The hottest seven best architects practice day to

2022-08-16
  • Detail

Qiniu architect practice day: building highly available and scalable IOT cloud services

ctiforum news on November 6 (Li Wenjie): at the IOT and intelligent hardware architecture technology Salon Hosted by qiniu cloud on architect practice day (Shenzhen station), sun Zhidong, a technical partner from ablecloud, shared a topic entitled "building highly available and scalable IOT cloud services". The following is a summary of his speech

iot's problems -- opportunities and challenges

iot era has come, which is clear to everyone. There are both challenges and opportunities. The opportunity is that users have higher and higher awareness of products. In addition, industries and products need to be upgraded, including the introduction of Internet thinking,

how to operate my products and my customers, how to guide the development direction and marketing direction of subsequent products, and so on. The east wind of Internet + has arrived, but we will have some fear in the face of such an east wind and such a completely unknown thing. Where is the fear? It is full of challenges. From the traditional point of view, first of all, their time cycle is not that long, because now is an era that pursues speed most. If your product iteration speed can't keep up, there may be no opportunity in the market, and this is an era of rapid change, there is no way. Second, our manufacturers lack relevant teams for Internet development, and may not have so much experience and deep understanding of architecture. In addition, what will you do after the device is intelligent? From the perspective of users, it provides them with a richer experience. Secondly, for manufacturers, it has more connections with users through devices. In addition to the direct user behavior data, the operation of the device itself can also be obtained. According to how these data operate and how to play more value, this is an issue that must be considered for the long-term development of subsequent intelligent hardware, which is a challenge for manufacturers

there are also challenges for an entrepreneurial team. The entrepreneurial team has the conventional methodology of interconnected thinking and product iteration, and the development team may also have it, but it may not know much about the whole hardware supply chain and tradition, so it needs a combination. This combination is that the hardware team gives full play to its expertise, can choose a more suitable cloud platform or have an ideal overall architecture of the cloud, so as to avoid some detours. With the development of Internet, you will see that both Taobao and other bat companies will iterate step by step, and the detours they have taken are basically the same or similar. Does our era of IOT also repeat that mistake? Is it necessary to walk the pit they have walked through step by step again? Everyone knows the answer

aws' IOT infrastructure

before we officially start, let's take a look at AWS' IOT infrastructure. The yellow box in the middle is the basic services of IOT, and the SDK provided on the device is the outermost one, and then help the device connect. On the far right can be external applications or app applications, followed by customized services. The middle seems to be the security authentication of devices and the management of device links. It provides a path and a link to help you link devices. There is nothing else. This is the basic idea of IOT

qiniu has further reduced fuel consumption and exhaust emissions architects' practice day

iot's technical challenges

based on more than a year of exploration from our customers or partners, including our own understanding of the entire industry, we believe that the technical challenges in IOT are not just a problem of links, links are just a small piece of them, and security issues are the most concerned by everyone. If you don't pay attention now, you will pay attention one day, so I think it's better to pay attention in advance. How to prevent the device from being forged, how to prevent the device from being stolen by others and controlled by someone I don't have authorization, and how to prevent these devices from launching an impact on the cloud and causing the device to fail to operate, these are issues that the system must consider, not just to do a device authentication, but throughout the entire technical system. The long link management of the equipment should consider whether the equipment can be manufactured or purchased at the same time, whether the legitimate and trusted equipment can enter the service, whether the user has control authority over the equipment, and whether the user data, user password and account system are perfect. These are throughout the whole system. For example, how to manage the account system and OTA, including the binding relationship, who has what role and what authority need to be strictly defined. Another part is how to store data. IOT data is completely different from Internet. We will talk about it later

in addition to standardization and generalization, we also need to provide a completely different product. Its core lies not in the account system or the binding relationship, but in the content it provides, that is, how to realize the non standardized parts, and where the intelligence of intelligent hardware cloud is. This is a question that all of us who make products should think more deeply. About app accounts and push, for example, I went to Taobao and Tencent not because of the difference between accounts, but because of the difference between content and customization. When we really operate and manage these custom build services, it involves professional issues, such as how to structure and design these services, how to divide the direct boundaries of each module, and how to manage the relationship between them. If IOT develops into an Internet on such a large scale, how to operate? The biggest problems in the Internet are operation and version dependence. Is there any idea that can help us make some plans in advance, so that when you encounter these problems, you can learn from these advanced technologies to solve these problems, and at least provide some thinking and help

the last part is data analysis. Let's look at a complete architecture, basically like this. The bottom is the IAAs layer, and the top is the PAAS layer. For example, accounts and other things do not need to do too much in-depth research on products. More importantly, it is in the SaaS layer, how to develop, how to quickly iterate products, and how to iterate the intelligent logical part of the cloud. In addition, it is the top layer, which is my access layer, including two parts: device access and app access, as well as external console. Secondly, considering that the future interconnection architecture must be interworking between clouds, what we want to build is open. Based on Google's vision of the cloud, it believes that all devices are services for people. It is not a device, but a service. Based on this assumption, first of all, the cloud is open, and my device is open. Now we do a lot of hardware, such as jd.com, Gome and Suning. My channel needs to connect with his cloud, otherwise they may not be allowed to distribute goods in their channel

to make a simple summary, the architecture layering is mainly like this. The first is the access layer of access. In this part, we should consider the security authentication of the device. In the second part, we should consider the load of the device access. We should consider the service load, delay and throughput. The third aspect is streaming processing. The device has two channels. The control flow is real-time and bidirectional, and the data flow is mainly streaming. One is that it consumes a lot of resources, and the other is that the delay requirement is not so strong. It may require me to respond within 100 milliseconds, but the user's requirement is not so strong, and the 1 or 2 second delay is acceptable

in addition to the cloud, there is also an app, which is the general service layer, which helps manage account binding and message push. The second is the real core part, that is, the core part of the whole cloud architecture, how to develop, operate and maintain cloud logic and cloud intelligence

main problems to deal with

next, I will make a more detailed summary of the challenges and problems mentioned just now. Each problem will be expanded a little, and we will put forward some common methods that we can use for reference

1. Multiple security guarantees

security guarantees. When my device is connected to the cloud, the cloud should verify the device. First of all, the device should also verify the cloud, because DNS hijacking has not occurred. If hijacked, your content will flow to other people's devices. The idea based on this is to do RSA asymmetric encryption. There are many kinds of data encryption, because the network is not reliable, we need to do some authentication. Unreliable network includes several levels. One is that the network may be attacked by others, and other people's requests may be sent. Although I don't know my agreement, the data may be sent. Therefore, we should prepare for anti attack at all levels and verify whether our data is legal. Another is the binding of devices. For example, the simplest way is that users can bind when they know an ID. this way is definitely unsafe. For example, I can change your device ID casually, so I need to consider the mechanism of binding code. One is the device. After being activated by the cloud, the cloud gives it a dynamic binding code. When the app is bound, it gets the binding code through local communication. If this person does not have complete control over the device and cannot get the binding code, the binding is time-consuming. There is also a P code for the device. You need to know how the device and the P code are managed one by one to prevent being tied by mistake. Generally, the device is not owned by one person, but can be shared by all members of the family, so there must be a sharing mechanism, and the binding code should be time-honored when sharing

in terms of authenticating access requests, the first is to authenticate all access requests, ensure that all users are trusted in the access layer, and verify whether users have access control permissions. Secondly, ensure that these data, including account numbers, account numbers and passwords, cannot be disclosed. If they are stored in plaintext, one is to lose the user's other system security, and the other is to fake the user's impact on all your devices

2. Distributed long connection management

in terms of long connection management, this topic is not a problem required by all intelligent hardware. Long connection management is required only when the device needs to be reverse controlled. If there is no user control or dynamic control process, it may not be necessary. Only the device can connect. When it needs to upload data, establishing a connection with the cloud does not need long-term combo. In most cases, Both smart home and others need long-term connection management. At present, the IP address of your device is not fixed under the condition of interconnection. Because there are multi-layer routes and firewalls, one way is to maintain a long connection with the cloud through the device. You can not only upload data, but also find the device from the cloud and issue some controls to the device. The problem to be considered here is scalability. When I have 100000 units, I may write a program casually, and the maintenance of long connections is not so difficult. But I maintain it all year round, and many devices don't break down after one or two years of use, so I have to consider long-term development,

Copyright © 2011 JIN SHI