With AWS Greengrass, you can bring local compute, messaging, data caching, sync, and machine-learning inference capabilities to edge devices. Join us in this session to learn about new features that extend the capabilities of AWS Greengrass devices.

2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Introducing the New Features of
AWS IoT Greengrass
Scott Allison
Senior Product
Manager
Amazon Web
Services
I O T 3 6 5
Dmitri Zimine
Distinguished Engineer
Extreme Networks
James Floyd
Sales Engineering
Lead
Logic Supply
Tatiana Cooke
Senior Product
Manager
Amazon Web
Services

3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Agenda
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility

4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Greengrass: Why did we build it?
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility

5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Common edge scenario
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility

6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Greengrass release v1.7
• Simplified deployments
• AWS IoT Greengrass Connectors
• Extreme Networks Demo
• Enhanced security
• AWS IoT Greengrass Secrets Manager
• AWS IoT Greengrass Hardware Security Integration
• Logic Supply Demo
• Greater flexibility
• AWS IoT Greengrass per-Lambda Isolation &
Permission Configurations
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility

7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Greengrass release v1.7
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
• Bulk Deployments
• ALPN/Proxy Support
• ML Inference
• More performant
• Smaller footprint
• IOT214 - Machine Learning at the IoT
Edge: 11/29, 11:30 am @ Venetian,
Level 3, San Polo 3405

8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Agenda
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility

9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Greengrass Connectors
Amazon Kinesis
Data Firehose
Amazon Simple
Notification
Service
AWS IoT
Device Defender
Amazon
CloudWatch
Modbus RTU
Protocol
Adapter
Raspberry Pi
GPIO
Serial Stream
• More to come in 2019
• What are connectors?
• Connectivity to AWS services, industrial protocols,
local- and cloud-based applications
• Code-free configuration and installation
• 11 connectors available today
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
ML Inference

10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Greengrass Connectors
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
• How does it work?
• Customers select and configure
connectors via console or API/CLI
• Attach to a AWS IoT Greengrass group and
deploy

11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Greengrass Connectors
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
• Amazon SNS
• Create an SNS topic via the SNS
console/API
• Add SNS connector to Greengrass group
via Greengrass console/API
• Configure connector with ARN of SNS
topic
• Deploy
• Publish messages to connector MQTT
topic

12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Greengrass Connectors
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
• Twilio
• Add your Twilio auth token to AWS
Secrets Manager; select from connector
config
• Specify phone number and account SID
• Deploy
• Publish messages to connector MQTT
topic

13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Dmitri Zimine
Distinguished Engineer
Extreme Networks

14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
©2018 Extreme Networks, Inc. All rights reserved
Extreme Networks
History of Innovation
 Founded 1996
 20+ year pioneer in networking
 Industry’s first Gig-E / 10 Gig-E Switch
 Extensive patent portfolio
 End-to-End Networking Solutions for Enterprise
 #1 Ranked, 100% insourced service and support
Global Strength
 Revenue: $1.2 Billion
 3,000+ employees
 NASDAQ: EXTR
 HQ in San Jose, CA
 Business in 80+ countries
 30,000+ customers
 6,000+ technology partners
Software-Driven Networking Solutions for the Enterprise

15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
©2018 Extreme Networks, Inc. All rights reserved
#3 Enterprise End-to-End Networking Vendor*
2013 20172014 2015 2016
+
+
+
+
*Source Dell’Oro
Aerohive
13
12
11
10
9
8
7
6
5
4
3
2
1
8 8
5
3
2
1

16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
©2018 Extreme Networks, Inc. All rights reserved
Industry Analyst Verified
2018 LAN/WLAN Magic Quadrant

17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Extreme and IoT
IoT solutions in many
verticals
Transportation
Retail
Healthcare
Specialized devices
Outdoor
AP + video
Wall-plate
IoT protocol support
BTLE
Threat
WiFi
Location

18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Extreme Defender for IoT
Defender
Application
Defender
Adapter
SA201
ExtremeCloud
Appliance
3912 Wall
Jack AP

19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Extreme Defender for IoT
• Secure onboarding
• Centralized inventory
• Enforcement of security profiles
• Isolation & segmentation
• Healthcare User-Interface
Simple IoT Security for Healthcare
Defender
Application
Defender
Adapter
SA201
ExtremeCloud
Appliance

20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
©2017 Extreme Networks, Inc. All rights reserved
Things
Sense & Act
Cloud
Store & Compute
Extreme Network
Connect & Control
Extreme Edge Network as Greengrass Hosting Infra
Greengrass on Extreme network
edge devices:
• In place: managed, secured, paid
• Enrich data with networking,
location, IoT

21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
POC with Schneider Electric
Transfer to cloud, analyze,
provide unified view
Perform actions:
enhance & accelerate
device programmability
Collect data from
IoT devices:
Modbus, OPC-UA
Maximum security
Minimal cost & overhead (== no new IT)
Leverage Extreme Networks compute capacity
as Greengrass hosting infrastructure

22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
©2017 Extreme Networks, Inc. All rights reserved
Extreme
Defender Adapter
network device
POC Setup: cloud-enable Modbus devices with
Greengrass-enabled network
RuleVariable Speed
Drive
Electric motor
with load
Kibana
Modbus MQTT
Data collection &
protocol translation
Anomaly detection
Modbus Connector

23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Zoom in to the {code}…

24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Modbus data collection &
protocol translation Lambda
Anomaly detection Lambda
Use greengo.io:
Greengrass group defined
as YAML & deployed via API

25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Using AWS Modbus connector:
refer by ConnectorArn,
pass parameters.
Subscriptions:
who is talking to whom
Modbus Anomaly
Modbus
Connector

26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
When anomaly posted
Publish request to Modbus
connector
Form the request to stop the
motor (set frequency = 0)
{
"request":{
"request_id": ”StopTheMotor",
"operation": "WriteSingleRegisterRequest",
"device": 248
"address": 8502,
"value": 0
}
}

29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.https://devices.amazonaws.com/search?kw=%22Extreme%20Networks%22&pag
e=1

30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
References

31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Agenda
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility

32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Greengrass Secrets Manager
• What is it?
• Extends AWS Secrets Manager to the
Greengrass cores for secure
management of keys, passwords,
credentials, endpoints, and
configurations
• Usable by connectors or AWS
Lambda functions
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility

33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Greengrass Secrets Manager
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
• How does it work?
• Customers provision secrets in AWS
Secrets Manager
• Attach a secret to a AWS IoT
Greengrass group and deploy
• Encrypted in transit and at rest

34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Greengrass Hardware Security Integration
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
Private key
stored in file
system
Device
Cloud
TLS Encryption of
messages
IAM role for
Greengrass Core

35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Greengrass hardware security integration
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
AWSOn-Premise Data AggregationVideo Cameras
API Gateway
certs/private.key
Logic Supply
ML350G-10
IN
IN
Cameras

36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Greengrass hardware security integration
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
Private key
stored in file
system
PKCS#11API
Interface

37. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Greengrass hardware security integration
• How can I get started?
2. Update AWS IoT Greengrass
configurations to point to that
private key, rather than the file
system private key
3. Integrate with AWS IoT
Greengrass Secrets
Manager by updating
configurations
1. Follow vendor
directions to generate a
private key on your
secure element
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility

38. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Greengrass hardware security integration:
Partners
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility

39. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Greengrass HSI Devices searchable in the AWS
Partner Device Catalog
https://devices.amazonaws.com/
search?kw=HSI&page=1

40. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Device Tester is available for download on
AWS IoT Greengrass product page

41. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
James Floyd
Sales Engineer Lead
Logic Supply

42. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Who Is Logic Supply?
We are a global Industrial Computer
Manufacturer specializing in small form factor,
fanless hardware for IoT.
● Founded 2003
● Headquartered in South Burlington,
Vermont
● Other locations in The Netherlands and
Taiwan

43. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Our Computer Systems
Our systems are designed to fit and survive
in challenging environments
● Hardshell™ Fanless design
● Commercial through Rugged grade
● Embedded lifecycles
● Revision control

44. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Logic Supply, AWS &
Our Clients Work
Together

45. Use Case: Risks in Building Automation
Disrupt service by sending
high volume of traffic
Denial of Service
Mimic the identity of a
valid device
Spoofing
Information is intercepted and
manipulated
Man-in-the-middle

47. Greengrass with Hardware Security Integration
Mitigates these Risks
Only registered devices
can connect to Greengrass
and IoT cloud
Denial of Service
Hardware root-of-trust
identity for Greengrass
Core devices
Spoofing
Communication encrypted
using Transport Layer Security
protocol
Man-in-the-middle
Logic Supply
Industrial PCs

48. Thank you!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
James Floyd
james.floyd@logicsupply.com

49. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Agenda
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility

50. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Isolation and permission configurations
Customers want to test AWS IoT Greengrass in a diverse set of
environments
Run AWS IoT Greengrass with
fewer dependencies and no
kernel-level changes
Access more local resources
like Bluetooth Low Energy or
USB devices
Run AWS IoT Greengrass in a
Docker container
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility

51. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Easier to add AWS IoT Greengrass to existing
architecture that uses Docker containers for isolation
Existing applications running
in separate Docker
containers
Application A
Run AWS IoT
Greengrass in a
Docker container
Application B
On-Premise Device
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility

52. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
New modes provide flexibility in configuring AWS IoT
Greengrass
• Today: AWS IoT Greengrass with
per-Lambda container isolation
• New: Run Greengrass as an OS
process. Lambdas and Greengrass
Group have no container
• New: Hybrid mix of isolated
Lambdas and Lambdas as OS
processes
AWS IoT Greengrass Core (1.7.0) with Greengrass
Containers
Device Resources accessed
via Local Resource Access
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility

53. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
New modes provide flexibility in configuring AWS IoT
Greengrass
• Today: AWS IoT Greengrass with
per-Lambda container isolation
• New: Run Greengrass as an OS
process. Lambdas and Greengrass
Group have no container
• New: Hybrid mix of isolated
Lambdas and Lambdas as OS
processes
AWS IoT Greengrass Core (1.7.0) with Greengrass
Containers
Device Resources accessed
directly
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility

54. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
New modes provide flexibility in configuring AWS IoT
Greengrass
• Today: AWS IoT Greengrass with
per-Lambda container isolation
• New: Run Greengrass as an OS
process. Lambdas and Greengrass
Group have no container
• New: Hybrid mix of isolated
Lambdas and Lambdas as OS
processes
AWS IoT Greengrass Core (1.7.0) with Greengrass
Containers
Device Resources accessed
directly
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility

55. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
New AWS per-Lambda isolation and permission
settings
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility

56. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
New AWS per-Lambda isolation and permission
settings
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility

57. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Run Greengrass in Docker on Mac OS X or Windows
10
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility

58. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Greengrass release v1.7
• Simplified deployments
• AWS IoT Greengrass Connectors
• Enhanced security
• AWS IoT Greengrass Secrets Manager
• AWS IoT Greengrass Hardware Security
Integration
• Greater flexibility
• AWS IoT Greengrass per-Lambda Isolation &
Permission Configurations
• Try it from the console
• Connectors and documentation available now
• Find qualified hardware
• Search the Amazon Partner Network Device
Qualification Portal for Greengrass HSI
[https://devices.amazonaws.com/search?kw=HSI&page=1]
• Use our Docker file
• Access a Greengrass Docker file here
• See documentation about pullling the
Greengrass Docker image from AWS ECR here
AWS IoT
Greengrass
Introduction
Simplified
Deployments
Enhanced
Security
Greater
Flexibility
Get Started!

59. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

60. Thank you!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Scott Allison
alliscot@amazon.com
Tatiana Cooke
tatcoo@amazon.com

61. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.