The following diagram provides a functional architecture of the Eclipse Kapua project.
The connectivity of the devices is managed through a multi-protocol message broker. In the initial contribution, the protocol for the device connectivity will be the IoT protocol MQTT. The broker supports other protocols including AMQP and WebSockets for application integration.
The device connectivity module is responsible to authenticate connections, enforce the appropriate authorization – for example in the topic namespace – and maintain a Device Registry. The Device Registry stores the device profile, the device connection status and the device connection log. It also enables device organization through custom attributes and tags.
The stream of data published by the devices may have different consumers. Certain messages, like command and control messages, are meant to be consumed by the Device Management component; other messages, like the telemetry data are meant to be archived in the IoT Platform or re-directed to other systems. The Message Routing component allows for flexible handling of message streams avoiding hard coded behaviors through configurable massage routes.
Through the Device Management component, the IoT platform can perform remote operations on the connected devices. The IoT platform exposes an open contract towards the devices being managed with no assumption on the device software stack. In the initial contribution, the device management contract is based on an open application protocol over MQTT. Such protocol is already implemented by the Eclipse Kura project. With such protocol, the IoT platform can:
- Introspect and manage the device configuration
- Manage the device services including service start and stop operations
- Manage the device applications including application install, update, and remove
- Execute remote OS commands on the device
- Get and set device attributes and resources
- Provision initial configuration of the devices
In its evolution and future community contributions, Eclipse Kapua may adopt additional device management protocols like the emerging LWM2M standard
Eclipse Kapua can archive the telemetry data sent by the devices into a persistent storage for application retrieval. A reference message payload is defined which allows for a timestamp, a geo position, strongly typed message headers and an opaque message body. The chosen encoding is based on an open Google Protocol Buffers grammar.
In the initial contribution, a NoSQL data storage is used to allow for a flexible indexing of the telemetry messages. Incoming messages are stored and indexed by timestamp, topic, and originating asset. The NoSQL storage allows for indexing of the message headers.
Data Management also keeps a Data Registry which maintains the topics and the metrics that received incoming traffic.
A foundation layer maintains the security aspects of the IoT platform like the management of tenants, accounts and users. The account model supports a hierarchical access control structure. Following Role Based Access Control (RBAC), user identities can be defined and associated with one or more permissions guaranteeing the principle of "least privilege". Devices connect to the platform using the credentials of one of these user identities or through SSL authentication.
For integration with existing applications, Eclipse Kapua offers modern Web Services API based on Representational State Transfer (REST). The REST API exposes all the platform functionality, including device management and data management. The REST API also offers a "bridge" to the MQTT broker enabling the routing of commands from applications to devices without a specific connection to the message broker. Technologies such as REST/Comet/WebSockets are included allowing real-time display of data published by the devices in web pages and mobile dashboards.
Eclipse Kapua features a web-based administration Console to perform all device and data management operations. A screenshot of the administration Console is shown below.