-
Notifications
You must be signed in to change notification settings - Fork 138
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Connect devices using a proprietary protocol via a third party protocol adapter #1478
Comments
A straightforward solution for this would be to implement the "Third party adapter" as a gateway, connecting to a Hono AMQP adapter instance. To support scaling the third party adapters dynamically, ie. using multiple instances of them, each third party adapter instance would need to be registered as a gateway in Hono and also be configured in the "via" entry of the devices. Concerning the requirements:
The gateway belongs to a single tenant.
If the third party adapter needs access to the device registry, the corresponding device registry AMQP endpoint would need to be exposed (normally access is only needed from Hono adapters), along with having created corresponding credentials in the Hono Auth Server to be used for accessing the Device Registry.
Such insights would come from the AMQP adapter that the gateway is connected to.
Done via the AMQP adapter.
Having another gateway in front of the "Third party adapter" gateway only seems relevant for the discussion here if the devices in front of this other gateway shall also be managed via Hono.
Scaling can be done by creating multiple third party adapter gateway instances, as described above.
That is fulfilled. What should/could be done in Hono to support such a scenario or to make it easier to implement:
|
I have a hard time imagining how this could work since the authentication identifier determines the device (gateway) ID. If all adapter instances would use the same credentials (and thus the same authentication identifier) then we would no longer be able to route a command to the correct gateway instance, would we? |
Here's an idea that might work regarding the credentials shared by all gateway instances. We could allow the protocol gateway instances to include a property in their AMQP connection which indicates their (stable) identifier. This identifier might be the identifier provided by kubernetes for pods of a StatefulSet. All gateway instances would use the same credentials for authentication with the AMQP adapter. In the device registry, a single set of credentials is registered for the gateway instances. Let's assume the instances use a client certificate with subject DN |
The proposed solution in this issue looks good to me. So nothing to add. I did not have this as a priority in mind up to now but I think this concept could also be applied to scenarios where you want to connect another IoT cloud to Eclipse Hono. Therefore one would need to build an integration based on this concept in the respective IoT cloud (e.g. for TTN see https://www.thethingsnetwork.org/docs/applications/integrations.html). I need to check that in detail but this sounds very interesting to me. |
After reading through this issue I am slightly confused. @sophokles73 is your comment intended as alternative or as extension to the gateway group idea raised by @calohmn ? Your comment seemed to only be targeted on the aspect of how to share the credentials among all instances of such a third party adapter. However, my understanding is that your proposal of adding the You further mentioned:
For the communication and its authorization from the device through a third party protocol adatper/gateway instance to Eclipse Hono, I see no real difference between sharing the same credentials among all gateway instances and creating a group for all gateway instances. The gateway group is then either implicit through the gateway instances that share the same credentials or it is explicit through a gateway group concept. Is this really needed or would it be sufficient to have This |
It serves a complimentary purpose, namely that of being able to share credentials among third party protocol translator instances while still being able to route commands to devices connected to one specific protocol translator instance. It has nothing to do with the general idea of having gateway groups where each gateway has its own identity (and thus credentials). Gateways in a gateway group usually represent a physical entity, e.g. a Raspberry PI class device that is close to the edge devices. The approach outlined in my comment is more targeted at software components that need to scale out horizontally and for which we do not want to require the provider of the component to register each instance individually with Hono. |
@sophokles73 thank you for the clarification. I understand that the general concept of having gateway groups has no direct link to the adaptation of the AMQP 1.0 protocol adapter to allow the sharing of credentials. This is especially the case for gateway devices having individual identities.
So I was unsure whether we actually need gateway groups to support such third party protocol adapters or whether the adaptation to the AMQP 1.0 adapter and adding that (virtual) adapter device to the If that is the case, which I assume for now, and we still decide for the gateway group solution to support third party protocol adapters, my summary of this discussion and the next steps to realize the core functionality for supporting third party adapters is then as already mentioned by @calohmn:
In addition, there are two features that make handling gateway groups of third party protocol adapters more convenient.
This depends one the way gateway groups are implemented. But one can generalize this point to: "allow tenant wide reference to gateway groups". And then there is:
As @sophokles73 described, this could be solved with a custom solution in the AMQP 1.0 adapter and is "only" needed when the third party protocol adapters scale out. Even though the scaling of the third party protocol adapters was among the requirements from @mhemmeter, I still prefer to create separate issues for this as it would allow to first focus on the general support of third party protocol adapters within this issue (#1478). What do you think @calohmn, @sophokles73, @bs-jokri? |
Yes, this is still necessary. The use case is simply: edge devices connect to a particular (physical) gateway device that is close by and use it to connect to Hono. However, the edge devices may roam around and connect to different gateway devices depending on where they are physically located. In this case it is much more convenient to add a gateway group ID to the edge devices' via property instead of configuring each of the gateway IDs individually ...
IMHO that is a great idea 👍 |
Concerning the proposal above towards sharing credentials:
I think that could be a solution here, yes. |
Added a PR in #1670 for a 'memberOf' property for devices in the device registry to support gateway groups. As described above this could also be used to support third party protocol adapters. |
Thanks for the effort all of you put into this contribution. The features make Eclipse Hono more interesting for existing IoT solutions as it tackles the challenge of connecting devices that are already out in the field and use proprietary protocols. |
Currently projects in the IoT often use proprietary protocols for connecting devices to the respective backend systems. After such projects are deployed to production it is often hard to change their firmware and switch to a different protocol like MQTT.
Eclipse Hono provides a concept to connect such devices via a custom protocol adapter (see Implement a Custom Hono HTTP Protocol Adapter). My understanding is that such a protocol adapter is supposed to be operated by the Eclipse Hono service provider and connects directly to the AMQP 1.0 messaging network. This concept is however not applicable in a setup where a third party deploys and operates the protocol adapter (e.g. due to the fact that the service provider cannot force tenant specific limits in that setup).
Therefore I think it makes sense to provide support for third party operated protocol adapters in order to connect devices via a proprietary protocol (let's call this a "third party adapter" contrary to the "custom protocol adapter"). I see the following requirements:
Looking forward to your feedback to this issue.
The text was updated successfully, but these errors were encountered: