Google Cloud IoT Core Technical Deep Dive (GDD India '17)

[MUSIC PLAYING] GUS CLASS: It’s been great meeting everybody here And it’s a rare privilege for me to get to come and speak to you all This talk is about the fundamentals of Google Cloud IoT Core and how I’m going to talk about– I’ll introduce the concept of Cloud IoT I’ll tell you how our product works And then we’ll go over the basic building blocks of the platform My name is Gus Class I’m a Developer Programs Engineer on Google Cloud Platform Earlier this year, I was spending my 20% time on Cloud IoT And recently, I started dedicating all of my attention to it In the past, I contributed to Android Things, Cloud Machine Learning APIs, and Google Sign-in I also do arts and crafts with electronics and circuits Hit me up on Twitter or find me in office hours after the talk if you have any questions or just want to chat So things are increasingly becoming connected to the internet In fact, it’s becoming implicit that devices with any kind of computing capabilities are pretty much internet connected This means different things to the developers who are working with these devices In the industrial and commercial domain, developers are now using new-found internet superpowers to do things like measure and control factories or run car and bike share businesses And homebrew and enthusiasts developers are internet connecting their projects for quantitative self, remote control, and home automation Consumer products are frequently monitored smart And they can be controlled via the internet and are connected to other devices in the home so they can interoperate with each other But I think that there is more than just the internet connectivity that is relevant to this trend So here you can see my robot friend, Mr. Scruffles There are sensors on the front of the little fella and his legs are connected to motors At some point, Mr. Scuffles was connected to the internet for remote control But to the homebrew and enthusiast, taking a robot like Mr. Scruffles and delegating control to a giant Cloud computer to make him smarter is what Cloud IoT means So look at that Here is my hero, the Android Things Weather Station I like the Weather Station because it straddles all the domains that I’m talking about today– all the way from homebrew, to consumer devices, and also in the commercial space For the consumer devices developer, Android Things Weather Station can have its software updated through the internet should you want to make changes after you ship your device If you’re a developer in the consumer and devices domain, you probably want to address capabilities to your devices by providing software updates after you’ve shipped that device You’re probably also thinking about adding predictive capabilities to your devices and enabling choreography across devices, where you control one device or many devices in a synchronized fashion So you want to control which devices get which changes, and be able to roll back should there be issues with the change that you ship So this is Cloud IoT for consumer devices So here is a picture that I took of Gasworks Park This is the decommissioned factory that in its heyday had meters and valves connected to tanks and boilers I imagine that at some point, a mechanic would need to manually twist a valve to adapt to the conditions that she read from a meter connected to a tank In a modern factory, such mechanisms are controlled with sensors and actuators But in Cloud-connected smart factories, the Cloud controls the valves And it does this control based on predictions that are made from sensors that are distributed throughout the factory So you warehouse that sensor data and you analyze it to make predictions And then these predictions enable you to better control and proactively maintain your factory, making your factory safer and more efficient This is Cloud IoT for commercial solutions So Google infrastructure naturally lends itself to a number of the problems that you encounter in IoT This lets you move from just a few devices when you’re getting started, to thousands or millions of devices So the first domain that Google Cloud really addresses the needs of IoT is automatic scaling So increasing capacity is as easy as turning a dial or checking a box We are also a leader in analytics and data warehousing This goes hand-in-hand with Google Scale So being able to process a large ingress of data from lots of devices, or being able to transmit data to control a large number of devices, is Google’s bread and butter So Google is also an industry leader in machine learning and artificial intelligence For example, our Inception Model is the baseline for feature detection in images, which is why I chose this photograph image And finally, security

If you’re not careful with IoT, your Internet of Things can quickly turn into a botnet of things Google understands security and designs systems so that they can’t be abused This is why you would choose Google when building your IoT solutions that may be in deployment years and years from now into the future So let’s go over the platform Cloud IoT Core connects your devices to Google Cloud to allow you to get all the features on Google Cloud down on your devices This is exciting because you don’t need to worry about scaling And if your demands change over time, you’ll have access to all those capabilities as we add them to Google Cloud You don’t need to build out devices with excessive power or computation requirements, because Google Cloud operates as the brain’s back in your devices So here you can see the products within Google Cloud that are relevant for IoT So Google Cloud IoT Core on the left of this diagram connects– it operates as the identity provider and the communications bridge to your devices So Pub/Sub is connected one-to-one with Google Cloud IoT core, and is the critical entry point into the rest of our Cloud So Pub/Sub is globally distributed and high throughput, which makes it a natural fit for IoT With DataFlow, our ETL solution, you can migrate your data to warehouses, such a BigQuery, Big Table, or Spanner to meet your data warehousing needs You can also drill down into your data using DataLab or DataStudio And finally, you can use Cloud Machine Learning and machine learning APIs to make predictions given your device data or to classify unstructured data This is how we deliver on the promise of Cloud IoT So now that I’ve hyped what Cloud means for IoT, you’re probably wondering how it works in practice So it’s helpful before describing what we’re providing to clarify what we’re not So you can see this picture here Cloud IoT Core is candy bananas It’s also not a device We rely on hardware partners to offer these devices built with our solutions And it’s not an operating system However, we work very nicely with a lot of existing operating system solutions for devices It’s also not a new protocol It could be bridged to new protocols, but it’s not protocol specific It’s also not a new radio So this is not like, this is not tied to a specific hardware radio, like some sort of LoRa-based solution But we potentially can work with LoRa and other radios So here’s how it works On the Google Cloud side, you have device provisioning, which is controlling which devices have access to your cloud resources And you also have choreography And choreography I like to think of as controlling individual devices or multiple devices in concert And to facilitate this on the device side, we’ve taken a standards-based approach, which is kind of the Google way to do things, right? And so we support HTTP as one of our bridged protocols And we chose this because it’s supported on many devices and developers are really familiar with this For example, like, if you’ve got some sort of software solution, we provide the cURL library The cURL libraries are pretty predominant and available so that you can do HTTP really easily And next is Message Queue Telemetry Transport or MQTT Now this is an industry standard that is very efficient on over-the-wire communication It’s got a small memory footprint And it’s a ratified IoT standard So if you’ve got a device that you’re working with already, there’s a very good chance that you’ve got an MQTT library for it So using these standards-based protocols, you can now connect your devices to our cloud And so let’s see which services are in Google Cloud IoT Core to provide this functionality The first is the Device Manager So the Device Manager lives on the Cloud side and controls which devices have access to Cloud’s resources And it’s the choreographer for communication in synchronization across those devices And then on the device side, we have the protocol bridge We call it the protocol bridge because it’s not an actual server, but it’s like a server-like service that allows you to communicate using these available protocols with our Cloud platform All right Now that you’ve seen the product from a high-level perspective, let’s drill down and look at the pieces in practice starting with the Device Manager So the Device Manager organizes devices using a hierarchical resource model Projects contain registries that in turn have devices And then these devices have associated with them a credential and configuration Multiple credentials can be associated with each device, so that certificates can be rotated or revoked without transmitting credentials to devices and still maintaining that connectivity So again, registries encapsulate devices and map devices

from the protocol bridge to Google Cloud Platform These are always mapped one-to-one with a Pub/Sub topic So basically, you write to this topic in Google Cloud IoT, and then those messages will appear in a Pub/Sub queue So registries are regional, as indicated by their path You can see that I’ve highlighted the asia-east1 region that is used inside of this address for that specific device And generally, you want to aggregate all your data from a single given project to a single Pub/Sub topic So we don’t anticipate many scenarios where you should be creating multiple registries within the same project I know what you’re thinking now– create lots of registries I know that my demo project does this But you really are going to probably want to have your data in one place So map your registries one-to-one with your projects And the Device Manager is the next thing I’m going to talk about This lets you programmatically manage your devices As you probably expect, there is a CRUD model for devices letting you create, delete, list, describe, or update them And there’s also an IAM provisions model that allows you to delegate the control of these devices to other people In this way, you can have a manufacturer who’s registering your devices so that when the device comes from that manufacturer to you, you just turn it on the internet, and then it’s able to connect to Google Cloud So with each device, you have this metadata associated with it I have the JSON representation up here on the right And you can tell things like the last time that the device connected You can tell whether or not it was able to send messages to Google Cloud and so forth This is really useful when you’re debugging But it also allows you to know what your fleet of devices is doing And it allows you to get all sorts of analytics that you may not be able to get on other platforms So we authenticate devices using a JSON web token or JOT, which is an encrypted payload that is verified server side So basically, the client needs its private key in order to produce an authorization credential that is verified on the server using the public key that you register with the server So multiple credentials can be associated with a device so that you can revoke certificates or expire them without losing device connectivity So we currently do not provide a mechanism for distributing new credentials to devices in the wild because if a device is fully compromised, the best way to recover the device is through a mechanism such as a secure radio, or an over-the-air update using the operating system that you have installed on your device And this is just going to be implementation specific for now So device configuration, a device configuration is the means of communicating changes to a device from the Cloud Configuration change messages can vary from simply modifying a device parameter, such as like fan speed, to reconfiguring a device’s context with a new one, such as uploading a new TensorFlow model Configuration changes are acknowledged by the devices when they come down And as soon as the device actually connects and reads the configuration change, we consider it acknowledged So in HTTP, you get these configuration changes by making a GET request to a URI And then in MQTT, you subscribe to an MQTT topic And then you’ll receive those configuration changes as they come And in this way, I think that MQTT has a slight advantage over HTTP in that you don’t have to kind of poll to get those configuration changes All right, enough slides Let’s see what it’s like to provision a device And sorry, my computer locked So this will just take one second So let’s switch over to that Yeah, here we go So here you can see the Google Cloud Platform console You’re probably familiar with this And this is the new IoT Core section And if you navigate in the left menu here, you can just find it there And so this is what IoT Core looks like when you load it And we’re going to create a new device registry And so when you create these, remembering back to what I was describing in those slides, that you have to give the device registry an ID And I’ll call my device registry hello-gdd-india. _ And then you have, again, registries are regional So I’m going to set the region to the region that’s closest to where we are, asia-east1 And then, again, associated with each registry is going to be a Pub/Sub topic, so I’ll choose one that I’ve already created But you can now create these topics on the fly from the console here And so then I create the registry Whew, it’s hot up here All right So now that I have created the registry, I’m going to add a device And so before you can add a device, you need to create those asymmetric public/private key pair And so I’m just using the sample code This is, if you look at the actual script itself,

it’s just open SSL And so I’m also creating a pkcs8 key, which is used with Java And so then I get the public key And you can also do this programmatically using the API or using the console with G-Cloud But for today, I’m going to show you how to do this using– I’m going to show you how to do this using the console, which is relatively new All right And I’m going to call my device gdd india And that should be the key And if I did everything right, now the device has been added OK So let’s return to the slides So now that we’ve added a device, it’s time to start thinking about connecting that device and then communicating from it So I’m going to go over the next part, which is the device protocol bridge And this allows you to send device telemetry, state, and configuration updates So there are three classes of messages that are sent over a Google Cloud IoT Core I have a heartbeat to represent a telemetry message These are frequent updates from your device that are sent to be stored in the Pub/Sub topic associated with your registry The configuration messages, the next one, are updates that are sent down to devices So if you want to do cloud-to-device communication, this is done using configuration messages And then the state messages, the third type, are persistent and are shared between the Device Manager and the device So these are used for things like confirming and acknowledging configuration changes That’s why I chose this cute little receipt here So let’s start with publishing messages using the HTTP bridge Authentication is performed on the HTTP bridge using a bearer token So you just pass inside of a header an authorization, and then this contains the JOT, which we talked about earlier, which is the authorization credential And so the token has an expiration of an hour And that expiration needs to be in sync with Google’s time servers So specific to HTTP, you should be using lowercase headers and set cache control to no cache so that you don’t miss any changes when pulling down configurations And to send messages to Cloud, you’re going to post to a global endpoint, passing in the identifier for your specific device So for requesting configuration from the Cloud in HTTP, you’re going to have to authorize again using a JOT token And you receive the configuration by making a get to the URL that I’m going to show on the screen– or that I’m sorry, that I’m showing here on the screen And this URL is going to correspond to an individual device And in this way, you can send a specific configuration down to an exact device And so when you send the configuration, you also request a specific version As I said before, Google Cloud stores multiple versions of configuration for your device so that you can roll back And you can request that specific version or you can send 0 to request the latest configuration that was set on your device All right, so one more demo Let’s connect a device, send some messages, and see how that looks in the console So remember, I created this I created this private key and the public key from the Python sample I’m going to use that private key to create an authorization credential and then connect to Cloud IoT Core And then I’m going to transmit some messages that will appear in the console And so if you look here, like I’m just calling this This is the same sample code that we ship It’s available in the documentation And you’ll see that I have the registry ID which we created earlier, the device ID, and the region, and then the project ID, which is used in the path of each individual device So what’s happening is here you can see that I encoded the JOT And then I’m using it to connect And then I’m publishing these messages And I’m getting a 200 success back, meaning that it’s working And so now if we return to the console here, we can also, we can refresh this We can refresh the device and then see those changes live inside of the console This is really useful for debugging And so here, you can see the payload that I am calculating and transmitting to Google Cloud IoT Core All right Well, that’s it for this demo Can we switch back to slides? OK, great All right Well, I would be remiss also not to cover MQTT As a reminder, MQTT is a published subscribed standard that scales down nicely to IoT class devices So when you connect to MQTT, the username is ignored As with HTTP, we’re using a JOT as the password And this has an expiration of an hour And we also pass in the MQTT ID And sorry, in the MQTT ID we actually pass

in the device identifier So this is just a path to your device And then after you connect, you can publish telemetry data using the device’s device ID Events topic And you can publish state data using the device’s device ID State topic So you want to use that Telemetry topic, which is Events, in order to publish frequent data And you want to use the State topic to publish data that is shared between devices and the Device Manager And so again, if you have something that you’re publishing frequently, like a heartbeat data or sensor data that you’re reading from say, a temperature thing very frequently, you’re going to want to use Events and send those state messages less frequently So the next thing we’re going to talk about is the MQTT bridge for subscribing to topics This is how you get configuration changes down to your devices So a device can only subscribe to the MQTT topic devices/deviceid/config When you connect the first time using MQTT, you’ll receive the latest configuration You can also request a specific configuration if you request it by passing a subtopic to the configuration So configuration is acknowledged when the MQTT message is confirmed on the device And this is QOS 1, which is at least once delivery So you can anticipate that sometimes the configuration may come down to your device more than once All right, so one more demo And this one, I’ve got some hardware And if we can dim the lights a little bit so you can see this better So here is my little device It’s got a donut on top of it And I’ve got an antenna loosely connected to it, so hopefully, this works I was feeling really brave so I made this demo on the plane And so here’s, this is just an Android Things project And I have inside of the Android Things, I’m using string resources to configure the topic and the device ID And then I’m going to have to configure it with the credential that we just created And so I just, so this, again, I just copy the private key into a resources, into a raw resource on the Android app And now what I’m going to do, is I’m going to start the Android app And this will, hopefully, connect successfully I’m carefully reading the little adb logcat here That looks good so far And so now, I’m going to use the Developer console to send a configuration down to the device And so the configuration message here, if we can switch over to my laptop screen for just one second So this is just an RGB value that is colon delimited So this should set this, so when I click Send to Device, this should transmit that message down And then the device that’s subscribing to that and MQTT topic will read that off, parse it, and then set the LEDs on here to red if it’s working correctly Can everyone see it? Can you dim the lights up here again? Let me try this And there we go So we see, whoop, yes it’s OK You can clap Let’s just send– let’s update it a couple more times I’ll turn it back off There it goes again, and then one more So you can see just how fast this is happening Considering this is conference Wi-Fi and like this is a demo that I just threw together in a few minutes, like this is actually really performant And here’s another demo And so you can see, here’s a nice little animation with some LEDs All right And that’s it for my demos Thank you Then now I got to find my clicker All right Great All right Well, now that I’ve shown you the basic building blocks, that’s it That’s all there is to the platform It’s kind of boring, but you really want it to be Because really, the most useful things are really simple But now that I’ve shown you the basic building blocks of the Cloud IoT Core platform, let’s revisit how Google Cloud offerings come together to light up developer scenarios So this I call an Introduction IoT Patterns So in this basic example, devices connect to Google Cloud IoT Core And then all of those messages that come in go into that Pub/Sub topic, which is connected one-to-one to Google Cloud IoT Core And then we’re using DataFlow to then migrate that data to BigQuery and Big Table So from there, you can do analytics on that data And you can do those analytics in our powerful data analytics tools, DataLab and Data Studio So let’s look at the next– let’s look at this next example So here, we have device-to-device communication And I imagine this is like things like you’ve got a doorbell on your front door And then inside of your house, you’ve

got a chime that gets actuated when you press that doorbell So a device sends a telemetry message to Google Cloud IoT Core, which is connected one-to-one with Pub/Sub And then anytime that a message comes into that Pub/Sub queue, we have a Cloud Function that executes on the data that comes in And then when that code function executes, what it actually does is it makes a configuration change using the Google Cloud IoT Core product back into another device, which would then ring the doorbell And so the next one that I want to talk about, let’s talk about some machine-learning scenarios here So imagine that you have a device with a camera And it’s connected to Google Cloud IoT Core, so that whenever that a picture is taken, a telemetry message has been sent over MQTT And then that telemetry message would then appear inside of Google Cloud Pub/Sub, which is connected one-to-one with Google Cloud IoT Core And then whenever those messages come in, a Cloud function is called And then this Cloud function makes a call to the Google Cloud Vision API, which then classifies that data and then sends you back labels about that particular data And then that label comes back to that structured data or a control message is sent back to a device So as an example, imagine that you’ve got a door to your garage And you’ve got a cat And raccoons keep coming through that garage door or the little kitty door And they’re breaking in and eating all your cat food So you could filter out the raccoons by taking a picture before unlocking the door, and then detecting cats So you would see, like, you’d run through And then when the Cloud function returns, the Vision API would be populated with labels such as cats or raccoon And only when there is the cat tag present and the raccoon tag is absent would you unlock the door and allow the cat in And so we have one more example with machine learning And so you have a device, imagine like you have all of this industrial equipment that’s distributed across your country And the device sends this telemetry message up to Google Cloud IoT Core This could have things like the oil viscosity in an oil station or the temperature And then all that data goes into Google Cloud IoT Core, which then triggers a Cloud function that takes that data So this is like the sensor data over time And then that’s passed into a Cloud machine-learning engine model that then makes a prediction And so then from that prediction, we then control those devices again, either from Cloud IoT Core, or we actually use another notification system to send messages down to the users as relevant So as an example, imagine that you’ve got a carbon monoxide detector in a factory Rather than going off when the levels just reach some dangerous threshold, you could warn people when the levels are rising And so these are the kind of things that you can do with the Cloud IoT Core, without having to worry about having that functionality down on your device And so one more example, because I want to talk Android Things and Firebase You have a device powered by Android Things that is listening for changes to a real-time database It’s connected to a light and potentially other smart consumer products And you want to do things like a window shades in a sound system, so that when you press a button in your house, you want for it to be ready to play your movie So it dims the lights and it sets your surround sound up correctly So Device 1 transmits its telemetry message to Google Cloud IoT Core And so you press a button or you turn on your Blu-ray player And then that message comes into Google Cloud IoT Core, which is connected one-to-one with Pub/Sub And then we use DataFlow to de-duplicate and to make sure that the messages are coming in order And then that will then pump a state into a Firebase real-time database that’s being listened to by Android Things And then that Android Things device can respond to those messages and then can set all of those widgets inside of your house up to the modes that you’ve configured for it And so we’re using Firebase here because we want to share that state across all those devices so that all of those changes can happen at once So our beta’s been public for around a month It’s a great time to take a look at our platform All the documentation is available here And I recommend you start from the docs and try out the sample apps That’s all I have for now Feel free to ask me questions on Twitter I’ve left my little Twitter up here It’s at gguuss Or post questions Stack Overflow using the google-cloud-iot tag I’ll also be in office hours after the talk in conference hall 3 And that’s it Thank you all for listening [MUSIC PLAYING]