IoT - How to make it professionally

And how to avoid problems before you fail in production

A lot of projects finished recently in the field of IoT and automation prompted me to write this article. Some of these projects came to me as an unfinished stage or a failure of past developers, some of them I did myself from the draft. It even happened that I had to urgently solve the customer’s problem on the production server when the users' devices did not want to work in any way. In software development it called ?CI/CD?, but in real life – it’s a fail and a shame for a product company.

Example of 2014: Nest Recalls Over 400K Smoke Detectors. The reason - it just doesn't work properly for a fire. More info here

Example of 2016: Nest smart thermostat glitch leaves cold feet and steaming mad customers. The reason - updates with no power control. More info here

And this is a big market player. I'm not mentioning here when companies release updates and devices have turned into a pumpkin.

In addition, I have seen many projects with similar problems as a developer. Almost all the problems and difficult moments that I encountered could be eliminated even before the product launch or before the delivery process to the customer.

I consider it a good practice to remind you once again about them, so that one of the most promising areas of IT technologies does not become overestimated and will not leave next year.

This article will be useful to everyone involved in development – from project manager to developers.

Contents

1. Indentify your area – IoT, EIoT or it just industrial automation
2. Business analyzing and requirements
3. Risk management - ask the engineers first
4. Linux-based system. Be prepared for problems or cook it properly
5. Security and latest regulation for the EU market
6. Wireless communication. Which solution is the best today?
7. Nobody think about production
8. Future for the IoT. Where does the road lead us?
9. My vison of the development of the IoT

1. Indentify your area – IoT, EIoT or it just industrial automation.

Before starting a project, define its scope. This is important for understanding what requirements will be imposed on the device and software. If you think that everything that transmits data from the physical world to the Internet is just IoT, then this is your first mistake.

Now see a real description of the areas and types of devices with their critical requirements, not modern marketing bullshit:

IoT:

Products and technologies for the consumer market and B2B. This is the largest area, so it's easy to drown in it. I distinguish 3 parts in it:

• The consumer segment. Smart Home, Cameras, Trackers, etc.

• B2B segment. Sensors and Smart Office, Climate control systems.

• Custom development for B2B. Specific hardware for solving company's goals.

The main critical points: Make it ease to use, scalable, ready for mass production, determining the exact needs for the product, mandatory certification (RF/EMC). Since 2024, also a software update, security. See the Security chapter.

EIoT:

This is a quite new field. E – means Enterprise. The main purpose is the integration of the physical infrastructure of the enterprise with its information system. As a rule, this is a specific development of hardware and an information system or integration into an existing ERP (Enterprise Resource Planning system).

Examples: sensors and trackers for a logistics company, E-ink price tags, POS systems, a product quality tracking system, post machines, billings, information boards.

The main critical points: reliability, ease of maintenance, documentation and support, the ability to replace or manufacture devices, a wide temperature range for devices, security and software updates, because the system works in conjunction with the ERP/enterprise server.

Industrial automation:

Stop calling that IoT. This is a pretty old area, the main purpose of which is the production process. Everything related to the production of products belongs here.

As a rule, all basic solutions are based on industrial automation controllers (ABB, Siemens,Advantech..).

There are several reasons for that: standard equipment from many suppliers, ease of implementation, solutions proven over the years, large losses in case of new equipment failure – downtime of workers is often added to equipment downtime.

Developing solutions in this area is very difficult if you have no experience. Most likely, you will not be able to release a new industrial automation controller, because it will need a whole line of additional modules. However, you can solve a specific task, for example, checking the quality of products using an AI edge device or controlling the movement of products in warehouses. This will also be industrial automation, which can benefit businesses. However, you should clearly understand the responsibility, introducing your product into the production process.

The main critical points: high reliability, ease of maintenance, documentation and support, safety, minimizing the risks of damage to production equipment, a wide temperature range for devices.

Now you know that. What should you do now?

Before you start an assessment or development, define your area and write down the critical requirements for it, so as not to forget in the next stages.

Ideally, if you ask for the support of people with experience in this field. Their knowledge will always be much cheaper for you than learning from your future mistakes.

2. Business analyzing and requirements

When the area is known, you can start working on the technical requirements. One of the most important stages of development. The key difference between IoT development and software development is the presence of a hardware component. I do not believe in the power of the Agile methodology in this area, because you will not be able to cut the developed printed circuit board with tape and scissors and glue it in a new way. The average time of the prototype is 1 month or more. Therefore, at the hardware development stage, you should check the requirements and coordinate them with the customer. Ideally, make a physical layout of the device/block diagram. When the customer picks it up, he will immediately tell what is missing. Your assistants for prototyping can be Arduino, Raspberry pi, 3D printer, renderers from 3D modeling programs and your talent to explain how it will look. As a reward, you will get an accurate idea of what is really important and, perhaps, will bring joy to the client.

3. Risk management - ask the engineers first

After describing all the requirements, be sure to give them to the developers to read first. Often impossible or contradictory things appear in the device specification due to the fact that the people composing the document simply do not have enough knowledge. Don't rely on the Internet. If you ask, for example, the communication range of LoRa, you will see a marketing figure of up to 15km, which is almost unattainable under normal operating conditions. Problems are caused by interference, antenna quality, device enclosure, transmission speed. As a result, you can really count on 1-2 km max in the city. Engineers know this. Ask them. Only then approve the technical requirements.

4. Linux based system. Be prepared for problems or cook it properly

What happens if you take a regular Linux image for the Raspberry Pi and connect a sensor to it, and then sell the device? It's okay if you expect to work for several months. Maybe, 1 year. Then, most likely, you will be surprised by Linux failures due to a memory microSD card issues. Of course, you can ask users to disassemble your device and write an image on the new card. But I don't think 100% of people will be able to complete this process in a good mood. You don't pay them for support. They paid you for the product.

For me Linux-based system is always a problem. Perhaps because I know how to properly prepare a device based on it, and I see that the products are always far from this ideal. There are no general requirements that can be applied to all devices.

But here are some of them:

• If you can do without Linux, do without Linux. The performance of modern microcontrollers is already large enough to make it with RTOS or baremetal. It is cheaper (usually by $30-120) and more reliable/safer.
• Examples of systems: ESP32 (-S3), ESP82xx, STM32, RP2040, . You don't have to do everything in the microcontroller, you can transfer all the complexity of processing to the server, leaving only data transmission/acquisition on MCU.
• Avoid microSD card. If it possible, use eMMC. To save small data – use embedded flash IC, SPI, QSPI, EEPROM.
• Enable the overlay fs mode (you can use even a microSD card for it), which will create an image on RAM for R/W operation and make R/O for flash. Thus, the time resource of the memory card will become large. In this case, it is desirable to have another partition on the disk for manual data saving (if it necessary).
• Software update. The best solution is to have two parts of file system. One for working image, the second is backup/upgrade.
• Security. If there is a SecureBoot on your board and you use it. However, this leads to some additional steps – see Production chapter.
• Third-party software. Using third-party software components with some Open Source licenses, you will be required to provide the source code. Or you may even need to buy some licenses for commercial use.
• In conclusion, Linux is a useful system for your device, but be prepared to build your own image and configure it.

5. Security and latest regulation for the EU market

It is not worth mentioning once again that the letter "S" in IoT is for Security. Now this is a mandatory requirement for the EU market from 2024.

The European Commission has introduced minimum requirements for software and hardware to ensure the security of IT products, starting in 2024. If the devices do not meet these standards, the entire product will be banned from sale on the EU market. The EU requirements for the cybersecurity of consumer goods were introduced as an additional to the EU Radio Equipment Directive (RED).

What does it mean? You have to be ready for ETSI EN 303 645 security standard. It contains a set of security and privacy requirements and recommendations that manufacturers shall implement in their devices.

These specifications cover various areas and are divided into the following categories (with my short comments how to use it in the development):

• 1) No universal default passwords (Be ready for a printed label with user/pass or registration, forget about admin/admin default password for an account/settings/login).
• 2) Implement a means to manage reports of vulnerabilities. (logs and analyses of it with self-checking)
• 3) Keep software updated (an OTA mechanism should be implemented in the device).
• 4) Securely store sensitive security parameters (use secure storage chip or protect with cryptography in the memory region).
• 5) Communicate securely (MQTT with TLS, HTTPS,…).
• 6) Minimize exposed attack surfaces (close all default backdoor, use secure boot).
• 7) Ensure software integrity (OTA/secure boot with images and no external repository/servers for the update).
• 8) Ensure that personal data is secured (p. 4 + your secure transactions with server/storage).
• 9) Make systems resilient to outages. (restore/check last session after power up)
• 10) Examine system telemetry data (what/when you send to the server - it may be data from the user, so be prepared to secure it and check for anomalies to prevent an attack + p. 2)
• 11) Make it easy for users to delete personal data (factory reset option with the purge memory action).
• 12) Make installation and maintenance of devices easy (make for people who don’t know about sudo/ triple service button click).
• 13) Validate input data (its more an QA actually, but be ready to test your device with any data on the input + minimum pass security check).

This standard also includes a?data protection process?to help manufacturers to provide a number of features in the IoT devices?to protect and secure?users’ personal data. It’s like General Data Protection Regulation (GDPR), but for IoT devices. For example: you have to give consumers information about what personal data are processed, how it is being used for product, by whom, and for what purposes, for each device and service.

Within these categories, there are?33 security requirements and 35 recommendations to be implemented in the product.

So don't waste time and double-check your HW/SW design if it's going to be a new product for the market in 2024.

6. Wireless communication. Which solution is the best today?

The ansver is – there is no perfect solution. It always depends on your goal. WiFi, BT, LoRa, NBIoT, Sigfox, etc. It all depends on your system requirements and price.

But some points for the understanding:

• Mass market IoT devices: NFC/RFID/WiFi/BT/Zigbee/Thread/ISM 433/868 Mhz.
• EIoT: ?NFC/RFID/WiFi/BT/ LoRa/ Zigbee/Thread/NBIoT/GSM 2G/3G/4G/5G (be aware that USA no longer use 3G)
• Industrial automation – All EIoT wireless, PROFINET + wired option of the device (if it possible).

7. Nobody think about production

Probably the biggest disappointment for a customer - that what you have developed cannot be manufactured.

For example, you have developed a device and collected almost all of the following mistakes:

• Used components that can no longer be bought (discontinued/obsolete or a long lead time)
• Did not check the documentation on the latest changes that the engineer did on his draft
• Did not think through how the device will be programmed and with what tools.
• Did not make test programs to check the elements on the board.
• Forgot that each device needs its own unique serial number, which must be recorded somewhere and then transmitted to your server in database.
• Made a complex PCB design for manufacturing
• Forgot about EMC checks and calculations, and device did not pass certification
• Left the addresses of servers or repositories in the firmware, which will be disabled before the device enters to the market
• Did not check the reliability of the OTA mechanism before the SecureBoot firmware. Used default AES keys from SDK examples.

Of course, this is just a scary list, and there are different numbers of items for different devices. But despite this, I recommend checking whether everything is done for production before you start it. Ultimately, development always involves manufacturing. Do not forget about this, even if you are engaged in contract development only.

8. Future for the IoT. Where does the road lead us?

What's next in IoT? Smart clothes, full digitalization of a person, full control of life?

Probably not. A misunderstanding of the technology from the very beginning has made this area very pumped, like blockchain/bitcoin and AI now. The main beginning of IoT was laid when cheap embedded systems appeared on the market, with the possibility of wireless data transmission from various physical processes and following data analysis in the software part. Such tasks have been solved before. It just required a lot of wires and complex systems. The development of microelectronics has simplified this process.

So what awaits us if the IoT/EIoT industry continues to develop? In search of an answer, let's turn to the history of industrial automation.

At one time, the introduction of automation in production facilities not only increased productivity, but primarily improved product quality and safety. The same effect, only for you and me, can be expected if the objects around us begin to communicate with each other. The next step in IoT will be M2M ?(machine to machine) communication. Finally, your car will be able to slow down without you if the driver in front presses the brake, or he is going to run through a red light at the road intersection. Your can will know that from his car.

Then, I hope, there will be robots, for which it will no longer be necessary to create infrastructure/additional scalable M2M technologies.

9. My vison of the development of the IoT

Many say that IoT is overrated and now we see a sunset. No, I don't think so. A lot of problems with production/development was appeared during pandemic and semiconductors crysis. Everything is much better today. You can move forward again.

And when you meet an obstacle, just remember that it's always difficult to follow a path that doesn't exist yet. This is the fee for being a leader.