About the IoT Cloud Platform
So, whether it’s the SaaS or iPaaS solution, what are the main features that appear when unwrapping the Beacon Tower solution? Let’s go through this, looking at the aspects of functionalities, architectural capabilities and internal micro-service structure.
Let’s open the hood
Asset Structure & Hierarchy
With Assets you can create an accurate presentation of your world. Assets can represent one or multiple physical devices or be put in hierarchies to model your complex products or geographical systems. This allows you to model what is really important to your or your customer’s business.
A core component in any IoT platform is the device manager. In Beacon Tower we use a state-of-the-art scalable device manager that can manage any number of devices. It supports updating firmware or properties on single devices, batches or all devices of a certain type, depending on your needs. It can also provide a full overview of what devices are working properly and which devices have lost connection or are behaving irregularly.
Visualisation of telemetry in graphs allows you to see trends, compare signals and understand your assets. You can customise a dashboard for each type of asset and for each node in the node hierarchy to ensure that the right information is always available.
Virtual signals allow you to create new signals by applying algorithms (e.g., average or max) to existing signals, or by combining multiple signals into a new one. The virtual signal is then sent the same route as all other signals, meaning both it and the source signal will be stored as telemetry and you can apply rules and alarms to it.
Through Beacon Tower’s flexible access control, you can not only model your own organisation, but also your customers. You can allow them directly into the system and define exactly what assets they can see and what they can do. Access can be set either to single devices or groups with a granularity to only read data or control physical devices.
Make use of a wide range of tools to meet the analytics needs of your IoT data. Use algorithms to modify data, visualise and compare it in graphs or user rules to automatically react when certain conditions are met. You can either make use of Beacon Tower’s own tools or stream data to your data lake to allow for analytics on all your enterprise data.
Two way communication
Secure two way communication with flexible set-up. Beacon Tower is prepared for cloud-to-cloud, device cloud-to-cloud, edge-to-cloud and device-to-cloud bidirectional communication. Set up individual identities and credentials for each of your connected devices to help retain the confidentiality of types of communication. Selectively revoke access rights for specific devices as needed. Beacon Tower supports MQTT, AMQP and HTTPS protocols.
Rules & Alarms
Create rules that are applied directly on streaming real-time data. The rules can either be simple thresholds that triggers alarms when sensor values go outside them, or complex rules based on multiple different sensor values and algorithms.
The rules can either start actions or trigger alarms. The alarms can be of varying severity to notify different groups of users.
Beacon Tower has a flexible hierarchical access system that allow you, your customers and their customers into Beacon Tower. You can decide what level of autonomy your customers should have, i.e. if they manage their own data, devices or users.
Real Time Telemetry
The Real Time Telemetry processing is the core of Beacon Tower’s signal processing. It allows you to create rules that triggers alarms or actions within milliseconds from receiving the signal.
Beacon Tower is built to be cost-effective for both your first couple of devices up to tens of thousands. This gives you a platform where you can both perform initial pilot tests and continue for your long-term future roll-out.
Beacon Tower scales across your organisation, managing any type of data from any type of IoT devices. This can make it your one and only data-collection platform.
Nested White Labelling
Beacon Tower can be white labelled not only for our customers, but also for your customers in multiple layers. This allows you to provide Beacon Tower as your platform to your customers.
Beacon Tower has built in support for IoT Edge devices. This means you can move sensitive and time critical operations to your devices while still keeping the benefits of a cloud-based data collection. You can either incorporate your own edge devices or make use of the Beacon Tower embedded edge software.
Beacon Tower security enables secure access for devices, APIs and customers. Beacon Tower builds upon Azure security, with multi-factor Authentication services that have zero-trust relationship and with secure connections to all devices.
Azure 24/7 security monitoring enhances Beacon Tower as it relies on Azure Cloud managed services.
Beacon Tower Digital Twin is a software representation of a physical asset and location designed to detect, prevent, predict, and optimise physical behaviour.
The Beacon Tower platform is built around secured, self-managed components which enable flexible ways of allowing external services to interact with the platform, as long as they are properly authenticated. This means you can build your own front-end and apps, fully replacing the Beacon Tower GUI for your customers, or that you can integrate Beacon Tower directly into your ERP and production systems.
The iPaaS is designed as a multi-tenancy platform, which means that you can save operating costs when you use Beacon Tower as your IoT platform to your customers.
You decide whether it should run as a single instance or as a multi-tenant platform in your Azure subscription or ours.
AR & Remote Assistance
Beacon Tower is prepared for Connected Field Services, so that Augmented Reality (AR) or Remote Assistance software can connect to streaming data from your devices and to the telemetry storage. The API Integration possibilities also make it possible to integrate to Field Services, CRM, ERP or other enterprise systems.
Beacon Tower collects data from any type of device or data source. Make use of standalone devices or gateways with multiple peripheral devices that can be directly managed by Beacon Tower. You can also integrate network services or device clouds from other providers, making Beacon Tower your central repository for all IoT data. We can help you build integrations to legacy systems where proxy servers or applications are needed to bring the data into Beacon Tower without modifying the legacy systems.
All services in Beacon Tower are implemented in an event-driven fashion with both serverless functions and container-based micro-services running on a managed orchestration platform. Each service is self-contained and possible to update and deploy on its own. Each service is scaled on its own, depending on load. Each service has an ingress queue that ensures that internal processing and external ingress are not directly coupled. The service adds horizontal scaling if the queue reaches its high-water mark, and scales down if the low-water mark is reached.
Devices should be responsible for initiating communication to reduce the risk of tampering attempts due to open ports. The channel setup should use a TLS 1.2 encrypted channel with both a SHA-2 certificate and secret key for authentication and authorization.
IoT Data Security
Cloud Architecture and Storage Security
All data is encrypted at REST and there is unique customer keys to unlock storage. This ensures that data cannot be read and it also prevents users not authorized by Beacon Tower to read any data. This is critical in a multi-tenant solution.
Integration and User Security
Beacon Tower has extensive logging and monitoring built into the core to give the operational personnel precise tools to monitor and to receive alarms on performance KPIs which can indicate performance or security problems. All changes to parameters is logged with timestamp and info about who made the change, both for history and for security audits.
We perform penetration tests periodically.
Devops is the discipline of moving developed software to production and to provision infrastructure in an efficient manner.
Beacon Tower uses Microsoft Azure DevOps pipelines to build all services into containers that are deployed to Azure using CI/CD and Infrastructure as Code.
Site Reliability Engineering
Beacon Tower focuses on Site Reliability Engineering (SRE) which is the work of developing tools and code for monitoring the service and making sure that it reaches its promised KPIs. SRE includes monitoring of metrics, logs and APIs to objectively measure.
The Device Service holds the connectivity of the devices and is the first buffer of the messages received. All messages received are stored as raw messages with a predefined TTL (Time-To-Live) to make sure that the processing pipeline can be rerun if something should break.
Telemetry messages are sent to the Telemetry Service Ingress queue.
The Telemetry processor fetches messages from the ingress queue and splits the messages to telemetry signal units and the Device Telemetry signal is converted to Asset Telemetry Signals.
Asset is the logical representation of one or more devices/machines/sensors and is the actual object that is shown.
Asset furthermore keeps a hierarchy of all objects and their relations in a database.
Event Service handles rule interpretation and if a rule matches it creates an event. Rules can be connected to Asset Types, Devices and Assets also. This makes it possible to create rules that are run for all actual Assets/Devices of a certain Type but also can run its own rule for the same Telemetry Signal (or other Signals).
Notifications are the result of a matched rule. Notifications are shown as alarms and can trigger mail, sms or other notifications.
We use the Carbon System Design framework that is one of the most known and well supported React front-ends. This makes it easy for us and in the end also for you if you wish to extend some of your solutions’ front-ends. Should you wish, you can even change the entire front-end as we use our data APIs in the front-end.
Beacon Tower uses Azure AD to authenticate the user. The front-end uses AAD to get an O-auth token that is used when the front-end calls the backend APIs.