Reference Architecture

High-level overview of the components and data flow in the Gidgeon IoT infrastructure.

Devices

IoT sensors, actuators, and embedded systems that generate telemetry data and respond to commands. Devices communicate using various protocols including MQTT, CoAP, HTTP, and proprietary formats.

Gateway

Edge devices that aggregate local device communications, perform protocol translation, and provide local buffering. Gateways maintain connectivity to cloud services and handle offline scenarios.

Cloud Ingestion

Entry point for device data in the cloud. Handles authentication, validates incoming messages, and routes data to appropriate downstream systems. Supports multiple transport protocols and connection patterns.

Stream/Queue

Message queue and stream processing layer that buffers incoming data and provides durable storage. Enables decoupling between ingestion and processing, supporting backpressure handling and replay capabilities.

Storage

Persistent storage for time-series data, device state, configuration, and historical records. Supports both hot and cold storage tiers with appropriate retention policies.

Processing/Rules

Compute layer that applies business logic, transformations, and rules to incoming data streams. Supports filtering, aggregation, enrichment, and complex event processing. Enables real-time alerting and automated responses.

Dashboard/Alerts

User-facing interfaces for visualization, monitoring, and alerting. Dashboards display real-time and historical data. Alerting systems notify users of threshold violations, anomalies, or system events.

Integrations

API layer and connectors for integrating with external systems, third-party services, and enterprise applications. Supports webhooks, REST APIs, and protocol adapters for common platforms.

Security Considerations

Transport Security

  • TLS encryption for all network communications
  • Certificate-based authentication for devices and gateways
  • Secure key management and rotation

Device Identity

  • Unique device credentials and certificates
  • Device registration and provisioning workflows
  • Revocation mechanisms for compromised devices

Access Control

  • Least privilege access policies
  • Role-based access control for users and services
  • API authentication and authorization

Audit and Monitoring

  • Comprehensive audit logs for all operations
  • Security event monitoring and alerting
  • Anomaly detection for unusual access patterns