About the Azure Cloud IoT Platform

So, whether it’s the SaaS or Accelerator solution, what are the main features that appear when unwrapping the Beacon Tower solution? Let’s go through this, looking at the aspects of functionalities, architectural capabilities and internal micro-service structure.

Let’s open the hood

Functionalities

Asset Structure & Hierarchy

With Assets you can create an accurate presentation of your world. Assets can represent one or multiple physical devices or be put in hierarchies to model your complex products or geographical systems. This allows you to model what is really important to your or your customer’s business.

Device Management

A core component in any IoT platform is the device manager. In Beacon Tower we use a state-of-the-art scalable device manager that can manage any number of devices. It supports updating firmware or properties on single devices, batches or all devices of a certain type, depending on your needs. It can also provide a full overview of what devices are working properly and which devices have lost connection or are behaving irregularly.

Visualisation

Visualisation of telemetry in graphs allows you to see trends, compare signals and understand your assets. You can customise a dashboard for each type of asset and for each node in the node hierarchy to ensure that the right information is always available.

Virtual Signals

Virtual signals allow you to create new signals by applying algorithms (e.g., average or max) to existing signals, or by combining multiple signals into a new one. The virtual signal is then sent the same route as all other signals, meaning both it and the source signal will be stored as telemetry and you can apply rules and alarms to it.

Access Control

Through Beacon Tower’s flexible access control, you can not only model your own organisation, but also your customers. You can allow them directly into the system and define exactly what assets they can see and what they can do. Access can be set either to single devices or groups with a granularity to only read data or control physical devices.

Analytics

Make use of a wide range of tools to meet the analytics needs of your IoT data. Use algorithms to modify data, visualise and compare it in graphs or user rules to automatically react when certain conditions are met. You can either make use of Beacon Tower’s own tools or stream data to your data lake to allow for analytics on all your enterprise data.

Business Modelling
Assets can be structured in ‘node hierarchies’, allowing you to model Beacon Tower after your business. Model them by geographical location, customers, asset properties – or all of them – supporting different roles within your organisation.
Two way communication

Secure two way communication with flexible set-up. Beacon Tower is prepared for cloud-to-cloud, device cloud-to-cloud, edge-to-cloud and device-to-cloud bidirectional communication. Set up individual identities and credentials for each of your connected devices to help retain the confidentiality of types of communication. Selectively revoke access rights for specific devices as needed. Beacon Tower supports MQTT, AMQP and HTTPS protocols.

Rules & Alarms

Create rules that are applied directly on streaming real-time data. The rules can either be simple thresholds that triggers alarms when sensor values go outside them, or complex rules based on multiple different sensor values and algorithms.

The rules can either start actions or trigger alarms. The alarms can be of varying severity to notify different groups of users.

Capabilities

Azure IoT Cloud and Edge Platform | Architectural features | Beacon Tower
Nested Customers

Beacon Tower has a flexible hierarchical access system that allow you, your customers and their customers into Beacon Tower. You can decide what level of autonomy your customers should have, i.e. if they manage their own data, devices or users.

Azure IoT Cloud and Edge Platform | Architectural features | Beacon Tower
Real Time Telemetry

The Real Time Telemetry processing is the core of Beacon Tower’s signal processing. It allows you to create rules that triggers alarms or actions within milliseconds from receiving the signal.

Azure IoT Cloud and Edge Platform | Architectural features | Beacon Tower
Scalability

Beacon Tower is built to be cost-effective for both your first couple of devices up to tens of thousands. This gives you a platform where you can both perform initial pilot tests and continue for your long-term future roll-out.

Beacon Tower scales across your organisation, managing any type of data from any type of IoT devices. This can make it your one and only data-collection platform.

Azure IoT Cloud and Edge Platform | Architectural features | Beacon Tower
Nested White Labelling

Beacon Tower can be white labelled not only for our customers, but also for your customers in multiple layers. This allows you to provide Beacon Tower as your platform to your customers.

Azure IoT Cloud and Edge Platform | Architectural features | Beacon Tower
Edge Computing

Beacon Tower has built in support for IoT Edge devices. This means you can move sensitive and time critical operations to your devices while still keeping the benefits of a cloud-based data collection. You can either incorporate your own edge devices or make use of the Beacon Tower embedded edge software.

Azure IoT Cloud and Edge Platform | Architectural features | Beacon Tower
Security

Beacon Tower security enables secure access for devices, APIs and customers. Beacon Tower builds upon Azure security, with multi-factor Authentication services that have zero-trust relationship and with secure connections to all devices.
Azure 24/7 security monitoring enhances Beacon Tower as it relies on Azure Cloud managed services.

Azure IoT Cloud and Edge Platform | Architectural features | Beacon Tower
Digital Twin

Beacon Tower Digital Twin is a software representation of a physical asset and location designed to detect, prevent, predict, and optimise physical behaviour.

Azure IoT Cloud and Edge Platform | Architectural features | Beacon Tower
Machine Learning
Beacon Tower can supply Machine Learning services with either data from the telemetry storage or directly from the real-time telemetry stream for time critical algorithms. Either make use of your own Machine Learning platform or we can help you to set it up with one of our AI/Machine Learning partners.
Azure IoT Cloud and Edge Platform | Architectural features | Beacon Tower
API Integration

The Beacon Tower platform is built around secured, self-managed components which enable flexible ways of allowing external services to interact with the platform, as long as they are properly authenticated. This means you can build your own front-end and apps, fully replacing the Beacon Tower GUI for your customers, or that you can integrate Beacon Tower directly into your ERP and production systems.

Azure IoT Cloud and Edge Platform | Architectural features | Beacon Tower
Multi Tenancy

The Accelerator platform is designed as a multi-tenancy platform, which means that you can save operating costs when you use Beacon Tower as your IoT platform to your customers.
You decide whether it should run as a single instance or as a multi-tenant platform in your Azure subscription or ours.

Azure IoT Cloud and Edge Platform | Architectural features | Beacon Tower
AR & Remote Assistance

Beacon Tower is prepared for Connected Field Services, so that Augmented Reality (AR) or Remote Assistance software can connect to streaming data from your devices and to the telemetry storage. The API Integration possibilities also make it possible to integrate to Field Services, CRM, ERP or other enterprise systems.

Data Integrations

Beacon Tower collects data from any type of device or data source. Make use of standalone devices or gateways with multiple peripheral devices that can be directly managed by Beacon Tower. You can also integrate network services or device clouds from other providers, making Beacon Tower your central repository for all IoT data. We can help you build integrations to legacy systems where proxy servers or applications are needed to bring the data into Beacon Tower without modifying the legacy systems.

Architectural features

Azure IoT Cloud and Edge Platform | Architectural features | Beacon Tower

All services in Beacon Tower are implemented in an event-driven fashion with both serverless functions and container-based micro-services running on a managed orchestration platform. Each service is self-contained and possible to update and deploy on its own. Each service is scaled on its own, depending on load. Each service has an ingress queue that ensures that internal processing and external ingress are not directly coupled. The service adds horizontal scaling if the queue reaches its high-water mark, and scales down if the low-water mark is reached.

Azure IoT Cloud and Edge Platform | Architectural features | Beacon Tower
Device Security
Our recommendations for devices: we recommend using hardware-based trust or X.509 certificates. We also recommend that the storage is encrypted and read only where possible and to use SHA2 check sums to verify the integrity of the programs on the device. This check sum should be sent to the Beacon Tower and devices will then be black-listed if the verification fails. Certificates and security keys should all be replaceable, and the devices should not hold secrets in RAM memory.
Devices should be responsible for initiating communication to reduce the risk of tampering attempts due to open ports. The channel setup should use a TLS 1.2 encrypted channel with both a SHA-2 certificate and secret key for authentication and authorization.
IoT Data Security
Beacon Tower uses Microsoft Azure IoT Hub for IoT data which is a managed and field-proven service by Microsoft that is designed for coping with billions of devices with very high availability and assurance of never losing messages. The Azure IoT Hub has black-lists and back-off handling and DDOS protection to make sure that messages can arrive even during attacks. The Azure IoT Hub has extensive capabilities to route and filter messages and events which gives the ability to quickly route alarms. The Azure IoT Hub has furthermore built in support for syncing configurations such as version info on an unreliable network. This concept maximises the platforms resilience as a device will always receive security updates that are marked for the device regardless of its current connection state.
Cloud Architecture and Storage Security
All services in Beacon Tower is implemented in an event-driven fashion with both serverless functions and container based micro-services running on a managed orchestration platform. All internal APIs are secured with tokens and claims to make sure that you always need to be authenticated to call any APIs, even inside the system. This ensures that you cannot call anything even if the outer perimeter is breached. It also reduces the risk of security problems arising due to not following coding standards.
All data is encrypted at REST and there is unique customer keys to unlock storage. This ensures that data cannot be read and it also prevents users not authorized by Beacon Tower to read any data. This is critical in a multi-tenant solution.
Integration and User Security
All external facing services is exposed through a Managed API gateway which minimizes the amount of custom code that needs to be supported that is directly facing the Internet. Authentication is done through Azure AD which has a multitude of options for Multi-Factor Authentication to further secure the authentication process. Azure AD is a managed field-proven authentication suite which lessens the risk of security issues compared to custom code.
Beacon Tower has extensive logging and monitoring built into the core to give the operational personnel precise tools to monitor and to receive alarms on performance KPIs which can indicate performance or security problems. All changes to parameters is logged with timestamp and info about who made the change, both for history and for security audits.
We perform penetration tests periodically.
Devops

Devops is the discipline of moving developed software to production and to provision infrastructure in an efficient manner.

Beacon Tower uses Microsoft Azure DevOps pipelines to build all services into containers that are deployed to Azure using CI/CD and Infrastructure as Code.

Site Reliability Engineering

Beacon Tower focuses on Site Reliability Engineering (SRE) which is the work of developing tools and code for monitoring the service and making sure that it reaches its promised KPIs. SRE includes monitoring of metrics, logs and APIs to objectively measure.

Device Service

The Device Service holds the connectivity of the devices and is the first buffer of the messages received. All messages received are stored as raw messages with a predefined TTL (Time-To-Live) to make sure that the processing pipeline can be rerun if something should break.

Telemetry messages are sent to the Telemetry Service Ingress queue.

Telemetry Service

The Telemetry processor fetches messages from the ingress queue and splits the messages to telemetry signal units and the Device Telemetry signal is converted to Asset Telemetry Signals.

Asset Service

Asset is the logical representation of one or more devices/machines/sensors and is the actual object that is shown.

Asset furthermore keeps a hierarchy of all objects and their relations in a database.

Event Service

Event Service handles rule interpretation and if a rule matches it creates an event. Rules can be connected to Asset Types, Devices and Assets also. This makes it possible to create rules that are run for all actual Assets/Devices of a certain Type but also can run its own rule for the same Telemetry Signal (or other Signals).

Notification Service

Notifications are the result of a matched rule. Notifications are shown as alarms and can trigger mail, sms or other notifications.

Front-end

We use the Carbon System Design framework that is one of the most known and well supported React front-ends. This makes it easy for us and in the end also for you if you wish to extend some of your solutions’ front-ends. Should you wish, you can even change the entire front-end as we use our data APIs in the front-end.

Authentification

Beacon Tower uses Azure AD to authenticate the user. The front-end uses AAD to get an O-auth token that is used when the front-end calls the backend APIs.