October 28, 2022 Off By Nick

Amazon Web Services Announces AWS IoT Edge Edge’s General Access. The IoT Edge feature of AWS IoT siteWise managed services, which was revealed in preview last December is now generally available. IoT SiteWise automates collecting and organizing industrial equipment data using software running on a local gateway. The gateway connects to the facility’s on-premises servers and collects, processes, and sends the data over to AWS. It can be used for modeling physical assets and processes as well as to calculate common industrial performance metrics. IoT SiteWise Edge allows users to collect and process equipment data locally for low-latency applications that need to continue working even when the internet is down. The “Edge” feature brings AWS IoT SiteWise’s cloud-based capabilities to users’ homes. In a blog post, Channy Yun, AWS’ principal developer advocate, explained that the new feature makes it simple to collect, process, and monitor equipment data locally, before sending it to AWS Cloud destinations. The software can be installed locally on hardware such as computers and industrial gateways, or on AWS Outposts or AWS Snow Family compute devices. It uses AWS IoT Greengrass as an edge runtime that helps to build, deploy, and manage applications. Yun explained that AWS IoT SiteWise edge allows you to organize and process your equipment data using AWS IoT SiteWise assets models. You can then access the equipment data locally using the same APIs that you use in AWS IoT SiteWise cloud. You can, for example, compute metrics such as Overall Equipment Efficiency (OEE) locally to use in a factory-floor monitoring dashboard. Yun cites three uses cases for IoT SiteWise Edge.

Localized testing of products: Multiple sensors embedded in products and testing equipment can generate thousands of data points per second…

October 28, 2022 Off By Nick

AWS IoT Core Enables Device Connection Amazon Web Services Inc. (AWS), announced this week an easier Internet of Things (IoT), device connection that is enabled by new TLS client authentication functionality. This capability gives (IoT device-makers who use AWS IoT Core Amazon’s managed platform, an easier way to avoid communications blockages caused either by corporate firewalls, home routers, or corporate firewalls. According to an Amazon announcement on February 7, you now have more options to connect your devices securely to AWS IoT Core. MQTT (Message Queuing Telemetry Transport), which supports certificate-based client authentication, is now available on port 443. This combination of protocol/auth mechanism was previously only available on port 8883. Port 8883 Port 443? What’s the deal? It could mean the difference between your IoT device using AWS IoT Core actively transmitting information and being locked out in Internet cold. According to AWS, corporate firewalls and home routers block all inbound and outbound traffic except port 443 by default. This port is the standard port for HTTPS traffic (that is, Internet traffic). This is done to reduce the potential attack surface for cyber attacks. This update allows you to deploy IoT devices without any network or firewall changes and still use certificate-based authentication. This is particularly useful for those who need devices to be deployed in environments that do not have IT infrastructure control. Jared Sharfin explains the technical details in a post called MQTT with TLS Client authentication on port 443. This is Jared Sharfin’s official blog. “TCP connections are usually associated with a combination IP address and port number. According to the blog, this raises the issue of which port number you should use to ensure your application can communicate with third-party applications. Problems arise because 8883 was registered port for MQTT Over TLS under the Internet Assigned Numbers Authority’s (IANA) mapping Internet protocols. AWS reports that 8883 is often blocked in IT departments and by designers of consumer routers. Sharfin explained that IoT devices manufactured in environments you don’t control can lead to serious headaches. For example, if your medical devices are sold to hospitals across the country, you don’t want to have to contact each hospital’s IT department individually to open port 883 in their firewall so your devices can connect with your IoT application running on AWS IoT Core. This issue can be solved by a standard extension of the TLS protocol. The blog explains that the solution is through “Application Layer Protocol Negotiation” (ALPN), which is an extension to TLS that is supported by many of most popular TLS implementations. This can be used for solving the problem of port 8883 roadblocks. Sharfin explained that ALPN allows clients to connect to a TLS server to send an additional parameter, known as a ProtocolNameList as part of the ClientHello message during a TLS handshake. “The ProtocolNameList is a preference-ordered list of application protocols that the client wishes to use to communicate. The ServerHello message allows the TLS server to select one protocol from the list to be used for transmitting application data over the connection. This blog explains how this handshake works. It also lists the steps required to use port 443.

Make sure your device’s TLS client implementation supports ALPN extension. To be certain, consult the manual. However, this Wikipedia page…