Let's Give the Network to the Developer and Shrink the Infrastructure

Published: Tue 16 Jul 2013
A blog entry by Michael Holdmann

Contributed by:

Michael Holdmann
EVP | Strategy | Alliance
Coversant, Inc.

Michael Holdmann's Blog

I attended the San Francisco Internet of Things Meetup @sfiotmeetup on May 23, 2013 to hear Scott Jenson (jenson.org) give an insightful presentation to the bay area IoT design and developer community on his thoughts from a designers perspective of the market.  During conversations over the last year while developing the strategy, brand and message for Coversant Inc. and its SoapBox platform, the one topic that continually takes center stage is not WHAT we will get out of the IoT, rather HOW are we going to get all of these devices that are being produced by multiple manufacturers, utilizing either proprietary, closed or open protocols going to connect and talk to each other.  Without failure it became a topic of conversation both during Scott’s presentation and afterwards during networking (beers).

There are large companies that are trying their hardest to resurrect old closed system protocols claimed as being “open” now, or groups interested in trying to add functionality to protocols they feel are capable of someday being the bond that glues the devices through additional infrastructure.  There will NEVER be a single protocol for ALL devices, that is just fine.  What there needs to be is an open standard communications layer protocol.  This would allows those disparate closed and proprietary protocols and manufacturers devices/systems to transport the data to and from all that require awareness of the information bidirectionally, with security and networking built into the protocol not via appliances added to the network, and it should have advanced presence processing.

I have been involved in the Telecom/Internet industry since I started pulling 25, 50 and 100 pair cable for small key systems and maintaining large 5000 line PBX’s in the late seventies and early eighties. I designed and deployed a wireless (MMDS) internet company in mid nineties and created an ASP model (this is the old term for Cloud) using network attached appliance with secure card log on and no storage at endpoint in late nineties.  I worked with product teams developing and launching VPN, MPLS and converged communications technologies at US based RBOC in the early two thousands.  I developed and opened international markets for a global ecommerce platform and I developed secure remote desktop environment and backend system using portablized applications technology as opposed to virtualized technology.   This short background is to give an understanding of the connecting things/systems knowledge, emerging technologies and new markets I have been involved with over the years.

One of my biggest peeves is the obvious desire of organizations to create more bloat in software AND hardware.  How many appliances do you currently have in your network to move data, track data, secure data and balance the traffic so that all content will be accessible whenever someone/something wants or needs it?  How many more appliances (let’s call them what they are, points of failure, points of latency, points of intrusion) are you willing to add and manage?

What if you were able to move all control and forwarding to Layer 7?  What if you could mitigate man-in-middle attacks and compromise of data during layer 2 and 3 hacks/attacks?  What if you could control who has access to your domain with white list/black list on server?  What if you could know every device verified via dual certificate, with channel binding through encrypted tunneling on your network?  What if you could stop unnecessary polling, move to event driven SOA 2.0, and reduce your network resources by 50% or more?  What if your SOA and ESB platforms collapsed into your communications platform for reduced server and infrastructure costs both OPex and CAPex? What if you could achieve global load balancing without an appliance? What if you could close every incoming port on your firewall?  What if all this and more can be enabled with a single protocol that is already present on over 1 billion mobile devices used for many different communications functions whether they are Machine 2 Machine, Machine 2 Human or Human 2 Human?

The Case for XMPP

The Industrial Internet era to include IoT and M2M markets require a persistent connection where the end point doesn’t need to poll the server continually. Extensible Messaging and Presence Protocol (XMPP) was designed to send all messages in real-time using a very efficient push mechanism. Unlike traditional web service API’s, which are unidirectional, XMPP allows bi-directional communication in near real-time without requiring polling schemes or web hosts at both locations.  The presence feature of XMPP enables nodes in the application network to be aware of the states of the other nodes. Endpoint presence changes are pushed, as they happen, to other interested endpoints in real time with the end result being more efficient management of the network. Additionally, the Extensible Messaging and Presence Protocol (XMPP) was designed for large numbers of users behind firewalls and proxies to connect to the internet, so is easily able to scale to 50 million users.

Traditionally used for online chat communication or instant messaging, XMPP has evolved to incorporate features including event publishing, voice streaming, and file transfer.[i] With XMPP an endpoint can be anything—a sprinkler, a sensor, a phone, a toaster, a television set-top box—making it a powerful technology for enabling IoT and Big Data transfer implementations.

XMPP has a decentralized client-server architecture allowing multiple, independently administered servers to be linked together. Using XMPP as the underlying communication protocol for IoT, it is possible to get closer to the ideal of “one network management protocol for monitoring, alarming, configuration, and exchanging policy information, independent of the network,”[ii] because application layer gateways can be omitted. The primary goal for bringing XMPP into the IoT vision is to simplify the interconnection of devices.[iii]

XMPP message syntax is based on XML and designed to allow application-specific extension enabling anyone to build custom functionality on top of the core protocol. In 2010, Gartner predicted that XMPP would be the standard of communication over the internet by 2015 based on the projected onslaught of devices.[iv]

Finally, XMPP is highly secure due to secure Simple Authentication and Security Layer (SASL) mechanisms in addition to Transport Layer Security (TLS) having been included in the core XMPP specifications. As a result, an XMPP server can be isolated from the public network, preventing man-in-the-middle attacks.


[i] Casado Mansilla, Diego, Velasco Perez, Juan Ramon, and Lopez-Ramos, Mario. A Dynamic Distributed Federated Approach for the Internet of Things. University of Alcala, Madrid. February 12, 2011.

[ii] Ersue, M and Korhonen. Interconnecting Smart Objects with the Internet. Internet Architecture Board. February, 2011.

[iii] Mattern, F. and Floerkemeier. From the Internet of Computers to the Internet of Things. Distributed Systems Group, Internet of Pervasive Computing, Zurich, Switzerland, 2010.

[iv] Smith, David Mario. MarketScope for Enterprise Instant Messaging and Presence, Gartner, October 8, 2010.