IoT
Design Considerations For IoT Devices
May 10, 2017 Erik Peterson

This is the first a series of blog posts dedicated to all that is Internet of Things.

What is the Internet of Things (IoT)? It is the ecosystem of devices - other than smartphones, computers and tablets - that connect to and through the internet. Common IoT devices include smart thermostats and home security devices, connected appliances, commercial and industrial connected sensors and monitoring systems, and the like.

Each week we're going to post a deep dive into each of the following subjects:

Applicability

Is the world ready for this thing to be on the internet?!?

iStock_000070088961_Full.jpg

Contrary to what you might expect, not every device in our electronics labs is currently a good candidate for an Internet of Things project… for now. But then, twenty years ago it would not have been feasible to create a mass market consumer thermostat with internet connectivity either. The success or failure of a IoT initiative depends heavily on timing, and the then-current state of technology.

  • What are the main advantages for the consumer to have this device connected?
  • What are the main advantages for the manufacturer to have this device connected?
  • How much will it cost per device to add connectivity to this product?
  • Can users trust an internet connected version of this device? Are there serious security and/or        privacy considerations?
  • What will the supporting infrastructure cost? How will these costs be defrayed?

 

Platform

The rise of recombinant connectedness.

iStock_000070245107_Full.jpg

The bygone days when every Internet of Things project had to be lovingly handcrafted from scratch are just that - bygone. Quite a few companies have thrown their hat into the Internet of Things ring with platforms to support connected IoT devices. Not sure what platform to choose? Subscribe and stay tuned for more blog posts describing each platform!

 

Security

With great power comes great responsibility.

iStock_000075755163_Large.jpg

Out in the “real world”, nothing puts my friends to sleep faster than when I start talking about computer security, except when it comes to IoT device security. Mention internet-connected door-locks, bathroom scales or webcams, and the typical reply is something along the lines of “That’s great but what happens when it gets hacked”. Extreme care must be taken to ensure that only authorized users can access ANY data from an internet connected device.


Scalability

There's no size like right-size.

iStock_000063401175_Large.jpg

While selecting a robust platform is the first step in ensuring that your IoT solution can scale, the fun doesn't stop there. Creating a scalable solution is a balancing act of many factors, including messaging frequency, error reporting, and the ability to centrally deploy software and/or firmware updates. Care should be taken to ensure that the infrastructure that supports the devices can be right-sized to meet current and evolving demand. Although everyone tends to consider the optimistic case in which millions of devices have to be supported at the same time, it is no less important to make sure that you’re only paying for the infrastructure you need, while also ensuring that your platform has the ability to easily scale to meet the needs of a mass market.


Software Updates

Staying on top of the ball.

iStock_000015171234_Small.jpg

Software and firmware updates are arguably more important in IoT land than in your past projects.. Selecting a platform that makes it easy to manage firmware and software updates is crucial to the ongoing success and continued success of your IoT project. Extraordinary care must be taken to ensure that the update mechanism doesn’t become an attack vector.

  • Are rolling updates supported in the platform?
  • How do the devices know an update is official?
  • What are the risks if the device is not updated?
  • Can different release channels be defined for software updates?
  • How can users control when and if a device gets updated?
  • What is the process for rolling back problem updates?
  • Are security updates handled separately from regular updates?

 

Software Testing

iStock_84959903_LARGE.jpg

There’s nothing quite like remotely bricking a device, or worse, millions of them. Stories of software updates breaking door locks or disabling thermostats have already circulated on multiple occasions, and without greater diligence the problem will likely get worse before it gets better. Building a strong repeatable process for testing any updates is crucial.

  • What testing efforts can be automated?
  • What third party services must be tested?
  • What are the risks of this update?
  • Are end-users included in the testing initiatives?

 

Support / User Onboarding

If it’s worth doing, it's worth doing right.

iStock_000054460938_Large.jpg

Adding connectivity to any device has the potential to multiply your support calls if it’s not done right. Most IoT devices imply a much higher level of engagement and interaction with end-users, which can be a blessing or a curse depending on how it is handled. Creating a clean, solid user interface and a well-tested onboarding process from the outset is an investment that will pay off not just with reduced support calls but also higher customer loyalty. And, the alternative, being swamped with support requests from frustrated users, is no alternative at all.



Edge Processing

Live life on the edge.

iStock_000078172237_Full.jpg

As tempting as it is to move all device logic to a centralized system tucked away securely in the cloud, determining exactly what data needs to get sent for back-end processing is a balancing act. You have to consider the per device component costs and assess the security and privacy issues in addition to the impact on functionality and user experience. Amazon’s Echo is a case in point. Training voice recognition models at the device layer is computationally expensive, and in the case of a consumer device at a sub-$200 price point prohibitively so. The engineers at Amazon settled on a happy medium. The device has a limited set of trigger keywords, but it starts streaming data immediately, getting around the annoying “OK Google” delay before recording, and shortening the time to reply. By using a really well thought out user experience model, Amazon was able to create a reasonably fluid natural language experience for under $200.



Data Management

You have 65,536 new messages.

iStock_31463610_LARGE.jpg

Selecting a robust IoT platform is the first step in wrangling the communication of your devices, however the fun doesn't stop there. All too often we run into folks who’ve created their new device, set up a NoSQL backend, and started pumping reams of useless telemetry into an unmanageable and fast-growing data store. Modern passenger aircraft generate an impressive amount of of data per flight, but it’s not all streamed over ACARS. There are good reasons for this: (a) It’s simply not possible, ACARS is a low-bandwidth system, and (b) Why bother? Most of the data is only interesting in the event of an anomaly. Take the case of the lavatory or avionics smoke detectors. Unless they’re triggered, there’s little justification for continuously streaming that metric with each heartbeat. On the other hand, if one or both are triggered then there is strong justification for sending a manual off-heartbeat message as happened recently with EgyptAir flight 804.



 

Data Collection and Retention

What you don't know can't hurt you.

iStock_000083222663_Large.jpg

Because the data and metadata generated by connected devices are a new type of data, existing terms of use, privacy and retention policies and practices need to be reexamined and adjusted accordingly. The ownership, retention and destruction of that data should be clear from the outset - ie from the moment of purchase - and should never expose the user to any unauthorized use or disclosure of information that would otherwise be considered private or personal. Wherever possible, it’s best not to collect or store such information in the first place, beyond the minimum necessary to provide your services.



 

Legal Compliance

Check the rules of the road before putting it in gear.

iStock_000044018254_Large.jpg

As with all things internet, IoT devices will be used in many different places and be subjected to the laws of many different jurisdictions. This complexity is increased by the fact that it’s a physical object, and subject to the usual warranties, consumer protection legislation and uniform commercial code rules associated with consumer products. Be sure to plan for appropriate legal counseling.

Erik Peterson
DevOps & Cloud Infrastructure