Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Deep Dive: AWS IOT

1,148 views

Published on

Find out more about AWS and IOT

Published in: Software
  • Hello! Get Your Professional Job-Winning Resume Here - Check our website! https://vk.cc/818RFv
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Deep Dive: AWS IOT

  1. 1. 23rd May 2017 Deep Dive: AWS IoT Ian Massingham, Technical Evangelist, AWS @IanMmmm Danny Lousberg, VP Product Management, Technicolor Connected Home
  2. 2. Getting started: What is AWS IoT?
  3. 3. AWS: hyperscale infrastructure for connected devices Amazon SNS Mobile Push and Notifications AWS Lambda Run Code in Response to Events Amazon DynamoDB Predictable and Scalable NoSQL Data Store Amazon Kinesis Streaming Analytics Amazon Redshift Petabyte-Scale Data Warehouse …and more Amazon API Gateway Build, Deploy, and Manage APIs Amazon Cognito User Identity and Data Synchronization
  4. 4. IoT Applications : An Early Use Case for AWS
  5. 5. AWS IoT: simplify & accelerate IoT development Amazon SNS Mobile Push and Notifications Amazon DynamoDB Predictable & Scalable NoSQL Data Store AWS Lambda Run Code in Response to Events Amazon Redshift Petabyte-Scale Data Warehouse …and more Amazon API Gateway Build, Deploy, & Manage APIs Amazon Kinesis Streaming Analytics Amazon Cognito User Identity and Data Synchronization AWS IoT Connect Devices to the Cloud
  6. 6. AWS IoT “Securely connect one or one billion devices to AWS, so they can interact with applications and other devices”
  7. 7. AWS IoT: Core Capabilities Message Broker AWS-grade security Rules engine Device Shadows Device Registry Managed Platform Seamless integration with all of AWS
  8. 8. AWS IoT
  9. 9. Secure Communications with Things
  10. 10. TLS/SSL MUTUAL TLS AUTHENTICATION Mutual TLS Authentication
  11. 11. Public Key Cryptography Options For same bits & level of security ECC keys are much smaller that RSA keys Symmetric Key Size (bits) RSA Key Size (bits) Elliptic Curve Key size (bits) 80 1024 160 112 2048 224 128 3072 256 192 7680 384 256 15360 512 https://aws.amazon.com/blogs/iot/elliptic-curve-cryptography-and-forward-secrecy-support-in-aws-iot-3/
  12. 12. Communicating with the non-things (AKA Humans)
  13. 13. How we implement this MQTT + Mutual Authn TLS AWS Authn + HTTPS Server Authn TLS + Cert TLS + Cert Client Authn TLS + Cert AWS API Keys Confidentiality TLS TLS Protocol MQTT HTTP
  14. 14. Strong Thing Identity
  15. 15. X.509 Certificates https://aws.amazon.com/blogs/iot/just-in-time-registration-of-device-certificates-on-aws-iot/ Strong Thing Identity
  16. 16. Fine Grained Authorisation
  17. 17. AWS IoT Data Plane Control Plane Service Access Data Plane
  18. 18. { "Version": "2012-10-17", "Statement": [ { "Sid": ”ManageCerts", "Action": [ "iot:CreateCertificateAndKeys", "iot:CreateCertificateFromCsr", "iot:DescribeCertificate", "iot:UpdateCertificate", "iot:DeleteCertificate", "iot:ListCertificates” ], "Effect": "Allow", "Resource": "*" } ] } { "Version": "2012-10-17", "Statement": [ { "Sid": "RevokeOneThing", "Action": [ "iot:UpdateCertificate" ], "Effect": "Allow", "Resource": "arn:aws:iot:us-east-1:123456972007:cert/d7677b0…SNIP…026d9", "Condition": { "IpAddress": { "aws:SourceIp": "192.168.42.54" } } } ] } Applying Permissions to Thing Management
  19. 19. { "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "iot:Connect" ], "Resource":"*" }, { "Effect":"Allow", "Action":[ "iot:Publish" ], "Resource":[ "arn:aws:iot:us-east-1:123456972007: topic/$aws/things/MyThing/shadow/update"] }, { "Effect":"Allow", "Action":[ "iot:Subscribe", "iot:Receive" ], "Resource":[ "arn:aws:iot:us-east-1:123456972007: topicfilter/$aws/things/MyThing/shadow/*" ] } ] } Allowing/Denying Access to MQTT Topics
  20. 20. Creating certificates & keys
  21. 21. Key & certificate creation with the AWS CLI
  22. 22. Device Provisioning at Scale: How do you get these keys & certificates onto your devices?
  23. 23. Getting keys & certificates onto your devices • Simple at the device prototyping stage • Copy or flash them (& the CA cert) onto your device • More complex in volume manufacturing • Still copying or flashing keys & certs, but the numbers increase • Use AWS SDKs/CLI to automate key & certificate creation. Provide keys & certificates to your device manufacturing partners
  24. 24. Register on first use
  25. 25. https://aws.amazon.com/blogs/iot/just-in-time-registration-of-device-certificates-on-aws-iot/ Just-in-Time Registration of Device Certificates Register your CA Cert with AWS IoT Sign device certs with your CA cert $aws/events/certificates/ registered/<caCertificateID> { "certificateId": "<certificateID>", "caCertificateId": "<caCertificateId>", "timestamp": "<timestamp>", "certificateStatus": "PENDING_ACTIVATION", "awsAccountId": “<awsAccountId>", } AWS IoT MQTT Endpoint New certificate state set to PENDING_ACTIVATION AWS IoT Rule invokes AWS Lambda function AWS Lambda function activates certificate & attaches policy New certificate state set to ACTIVE
  26. 26. Support for edge computing capabilities
  27. 27. Round-trip latency Intermittent connectivity Expensive bandwidth Programming and updating embedded software needs specialized skills Limited to what is on the device unless you rewrite or program the device Challenges Of Devices Living On The Edge
  28. 28. AWS Greengrass Embed Lambda Compute (& Other AWS Services) in Connected Devices Preview Available Now Use The Same AWS Programming Model In Devices And The Cloud
  29. 29. Danny Lousberg, VP Product Management Tuesday, May 23, 2017 Smarter Gateways with Edge Compute Technicolor Connected Home
  30. 30. Technicolor’s key role in all phases of content CREATION DISTRIBUTION CONSUMPTIONè è #1 IN HOME GATEWAYS #2 IN SETTOP BOXES 500M DEVICES SHIPPED 250 OPERATORS GLOBALLY 80% CE VENDORS USE OUR IP 40K PATENTS#1 IN PRE & POST PRODUCTION 70% OF HOLLYWOOD BLOCKBUSTERS 150K VFX SHOT ANNUALLY
  31. 31. New Products and Services with Greengrass 10Gb Broadband GW Extraordinarily powerful – Best Wi-Fi Carrier-grade – Full service platform Tri-band Wi-Fi Extender Whole home coverage – Cool design Intelligent diagnostics and roaming Personal Assistant Voice-activated user experience App – Helpdesk optimization
  32. 32. Greengrass Benefits PROBLEM SOLUTION BENEFITSè è LAMBDAS and CONTAINERS TTM, TCO, SecurityMONOLITHIC FIRMWARE EDGE COMPUTECLOUD HOSTING COSTS Cost, Privacy CLOUD DEVELOPMENT MODELEMBEDDED SW SKILLS Dev Community FLEXIBILITY to DECIDE WHEN, WHERE and HOW to DEPLOY SERVICESè
  33. 33. Wi-Fi Extender Wi-Fi Extender GatewayAccess Network Core Network ISP Services Edge Compute in a Service Provider Environment Public Internet λ SERVICE PROVIDER SUBSCRIBER HOMEINTERNET 3rd Party Device Sensor Switch Alarm TCH Services λ 3rd Party Services λ λ λ λ
  34. 34. NAT GW RDS VPN GW ECS Bastion EC2 AZ-0 Public Private Lambda Diagnostics NAT GW RDS VPN GW ECS Bastion EC2 AZ-1 Public Private Lambda Diagnostics Router Internet GW VPN GW VPN GW Lambda RDS Ingest AWS GG Group Detailed Architecture and Use Cases EDGECLOUD Tri-band Wi-Fi Extender HW S3 Dynamo DB Dashboard Dashboard Alexa Skill Homeware SW GG Lambda GG Core Diagnostics Guest NW Unboxing 10Gb Broadband Gateway HW Alexa Client Homeware SW Alexa Client GG Aware Device GG Aware Device Alexa IoT
  35. 35. Conclusions Clear Benefits ► Greengrass enables faster TTM, reduced TCO and increased FLEXIBILITY & PRIVACY to the benefit of Technicolor, service providers and consumers Opportunities ► By building bridges between CLOUD and EDGE, we are creating opportunities for INNOVATION and improved consumer EXPERIENCES in the home New Products ► A leader in the connected home, TECHNICOLOR is excited to introduce Greengrass, starting with these new PRODUCTS and SERVICES
  36. 36. Thank you Questions?

×