Gateway Management

Remote Gateway Management: Benefits, and how we make it happen

Key features of the AGILE gateway include the ability to provide data and device management, execution of Internet of Things (IoT) applications and, importantly, communicate with the Cloud to enable a plethora of use-cases. But there is also features that are provided “under the hood”, features such as security.

Resin.io: a not-so-silent force working alongside the AGILE gateway

For AGILE to enable user application deployment, remote updates, and monitoring of connected gateways, we are customising and will utilise a software technology built by one of the project partners called Resin.io – it is a Remote Gateway Management interface that is deployed in the Cloud, and has, amongst others, a local component that will be running on each gateway called “Agent”.

Resin.io Container used in AGILE: Enables remote management features

The Resin.io Agent works on container level, with elevated privileges to manage both the underlying Operating System (OS), but also the user-space (any applications installed). In simple scenarios, it downloads the changed layers of any application container images, stops the old versions of those applications, and starts the new ones. As the process is ongoing, you can see the overall progress of the process in a dashboard. It is fully interactive, and allows clicking on any specific gateway devices to see more detailed information about the device, such as logs.

Dashboard

Staying up-to-date: A dashboard allows you to see the current status of a gateway

The Agent, which we are customising for use in pilots and use-cases adopted by AGILE, also contains the necessary components to keep a persistent, always-on connection to the Cloud environment which controls it (over secure VPN, as we are paranoid about security!). The Agent allows, upon authorisation, anything from updating the AGILE gateway on the fly, restarting modules and applications, adding functionality as well as providing monitoring information (such as OS logs) automatically and upon request. It also enables a streamlined approach to defining environment variables or other configuration options on the gateway.

Security, as always, is paramount

By far the most important feature is its ability to receive over-the-air updates. And we believe this is extremely important on any IoT application for security reasons. Imagine your gateway, end-devices and deployed applications suffering from a bug whilst you are unable to deploy a fix remotely – and now imagine if it’s not an issue with your own code, but rather an urgent OS security vulnerability! A popular real-world example of this is the U.S. Traffic Safety Administration car recall announcement, one from Tesla Motors, and one from GM. Both are related to problems that could cause fires. Tesla’s fix can be conducted as an “over the air” software update and doesn’t require owners to bring their cars to the dealer (more on this on the Wired article here). And there are recent cases of cameras being hijacked, armies of devices used for Distributed Denial of Service (DDoS) attacks… so let’s just say that it’s important for us to “have the users covered” as part of the AGILE project.

Of course, there is even more urgent need for these solutions to be secure (after all, any device which is why we are dedicating months of work, and the expertise of research and industry partners, in making sure the hardware and software stack behind AGILE is secure, end-to-end.

What does the management interface it look like?

As one our principles is to make things as easy as possible for our users, we are utilising the latest standards in Web development, User Interface (UI) design, and User Experience (UX).

Here is what you should expect to see once you get your hands on an AGILE gateway:

Device management interface: Environment Variables, Terminal, Actions (e.g. reboot)

Gateway Management

Multi-gateway management: Information on OS updates, availability, monitoring/logs

Let us know your thoughts

The AGILE consortium comprises pioneering partners in hardware and software for IoT. Resin.io has been built to bring the Cloud deployment workflow to the world of embedded devices, and the customisation for use in AGILE with an AGILE-specific gateway management system, is no exception. Along the lines, we discover and assimilate interesting ideas from the Cloud or embedded worlds, or even invent ideas that only apply to the new paradigm the project represents.

There is a lot going on behind the scenes, and we are very keen to hear from the community about features they would like to see on the Remote Gateway Management interface. The consortium partners are organising pilots that will allow IoT device manufacturers (devices that will be controlled by the AGILE gateway through its integrated network modules), as well as developers and end-users to get hands-on with our early prototypes and final hardware gateway.

Author
Georgios Michalakidis, R&D Manager, Resin.io

https://www.jisc.ac.uk

AGILE Identity Management

The basis of a security framework is to identify and authenticate users and entities in the system. As a result, developing a proper identity management platform is the first step to start building the security mechanisms in the gateway. Now, we will describe key aspects of AGILE’s IDM and how it can be integrated on external systems, why some of the design choices were made, and point to additional resources which are hopefully useful for newcomers.

A Polyglot User Identity Management

We want to make our user’s lives easy by not creating yet another identity management system which forces them to create new username and passwords just to interact with the gateway. In our daily lives we already deal with a high amount of different credentials with particular restrictions; for example, passwords need to have a minimal length and must include particular characters. Some users deal with this by reusing passwords in different systems; however, this is a bad practice since the system administrator, or an attacker compromising the system, would obtain the user’s credentials for other external systems.

As a result, we have put considerable effort to find proper ways to integrate different authentication mechanisms into our identity management in order to have a usable user management. Currently, AGILE IDM allows users to authenticate using a range of protocols such as Web ID, Oauth2, or username and passwords verified locally on the gateway’s side.

Practically, this means that users who have been already registered with external identity providers, such as Google or GitHub can use their accounts to log into their AGILE gateways as users do when they login using services that rely on such identity providers using Oauth2. Furthermore, for users who do not want to use such identity providers, AGILE offers also other options to authenticate.

For instance, in particular installations of AGILE IDM, it may be desirable that users can log in using the username and passwords used by the underlying Linux system (also avoiding the creation of new username and passwords for the gateway management). Another option is to obtain a Web ID certificate from a provider (such as databox.me or similar) to login in AGILE by just selecting the client-side certificate during the validation step. The Web ID protocol, which is commonly used on linked data environments, allows users to authenticate with a web application by using a client side certificate validation step during the TLS handshake. The integration of this protocol will favor the integration of applications relying on linked data protocols (such as the Little Sister Jolocom’s application).

Last but not least, for users who still desire to have a local username and password generated just for the gateway management this is also supported.

Oauth2 Integration with AGILE IDM

AGILE IDM behaves as an Oauth2 provider towards applications relying on its authentication services. This integration method between applications and AGILE IDM is completely independent from the authentication mechanism used by AGILE IDM to authenticate the user. The latter could be Oauth2, Web ID, or a local username and password.
In consequence, any application relying on AGILE IDM to authenticate its users can use one of the Oauth2 grant types supported by AGILE IDM. Currently, AGILE IDM supports the following grant types:

  • Authorization code
  • Implicit (also known as token) flow
  • Client Credentials

To facilitate the use of AGILE IDM within the project, and by external adopters we have created a set of Node.js applications relying on AGILE IDM which implement the proper Oauth2 flows here. Furthermore, the authorization code application also provides a basic web interface to create and update entities and users, change their attributes, and them to groups. This will hopefully make testing and understanding how AGILE IDM works easier for newcomers.

Portable and Flexible

AGILE IDM uses Node.js as runtime; as a result, it can be employed not only on the gateway but also in other scenarios and operating systems. Also, in addition to the user management and authentication component, AGILE IDM allows the definition of flexible policies on the principal’s attributes in such a way that they can be written or read by particular users. This is paramount to support the definition of other entities, such as sensors or applications connecter or running on the gateway.
Currently, along with the German FORSEC project, we have begun a collaboration effort to integrate AGILE IDM in an IoT platform allowing users to control their data usage in a Cloud-based platform. AGILE IDM will offer not only user authentication, but also the management of principals in the system through its flexible attribute definition system. Last but not least, AGILE IDM also receives input from FORSEC regarding the policy enforcement framework on the attribute level.

Hands on Tutorials

To foster the use of the identity management platform developed in AGILE, we have also spent resources to document its functionality and to provide tutorials describing how to install, configure or extend AGILE’s IDM. For more information, please check the following links:

Authors

  • Juan D. Parra Rodriguez, University of Passau
  • Daniel Schreckling, FORSEC

Join us in Berlin for the IoT-EPI Challenge: Solving social problems using IoT

We are excited to announce the participation of AGILE at the upcoming IoT-EPI challenge event in Berlin this March. The event is open to IoT enthusiasts and entrepreneurs with creative minds who believe that technology and innovation can be applied for social good. Three main challenges are looking for the right candidates to combine the available IoT technologies (from IoT-EPI projects like AGILE) to develop successful use cases.

AGILE is part of the Retail: Scan-to-share challenge. We are working together with TagItSmart and BigIoT projects to provide retail shoppers the ability to identify which supermarket foods are about to expire before purchasing them. The objective is to provide it to individuals in need. Join us in Berlin to discuss how we can use the technology and develop such an interesting platform and user ecosystem that can be self-sustained and scalable.

If you are interested to join (participation is free), learn more on how you can use the AGILE gateway and IoT technologies for making social impact, and qualify for prizes, apply here until the February 8

Event Date: March 17, 2017
Event Place: Ahoy, Berlin, Germany
More info: website and Twitter @agile_iot

The AGILE Maker’s shield: Onboard sensors, expansion sockets and main features

The AGILE Gateway is intended to be a platform the community can take part on. From that intention comes the necessity of a quick development hardware where makers can test their ideas and contribute to the project.

The AGILE Maker’s shield integrates with the Raspberry Pi, following the Raspberry Pi HATs specification, and allows the AGILE software to run on it, making it a cheap and portable development hardware where testing sensors and communication modules is as easy as plug or unplug them, leaving the makers plenty of time to fulfill their creativity instead of worrying about specifications and configurations.Continue reading

Wildlife protection with Camynoo

We are excited to announce our partnership with Camynoo. Camynoo built a tracking solution for pet and wildlife protection, utilizing low power sensors and long-range connectivity networks. Camynoo is interested by the AGILE Pilot  “Open Field & Cattle monitoring using UAVs” and decided to partnership-up with us.

Camynoo will be one of the first  external early-adopters using the free and open source components that the AGILE project is developing for data collection, storage and application management on the gateway.

 

Adaptation: Deadline extension & New prizes!

 

Dear AGILE community,

We are proud to announce two big important pieces of news regarding Adaptation, AGILE’s media art contest & event:

  • New prizes: We will now be able to give 3000€ per category. The artists who get selected per each of the four categories will receive 3000€ in cash as a prize
  • Deadline extension: Due to the improved conditions of the rewards, we have decided to extend the deadline to the 31st of December so new artists can send their proposals and so those who already sent theirs can update them given the new conditions.

Are you still wondering what Adaptation is? Check it out in our introductory blog post.

Remember that in order to send your proposal you will need to send it to iot.is.art@agile-iot.eu before the 31st of December, and it should include how you will be making use of the AGILE gateway as an intermediary point between the sensors and the audiovisual representation of the data. More information about the guidelines here: http://agile-iot.eu/adaptation/guidelines.html.

Microservices for Internet of Things Edge Devices

Microservices and virtualization have recently revolutionized the world of software development bringing agility and innovation in this domain. Microservices promote the use of fine grained and independent services that are implemented as autonomous entities interacting each other through well known APIs: independent software modules ease the maintenance process and reliability, making it easier to identify which components fail, restart failed services or correct the identified problems. Virtualization helps instead to decouple hardware resources from software: software can run on multiple hardware architectures and can be easily moved and shifted from one server to another. With the advent of containerization technologies (such as Docker for example) microservices can be realized as “containers” that result to be extremely fast to start up and can be easily deployed (using a common packaging mechanism) and can be easily released and shared via common repositories (like the Docker Hub).

Continue reading

Using the IoTivity Protocol on an AGILE Gateway

Nowadays, Open Source is becoming more and more popular, even in the corporate world. Many companies are merging into consortium in order to define common specifications and standards for their products. One of the main consortium is the Open Connectivity Foundation and it is currently defining OCF specifications for the emerging needs of the Internet of Things (IoT). Company members of the consortium include Samsung, Intel, Qualcomm, Mediatek, and others. From these specifications, an open source framework, called IoTivity is being developed.

Sponsored by the OCF and hosted by the Linux Foundation, IoTivity’s goal is to create a new commercial standard that creates a robust and extensible architecture for smart and thin devices. It enables device-to-device and device-to-internet communications by supporting different protocol stacks like BLE, NFC, BlueTooth, IPv4/IPv6.

In particular for constrained devices, there is a stripped down version called IoTivity-Constrained that runs on Realtime Operating Systems like RIOT-OS, Contiki, Zephyr, and Linux. RIOT is now an official operating system supporting IoTivity.

In order to make developers life easy while developing smart objects that are able to talk IoTivity, a special RIOT-OS package has been developed. It allows the creation of IoTivity-based applications that are interoperable with commercial solutions.

The AGILE Gateway also supports IoTivity devices. We have developed a simple step-by-step tutorial in order to demonstrate the communication between an AGILE makers gateway (Raspberry Pi device) and a 802.14.5 node.

Collaboration with rapidmix

We are excited to announce our collaboration with the rapidmix H2020 project in the context of our Adaptation competition and beyond. rapidmix is providing an open source, cross-platform framework that allows the use of advanced machine learning algorithms in a simplified way for transforming masses of sensor data into expressive sound and gestures that can be used for gaming, music and arts.

We will be integrating the rapidmix software as a Docker container inside AGILE providing all aforementioned features to AGILE users and especially to the artists participating in the Adaptation contest. AGILE will also provide support for connecting IoT devices with sensing capabilities to the rapidmix toolkit. Rapidmix and AGILE users will be able to benefit from both technologies by collecting data from wireless sensors and generating multiple actuations developing this way complex interactions with objects in an easy way. Learn more about rapidmix project and the software features here. Stay tuned and follow us on Twitter (@agile_iot) for more updates on our collaboration.

Adaptation Contest & Event Update

Back in July 2016 we announced the opening of the Adaptation contest & event. Time is running fast and the applications period closes at the end of November. If you still haven’t heard about it you are still on time to jump on board. Find the basic information in our previous post.

In this post we’d like to share with new information regarding the contest:

The Adaptation Jury Board

We have brought together a Jury Board with a varied set of skills that will bring a complete analysis of the proposals in terms of their creativity and technical feasibility:

Read more about them here.

 

Next Q&A Session

Do you have any questions you’d like to ask? We are inviting everyone to join us to the next Q&A Session via Hangout on November 11 at 6pm CET, where the AGILE project coordinator and the Adaptation organization team will be there to answer. Don’t be shy and join us! you never know what you will learn or who you will meet during the call.
Sign-up here to receive a reminder a few days before. The link to the call is: tinyurl.com/adaptation23

image01