A Modern IoT Monitoring Architecture using Sensu

For enterprises looking for a modern, secure IoT monitoring solution or those looking to modernize their aging IoT deployment, Sensu provides key advantages for monitoring and collecting data that are not available in other IoT monitoring solutions.

Sensu is an Observability Pipeline that delivers monitoring as code on any cloud, with a number of benefits for IoT applications. For enterprises looking for a modern IoT solution or those looking to modernize their aging IoT deployment, Sensu provides key advantages for monitoring and collecting data that are not available in other monitoring solutions.

Core Requirements for IoT

Security

Since IoT devices can be in remote locations not under the purview of a centralized authority, the collection and transmission of data should be securely encrypted, including any passwords for edge devices.

Connectivity

The monitoring solution should be able to work over low-bandwidth, high-latency public and private network links with intermittent connectivity.

Fragmented Protocols

Due to lack of a universal IoT protocol, the system must have open APIs and be extensible to handle multiple access protocols across a range of hardware types.

Multiple Data Types

IoT devices can emit alerts as well as telemetry data. Alerts need to be processed in real time, and time-series data needs to be analyzed to determine if there is an actionable alert that should be triggered.

Extensible

As enterprise technologies evolve, the monitoring system should be able to keep up while still maintaining backward compatibility.

Scalability

The number of IoT devices in a single deployment can easily scale to millions of edge devices and the monitoring system should be able to handle very large deployments.

Unique Sensu Advantages

  • Sensu’s architecture and technology make it well positioned to handle complex IoT environments.
  • Secure transport (mTLS) can securely traverse complex network topologies, including VPNs and NATs (common in edge compute environments).
  • Self-configuring, “drop in” agent that runs on multiple platforms (Raspberry Pi, Android, Linux, Solaris, Windows, AIX) on x86, ARM & MIPS architectures.
  • Agent connects to the Sensu backend via built-in publish-subscribe queue via an outbound connection to the Sensu backend and
  • Agent downloads its configuration and latest instrumentation from a central repository automatically which is useful for devices in remote, hard to access areas…
  • Monitoring as code solution provides repeatability, safety, and increased velocity across massively distributed infrastructure.
  • Flexible message format allows transporting logs, metrics (time-series data), check results, and any other custom data.
  • Low-bandwidth requirements, with offline spooling of data and relaying of data via proxy.
  • Auto-remediation, so businesses can act on received alerts in real time without any human interaction. Interface with leading edge runbook automation products to reduce the time to configure and manage.
  • Robust endpoint management solution with built-in integrations for COTS CMDB platforms (e.g. ServiceNow), and APIs for integration with custom CMDBs.

How Sensu Works

The Sensu agent can run directly on the device or on the IoT gateway near the edge and acts like a proxy to collect or aggregate data from accessible IoT devices. The Sensu Agent transforms telemetry data at the edge (improving scalability of the platform) and manages a local cache (in case of intermittent connectivity failures), and sends the data to the Sensu backend which can trigger alerts and route the data to any desired database. The Sensu transport can handle telemetry data, device health, logs, or any other custom data that can be encapsulated in JSON format. Each Sensu backend can scale to handle 500k to 1M IoT devices.

A Modern IoT Deployment Architecture

The lightweight agent self-registers with the backend using an encrypted TLS channel. Because it sets up an outbound connection, no firewall ports need to be opened.

Monitoring as Code in IoT Environments

The industry has struggled with the effort required to provision and manage monitoring of data from hundreds of thousands of devices from a centralized location — this same problem of centralized polling and provisioning also exists in modern IT cloud and container environments.

Sensu’s architecture was designed to eliminate this overhead. IoT device management profiles are defined as declarative JSON or YAML templates which can be treated as code, edited, reviewed, versioned (e.g. in GitHub), and shared between teams or device deployments. When a change to a particular IoT device type in a particular environment is needed, you simply update the template which then gets distributed to devices via Sensu agents running on the IoT gateways or on the IoT device itself.

Sensu Features

Lightweight Agents

The Sensu Go agent is IoT ready and designed for edge compute — it is lightweight, statically compiled, and available for a wide range of hardware and operating systems.

Auto-Registration

Sensu agents register and identify themselves with the Sensu backend on startup and can automatically download tests to run based on subscriptions. For example, an agent running on a wind turbine unit would identify itself and download its configuration.

Download Instrumentation On Demand

Sensu agents pull and download their configuration and required instrumentation on-demand which allows easy, centralized updates of monitoring plugins even in the future.

Scalability

Sensu’s horizontally scalable architecture easily allows data sharding and federation. A single Sensu backend can handle about 30,000 actively connected Sensu agents (on IoT gateways) - an estimated 300,000 to 1M IoT devices per Sensu backend. Any number of additional backends can be added for scalability via federation.

Support for Low & Intermittent Connectivity

The Sensu agents maintain functionality over very slow connections and support a data cache of up to 10 days for intermittent connectivity. The backends can also act as intermittent aggregation points at the edge, and forward processed or raw data to other upstream backends, which can be useful for secure, isolated environments.

The proxy feature allows multiple IoT devices to send data to a single local Sensu agent which then uploads all the data to the backend instead of being polled (avoiding the need to open firewall holes for polling).

Security

All Sensu components use secure transport (mTLS) which can safely traverse complex network topologies, including VPNs and NATs commonly found in edge compute environments. Sensu’s secrets management and accompanying HashiCorp Vault integration offer centralized, secure password storage, besides integrating with existing certificate management infrastructure (PKI/CRL).

Future-Proof Data Handling

The Sensu Observability Pipeline offers real-time alerting and integration of existing and new devices with modern IT frameworks, including PagerDuty, Rundeck, Ansible Tower, ServiceNow, and more. You can connect devices across multiple protocols and standards while consolidating data streams. Sensu allows long-term data storage in the database of your choice, such as InfluxDB, Wavefront, or PostgreSQL. With Sensu, your IoT monitoring solution is truly future-proof: if your plans down the road include switching databases or moving your infrastructure to a modern cloud- or container-based environment, you can do so easily.

Use Cases

Retail Stores

Sensu’s lightweight agents, proxy features, and low bandwidth requirements make it a good fit for monitoring IoT devices inside retail stores such as at Target and Apple, and for point-of-sale software providers like NCR. A single agent running on any backoffice server or existing ARM device can monitor and report on an entire remote store or office location including point-of-sale (POS) terminals and cash registers as well as any back-office equipment such as servers, routers, and printers. As new equipment is deployed, Sensu’s ability to download assets on demand allows monitoring plugins to be updated without any out-of-band service.

Banks

As the banking industry focuses on more automation to improve customer service (such as using self-service terminals, ATMs, mobile POS devices, etc.), they need a unifying and flexible platform to monitor this array of remote IoT devices. The Sensu agent’s self-registration feature is particularly useful since it avoids the need for centrally provisioning each device as it is installed. As soon as the remote device is installed, the agent self-registers with the backend and from then on it is tracked by the Sensu backend. The flexibility and scalability of the Sensu platform are other essential requirements for IoT in the banking industry.

Other Environments

The applications of Sensu for IoT applications are endless — whether monitoring cellular equipment in towers, wind turbines, oil rigs, trains, or ships. Any application that requires a low maintenance, remote monitoring solution over slow, intermittent networks can benefit from Sensu.

Conclusion

As IoT devices become more complex, monitoring requirements need to keep up with the change in technology. Sensu provides modern, industry-standard technologies to monitor and manage your IoT environment. The monitoring as code solution allows for easy codifying of monitoring configurations usings your CI/CD pipeline of choice, while the pub-sub secure communication avoids opening firewall ports. The on-demand asset download allows for simple, centralized updating of monitoring plugins, and the API makes it easy to integrate with modern databases such as Wavefront, Prometheus, and many more. All this results in a low cost of operations for very large IoT deployments and frees you from legacy monitoring frameworks.

Other Resources

Download Sensu today to evaluate it for your IoT Environment.