, remote management, and integration capabilities in your solution.

There are several established platform providers in the market today such as – AWS IoT, ThingWorx, Azure IoT, Xively et. al. Many of these platforms share common features and architectural patterns.

In this post, we explore the architectural components and essential patterns to be considered in your IoT solutions.

We also share our wishlist of desired features for IoT Cloud Platforms. Such a wishlist is quite useful when trying to evaluate and choose a platform for a specific IoT solution.

Device Connectivity and Protocol Support

IoT devices support a variety of protocols, so any mature IoT platform should include support for multiple protocols such as: MQTT, AMQP, CoAP, STOMP, WebSockets, XMPP etc.

A component within an IoT platform which handles (terminates) these protocols is often called as the Cloud Gateway. Such gateways need to be highly scalability with an ability to process millions of messages each day.

Most IoT protocols use a message-centric, asynchronous communication model instead of the traditional Request-Response model of Web Applications. Hence, IoT platforms often include a scalable message bus infrastructure that is responsible for routing messages between devices and application services. Messages are delivered to one or more recipients using a pub-sub delivery model.

Device connectivity is often divided into two logical channels – control and data. The QoS levels and the exact protocols used for each logical channel may vary depending on specific application needs.

  • A Control Channel: To deliver device commands, health status, updates etc.
  • A Data Channel: To carry actual telemetry data, sampling values, from devices to the platform.

Unified Device Management Capabilities

Device management is a must-have feature for any IoT platform today. This includes capabilities enumerated below. Such capabilities are typically exposed as an admin dashboard with can be used by IoT Ops personnel.

  • Device Inventory: Tracking inventory of devices (things).
  • Device Health: Capturing heartbeat and health status of devices.
  • Remote Configuration Management: Remote management of device configuration using two-way sync capabilities.
  • Remote Device Management: Remote management of the device state – wipe, lock, activate.
  • Device Firmware Upgrades: Over-the-air firmware upgrades with canary releases.
  • Remote Logging: Remote access to device logs and capturing error reports from devices.

Security Features

Nearly all CIOs rate ‘security’ to be a paramount concern for IoT applications today. Any IoT Platform hence needs to offer robust security features out-of-the-box. These include:

  • Device Identity: Establish a secure device identity using client certificates or other cryptographic means.
  • Device Enrollment: Securely enroll and authorize IoT devices to the platform.
  • Device Policy: Fine-grained authorization control to restrict device traffic coming into the IoT platform. Restrict what devices can publish, and what they can subscribe to.
  • Secure Communication Channels: Provide secure tunnels for communication between devices and the platform (TLS / SSL / IPSec / Private Networks etc).
  • Secure Firmware Delivery: Deliver signed software updates and checksum verifications during firmware upgrades.

Telemetry Analytics

This includes the ability to capture data streams from devices in real-time and performing analytics to drive business decision making.

Analytics can be offered in four flavors:

  • Real-time analytics,
  • Batch analytics,
  • Predictive analytics using machine learning and,
  • Interactive Analytics.

The underlying analytics platform should be ready for scale, with an ability to handle millions (or even billions) of telemetry messages each day.

Support for Business Rules

This component provides ‘extensibility’ to an IoT Platform. This is where business logic (specific to your IoT application) gets codified.

It includes a business rules engine which can be customized to your business requirements, and it also includes a micro-services stack where custom code (business logic, lambda functions etc.) can be deployed by the application developer.

The rules engine often forms an important part of the ‘control loop’ for IoT applications. For example: If the temperature of a furnace exceed a certain threshold, a specific business rule triggers, and this may send a ‘cut-off’ command to the electric furnace.

Rules engines provide a DSL (Domain Specific Language) to express business rules. A common pattern to express rules is also the IFFT (If-This-Then-That). Alternately, you can codify your business logic in a programming language of your choice and deploy it as micro services.

Rules engines and micro services hook into the message bus so that they are able to receive real-time telemetry data and dispatch commands to devices.

Integration Capabilities

Most enterprise systems offer standard protocols such as REST, SOAP, and HTTPS to facilitate integration with other systems. Enterprise cloud platforms also offer capabilities such as Big Data Stores, Large File Stores, Notification Services etc.

To build a complete IoT solution, devices need to integrate with legacy enterprise solutions and enterprise cloud applications. IoT platforms hence need to provide connectors to such enterprise and cloud services. These connectors would be invoked by the business rules or by the micro services running on the IoT platform.

Wrapping Up…

The rapid growth of IoT paradigms today has made it necessary to accelerate ‘goto market’ timelines for IoT solution providers. Leveraging an IoT platform is a great way to achieve this goal.

IoT platforms provide cross-cutting concerns such as connectivity, security, management, and analytics so that solution developers do not reinvent the wheel. It is critical for you to evaluate your chosen IoT platform against these set of features before you embark on your journey. Now go build something awesome!


Accelerate Enterprise Mobility with Mobile Backend as a Service

Why MBaaS?

Enterprises that invest in a mobility roadmap are often faced with interesting challenges today:

(a) How do we accelerate the development of our mobility solutions?

(b) How do we achieve the desired level of visibility and management controls for our deployed mobile solutions?

(c) How do we optimize the costs of Infrastructure and Mobile Ops?

(d) How do we create a coherent architecture that spans across all your mobile apps?

(e) How do we effectively leverage legacy technology investments into our new mobility roadmap?

Several mobile middleware platforms have evolved over the past few years to address these challenges and accelerate enterprise mobile implementations.

Such middleware platforms are termed as MBaaS (Mobile Backend As A Service) or MEAP (Mobile Enterprise Applications Platforms). They are typically multi-tenant, cloud-based, PaaS providers; Some of them can even run on private cloud or hybrid cloud infrastructures within your enterprise.

In this post, we take a deeper look at the core capabilities of MBaaS platforms and provide detailed guidelines to chose the right MBaaS provider to fit your needs.

Legacy Enterprise Services

Most enterprise mobility solutions need to use legacy enterprise services in order to access existing business data and workflows.

Consider the example of a B2B Commerce Mobile App that allows customers to place orders. Such an App will need to: (a) Verify stock-availability against an Inventory System, (b) Fetch customer address information from a CRM System, (c) Place an order into an Order Fulfillment System, and finally, (d) Generate an invoice in the Accounts Receivables System.

Completing the entire business workflow via a mobile App would involve calling all these legacy systems (or services) in a specific sequence, or feeding the results obtained from one service call into the next service – a process often called as ‘Service Orchestration’.


Service Orchestration

MBaaS platforms offer the ability to invoke and orchestrate multiple backend enterprise services. As a developer, you write code to perform this service orchestration and deploy it onto the MBaaS Cloud.

Some MBaaS platforms also offer declarative ways to define ‘how my services should be orchestrated’ – this reduces the extent of coding needed for service orchestration.

Since the intelligence to orchestrate complex services gets encapsulated within the MBaaS itself, you can now expose a simpler REST interface to all your mobile clients. The mobile client no longer directly interacts with complex enterprise systems – making the client App lightweight and simpler to build.

Many MBaaS platforms also offer capabilities to invoke services asynchronously (Non Blocking IO) thus improving the ‘data delivery performance’ for your mobile clients.

Normalize Heterogeneous Data

Enterprise systems have been built over the past few decades using legacy software and heterogeneous technology stacks. As a result of this, the backend data sources in an enterprise often exist in varied formats and require heterogeneous protocols, and authentication schemes to access that data.

MBaaS platforms offers the ability to massage and normalize heterogeneous data sources into a single homogeneous data format (typically, JSON). By abstracting heterogeneous sources into a common data format (JSON), your mobile Apps no longer deal with multiple legacy data formats, authentications schemes, or access protocols. This makes the architecture of your mobile apps simpler and coherent.


Managing Service Granularity

The granularity of legacy services may not be the right-fit for direct consumption by mobile clients today. The service payloads could be too large (coarse-grained services) or too sparse (fine-grained services).

Large payloads would mean: (a) Frequent drops and timeouts on your mobile carrier network, (b) High response latencies from the backend, (c) Unwanted or unnecessary data reaching the mobile client, (d) Excessive CPU and memory overhead in mobile clients.

Small payloads could mean: Too many HTTP round-trips from mobile client to fetch the required data or to complete the required business transaction (and hence a slower App).

By encapsulating the underlying business services, MBaaS offers the ability to manage the ‘granularity’ of services exposed to your mobile clients. MBaaS can consolidate responses from multiple fine-grained services, or filter data from a coarse-grained service to expose just the ‘right sized’ service interface for mobile consumption.

Backend Evolution

Enterprise systems and services constantly evolve over time: Service interfaces get redefined to meet the evolving needs of your business. Old services get deprecated or retired; New information systems get deployed to replace legacy ones.

MBaaS acts a loose-coupling between the enterprise backend and your mobile Apps. If enterprise systems evolve or services interfaces change, the orchestration rules can be modified within the MBaaS itself without having to re-publish a new App to all your users every time.

Mobile API Versioning

Mobile Apps themselves evolve over time with new features and capabilities every few months. Often multiple versions of an App exists across your user’s devices (since not all users upgrade at once) and each App version is tied to specific REST APIs.

MBaaS platforms offer versioning capabilities for REST APIs that are exposed to your mobile clients. This enables multiple App versions to thrive in production at the same time, and the latest App versions can be incrementally rolled out to your users.

Securing Enterprise Boundaries

MBaaS acts as an added layer of security in front of legacy enterprise services so that internal services do not have to be directly exposed to the public Internet.

Moreover, MBaaS Platforms offer other security aspects such as: (a) A mobile-specific authentication layer, (b) SSO capabilities for Apps, and (c) Session filters for all real-time mobile traffic.

Audit Trail and Compliances

MBaaS can be leveraged to capture a trail of all “chatter” between mobile clients and the enterprise backend.

An enterprise can keep a track of which user accessed what enterprise data at what time via which mobile App. This may be necessary for compliance and policy requirements in your enterprise.

Runtime for Mobile Workflows

The ‘mobile first’ way of doing things often involves disruptive workflows and it is not always a mirror of legacy business flows. For example, if a user has added items to her shopping cart, but has not ‘checked out’ for the past few days, we may want to send a push notification to that user.

This requires additional business logic to be implemented in the backend which may not exist in your legacy system. MBaaS platforms provide a runtime environment for such additional mobile-specific business logic and triggers.

Data Synchronization

Offline access is a common requirement for mobile Apps today. This requires the intelligence to facilitate a ‘two way’ data sync between mobile clients and backend data sources.

Many MBaaS platforms offer APIs to facilitate such a two-way data sync. This includes: (a) Prefetching specific data objects to your mobile client, (b) Identifying stale objects on the client and automatically refreshing those from the backend, (c) Identifying dirty or modified objects on the client, (d) Performing a two-way data interchange and merge of the client’s data with the backend, (e) Elegantly handling merge conflicts in the data objects. In most platforms this sync can be performed either automatically or on- demand by the user.

MBaaS Reference Architecture

Last Mile Caching

MBaaS platforms also offer a last-mile caching layer for your mobile Apps. This is typically a cluster of an in-memory cache nodes (products such as Redis are commonly used by MBaaS providers for this purpose).

Slow-moving data or master data, can be cached in the MBaaS cache to avoid deeper backend calls to your enterprise services each time. Data that is common across multiple logged-in mobile users can also be cached here.

Mobile CDN and File Storage

Some MBaaS platforms offer a Content Delivery Network (CDN) for binary content required by your mobile Apps – Images, Videos, Static Resources, Documents.

This helps scale-out your mobile deployment without straining the enterprise backend infrastructure. This can also act as a scalable cloud-based file storage for content uploaded by mobile users.

Performance and Scale

By using last-mile caching, offline and sync capabilities, and mobile CDNs, the API calls from mobile clients avoid going deeper into the enterprise stack.

This reduces the response latencies when clients attempt to fetch data and results in a better mobile App performance. This also reduces the strain on your legacy enterprise infrastructure and helps scale-out your mobile Apps to millions of users by leveraging the scalability of the MBaaS cloud platforms.

Mobile Analytics

In-app analytics is a powerful way to understand user behavior and to tune your App’s user experience. Some MBaaS platforms offer mobile analytics capabilities including a Client SDK, Analytics Engine and a Dashboard. They also offer visibility into to the number and velocity of REST API calls being made by your mobile clients.

Enterprise Software Connectors

Many MBaaS platforms offer baked-in connectors to specific enterprise software such as SAP, Oracle, Microsoft CRM, SFDC etc. Instead of using generic SOAP or REST interfaces for backend integration, such product-specific connectors help accelerate the development of mobility solutions in your enterprise and help leverage the features of your legacy software better.

User Engagement Features

Push notifications are an important way to drive mobile user engagement. Some MBaaS platforms offer APIs to trigger push notifications (these are typically wrappers on top of APNS or GCM). This eliminates the need to have separate integrations with APNS or GCM or to leverage other third party providers for this purpose.

Cloud Object Store

Mobile Apps often require a structured data storage for some App- specific data: Information such as mobile user profiles, mobile- specific user preferences, persistent mobile user sessions, user stats etc.

Such a store may not exist in your legacy enterprise infrastructure, so some MBaaS platforms provide a cloud-based store for JSON objects along with a client API to access this object store. This is typically a scalable NoSQL database platform that is managed by your MBaaS provider.

Social Connectors

Mobile Apps targeted towards your customers, employees or partners often have social media integration as a critical requirement in the App.

MBaaS platforms offer APIs to easily integrate various social media platforms (such as Facebook, Twitter and Linked In). This lets your mobile users to perform a Single Sign On (SSO) into your App using their social avatars, or share content from your mobile App to social platforms.

Improved DevOps Cadence

Most MBaaS platforms directly integrate with your source code repository and offer the ability to push latest code from there to multiple MBaaS runtime environments with a single click (Say, to Dev, Stage, QA, Production environments of the MBaaS runtime). This eliminates downtime when upgrading your middleware code.

Most platforms also provide a self-service management portal (dashboard) to monitor the middleware, including information about the provisioned capacity, utilized capacity, and the overall health of the run-time. This eases the efforts on your DevOps / SysOps teams and brings a mature cadence.

Build Farm

Some MBaaS platforms offer build farms which can create packaged builds for your native or hybrid Apps (Including iOS, Android and Windows Mobile platforms). They can manage your AppStore signing keys and publish the signed builds directly to the AppStore or Marketplace.

This helps streamline your build process and you no longer have to rely on individual developer machines to perform production builds for your enterprise Apps.

Wrapping Up

Choosing an MBaaS platform judiciously is critical for your enterprise mobility strategy. Given the significant acceleration that an MBaaS could bring to your implementations, do make sure that you evaluate available options carefully w.r.t. the capabilities outlined in this post.

Building Internet-Scale Web Platforms with the Amazon Elastic Load Balancer


The Elastic Load Balancer distributes your Application’s inbound traffic to multiple Web Servers running on EC2 instances. This offers the following key benefits to your architecture:

Increased Throughput: This increases the capacity of your Web infrastructure to handle additional traffic (i.e. Horizontally scaling-out).

Avoiding Single Points of Failure: An individual Web Server is no longer a single point of failure, since traffic is distributed across multiple server instances. This makes your application much more resilient.

Scale Out with aLoad Balancer

Figure-1: ELB distributes inbound traffic across multiple EC2 instances.

Maintaining Healthier Servers: The risk of overloading or overwhelming a single Web server is now minimized due to distribution of traffic. This increases the chances of your individual Web servers staying healthier over much longer periods of time.

An architect needs to consider several critical aspects of a deployment such as:

  • How do I truly achieve ‘internet-scale’? What does my ‘scaled out’ architecture look like?
  • How does the ELB schedule incoming traffic?
  • What if my load balancer itself becomes a single point of failure?
  • How does my design guarantee fault-tolerance, resiliency, and high-availability?
  • What security features does the load balancer offer for my inflight traffic?

In this post, we answer these questions and also help you understand why the ELB is more effective than a home-brewed load balancing solution using Nginx or Apache.

Continue reading “Building Internet-Scale Web Platforms with the Amazon Elastic Load Balancer”