Architecture Overview

Node-M2M is a machine-to-machine communication framework using HTTP and WebSocket as data transport protocol. It uses a simple architecture consisting of three core components - a routing server, client/device nodes and a browser web interface for device management.


Routing Server
The main function of the routing server is to deliver the payload from one node to another securely in real-time. It provides authentication and security services as well as online code management services for endpoint main application. It does not perform any heavy data processing.

It can be hosted on-premises on single board computers (SBC) such as Raspberry Pi (rpi 4) or in any standard x64 PC (Linux or Windows). Deploy it in bare-metal, in containers(virtual OS), or in virtual machines. Or deploy them in the cloud as SaaS (software as a service).

Client and Device Nodes
The connected nodes accessible in the cloud can be easily configured as edge devices performing all the necessary data processing locally away from the central server taking advantage of the computational power of modern computers such as multi- core x64 processors and low-power 64-bit arm processors.

Built-in security

Zero Setup and end-to-end encryption
Remote client and device nodes are connected behind firewall through the internet with zero configuration which means less vulnerabilities. All communications traffic between the client and device nodes are fully encrypted using TLS.

Two-factor authentication
During the initial client and device handshake, each node submits an encrypted user credentials to the server for authentication. The server then generates a set of user tokens and send it back to client and device nodes for subsequent re-authentication process. Besides the user token, a user security code must be provided during the re-authentication process. These two-factor authentication (2FA) adds an additional layer of security to the authentication process making it harder for attackers to gain access to client and device nodes. Any brute-force attack in the security code will immediately lock the user's account.

Isolated User Space
Access to clients and devices is restricted to authenticated and authorized users only. This restriction creates an isolated secure private virtual network environment for each user. Each user are only allowed to access the registered devices available to his/her account and does not have access to other devices.

Integrated FIM (file integrity monitoring)
Each client and device node has a built-in FIM (file integrity monitoring) feature with active response. If enabled (from the browser interface), any unauthorized changes on the user code and system files will immediately disable the affected node and a corresponding email alert is sent to the user in real-time.

Simple API

Currently, m2m (npm module) is available as node.js library for user application development. However in the future, bindings can be created for other popular languages such as C, C++, C#, and Java. Users who wants to use other programming languages can use an IPC (inter-process-communication) or microservices to access data from m2m applications.

The API is designed as a FaaS (Function as a Service) also called "serverless" allowing users to easily create applications in telematics, telemetry, IoT, data acquisition, and many others.

Flexible Application Model

Develop applications using a client-server or master-slave communication model where clients send requests for available resources/services from remote devices.
You can also develop applications using a pub-sub model and utilize the API's built-in publish/subscribe and watch/unwatch methods making your application bandwidth-efficient and simpler.

Deploy your client applications on-prem or in the cloud

You can run your client applications locally or deploy them in the cloud.
m2m applications is very portable via the npm package manager. You can easily move and run your applications from Linux to Windows and vice versa.
You can also host your client applications on-prem using single board computers (SBC) such as Raspberry Pi's or any Intel-based/x64 low-power devices.
If your remote devices are using one of these low-powered SBC's, you can even host your client applications alongside with the remote device/server applications in the same SBC.