Mais conteúdo relacionado Semelhante a Introducing the New Features of AWS Greengrass (IOT365) - AWS re:Invent 2018 (20) Mais de Amazon Web Services (20) Introducing the New Features of AWS Greengrass (IOT365) - AWS re:Invent 20182. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Introducing the New Features of
AWS IoT Greengrass
Scott Allison
Senior Product
Manager
Amazon Web
Services
I O T 3 6 5
Dmitri Zimine
Distinguished Engineer
Extreme Networks
James Floyd
Sales Engineering
Lead
Logic Supply
Tatiana Cooke
Senior Product
Manager
Amazon Web
Services
3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Agenda
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Greengrass: Why did we build it?
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Common edge scenario
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Greengrass release v1.7
• Simplified deployments
• AWS IoT Greengrass Connectors
• Extreme Networks Demo
• Enhanced security
• AWS IoT Greengrass Secrets Manager
• AWS IoT Greengrass Hardware Security Integration
• Logic Supply Demo
• Greater flexibility
• AWS IoT Greengrass per-Lambda Isolation &
Permission Configurations
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Greengrass release v1.7
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
• Bulk Deployments
• ALPN/Proxy Support
• ML Inference
• More performant
• Smaller footprint
• IOT214 - Machine Learning at the IoT
Edge: 11/29, 11:30 am @ Venetian,
Level 3, San Polo 3405
8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Agenda
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Greengrass Connectors
Amazon Kinesis
Data Firehose
Amazon Simple
Notification
Service
AWS IoT
Device Defender
Amazon
CloudWatch
Modbus RTU
Protocol
Adapter
Raspberry Pi
GPIO
Serial Stream
• More to come in 2019
• What are connectors?
• Connectivity to AWS services, industrial protocols,
local- and cloud-based applications
• Code-free configuration and installation
• 11 connectors available today
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
ML Inference
10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Greengrass Connectors
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
• How does it work?
• Customers select and configure
connectors via console or API/CLI
• Attach to a AWS IoT Greengrass group and
deploy
11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Greengrass Connectors
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
• Amazon SNS
• Create an SNS topic via the SNS
console/API
• Add SNS connector to Greengrass group
via Greengrass console/API
• Configure connector with ARN of SNS
topic
• Deploy
• Publish messages to connector MQTT
topic
12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Greengrass Connectors
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
• Twilio
• Add your Twilio auth token to AWS
Secrets Manager; select from connector
config
• Specify phone number and account SID
• Deploy
• Publish messages to connector MQTT
topic
13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Dmitri Zimine
Distinguished Engineer
Extreme Networks
14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
©2018 Extreme Networks, Inc. All rights reserved
Extreme Networks
History of Innovation
Founded 1996
20+ year pioneer in networking
Industry’s first Gig-E / 10 Gig-E Switch
Extensive patent portfolio
End-to-End Networking Solutions for Enterprise
#1 Ranked, 100% insourced service and support
Global Strength
Revenue: $1.2 Billion
3,000+ employees
NASDAQ: EXTR
HQ in San Jose, CA
Business in 80+ countries
30,000+ customers
6,000+ technology partners
Software-Driven Networking Solutions for the Enterprise
15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
©2018 Extreme Networks, Inc. All rights reserved
#3 Enterprise End-to-End Networking Vendor*
2013 20172014 2015 2016
+
+
+
+
*Source Dell’Oro
Aerohive
13
12
11
10
9
8
7
6
5
4
3
2
1
8 8
5
3
2
1
16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
©2018 Extreme Networks, Inc. All rights reserved
Industry Analyst Verified
2018 LAN/WLAN Magic Quadrant
17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Extreme and IoT
IoT solutions in many
verticals
Transportation
Retail
Healthcare
Specialized devices
Outdoor
AP + video
Wall-plate
IoT protocol support
BTLE
Threat
WiFi
Location
18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Extreme Defender for IoT
Defender
Application
Defender
Adapter
SA201
ExtremeCloud
Appliance
3912 Wall
Jack AP
19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Extreme Defender for IoT
• Secure onboarding
• Centralized inventory
• Enforcement of security profiles
• Isolation & segmentation
• Healthcare User-Interface
Simple IoT Security for Healthcare
Defender
Application
Defender
Adapter
SA201
ExtremeCloud
Appliance
20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
©2017 Extreme Networks, Inc. All rights reserved
Things
Sense & Act
Cloud
Store & Compute
Extreme Network
Connect & Control
Extreme Edge Network as Greengrass Hosting Infra
Greengrass on Extreme network
edge devices:
• In place: managed, secured, paid
• Enrich data with networking,
location, IoT
21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
POC with Schneider Electric
Transfer to cloud, analyze,
provide unified view
Perform actions:
enhance & accelerate
device programmability
Collect data from
IoT devices:
Modbus, OPC-UA
Maximum security
Minimal cost & overhead (== no new IT)
Leverage Extreme Networks compute capacity
as Greengrass hosting infrastructure
22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
©2017 Extreme Networks, Inc. All rights reserved
Extreme
Defender Adapter
network device
POC Setup: cloud-enable Modbus devices with
Greengrass-enabled network
RuleVariable Speed
Drive
Electric motor
with load
Kibana
Modbus MQTT
Data collection &
protocol translation
Anomaly detection
Modbus Connector
23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Zoom in to the {code}…
24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Modbus data collection &
protocol translation Lambda
Anomaly detection Lambda
Use greengo.io:
Greengrass group defined
as YAML & deployed via API
25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Using AWS Modbus connector:
refer by ConnectorArn,
pass parameters.
Subscriptions:
who is talking to whom
Modbus Anomaly
Modbus
Connector
26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
When anomaly posted
Publish request to Modbus
connector
Form the request to stop the
motor (set frequency = 0)
{
"request":{
"request_id": ”StopTheMotor",
"operation": "WriteSingleRegisterRequest",
"device": 248
"address": 8502,
"value": 0
}
}
29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.https://devices.amazonaws.com/search?kw=%22Extreme%20Networks%22&pag
e=1
30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
References
31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Agenda
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Greengrass Secrets Manager
• What is it?
• Extends AWS Secrets Manager to the
Greengrass cores for secure
management of keys, passwords,
credentials, endpoints, and
configurations
• Usable by connectors or AWS
Lambda functions
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Greengrass Secrets Manager
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
• How does it work?
• Customers provision secrets in AWS
Secrets Manager
• Attach a secret to a AWS IoT
Greengrass group and deploy
• Encrypted in transit and at rest
34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Greengrass Hardware Security Integration
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
Private key
stored in file
system
Device
Cloud
TLS Encryption of
messages
IAM role for
Greengrass Core
35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Greengrass hardware security integration
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
AWSOn-Premise Data AggregationVideo Cameras
API Gateway
certs/private.key
Logic Supply
ML350G-10
IN
IN
Cameras
36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Greengrass hardware security integration
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
Private key
stored in file
system
PKCS#11API
Interface
37. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Greengrass hardware security integration
• How can I get started?
2. Update AWS IoT Greengrass
configurations to point to that
private key, rather than the file
system private key
3. Integrate with AWS IoT
Greengrass Secrets
Manager by updating
configurations
1. Follow vendor
directions to generate a
private key on your
secure element
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
38. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Greengrass hardware security integration:
Partners
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
39. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Greengrass HSI Devices searchable in the AWS
Partner Device Catalog
https://devices.amazonaws.com/
search?kw=HSI&page=1
40. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Device Tester is available for download on
AWS IoT Greengrass product page
41. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
James Floyd
Sales Engineer Lead
Logic Supply
42. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Who Is Logic Supply?
We are a global Industrial Computer
Manufacturer specializing in small form factor,
fanless hardware for IoT.
● Founded 2003
● Headquartered in South Burlington,
Vermont
● Other locations in The Netherlands and
Taiwan
43. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Our Computer Systems
Our systems are designed to fit and survive
in challenging environments
● Hardshell™ Fanless design
● Commercial through Rugged grade
● Embedded lifecycles
● Revision control
44. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Logic Supply, AWS &
Our Clients Work
Together
45. Use Case: Risks in Building Automation
Disrupt service by sending
high volume of traffic
Denial of Service
Mimic the identity of a
valid device
Spoofing
Information is intercepted and
manipulated
Man-in-the-middle
47. Greengrass with Hardware Security Integration
Mitigates these Risks
Only registered devices
can connect to Greengrass
and IoT cloud
Denial of Service
Hardware root-of-trust
identity for Greengrass
Core devices
Spoofing
Communication encrypted
using Transport Layer Security
protocol
Man-in-the-middle
Logic Supply
Industrial PCs
48. Thank you!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
James Floyd
james.floyd@logicsupply.com
49. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Agenda
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
50. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Isolation and permission configurations
Customers want to test AWS IoT Greengrass in a diverse set of
environments
Run AWS IoT Greengrass with
fewer dependencies and no
kernel-level changes
Access more local resources
like Bluetooth Low Energy or
USB devices
Run AWS IoT Greengrass in a
Docker container
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
51. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Easier to add AWS IoT Greengrass to existing
architecture that uses Docker containers for isolation
Existing applications running
in separate Docker
containers
Application A
Run AWS IoT
Greengrass in a
Docker container
Application B
On-Premise Device
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
52. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
New modes provide flexibility in configuring AWS IoT
Greengrass
• Today: AWS IoT Greengrass with
per-Lambda container isolation
• New: Run Greengrass as an OS
process. Lambdas and Greengrass
Group have no container
• New: Hybrid mix of isolated
Lambdas and Lambdas as OS
processes
AWS IoT Greengrass Core (1.7.0) with Greengrass
Containers
Device Resources accessed
via Local Resource Access
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
53. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
New modes provide flexibility in configuring AWS IoT
Greengrass
• Today: AWS IoT Greengrass with
per-Lambda container isolation
• New: Run Greengrass as an OS
process. Lambdas and Greengrass
Group have no container
• New: Hybrid mix of isolated
Lambdas and Lambdas as OS
processes
AWS IoT Greengrass Core (1.7.0) with Greengrass
Containers
Device Resources accessed
directly
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
54. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
New modes provide flexibility in configuring AWS IoT
Greengrass
• Today: AWS IoT Greengrass with
per-Lambda container isolation
• New: Run Greengrass as an OS
process. Lambdas and Greengrass
Group have no container
• New: Hybrid mix of isolated
Lambdas and Lambdas as OS
processes
AWS IoT Greengrass Core (1.7.0) with Greengrass
Containers
Device Resources accessed
directly
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
55. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
New AWS per-Lambda isolation and permission
settings
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
56. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
New AWS per-Lambda isolation and permission
settings
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
57. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Run Greengrass in Docker on Mac OS X or Windows
10
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
58. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Greengrass release v1.7
• Simplified deployments
• AWS IoT Greengrass Connectors
• Enhanced security
• AWS IoT Greengrass Secrets Manager
• AWS IoT Greengrass Hardware Security
Integration
• Greater flexibility
• AWS IoT Greengrass per-Lambda Isolation &
Permission Configurations
• Try it from the console
• Connectors and documentation available now
• Find qualified hardware
• Search the Amazon Partner Network Device
Qualification Portal for Greengrass HSI
[https://devices.amazonaws.com/search?kw=HSI&page=1]
• Use our Docker file
• Access a Greengrass Docker file here
• See documentation about pullling the
Greengrass Docker image from AWS ECR here
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
Get Started!
59. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
60. Thank you!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Scott Allison
alliscot@amazon.com
Tatiana Cooke
tatcoo@amazon.com
61. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.