API Gateway for IoT devices

Transcript

1. 2018/02/28 API Gateway for IoT devices

2. June 2015 Tyk 1 / About me Leonid Bugaev -

   In software engineering for the last 15 years - Lead engineering at Tyk.io - Happy father living a nomad life https://github.com/buger https://speakerdeck.com/buger @buger [email protected]

3. June 2015 Tyk 2 / What is API gateway Create,

   publish, maintain, monitor, and secure your APIs and Web services with minimal engineering involvement

4. June 2015 Tyk 3/ Tip of the iceberg DEVELOPER MANAGEMENT

   REGULATOR REQUIRMENTS INTEGRATIONS ANALYTICS AUTH CORE

5. June 2015 Tyk 4/ THE REST You work on the

   core API Gateway handle “THE REST”

6. June 2015 Tyk 5 / Major IoT challenges - Security

   - Connectivity - Compatibility and Longevity - Standards - Intelligent Analysis & Actions - Privacy - Society - Regulatory Standards

7. June 2015 Tyk 6 / Security The hacking of baby

   monitors, smart fridges, thermostats, drug infusion pumps, cameras and even the radio in your car. Industry being in its “gold rush” state right now

8. June 2015 Tyk 7 / Connectivity At present we rely

   on the centralized, server/client paradigm to authenticate, authorize and connect different nodes in a network. IoT going grow to hundreds of billions of devices. Centralized systems turn into a bottleneck.

9. June 2015 Tyk 8 / Connectivity At present we rely

   on the centralized, server/client paradigm to authenticate, authorize and connect different nodes in a network. IoT going grow to hundreds of billions of devices. Centralized systems turn into a bottleneck.

10. June 2015 Tyk 9 / Compatibility and Longevity Many different

    technologies competing to become the standard. Some will become obsolete in the next few years, effectively rendering the devices implementing them useless. Physical device longevity now depends on your software

11. June 2015 Tyk 10 / Standards - Network protocols -

    Communication protocols - Data-aggregation standards

12. June 2015 Tyk 11 / Factors driving adoption - Lower

    machine prices - Improved machine functionality - Machines “influencing” human actions - Deep Learning tools

13. June 2015 Tyk 12 / Challenges facing the adoption -

    Machines’ actions in unpredictable situations - Information security and privacy - Machine interoperability - Mean-reverting human behaviors - Slow adoption of new technologies

14. June 2015 Tyk 13 / Business - Consumer IoT: smart

    cars, phones, watches, laptops, connected appliances, and entertainment systems. - Commercial IoT: inventory controls, device trackers, and connected medical devices. - Industrial IoT: electric meters, waste water systems, flow gauges, pipeline monitors, manufacturing robots

15. June 2015 Tyk 14 / Society - Customer demands and

    requirements change constantly - New uses for devices - The uses for Internet of Things technology are expanding and changing—often in uncharted waters. - Consumer Confidence - Lack of understanding or education by consumers of best practices for IoT devices security (default passwords?)

16. June 2015 Tyk 15 / Privacy - The IoT creates

    unique challenges to privacy - Respect individual privacy choice - Different privacy standards in different locations

17. June 2015 Tyk 16 / Regulatory Standards - Regulatory standards

    for data markets are missing especially for data brokers: how data is used and who has access - Even though data appear to be the currency of the IoT, there is a lack of transparency about it

18. June 2015 Tyk 17 / What is MQTT - Machine-to-machine

    (M2M)/"Internet of Things" connectivity protocol - Lightweight, open, simple, and designed for easy implementation - Small code footprint where network bandwidth is at a premium - Ideal for constrained communication environments - Continuous session awareness (publish a message if client goes offline)

19. June 2015 Tyk 18 / Publisher -> Broker <- Subscriber

20. June 2015 Tyk 19 / Brokers and Clients - Receive

    client subscriptions on topics - Receive messages from clients - Forward messages to interested clients MQTT Broker - Publish messages to the broker for other clients to receive - Subscribe to topics they want to receive MQTT Client

21. June 2015 Tyk 20 / Quality of service - 0:

    "At most once" delivery ("fire and forget") - 1: "At least once" delivery - 2: "Exactly once" delivery MQTT-SN - 3: Do not care about delivery

22. June 2015 Tyk 21 / Not IoT alone Facebook Messenger

    use MQTT protocol [1] [1] https://www.facebook.com/notes/facebook-engineering/building-facebook-messenger/10150259350998920

23. June 2015 Tyk 22 / Existing MQTT developer tooling Either

    too expensive or too technical Lack of standardization and flexibility

24. June 2015 Tyk 23 / How to fit MQTT into

    Web architecture Challenges - Custom TCP based protocol - Bi-directional communication - Lack of standards

25. June 2015 Tyk 24 / GRPC over HTTP/2 as inspiration

    https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md

26. June 2015 Tyk 25 / Mapping MQTT message to HTTP

    - Packet type -> custom HTTP Method - Topic -> Path - Meta -> Headers - Body -> Body - Error/Success -> Status code

27. June 2015 Tyk 26 / Implementation - Convert MQTT message

    to virtual HTTP request - Run it though standard chain of HTTP plugins - Convert HTTP request -> MQTT message

28. June 2015 Tyk 27 / Supported features - Authentication -

    Authorization - Analytics - Configuration and transformation - Protection

29. June 2015 Tyk 28 / Authentication MQTT CONNECT has native

    user/password Maps to basic HTTP authentication username=JWT password=<jwt-token> JWT, OpenID, Tokens, etc…

30. June 2015 Tyk 29 / Authorization Each client sends unique

    ClientID Or Broker/Gateway assign ID Each client gets own token, with base policy, which you can trace via analytics, and individually configure granular ACL.

31. June 2015 Tyk 30 / ACL

32. June 2015 Tyk 31 / Analytics

33. June 2015 Tyk 32 / Analytics

34. June 2015 Tyk 33 / Configuration and transformation - URL

    rewrites to re-route topics - Body rewrites to modify payloads - Conditional logic based on metadata (like QoS) - Load balancing and service discovery - Configuring QoS, retain or last will logic - Internal tooling like ElasticSearch or StatsD

35. June 2015 Tyk 34 / Protection - Rate limits and

    quotas, per client and globally - Throttling - Malformed data - Whitelisting and blacklisting topics - Stripping sensitive data

36. June 2015 Tyk 35 / Performance - 5k RPS -

    Thousands of clients Standard 2 Core cloud VM instance: 8 core dedicated machine: - 80k RPS - Tens of thousands of clients - Few ms added latency with auth and analytics

37. June 2015 Tyk 36 / Revisiting challenges How API Gateway

    for MQTT can help with IoT issues GOTO 6;

38. June 2015 Tyk 37 / Availability -Currently in active development

    -Goal is to ship with 2.9 release, with ETA 3-4 months -Will be available in open-source -Private beta starts now

39. June 2015 Tyk 38 / We need your help Contributions

    and are welcomed! Send your feedback to: [email protected] or [email protected]

40. June 2015 Tyk 39/ QA session Contacts [email protected] or [email protected]