Automation via Messaging- the real Real Time that is important in IoT

Published: Fri 11 Oct 2013
A blog entry by Michael Holdmann

Contributed by:

Michael Holdmann
EVP | Strategy | Alliance
Coversant, Inc.

Michael Holdmann's Blog

A Scalable, Secure Communication Platform

Coversant platform allows for the automated conducting of data to the correct ends points, via auto-attendants (bots/shepherds) of virtual rosters (flocks/dynamic rosters) of devices and data source to be auto-discovered, auto-provisioned, auto-managed, & auto-controlled through a secure channel that can be configured on the fly. Auto-attendants can be written in any language and reside inside or outside of the platform (assuming in process extension, out of process extensions, or client extensions).

Additionally the standard features of SoapBox allow for human to human collaboration around the m2m, sensor data and analyzed results, including streaming of content through pub/sub, virtual rosters and MUC rooms. Coversant’s components can be integrated into existing UI with ease.

There is little dispute regarding the rapid growth of connected devices and the cloud. Cisco predicts that there will be 25 billion devices connected to the internet by 2015 and 50 billion by 2020.[i] The proliferation of the Internet of Things (IoT) will continue to change how we live and conduct business, enabling us to gather, analyze, and distribute data on a massive scale.

The success of the IoT will be determined by how “smart” the connected things are and what types of data we’ll be able to gather. A critical innovation necessary for the Internet of Things to thrive and grow is a communications platform that connects disparate things and enables them to seamlessly exchange data securely, efficiently, bi-directionally, and in real time; enabling the convergence of intelligent equipment, facilities, systems, and data and giving workers the ability to make better and faster decisions. This supercharged level of productivity has the potential to impact the world’s economy significantly, reduce energy costs, and realize enormous operational savings.[ii]

The platform must be malleable enough to scale autonomously, adaptive enough to handle constantly changing connections, and resilient enough to stand up to the huge ebbs and flows in data that will occur.[iii] The efficiency of data connection and provisioning is significant and must be effective within legacy, contemporary and future networking technology including dealing with network issue such as: high latency, low bandwidth, inconsistent and disconnected environments.

These requirements focus us to evolve from traditional Service Ordinated Architectures (SOA) to event based SOA solutions including bi-directional, secure, client aware server solutions. Additionally modern rapid authentication, compression, and multicasting features increase efficiency and security of SOA 2.0 platforms making TSOA & Device centric ESBs a reality.

Automation via Messaging

The introduction of this capability will allow all verticals; Health Care, Military, RDM, Manufacturing, Energy etc. to realize efficiencies, energy savings and lower TCO  while delivering a service to its customers that will create a more sticky and trusted relationship.  Automated Rostering allows the message to be read in transit, dynamically group and either launch applications or forward to a human whose profile best accommodates the needs of that specific issue opposed to going to the db and wait to be analyzed.

In order for the capability to be realized, advanced presence must be available.  Presence is universally understood as red, yellow, green availability indicators.  Advanced presence reveals any value or state that any device is in at any particular moment in time.   There is not a need to have continual updates from a device if it is acting in normal operational parameters, there is need to know when it is acting outside its defined normal operation and needs to be acted upon to prevent system failure or loss of life.

In short; Real-time tracking of status and capabilities of assets in the field allowing for automated discovery, provisioning, management and control of IoT devices and application.

Challenges

·         Presence requires rosters, and standard rosters require preconfigured

·         Presence can create significant chatter

·         Excess of unrelated presences message delivered many unrelated/non-required entities

Solution

·         Advanced Presence data

·         Automated Rosters (dynamic created based on conditions)

·         Auto-attendants (applications listening for events and condition, tasked with coordinating responses, both human and non-human aided)

Benefits

·         Automatically identifies assets in need and directs them to resources required to resolve issue(s)

·         Automatically link asset together to reduce miscommunication and cycle times

·         Update business and device processes from a single location (Cloud Controlled Devices)

The Following table describes how Automation via Messaging works for Factory and non-Factory provisioned devices can work. SoapBox is agnostic of data or files delivered through the system, but does require some content to be formatted using SoapBox extensions to as part of its Dynamic Rostering functionality, but telemetry or FW/SW updates can be any format required by the device.

 

For Generic Use

 

For Specific Installation

 

Device is Manufactured

 

Capabilities Profile Installed

 

Certificate Installed (Including Domain and Device ID)

During Installation, installer configures device Domain

 

Device is installed in specific location and wired to equipment

Device connects to SoapBox Infrastructure (SBI) via Installer Credentials and down Device Specific Certificate

 

 

 

Device Connects to SoapBox Infrastructure (SBI) using Device Certificate via SASL External

 

 

Device is Discovered in Pre-commissioned State

 

Device Send Capabilities to SBI

 

SBI uses device certificate to determine device ID

SBI “Provisioning” Attendant determines list of applications/configurations that can be installed

 

SBI “Provisioning” Attendant determines device Profile/Applications/Configuration by device ID (As it fixes the specific Installation)

Installer selects Device Profile

 

 

 

SBI “Provisioning” Attendant pushes Firmware, Software, and/or Configuration to Device

 

 

Device Send Events and Telemetry to SBI at Infinitum based on Device Profile

 

 

…..

 

 

SBI Matches Telemetry or Events with Monitored Condition

 

 

SBI Auto Attendant directly contacts devices to gather additional telemetry

 

 

SBI Auto Attendant determines if device issue can be automatically resolved

 

 

IF YES: messages directly with device(s) to resolve issue, Return to Nominal Condition.

 

 

IF NO: adds devices to roster of Work Force Management Specified Technician and provides device(s) condition with context

 

 

Remote Technician can directly connect to device to attempt to resolve issue

 

 

IF YES: Archive required actions, track in CRM, Return to Nominal Condition.

 

 

IF NO: Notify Equipment Expert and invite to MutliUserChat and/or Screen Share

 

 

Equipment Expert & Remote Technician are directly connected to device and attempt to resolve issue

 

 

IF YES: messages directly with device(s) to resolve issue, Return to Nominal Condition.

 

 

IF NO: Work Order is created and assigned to Onsite Technician which has the equipment knowledge, replacement parts, proximity and availability to resolve the issue.

 

 

IF: Onsite Technician availability changes, automatically reassign Work Order to alternative Onsite Technician to expedite server resolution.

 

 

IF: Device needs to be replaced, Onsite Technician can extract device certificate of the device(s) being replaced, and install them into generic replacement device

 

 

Device Connects to SoapBox Infrastructure (SBI) using Device Certificate via SASL External

 

 

Device is Discovered in Pre-commissioned State

 

 

SBI uses device certificate to determine device ID

 

 

SBI “Provisioning” Attendant determines device Profile/Applications/Configuration by device ID (As it fixes the specific Installation) [Including any changes from the original commission state]

 

 

SBI “Provisioning” Attendant pushes Firmware, Software, and/or Configuration to Device

 

 

Device Send Events and Telemetry to SBI at Infinitum based on Device Profile

 

 

…..

 

Collaboration meets the Internet of Things

Coversant’s SoapBox platform is the ideal foundation for realizing the benefits of internet enabled devices. The Soapbox platform provides a rich suite of collaboration features including MUC, broadcasting, streaming audio and media, to run alongside of collection and control fabric it provides for IoT devices. This combination allows for rich Interoperable Command, Control and Communication (IC3) applications.

Possibilities increase when teamed with Coversant’s Automation via Messaging concept that enables auto-discovery, auto-provisioning, auto-management, & auto-control of devices by automatically connection devices in specific conditions with the applications/auto-attendants that support them. One conceptual auto-attendant we feel is particularly valuable to US military is Future Presence.

Future presence is ability to broadcast with probability future position, tactics, and capabilities of friendly and enemy forces on the tactical battlefield to both commanders and soldiers via presence. SoapBox provides a secure mechanism to effectively share information in near real-time. Content can be granularly controlled via security labels and customized automated rosters.

Lastly, SoapBox’s open standard creates a valuable installation model, because SoapBox allows secure Server to Server (S2S) federation, IC3 solutions can be installed in each community/organization and be used independently, but can immediately federate communication between each installation. This allows Command and Control to bridge multiple regions and organizations as they’re invited in the response of an incident. This can be controlled through Black or Whitelisting of peered domains and updated on demand. See the following Example:
 

·         Each county in California could run their own IC3 infrastructure for management and response to local devices, equipment and events.

o   This data will include all EMR, IoT Social Media devices, sensors, actuators, sites etc. in Government and private sector and can be shared (including security tags to send sensitive/classified information to only those with proper clearance level). 

·         Each division of the US Military and other Federal agencies would host their own independent IC3 infrastructure including as needed customizations

·         In the event of a major earth quake, the affected communities can immediately provide data and current responses to their peers and active federal resources through S2S

o   This data will include all IoT devces, sensors, actuators etc. in Gov, NGO and private sector can be shared(including security tags to send sensitive/classified information to only go to those with proper clearance level.

·         An individual organization could take over command of the response, and use the data and communication provided by SoapBox IC3 to access a single complete operating picture with real-time updates and communicate directly through same mechanism to the boots on the ground.

·         Future Presence can be used to predict where first responders are headed allowing for more effective use of assets, and preventing accidents through better and more contemporaneous knowledge

·         Upon completion of the events, each community could have the command restored to them.

·         Lastly, because all of the messages are passed through SoapBox, we would have the ability to archive the inputs and responses sent for future review to learn more effective responses in the future.

Since SoapBox provides a platform that can be used for more than just command & control of emergency situations, i.e. Remote Device Management, Mobility, and Workforce Management each community is not required to invest in technology strictly for emergency preparedness. In fact energy and remote device management application enabled by SoapBox increase daily operating efficiency.

The SoapBox Platform Solution

In its 8th generation, SoapBox is a high performance communications platform with an advanced device Enterprise Service Bus (d-ESB) that marries the IoT and Big Data, enabling both the translation of one language to another and data mapping between different databases and applications. SoapBox simplifies the IoT by connecting all endpoints together, brokering communication between them and sending bi-directional information about events, data, and status between all endpoints.

The SoapBox d-ESB is based on event-driven service-oriented architecture (SAO) 2.0 that employs an advanced presence engine that enables the transport on any state of presence. SAO 2.0 is a more efficient, faster, and less resource intensive architecture than its predecessor, which most web services still use today.

The SoapBox platform enables application centric networking. Application centric networking decouples network-dependent applications from the network and enables parts of an application or a group of related applications to be distributed safely around the network tying the components together and enable them to act as a single unit.  This capability is accomplished by moving the networking control and forwarding functionality to Layer 7 (application layer in the OSI stack).  Each end-point is assigned a domain address, which is used for identification as opposed to traditional IP addressing where endpoints are tunneled to those within the domains they are assigned to. Additionally, the presence feature of Soapbox is a powerful concept that can be used for nodes in the application network to be aware of the states of the other nodes.

SoapBox also enables a very secure coupling between the application nodes.  A compromise of the physical network, or even the software defined network (SDN), does not mean a compromise of the application.  The application network may be disrupted by denial of service (DoS) but the data stream will not be compromised if an attacker is able to hack a router or attempt a man-in-the-middle attack.

Performance

In terms of scalability and throughput, the SoapBox proprietary high-performance message engine enables massive concurrency and, thus, the transfer of Big Data for complex large-scale federated deployments. SoapBox was optimized for IntelÒ CoreÔ processors. Tests run on single server (HP BL480 2x XEON 4 Core, 16GB, 10 GB NIC) with 1k of XML as the message body resulted in 200,000 to 250,000 concurrent sessions with 50 to 60,0000 messages per second. Industry standard is 25,000 concurrent connections and 20,000 messages on a single server.

Security

A discussion of SoapBox security starts the connection between a client and the server.  This is a TCP connection to which Transport Layer Security (TLS) may be applied.  TLS is part of the negotiation between the client and the server when the connection is being established.  TLS may be required by the server and/or client depending on settings.  A connection will not be made if TLS is required on one end and not supported by the other.

Most people are familiar with TLS as the means of creating a secure connection to a website and the effect is the same with the SoapBox connection.  TLS encrypts the data between the client and server. Additionally, TLS allows the use of a client certificate, which allows the server to be confident of the client identity.  Although not commonly used in a web scenario, this feature is useful as it means you can, if desired, present a certificate for identification rather than a username and password.  SoapBox supports the use of client certificates for authentication.

In the more typical case where a username and password is being used, SoapBox supports a variety of authentication mechanisms including the currently recommended SCRAM-SHA1 and SCRAM-SHA1-PLUS mechanisms.  The PLUS indicates the use of channel binding, a feature that ensures the two endpoints are using the same TLS connection.  Channel binding is used to avoid man-in-the-middle attacks.  Imagine an entity that pretends to be the server and receives TCP connections from the client and reflects the data onto a second TCP connection established to the real server. Channel binding lets the client and real server detect that they are not using the same TLS session, at which point the connection will be aborted.

The discussion to this point has involved connections between clients and the server.  Another type of connection is between two servers, which occur when endpoints in domains hosted on different servers want to communicate. The two servers must establish a connection to send data between the domains.  This server-to-server (S2S) connection can utilize TLS and client certificates so each server can be assured of the other’s identity.  Combining this with the SoapBox white list or black list feature for allowed S2S connections gives you explicit control over which domains your server will communicate with.

XMPP, one of the protocols in SoapBox is mandated by the U.S. Department of Defense (DoD) for real-time communication, including voice, video, multi-user chat, messaging, and the exchange of presence information (human and machine). The SoapBox platform, which allows simple integration with existing security solutions, including Integrated Auth, public key infrastructure (PKI), and data encryption, passed a series of rigorous interoperability (IO) and information assurance (IA) test performed under real-life conditions by the Joint Interoperability Test Command (JITC) at their facility in Arizona. Coversant was certified by and added to the DoD’s Unified Capabilities Approved Product List (UC-APL) in August 2012. It is one of only two companies to win certification for Unified Capabilities on the DoD UC-APL, and the only company that is U.S. based with all code developed in the United States.

Conclusion

The next logical step in the internet’s evolution is the interconnection with and integration of the real world, that is, the physical environment we live in.[iv] That interconnection is the IoT, but this is not the end of the story. The big win happens when the IoT is combined with collaboration to allow intelligent, integrated, interoperable command, control and managements of all assets human and machine. Allowing disparate organizations to securely share and manage everything; Coversant’s SoapBox platform is the foundation for the next phase. Coversant’s goal is to provide Real-Time control and management of assets to public and private organization. Real-Time for Coversant is the ability to identify actionable events and allow immediate collaboration and resolution of those conditions.



[i] Evans, David. The Internet of Things: How the Next Evolution of the Internet is Changing Everything. Cisco Internet Business Solutions Group. April, 2011.

[ii] Evans, Peter and Annunziata, Marco. Industrial Internet: Pushing the Boundaries of Mind and Machines. General Electric. November 26, 2012.

[iii] Humphreys, John. How the Internet of Things Will Change Almost Everything. Forbes. December 17, 2012.

[iv] Kirsche, Michael and Klauck, Ronny. Unify to Bridge Gaps: Bringing XMPP into the Internet of Things. Brandenburg University of Technology. March 2012.