Eurotech Overview
• One of the world top players in the Embedded Computers market
• 20+ Years of experience in “M2M” and distributed systems
• Behind the products of more than 20 Global 500 companies
• Strong vertical market competences:
– Industrial & Logistics
– Transportation
– Defense & Security
– Healthcare & Medical
Eurotech Overview
JAPAN
SINGAPOREITALYFRANCEUSA
USA UK
INDIA
Marketing and Sales
Development & Engineering
Production
The Internet of Things
• Performance constrains
• Hardly any standards
• Human resource constrains (C++)
• Expensive, limited communication
• Monolithic approach
• Single-purpose devices
• Hardware-defined systems
• Store-and-Forward communication
• Operations-centric approach
• Powerful embedded systems
• Open and industry standards
• No HR constrains (Java)
• Inexpensive, available communication
• Systemic & platform approach
• Multi-service systems
• Software-defined systems
• Real-time data and communication
• IT-centric approach
“Old M2M” M2M 2.0 = IoT
Eurotech’s Approach to IoTBusiness
Applications
Sensors,
Actuators,
Displays, …
@
Multi-ServiceGateway
Everyware CloudM2MIntegrationPlatform
Multi-Service Gateway Approach
• Multiple business relevant tasks areaddressed and technically consolidated
• Data delivery using a open protocol effectively decoupling data providers and data consumers
• IT centric device application development using Software Frameworks to implement business logic in smart edge devices / multi-service gateways
• More efficient bandwidth utilization –carrier cost optimization
• Off the shelf purpose built devices designed to meet vertical market value propositions
Sensors
Actuators
Legacy
Systems
Smart
Machines
M2M
Multi
Services
Gateway
Human /
Machine
Interfaces
Meters
IoT Gateway Framework
• Open Sourced at Eclipse Kura
• Extended and Commercially supported on Industrial Hardware by Eurotech
• Modular software components• Manage cloud connectivity• Network configuration and administration• Support for different protocols• Remote management and access• Integrated development environment• Application portability
Linux OS
Java / OSGi
Open HWIndustrial
HW
Embedded App
Open Java/OSGi Middleware for IoT Gateways
IoT Gateway Challenges:
• Pressure to add value in shrinking timeframes
• Velocity of technology changes outstrips staffing
• Interoperability trumps exclusive differentiation
• Quest for quality w/o lock-in
Open Source is the Answer!
Founded in 2012 by
Now …23 Members15+ new projects1M+ lines of source code The fastest growing Eclipse workgroup
ESF Overview
OpenJDK 7, Oracle Java SE 7 Embedded
OSGi Application Container (Eclipse Equinox, Concierge)
Device Abstraction
javax.comm / RS-485
Basic Gateway Services
DB Service
Clock Service
Device Profile
Watchdog
Network ConfigurationNetwork Configuration
Field ProtocolsConnectivity and Delivery
Data Services MQTT Paho
Ad
min
istr
atio
n G
UI
Applications
Your Application
Re
mo
te M
anag
em
en
t
Co
nfi
gura
tio
n
Man
agem
ent
javax.usb + udev
Cloud Services
Your Application
Firewall, Port Forwarding
Network Monitors
Cellular, Wi-Fi, Ethernet
GPS PositionGPIO / SPI / PWM / I2C
jdk.dio
ModBUS
CAN bus
Custom Protocols
Up
dat
esM
anag
emen
tR
emo
te A
cces
s
Java USB HID APIs javax.bluetooth / BLEjavax.smartcardio
Security
Security Manager Certificate Manager SSL Manager Provisioning
Device Management
• Device Provisioning– Provisioning of Device Credentials– Provisioning of Configuration with Account Affiliation
• Embedded Application / Bundle Management– Bundle Start/Stop– Incremental Software Updates
• Service Configuration Management– Configuration Updates– Management of Snapshots and Rollbacks– Remote Certificate Management
• Device Batch Operations– Scheduled Device Management Operations – Single/Group Devices Targets– On-reconnect Device Management Operations
• Remote Access and Management– Remote Command Executions– Remote Access through Everyware VPN– System Monitoring and Diagnostics for CPU, MEM, …
MQTT
on
Security
Ad
min
istr
atio
n
Data ManagementDev
ice
Co
nn
ecti
vity Application Integration
Device Management
Application Management
Local and remote configurability of OSGi framework is key for system reliability
Application Management
Local and remote manageability of applications provides easier path for upgrades and rollouts
Service Configuration Management• Exposing configurable
parameters allows remote tuning of running service
• Live updates of running services prevents costly downtime
Service Configuration Management• Providing “snapshots” of the
framework provides continual known states of the system
• New snapshots can be applied to quickly update the entire framework
• Snapshots can be rolled back to known good state if needed
Service Configuration Management• Exposing the device keystore for
remote management allows for easily adding new certificates to a gateway
• Quickly revoke/update compromised certificates
Device Batch Operations• Gateways can be
organized into groups• Jobs can target user-
defined gateway groups
• Support flexible scheduling and retries
• Support executions upon device reconnects
• Report job execution status
Remote Access
Everyware Cloud
MQTT
Everyware VPN Server
Remote Terminal
or ApplicationManagement
Console
VPN
VPN
1
23
4
1. Gateway connected through MQTT2. VPN connection to Gateway is requested3. VPN connection from Remote Terminal is established
and bridged to the Gateway4. VPN connection from Gateway is established5. Through ESF NAT and port forwarding, Remote Terminal
can access devices connected to the Gateway subnet
Gateway
5
Device SecuritySecuring Device to Cloud (Communication Security)
• Device Authentication Options
– Unique per-device credentials distributed by Provisioning
– SSL/TLS Mutual Authentication
• Platform-Signed Device Management Messages
• Device Initiated Connections (No open ports on Device)
• Allowed traffic is secure and mutual authenticated (SSL/TLS)
• Everyware VPN Service
Securing the Device• Secure device identity
• Secure execution environment (ESF 3.2)
• Encrypted Configuration Storage and Certificates Stores
• Device Unique Master Password
• Remote Certificate Management
• Firewall
• OSGi / Signed Code
• Everyware VPN Client
• Secure Boot
on
Hardware
Java VM
Code
Linux
Separate Data from Management
Connection ManagementAuto-connectConnection RetriesStore and ForwardMessage Priorities
Application ProtocolTopic NamespacesMessage CompressionLife-cycle MessagesRequest/Response
Connection ProtocolTransport Abstraction
CloudService
DataService
TransportService
ESF/Kura Application
CloudService
DataService
TransportService
Device ManagementTelemetry Data
Telemetry Data