物聯網平臺架構

物聯網平臺架構

Application Layer 應用層

• App development tools : IDEs, SDKs, and GUIs development software to shorten the lead time for creating the service interfaces

• Service access app : The end-user access point for the service; it usually consists of a service portal or an app

• Administration portals :

  • Enterprise portal enabling customers to access the assets of the service, e.g. managing the sensors in an IoT-connected building

  • Service provider portal to allow the owner of the service to add/delete customers, and so on

• Marketplace : An online store where the enterprises can manage, market, and sell services and assets
  
  

Plat form Layer平臺層

    Public/Private Cloud
    Government Regulation
    Quality of Service
    Data Management Costs
    Security and Access Management
    User Protection
    API Protection
    Device Protection
    Data Protection
    API Management
    Enterprise Integration
    Analytics and Machine Learning
    Device Management
    Provisioning
    Remote Device Management
    Data Management
    Connectivity Management Services
    Monetization and Billing

Communication Layer 通信層

Short range
Cellular蜂窩
Bluetooth
ZigBee

是一種低速短距離傳輸的無線網上協議，底層是採用IEEE 802.15.4標準規範的媒體訪問層與物理層。主要特點有低速、低耗電、低成本、支持大量網上節點、支持多種網上拓撲、低複雜度、快速、可靠、安全。
Thread

是一種基於IPv6的、低功耗網狀網絡技術，主要是爲物聯網設備提供安全、無縫通訊。最初設計Thread是爲了針對智能家居和樓宇自動化應用，如電器管理、溫度控制、能源使用、照明、安全等，現其範圍已擴展至更普遍的物聯網應用當中去了。因爲Thread使用了6LoWPAN技術，並基於IEEE 802.15.4網狀網絡協議，所以Thread也是IP可尋址的，其不只能爲低成本、電池供電的設備之間提供有效通訊，也支持雲和AES加密。

Wi-Fi

Long-Range Cellular 2G, 3G, LTE (4G), 5G

IoT/M2M Alliances

Low Power Wide Area
NB-IoT

窄帶物聯網（Narrow Band Internet of Things, NB-IoT）成爲萬物互聯網絡的一個重要分支。NB-IoT構建於蜂窩網絡，只消耗大約180KHz的帶寬，可直接部署於GSM網絡、UMTS網絡或LTE網絡，以下降部署成本、實現平滑升級。 NB-IoT是IoT領域一個新興的技術，支持低功耗設備在廣域網的蜂窩數據鏈接，也被叫做低功耗廣域網(LPWAN)。NB-IoT支持待機時間長、對網絡鏈接要求較高設備的高效鏈接。聽說NB-IoT設備電池壽命能夠提升至少10年，同時還能提供很是全面的室內蜂窩數據鏈接覆蓋。
Sigfox

Sigfox興起於法國的Sigfox公司以超窄帶(UNB，Ultra Narrow Band)技術建設物聯網設備專用的無線網絡。Sigfox公司目標成爲全球物聯網運營商，經過自建及與運營商等各方合做式部署網絡，向客戶提供物體聯網、API接口、雲計算Web服務，客戶可經過每臺設備每一年約1美圓打包價購買服務。Sigfox相對封閉，生態系統構建相對緩慢。Sigfox向芯片製造商免費提供技術，鼓勵芯片廠家在其產品中集成Sigfox技術。TI、Intel、Atmel、SiliconLab等公司均生產支持Sigfox技術的各類芯片。Sigfox網絡已覆蓋法國、西班牙全全境，美國、荷蘭和英國部分城市。
LoRa

LoRa是由Semtech公司研發的低功耗廣域 網無線通訊技術，LoRa聯盟成立於2015年3月，目前擁有超過290多家成員。包括運營商、系統、軟件、芯片、模組、雲服務、應用廠商，構成完整的生態系統。LoRa產業鏈成熟比NB-IoT早，針對物聯網快速發展的業務需求和技術空窗期，部分運營商選擇部署LoRa，做爲蜂窩物聯網的補充，如Orange, SKT, KPN, Swisscom等。

通信協議比較

Device Layer設備層

Sensors

• Customizations should be kept to a minimum, and backward compatibility should always be maintained.

• Do sensors require data storage capabilities in case of communications issues?

• Are remote updates available to enable additional services to be deployed within the cost limitations of the business plan?

Gateways

   鏈接感知網絡與傳統通訊網絡的紐帶。做爲網關設備，物聯網網關能夠實現感知網絡與通訊網絡，以及不一樣類型感知網絡之間的協議轉換．既能夠實現廣域互聯．也能夠實現局域互聯。此外物聯網網關還須要具有設備管理功能，運營商經過物聯網網關設備能夠管理底層的各感知節點，瞭解各節點的相關信息，並實現遠程控制。

Communication Capabilities

Capacity

• Number of sensors that can be deployed per gateway

• Data per message and the number of messages per second/minute/day/week

• Communication capabilities, what protocols it can handle

Storage Capabilities

Single Processor Devices

Device Longevity

Industry 4.0

Life Cycle Management

技術業務決策

Software as a Service

分佈式設計

• Communication: Is there a QoS between the nodes that needs to be guaranteed?

• Security: What security is provided for each node and how is the communication between each secured?

• Maintenance: Life cycle management and fault handling complexity usually increases in distributed solutions.

Security安全架構

Access and identity management covers all aspects of identity and access to IoT services including the following:

• User access controls authorized users and levels of access to service components.

• Login and password security measures should be implemented to restrict access.

• 3PP session security measures for external IT systems accessing data or services should include monitoring.

Key and certificate management provides a means to implement and manage keys and certificates that are important security mechanisms.

Identity management and protection of stored data and while it is being transmitted is often overlooked and should be considered for all services.

Middleware security

• Data protection manages the security of the life cycle management of personal and secure data. It covers confidentiality, integrity, and availability of data at rest, in transfer, and used by the service.

• Device management allows operations to detect and take actions regarding fraudulent/stolen devices or devices that are performing unapproved actions

• API security is usually implemented via encryption and authentication

Physical security relates to the hardware, including infrastructure and devices.

• Infrastructure protection covers the characteristics that are used to secure the platform both within the data center and at the data center itself. In general, data centers are ISO270001 compliant as a minimum, but there are other standards that may be considered, such as SSAE 16, SOC1, and SOC2.

• Access to the infrastructure in the data center should be monitored and checked to ensure it is adequate, especially if it is a hosted environment with other companies.

• Network protection looks at network-level isolation between different internal and external network segments. Server nodes and devices should be hardened to the comply with the service requirements.

• Virtualization security is required if software is implemented on a virtual machine in a cloud. It relates to hardening the virtualization platform and protecting the logical and virtual network structures by network level isolation.

• E2E security can be achieved by using generic bootstrap architecture (GBA). GBA aims at providing shared keying material between the service user and the device/sensor/gateway so that they can communicate securely.

Data Protection數據保護

• Analytics data

• Application-specific data stored or hosted on the platform

• Business process logic

• Charging and billing records including all billing metadata

• Customer relationship data

• Subscription data linked to the different users of the platform

• Transaction and payload data

---

今天先到這兒，但願對您技術領導力， 企業管理，物聯網,  系統架構設計與評估，團隊管理, 項目管理, 產品管理,團隊建設 有參考做用 , 您可能感興趣的文章:
2017-2018年Scrum狀態調查報告
2016年測試狀態調查
2017年IT行業測試調查報告
項目管理－習慣發生範圍變動
前端性能覈對表Checklist-2018
大型電商互聯網性能優化案例
國際化環境下系統架構演化
微服務架構設計
視頻直播平臺的系統架構演化
微服務與Docker介紹
Docker與CI持續集成/CD
互聯網電商購物車架構演變案例
互聯網業務場景下消息隊列架構
互聯網高效研發團隊管理演進之一
消息系統架構設計演進
互聯網電商搜索架構演化之一
企業信息化與軟件工程的迷思
企業項目化管理介紹
軟件項目成功之要素
人際溝通風格介紹一
精益IT組織與分享式領導
學習型組織與企業
企業創新文化與等級觀念
組織目標與我的目標
初創公司人才招聘與管理
人才公司環境與企業文化
企業文化、團隊文化與知識共享
高效能的團隊建設
項目管理溝通計劃
構建高效的研發與自動化運維
某大型電商雲平臺實踐
互聯網數據庫架構設計思路
IT基礎架構規劃方案一(網絡系統規劃)
餐飲行業解決方案之客戶分析流程
餐飲行業解決方案之採購戰略制定與實施流程
餐飲行業解決方案之業務設計流程
供應鏈需求調研CheckList
企業應用之性能實時度量系統演變

若有想了解更多軟件設計與架構, 系統IT,企業信息化, 團隊管理 資訊，請關注個人微信訂閱號：

做者：Petter Liu
出處：http://www.cnblogs.com/wintersun/ 本文版權歸做者和博客園共有，歡迎轉載，但未經做者贊成必須保留此段聲明，且在文章頁面明顯位置給出原文鏈接，不然保留追究法律責任的權利。 該文章也同時發佈在個人獨立博客中-Petter Liu Blog。