Architecture Overview

Node-M2M is a machine-to-machine communication framework using HTTP and WebSocket as data transport protocol. It has a simple architecture consisting of three core components - a routing server, the connected client and device applications and a web interface for user management.
Currently, the main function of the server is to provide routing service to clients and devices for payload delivery. It also provides authentication service, client/device code management and security services. The server does not perform any heavy data processing.

These lightweight workloads allows the server to have a modest hardware requirements. The server can be hosted on single board computers (SBC) such as Raspberry Pi 4 (4GB RAM or higher) or in any standard x64 PC (Linux or Windows). It can be hosted also on virtual environments on-prem or in the cloud using VM (virtual machines) or containers.

The connected clients and devices can perform the necessary data processing away from the central server taking advantage of the computational power of modern computers such as multi-core x64 processors and low-power 64-bit arm processors that are available on the client's and device's hardware.

Built-in security

Zero Setup and end-to-end encryption
Remote client and device nodes are connected behind firewall through the internet with zero configuration setup. Zero configuration means less vulnerabilities. All communications traffic between the client and device nodes are fully encrypted using TLS.

Two-factor authentication
During the initial client and device handshake, each node submits an encrypted user credentials to the server for authentication. The server then generates a set of user tokens and send it back to client and device nodes for subsequent re-authentication process. Besides the user token, a user security code must be provided during the re-authentication process. These two-factor authentication (2FA) adds an additional layer of security to the authentication process making it harder for attackers to gain access to client and device nodes. Any brute-force attack in the security code will immediately lock the user's account.

Isolated User Space
Access to clients and devices is restricted to authenticated and authorized users only. This restriction creates a secure isolated private virtual network environment for each user. A user can only access the registered devices available to his/her account and does not have access to other accounts.

Integrated FIM (file integrity monitoring)
Each client and device node has a built-in FIM (file integrity monitoring) feature with active response. If enabled (from the browser interface), any unauthorized changes on the user code and system files will immediately disable the affected node and a corresponding email alert is sent to the user in real-time.

Simple API

Currently, m2m (npm module) is available as node.js library for user application development. However in the future, bindings can be created for other popular languages such as C, C++, C#, and Java. Users who wants to use other programming languages can use an IPC (inter-process-communication) or microservices to access data from m2m applications.

The API is designed as a FaaS (Function as a Service) also called "serverless" allowing users to easily create applications in telematics, telemetry, IoT, data acquisition, and many others.

Flexible Application Model

Develop applications using a client-server or master-slave communication model where clients send requests for available resources/services from remote devices.

You can also develop applications using a pub-sub model and use the API's built-in watch/unwatch methods making your application bandwidth-efficient and simpler.

Deploy your client applications on-prem or in the cloud

You can run your client applications locally or you can deploy them in the cloud.

Applications using m2m is very portable via npm as package manager. You can easily move and run it from Linux to Windows environment and vice versa. Aside from its portability, each module can be easily containerized for deployment to virtual environments either on-prem or in the cloud.

A good option is to host your client applications on-prem using low-power ARM based single board computers (SBC) such as Raspberry Pi's or any Intel-based/x64 low-power devices.

If your remote devices are using one of these low-power SBC's, you can even host your client applications alongside with the remote device/server applications in the same SBC.