Architecture Overview

Node-M2M is a machine-to-machine communication framework using HTTP and WebSocket as data transport protocol. It uses a simple architecture consisting of three core components - a routing server, client/device endpoints and a browser web interface for device management.

Routing Server
The main function of the routing server is to deliver the payload securely from one endpoint to another in real-time. It also provides authentication and security services as well as online code management for the connected endpoint application.

It can be hosted on-premises on single board computers (SBC) such as Raspberry Pi (rpi 4) or in any standard x64 PC (Linux or Windows). Deploy it in bare-metal, in containers(virtual OS), or in virtual machines. Or deploy them in the cloud as SaaS (software as a service).

Client and Device Nodes
The connected endpoints are accessible from the cloud for setup, configuration and coding. You can easily configure the endpoints as edge devices performing all the necessary data processing near the sources of data away from a central server. Take advantage of the computational power of modern computers such as multi-core x64 processors and low-power 64-bit arm processors.

Built-in security

Zero Setup and end-to-end encryption
Remote client and device endpoints are connected behind firewall through the internet with zero configuration which means less vulnerabilities. All communications traffic between the client and device endpoints are fully encrypted using TLS or a hybrid PKI - a combination of public and private encryption systems.

Two-factor authentication
During the initial client and device handshake, each endpoint submits an encrypted user credentials to the server for authentication. The server then generates a set of user tokens and send it back to client and device endpoints for subsequent re-authentication process. Besides the user token, a user security code must be provided during the re-authentication process. These two-factor authentication (2FA) adds an additional layer of security to the authentication process making it harder for attackers to gain access to client and device endpoints. Any brute-force attack in the security code will immediately lock the user's account.

Isolated User Space
Access to clients and devices is restricted to authenticated and authorized users only. This restriction creates a secure virtual private network (VPN using TLS encryption) environment for each user. Each user can only access the registered devices available to his/her account and does not have access to other devices.

Integrated FIM (file integrity monitoring)
Each client and device endpoint has a built-in FIM (file integrity monitoring) feature with active response. If enabled, any unauthorized changes on the user code and system files will immediately disable the affected endpoint and a corresponding email alert is sent in real-time.

Simple API

Currently, m2m (npm module) is available as node.js library for user application development. However in the future, bindings can be created for other popular languages such as C, C++, C#, and Java. Users who wants to use other programming languages can use an IPC (inter-process-communication) or microservices to access data from m2m applications.

The API is designed as a FaaS (Function as a Service) also called "serverless" allowing users to easily create applications in telematics, telemetry, IoT, data acquisition, and many others.

Flexible Application Model

Develop applications using a client-server or master-slave communication model where clients send requests for available resources/services from remote devices.
You can also develop applications using a pub-sub model and utilize the API's built-in publish/subscribe and watch/unwatch methods making your application bandwidth-efficient and simpler.

Deploy your client applications on-prem or in the cloud

You can run your client applications locally or deploy them in the cloud.
m2m applications is very portable via the npm package manager. You can easily move and run your applications from Linux to Windows and vice versa.
You can also host your client applications on-prem using single board computers (SBC) such as Raspberry Pi's or any Intel-based/x64 low-power devices.
If your remote devices are using one of these low-powered SBC's, you can even host your client applications alongside with the remote device/server applications in the same SBC.