I am interested in building a device that will be connected to my home network and I will be able to control remotely via an app on my cell phone.
My original thought is this:
Both systems will pull data from some cloud service
My mobile device will modify a data entry in the cloud service
The device will be constantly pulling this data and update the necessary setting when they change
Concerns with the original thought:
Constant pulling of the device in order to see when data has been changed (inefficient)
No way to communicate from the device to the phone (feature limiting)
Question:
What is the best way to create the link between my mobile device and the device that will remain in my home?
Potential similar architectures include Nest, Ring, etc.
The concept is correct - typically, IoT devices and mobile apps communicate through the cloud. There are cases when you want to connect your app directly to a device (e.g. through bluetooth, LAN or sometimes even internets), but that is done usually for a specific reason, e.g.:
IP cameras generate a lot of traffic, putting it through a centralized server is very expensive, so cheap home products do P2P from mobile app (centralized served could help you get the IP address for your camera)
TV with phone as remote control. Using cloud service hear would be weird and limiting access to LAN simplifies the setup
In general cases (Next, Ring) you can be pretty sure the IoT devices talk to the cloud, instead of the mobile app directly. It both offer more feature (as the data can be processed in bulk in cloud), but there's also benefits for using the cloud even if it's used only to relay data.
In many cases, you also want to limit traffic (e.g. save batteries or data plan). Two key aspects to be able to do that:
Don't waste time setting up a connection. That means connecting to a stable cloud service (your mobile might not be online) and using optimized network (e.g. LAN with static IP address, NB-IoT or LTE-M)
Choose optimal M2M protocol. Two popular M2M protocols are COAP ("light weight HTTP") and MQTT (a messaging protocol)
Once you've set up how both your device and mobile app can exchange data with the server, it's up to you to design how to use that. Note that there's nothing stopping from the device to also push data to the server - all connection (IoT device <-> cloud <-> mobile app) can use two-way protocols.
Related
I've tried Amazon MQ today and found out that it is very easy to setup and we can integrate the pub/sub feature on our IoT device side quickly. But unfortunately, when I check the limitations of Amazon MQ, the maximum connection for an instance is only 1000.
The ff screenshot taken from Amazon MQ Docs:
This is too low. And I don't see a quota increase options for that. Plus, I am only allowed to have a maximum of 20 brokers per region, so basically a max of 20k devices only. And to create 20 brokers, the cost is too high as compared to setting up an MQTT broker by myself in an EC2 instance of 8Gb memory and 2CPUs, I can handle up to 50k connections.
Then I saw another option which is to use the AWS IoT for device management. It supports up to 500k devices. But the downside is I have to register all my devices as "Thing", and I have to get certificate for each device. But I really don't need Amazon to manage my devices and keep track of the device's states, we already have it done. Plus, we have to familiarize our self on how devices are managed using the AWS IoT device management console. Therefore, using the AWS IoT service as a message broker is more time consuming to implement than using Amazon MQ.
So, my question is, is Amazon MQ really not designed for IoT devices? Is there anyway to use just the MQTT broker service alone of AWS IoT device management without using its management features(I don't think this is possible)?
Amazon MQ is a cloud managed service for Apache ActiveMQ. One of its aims is to make it easy to migrate an existing product using the protocols that ActiveMQ supports to a cloud managed solution.
So, my question is, is Amazon MQ really not designed for IoT devices?
Your question presumes that there is a black and white answer. Amazon MQ may be entirely suitable for an existing product that needs a managed cloud broker. For another product with different requirements it may not be suitable.
Is there anyway to use just the MQTT broker service alone of AWS IoT device management without using its management features(I don't think this is possible)?
Yes, it is possible to use the AWS IoT broker without using the 'thing' management features. From https://docs.aws.amazon.com/iot/latest/developerguide/iot-thing-management.html
You do not need to create a thing in the registry to connect a device to AWS IoT.
You can connect a client device to the AWS IoT MQTT broker using just a certificate without creating a thing. Though typically each device has its own certificate and the thing registry is a means to manage the relationship between a device and a certificate.
There are also alternate means for clients to authenticate.
As of now Amazon proposes managed RabbitMQ, where there are no fixed limits on the number of connections (it just depends on the size of your machines):
EDIT: they don't support the mqtt plugin for the moment, so this will do for AMQP, but not for MQTT.
I have been developing an asp.net core web application and published on the production mode (online server), the users can access it with the specific domain name and will log in and do data entry from three different countries.
But, the problem is sometimes, in one specific country there is no internet access, my client wants that this application should work online and offline, If there is no internet access the local branch must be able to do data entry, then when the internet gets connected data should send to the online server database,
What is the best way to achieve this goal?
Please write your view or add some good forum link below.
Rationally, it is not possible for you to access a Web App without internet. Web Apps are meant for network usage. However, I believe there is a workaround for such requirements. What you can do is that you can create a clone of your database for the third user, who has no internet access and perform all transactions within the local machine and when the connection comes back on line, you can replicate the data from the local SQL Server into the online server database.
And then there is something called Progressive Web Apps , which will allow you below privileges :
Reliable - Load instantly and never show the downasaur, even in uncertain network conditions.
Fast - Respond quickly to user interactions with silky smooth animations and no janky
Engaging - Feel like a natural app on the device, with an immersive user experience.
What are Progressive Web Applications, Google has something more to discuss here
I am running my server on google app engine and i have all of my services (e.g MongoDB, Redis, Elasticsearch) are deployed on compute engine. Now i wanted to connect my compute engine instances from App engine only that's why i deleted all of my firewall rules of my compute engines which were connecting them from external ip's, now only the instances that are within the internal network of my google cloud project can connect to themselves, now i am just wondering about IP spoofing that as nobody from outside my internal network can connect to my instances now can they fake their ip by telling my firewall that their ip is the ip which any of my instance is having because if that can happen then my whole security will be breached.
Now one question does google cloud project's firewall implement any measures to secure our instances from IP Spoofing or we have to setup something in order to avoid that.
If any of you have any idea about this please enlighten me.
Thanks
It's not quite clear which spoofing scenario you are concerned about. These two come to mind:
External party spoofing packets for your internal network, ie. the 10.0.0.0/8 range. This is not possible as packets inside your network can only come from VMs and VPNs in that private network.
Spoofing packets from other Google / GCE IP ranges; eg. the ones used for external addresses: This should be caught by Google's network ACLs.
I would however not recommend to authenticate based on IP address. For example, if you are communicating over external IP addresses between GCE/GAE entities, it's easy to be too broad, also allowing other GCE/GAE customers. Even if you only whitelist single IP addresses there is a risk that over time, your setup becomes more complex. Imagine for example, if an employee deletes a GCE instance without also removing the IP from the whitelist. In that case, the IP would be released and available to other GCE customers who could then access your service.
Therefore, it's usually safer to use an application level authentication mechanism such as SSL client certificates.
I have a front-end angular app using firebase to store user data.
I currently do not have a backend set up, such as a node.js server.
I would like to use the Google Docs API to upload files from my app.
Since the Great Firewall of China does not (or makes unstable) the use of Google services, is it possible to place those services on the backend server and still use them reliably?
Perhaps after they have uploaded the document to firebase, a backend script retrieves it, uploads it to google docs, and then removes the record from firebase? Just trying to see if Google or similar services are even feasible for this use case.
I suppose the crux of my question is whether or not the calling of the Google API would be taking place on the user's computer, in which case would it become unstable?
** Updates for clarity:
I am deciding whether my firebase-backed app needs a more traditional backend like a node server to do things like: upload images and documents, send mail via Mandrill, etc... It would be helpful to me if I knew whether, after putting in the time to create a server, some of the services I am after (aka APIs) are any more resilient to the GFW than they would be if they ran on the client side. So if any one has had success in such a task, I would like to know.
** Technical update:
So, for example, if I run the Google Maps API on the client side, if the user is in China and is not running a VPN, accessing the API calls will either lag or time out or (rarely) success in returning the scripts. If I was somehow able to able to process the map query "off-site" aka on the server, could I then return with a static image of the map to a Chinese user without fail?
If I was somehow able to able to process the map query "off-site" aka
on the server, could I then return with a static image of the map to a
Chinese user without fail?
Yes, of course. What you are going to miss this way is all the front-end interactive functionality Google Maps offers. But if that's ok in your use case, sure.
I have never tried it with the GCF, but what I would do is this:
Google Maps <-> Your Reverse proxy <-> User
So, instead of the user visitng the real google maps site, it will be visiting your maps.mydomain.com site, that will be sitting in between, proxying everything.
Nginx is an excellent choice for a reverse proxy. If you need more control, there are good node.js reverse proxying packages that you an use to rewrite the content extensively before serving it (perhaps to obfuscate it in case the GCF blacklists content based on pattern matching, or to change the script names/links again to avoid pattern matching).
You are misunderstanding about the great firewall of China. I consulted for a couple of Chinese companies after the dot com crash so I can say this from personal experience, not hearsay.
It is mostly high-end Cisco hardware behind gateways behind their government telecom infrastructure. Nowadays they knock off what hardware they can, every chance they can, and spend money on specialized hardware to monitor cell phones systems.
There was a brief mention of the street-level surveillance hardware on 20/20 before the crash if you are interested in looking it up.
Not to discourage you, but I say set up whatever open servers you want with whatever frontends or backends you want, but the reality is the traffic is not going to be there.
That is why they call it an oppressive regime, they do not get to decide for themselves, remember?
How do Mobile Apps communicate with a server? Does this communication happen over HTTP or are there other methods (for instance, I guess a mobile app could open a socket)? Does this differ form device to device? Is there one most commonly used approach? If the communication happens over HTTP how do the URLs look like? Is there a way to identify the app based on the the "User Agent" in the HTTP request if the communication is happening over HTTP?
Mobile Apps can communicate with a server in many ways. Mobile apps can also use other features of the mobile. For instance SMS , MMS. Its pretty open really. Your question could be "how do computers communicate with a server?".
A mobile app can be a simple as loading a web page. This would be http.
The problem with mobile apps. They run on phones. There are lots of different phone manufacturers and its up to them (in some case the mobile phone operators also have weight) what to allow the programmer to do by the choice of operating system.
If you are getting started with mobile apps. Take a look at android its pretty simple to get going with if you know a little about programming.
As for the useragent. It depends but usually if you are using the http api on the phone, you can set the user agent to what ever you want it to be, its just a string.
Hope this helps!
Communication usually happens over http. Applications usually identify themselves in the User Agent field