How to Quickly Connect IoT Nodes to Amazon AWS and Microsoft Azure Clouds

Cloud connectivity using services like the Amazon AWS and Microsoft Azure clouds is highly valued in a range of Internet of things (IoT) applications, including industrial and building automation, smart medicine and transportation, consumer appliances, and smart cities. In these applications, cloud connectivity is an indispensable support feature but not the device's primary function. Cloud storage of the zettabytes of data produced by many IoT networks and cloud-enabled remote access to IoT devices are increasingly important (Figure 1).

Figure 1: Multiple types of IoT networks require access to the cloud for remote access and data storage. (Image source: AWS)

Maintaining privacy, obtaining the needed security certifications, ensuring interoperability, and managing communication latencies are important aspects of developing effective cloud connectivity solutions. Each of these challenges can be dealt with, but they can also divert time and resources away from development of the primary device functionality.

Instead of developing cloud connectivity from the ground up, designers can turn to cloud connectivity development kits to speed up the process. These kits are available for microcontroller unit (MCU)-based designs and field programmable gate array (FPGA)-based designs and support all the elements needed for quickly connecting IoT devices to the Amazon AWS and Microsoft Azure clouds.

This article reviews the building blocks and architectures for cloud connectivity, looks at event-driven cloud architectures for gathering and managing data from large-scale sensor networks, and reviews the International Standards Organization/International Electrotechnical Commission (ISO/IEC) 27017 and 27018 guidelines for cloud security. It then presents cloud connectivity development kits from Renesas and Terasic for MCU and FPGA-based IoT devices, along with an MCU from Renesas and an FPGA from Intel.

Cloud services are distributed large-scale data processing and storage resources connected to the Internet. Elements in a typical cloud environment include (Figure 2):

• Devices and sensors – Devices can include hardware or software that interacts with the immediate environment or responds to communications from the cloud. Devices can range from actuators and motors to Human Machine Interfaces (HMIs) like touch screens and apps on mobile handsets. Sensors measure specific environmental parameters and send the data to the cloud for analysis, storage, and/or decision making. Devices and sensors can be directly connected to the cloud using the Internet, or they can connect indirectly using a gateway.
• Gateways – Provide communications platforms like Wi-Fi, Ethernet, cellular, or other wireless protocols that support access to and from the cloud for devices and sensors that are not directly connected to the Internet. Gateways can also provide initial filtering, aggregation, and data processing before being sent to the cloud.
• IoT cloud – Is a scalable, cost-effective way to support widely dispersed devices and sensors, and provide large-scale storage, processing, and analysis for big data. IoT cloud services are third-party hosted infrastructures and platforms like Amazon AWS and Microsoft Azure. They can include only hardware but often also provide a wide range of software packages to support data analytics, reporting, and decision making.

Figure 2: IoT cloud services can be connected to networks of sensors and devices through a dedicated gateway. (Image source: Renesas)

Event-driven cloud architecture for IoT sensor data

IoT sensor information derived from medical devices, automotive systems, building automation controls, and Industry 4.0 systems can be automatically sent to the cloud for collection, analysis, and decision making using an event-driven cloud architecture. The basic architecture includes several elements (Figure 3).

1. The IoT sensor data is collected using an IoT edge runtime and cloud service that aggregates data and performs initial analysis close to the source. This edge service reacts autonomously when new data arrives, filters it, aggregates it into the proper format, and securely sends it to the cloud and local network devices as appropriate.
2. An edge-to-cloud interface service ingests the data into the cloud. In addition to providing an edge connection service, the interface should be secure and scalable and connect with cloud applications and other devices as appropriate.
3. The ingested data is then transformed as needed for further processing and can be stored for future reference. Data transformation can include enrichment and simple formatting to support downstream analysis and business intelligence reporting. Initial analytics can also be used to prepare the data for the machine learning (ML) processing in the next step. In addition, anomalous data can be identified that may require accelerated analysis and decision making.
4. ML training and analysis are ongoing processes as more and more data becomes available. In this final block of the architecture, mobile apps or business applications can be used to access the raw data in near real-time or look at the results of the ML processing. Automatic reporting and alerts can provide the insights needed to support manual or automatic management of the devices that were the sources of the original sensor data.

Figure 3: Example of an event-driven reference architecture for IoT sensor data. (Image source: AWS)

IEC 27017 and IEC 27018 – Why you need both

Developers of cloud solutions need IEC 27017 and IEC 27018. 27017 defines information security controls for cloud services, while 27018 defines how to protect user privacy in the cloud. They were developed under the ISO/IEC JTC 1/SC 27 joint subcommittee and are part of the IEC 27002 family of security standards.

IEC 27017 provides recommended practices for both cloud service providers and cloud service customers. It is designed to help customers understand the shared responsibilities in the cloud and provides customers with insights on what they should expect from cloud service suppliers. For example, it adds seven additional controls for cloud services to the 37 controls specified in the base IEC 27002 standard. The additional controls relate to the following:

• Division of responsibilities between service providers and cloud users
• Return of assets at the end of a cloud contract
• Separation and protection of the user's virtual environment
• Virtual machine configuration responsibilities
• Administrative procedures and operations to support the cloud environment
• Monitoring and reporting cloud activity
• Alignment and coordination of the cloud and virtual network environments

IEC 27018 was developed to help cloud service providers assess risk and implement controls for protecting users' personally identifiable information (PII). When combined with IEC 27002, IEC 27018 creates a standard set of security controls and categories and controls for public cloud computing service providers that process PII. Among its several objectives, IEC 27018 outlines how to provide a mechanism for cloud service customers to exercise audit and compliance rights. This mechanism is especially important where individual cloud service customer audits of data hosted in a multiparty, cloud environment using virtualized servers can be technically challenging and increase risks to existing physical and logical network security controls. The standard has several advantages, including:

• Increased security for customer PPI data and information
• Increased platform reliability for cloud users and customers
• Helps speed deployment of global operations
• It defines legal obligations and protections for cloud providers and users

MCU-based cloud connection dev platform

The RX65N cloud kit from Renesas provides a platform for designers of industrial and building automation, smart home, smart meters, office automation, and general IoT applications to prototype and evaluate IoT equipment. Two variations are available: the RTK5RX65N0S01000BE, which supports development of systems for use in the U.S., and the RTK5RX65N0S00000BE for the rest of the world. Both provide quick connectivity to the Amazon AWS and Microsoft Azure clouds (Figure 4). Using these kits, designers who do not have previous experience with developing IoT devices can quickly start using a solution in a cloud connection environment.

Figure 4: Developers can use the eval boards in the RX65N cloud kit to quickly implement IoT devices with connectivity to the Amazon AWS and Microsoft Azure clouds. (Image source: Renesas)

The RX65N cloud kit supports flexible development with several sensors, user interfaces, and communication functions. It also provides sample programs to speed application development. The sample programs can be edited and debugged. The included application notes provide details of the operation of the applications. The sample programs are ported based on Amazon FreeRTOS and can be freely expanded, changed, and deleted using available source code libraries. The kit has AWS qualification, so it can communicate with AWS safely and securely and includes (Figure 5):

• Cloud option board with temperature/humidity sensor, light sensor, and 3-axis accelerometer, plus a USB port for serial communication and a second USB port for debugging
• Wi-Fi communication module based on the Silex SX-ULPGN Pmod module
• All necessary power management
• RX65N target board that includes the R5F565NEDDFP MCU rated for operation from -40 to +85 degrees Celsius (°C)

Figure 5: The RX65N cloud kit is AWS-qualified and includes everything needed to connect IoT devices securely. (Image source: Renesas)

Renesas' RX65N MCUs are well suited for cloud and sensor solution endpoint devices. Features include:

• 120 MHz operation with single-precision FPU
• 2.7 to 3.6 V operation
• Only 0.19 mA/MHz is needed to support all peripheral functions
• Four low-power modes for power/performance optimization
• Communication interfaces include Ethernet, USB, CAN, SD host/slave interface, and quad SPI
• Program Flash up to 2 MB, SRAM up to 640 KB
• DualBank function simplified firmware updates
• Security
  • National Institute of Standards and Technology (NIST) Federal Information Processing Standards (FIPS) 140-2 Level 3 Cryptographic Module Validation Program (CMVP) certification
  • Renesas' proprietary hardware secure IP (Trusted Secure IP) is integrated and realizes a high level of root-of-trust
  • Available encryption engines include AES, TRNG, TDES, RSA, ECC, SHA
  • Equipped with functions that protect Flash memory from unintended access

Cloud connectivity with an FPGA

Designers that need FPGA performance and cloud connectivity can turn to Terasic's FPGA Cloud Connectivity Kit, which combines an Intel Cyclone V system on chip (SoC) FPGA, like the 5CSEBA5U23C8N, with cloud connectivity. This dev kit is certified with cloud service providers, including Microsoft Azure, and includes open source design examples that walk designers through the process of connecting an edge device to the cloud. The FPGA Cloud Connectivity Kit includes (Figure 6):

• DE10-Nano Cyclone V SoC FPGA Board
• RFS daughter card with:
  • Wi-Fi, using ESP-WROOM-02 module with up to 100-meter range
  • 9-axis sensor with accelerometer, gyroscope, and magnetometer
  • Ambient light sensor
  • Humidity and temperature sensor
  • UART to USB
  • 2x6 TMD GPIO Header
  • Bluetooth SPP, using HC-05 module with up to 10-meter range

Figure 6: Terasic's FPGA Cloud Connectivity Kit combines the DE10-Nano Cyclone V SoC FPGA board and the RFS daughter card. (Image source: Terasic)

The Intel Cyclone SoC FPGA is a customizable ARM processor-based SoC that supports lower system power, lower cost, and less board space by integrating a hard processor system (HPS) that includes processors, peripherals, and a memory controller, with a low-power FPGA fabric using a high-bandwidth interconnect. These SoCs are especially suited for high-performance IoT edge applications.

Summary

Adding cloud connectivity to IoT devices and sensors need not be a difficult task that diverts resources from the design of the primary device functionality. Designers can turn to MCU and FPGA-based environments that support quick and efficient connectivity to the Amazon AWS and Microsoft Azure clouds. These development kits include comprehensive suites of sensors, wired and wireless communications options, and sample application programs that provide safe and secure cloud connectivity.