3.2.8. Plan for disaster recovery (DR) of IoT workloads¶
| ID | Priority | Best Practice |
|---|---|---|
| BP 3.2.8.1 | Required | Design server software to initiate communication only with devices that are online |
| BP 3.2.8.2 | Highly Recommended | Implement multi-region support for IoT applications and devices |
| BP 3.2.8.3 | Recommended | Use edge devices to store and analyze data |
Architecture Notes - BP 3.2.8.1 - Design server software to initiate communication only with devices that are online¶
Communication should be server initiated with devices that are online rather than client-server requests. It enables you to design client software to accept commands from the server.
Recommendation 3.2.8.1.1 - Design client software to accept commands from the server
- Amazon FreeRTOS provides pub/sub and shadow library to connected devices.
- AWS IoT Core provides device shadow capability to persist device states.
- AWS IoT Device Registry contains a list of devices connected to AWS IoT Core. AWS IoT Device Registry lets you manage devices by grouping them.
Architecture Notes - BP 3.2.8.2 - Implement multi-region support for IoT applications and devices¶
Cloud service providers have the same service in multiple regions. This architecture enables you to divert device data to a regional endpoint that is in not down. Data consumers should be enabled in all regions that consume the diverted device data.
Recommendation 3.2.8.2.1 - Architect device software to reach multiple regions in case one is not available
- AWS IoT is available in multiple Regions with different endpoints. If an endpoint is not available, divert device traffic to a different endpoint.
- AWS IoT configurable endpoints can be used with Amazon Route 53 to divert IoT traffic to a new Regional endpoint.
- AWS IoT Configurable Endpoints
Recommendation 3.2.8.2.2 - Enable device authentication certificates in multiple regions
- AWS IoT provides devices with authentication certificates to verify on connection. Deploy the device certificates in the Regions where the device will connect.
- Setup the cloud side IoT data consumers to accept and process data in multiple regions.
- AWS IoT device registration
Recommendation 3.2.8.2.3 - Use device services in all the regions the device connects to
- AWS IoT Rules Engine diverts device data to use multiple services. Set up AWS IoT Rules Engine in the respective Regions to divert traffic to the appropriate services.
- Rules for AWS IoT
Architecture Notes - BP 3.2.8.3 - Use edge devices to store and analyze data¶
Edge storage can provide additional storage for device data. Data can be stored at the edge during large-scale network events and streamed later, when network is available.
Recommendation 3.2.8.3.1 - Use an edge device as a connection point to store and analyze data
- AWS IoT Greengrass can be used for local processing for serverless functions, containers, messaging, storage, and machine learning inference.
- Data can be stored in AWS IoT Greengrass and sent to the network when it’s available.
- AWS IoT Greengrass Features