June 7th, 2013

IoT Tech Talk Follow-Up

Written by
 

IoT Tech Talk Follow UpLast week, I had the opportunity to answer questions about the Internet of Things (IoT) when I took part in Layer 7’s monthly API Tech Talk. We had a tremendous response, with lots of questions and a very active online discussion. You can find a replay of the Tech Talk here. I’d like to take this opportunity to answer a few of the questions we received during the webcast but didn’t have time to answer on the day.

How does Layer 7 help me manage a range of devices across IoT?
IoT is an opportunity for CA and Layer 7 to bring together identity, access and API Management.  To paraphrase a comment on a recent Gigaom article: Everything with an identity will have an API and everything with an API will have an identity.

With so many “things” potentially accessing APIs, what are some strategies for securing these APIs across such a breadth of consumers?
Identify, authenticate and authorize using standards. API for IoT means managing identity for many devices at Internet scale.

How will API discoverability work with the vast number of things, especially if we see REST as the primary communication style?
I reached out to my colleague Ronnie Mitra for this answer. Ronnie pointed out that, in the past, standards like UDDI and WSRR promised to provide service registries but that didn’t really work out. Nowadays, we see lots of independent human-oriented API registries and marketplaces that might have more chance of surviving. There are even some runtime discovery solutions like Google’s discovery interface for APIs and the use of HTTP OPTION to learn about APIs. At the moment, lots of people are trying lots of things, unsure of where it will all end up. It would be interesting to dive deeper into why we need discoverability to power IoT and when that discoverability has to take place.

How can API security get easier when API demand grows exponentially? There’s a big disconnect.
It doesn’t get easier. Transport-level security is reasonably well understood but endpoint identity and trust will be challenging.

Where will the intelligence be in IoT? Will there be some form of on-site intelligence, so that core functionality continues even if the connection is lost? Or will all intelligence be cloud-based?
It depends on whether you design for centralized “hub and spoke” or decentralized “domains of concern”. The former is responsible for correlating data and events within the domain whereas the latter is responsible for communicating with other domains (I owe this concept to Michael Holdmann’s blog). “Domains of concern” design communicates with different domains for different purposes –  in an apartment for home automation, in an apartment building for HVAC, in a city block for energy generation/consumption, in a city for utility grid etc. Emergencies or out-of-bound signals are handled like exceptions and are bubbling up through the domains until intercepted. But most things will serve an inherent purpose and that purpose will not be affected by the absence of any connectivity. There will be intelligence within the core of each domain as well as at the edges/intersections with other domains.

What is the best way to overcome fear of exposing data via APIs in an enterprise?
You need to identify a business opportunity. Unless you know what business impact you are trying to archive and how you will measure it, you should not do it.

Does IoT require a strong network or big data or both?
Not a strong network but ubiquitous connectivity. Not big data but sharing/correlating data horizontally between distinct vertical silos.

What significance (benefits/drawbacks) do the various REST levels have with respect to the Internet of Things (connecting, monetizing etc.)?
I had never heard of levels of REST and had to look it up. Turns out the levels are: resources, verbs and hypermedia. Hypermedia would allow you to embed long-lived clients, which could adapt to changes in API design. But it is actually the data or service behind the API which is monetizable, not the API itself. The API is just the means to an end.

How will IoT evolve? And more importantly how can enterprises solve the security and privacy issues that will arise as IoT evolves?
Culturally, the European regulators will try to put privacy regulations in place sooner rather than later whereas the North Amercian market will initially remain largely unregulated until some abuse prompts the regulator to step in. In Germany, the federal regulator tries to stay ahead of the market and recently published a security profile for smart meters. Personally I would look at designing M2M and IoT applications assuming that endpoint data is inherently unreliable and that I can not necessarily trust the source. But that is very broad guidance and may or may not be applicable to a specific use case.

As we create API frameworks that interact with sensors and control objects in the IoT what/who are the best organizations to follow to learn about new protocols that we should be preparing to handle, such as CoAP etc?
Here are some suggestions:

How close are we to having a unified platform for IoT application developers and who is likely to be the winner among the competing platforms?
Chances are there won’t be a winner at all. You have companies like Axeda, Exosite, Gemalto, Digi, Paraimpu, BugLabs, ThingWorx, SensiNode, deviceWISE and more. You have industry working groups like Eclipse M2M and various research efforts like SPITFIRE project, Fraunhofer FOKUS, DFuse and many others. The Eclipse M2M framework is probably a good choice to start with.

Even assuming ubiquitous and common networking (e.g. IPv6 on the public Internet) – how will the IoT identify peers, hierarchy and relationships?  
I think there is a huge opportunity for identity companies like CA to figure this out. Take a look at EVRYTHNG as one of the few startups in that space. Meanwhile, the folks over at Paraimpu are trying to tackle this challenge by combining aspects of a social network with IoT.

May 27th, 2013

The Nuts & Bolts of the Internet of Things

Written by
Category IoT, M2M, Tech Talks
 

The Nuts and Bolts of IoTA few days ago, I talked with Brian Proffitt of ReadWrite about the Internet of Things (IoT) and I’d like to take this opportunity to share some of his questions.

One of Brian’s first questions was about the difference between M2M and IoT. The best answer I could give him was actually one I had found through an M2M group on LinkedIn: “I see M2M platforms as mainly enabling vertical integration, as they have historically, of a single capability; where I see IoT as more about horizontal integration of multiple capabilities and resources into a larger system. M2M is about communication, IoT is about integration and interoperability.”

So, whereas M2M feeds data into existing vertical silos, IoT is layered on top horizontally, correlating and integrating data from different silos. A good illustration of this vertical–versus-horizontal distinction was provided in a recent More with Mobile article. The realization that the commercial potential of IoT first and foremost requires a new model of data sharing inspired us to create the Layer 7 Data Lens Solution.

Another question that Brian posed was about the protocols and standards underpinning the M2M/IoT ecosystem. Here is my short list of key protocols (in no particular order):

I’d certainly be interested to hear if you had any additions to the list. You’ll find background information about IoT protocols on Telit’s M2M blog and Michael Holdman’s blog. Also, Michael Koster published a very interesting blog post about adding event-driven processing to REST APIs, trying to bridge the necessity of supporting event-driven patterns in IoT within a RESTful API approach.

I’ll be discussing IoT in more detail myself when I take part in Layer 7’s latest API Tech Talk, on Wednesday May 29 at 12pm EDT/9am PDT. If I answer your IoT-related question live during the Tech Talk, Layer 7 will send you a free T-shirt. See you on Wednesday!

May 23rd, 2013

Join Our Live Internet of Things (IoT) Discussion – Win a T-Shirt

Written by
Category Events, IoT, M2M, Tech Talks
 

IoT-ShirtWe’ll be discussing the Internet of Things (IoT) during our latest API Tech Talk next Wednesday, May 29 at 9am PDT. Our special guest – Layer 7 Product Architect and IoT expert Holger Reinhardt – will be taking your questions live throughout the stream. And we’ll be sending every single person who gets an IoT-related question answered by Holger one of our nifty new IoT-shirts, for free! You can ask questions through the Livestream chat, using the Twitter hashtag #layer7live or by emailing techtalk@layer7.com.

The Internet of Things is a simple concept: objects being connected to the Internet. What’s not so simple is managing the enormous, almost sublime amount of data these connected “things” (vehicles, appliances…) generate. There’s also the question of how you give people within your organization secure-but-seamless access to specific subsets of data they can actually make use of.  Well, our man Holger knows how it’s done, so start getting your questions together and join our live Q&A on May 29.

Click here to get the full event details and a reminder in your calendar. On the day of the event, join us at:

And don’t forget, you can ask questions throughout the stream by chatting or tweeting. Alternatively, you can email your questions in advance and Holger will give you an in-depth answer on the day. IoT is a pretty hot topic right now, so this is bound to be a lively discussion. See you next Wednesday!

April 4th, 2013

Focusing on the Byte-Sized Tree: The IoT Conundrum

Written by
 

Data Lens for IoTYesterday, we introduced the concept of a Data Lens for aggregating and sharing data. Today, I want to talk about why this concept matters to organizations concerned with the Internet of Things (IoT).

Simply put: “things” generate petabytes of data. Putting sensors on everything, as both Cisco and GE propose, creates a data nightmare. Hadoop has made analyzing big volumes of data much easier but what happens when you want to share a small sliver of that information with a customer or partner? After all, the purpose of “Big Data” collection is not altruism – it’s about monetization. In many situations, this will only be possible if data can be shared easily.

A Data Lens gives IoT data owners – such as manufactures or telco carriers – an easy and secure way to share a focused and billable data set with their customers and partners. Anything outside of the scope of a Data Lens cannot be accessed, whereas anything inside the lens is  “in focus”. The data in focus can be raw or aggregated. There can be any number of Data Lenses on a data set. They can be used internally or shared securely with external partners and customers. Data access through individual Data Lenses can be governed by service level agreements and – through metering – monetized.

For manufacturers and network operators looking at ways to share focused data slices from their Big Data, a Data Lens solves a big problem. By leveraging the Layer 7 API Gateway’s unique ability to focus on small data sets inside larger ones and to present these data sets as secure APIs, customized to specific customers or partners, it’s possible for IoT operators to drive new revenue from their Big Data.

April 2nd, 2013

Mobile World Congress One Month On

Written by
 

IoT CompaniesIt’s has been over a month since the Mobile World Congress (MWC) in Barcelona and it seems like a good time to review what I learned there. First, I was amazed by the prominence of mobile accessory vendors: from tablet bags to smart phone covers. Second, while IoT and M2M were mentioned, they were relegated to a narrow strip in the back of Hall 2. Taking both of these facts together, it appears that the mobile accessory business is for real and IoT is all hype.

So, are all these news stories about trillion-dollar business opportunities in IoT just stories? Most likely the truth is that no one has yet figured out how to make money with IoT but everyone wants to make sure that they are at least seen to have a plan – just in case it does take off. As if to prove this point, ZDnet made a very different assessment of M2M at MWC. I went into more detail on these issues during my recent interview with DeviceLine Radio.

Personally, I firmly believe in the disruptive potential for IoT. It will be disruptive because it will break down the separation between manufacturing industry on one side and IT industry on the other. Manufacturing companies like GE, Bosch and Siemens will increasingly see IT – and Big Data in particular – as a core competency they will need to master in order to sustain a competitive advantage. Simply outsourcing to IT companies will no longer suffice.

We can clearly see this developing as, for example, Bosch is readying its Internet Application Platform and GE is aggressively building out its Silicon Valley presence. At the same time IT companies are trying to position themselves as natural partners for manufactures or as integrators of smart things. Credit has to go to IBM, which has been pushing this trend as part of its Smarter Planet campaign, way ahead of other players.

Meanwhile, telecom carriers are also struggling to decide what IoT will mean for them. It’s easy to see how telecom’s core business can be seen as just a set of “dumb” data pipes. The challenge for this sector will be figuring out how to leverage its considerable assets, like cellular networks, global roaming and integrated billing, to create M2M business platforms. I think that Big Data analytics on the data piped through their network will have to be part of it.