Architecture Overview

Node-M2M is a machine-to-machine communication framework using HTTP, WebSocket and TCP to move data from one endpoint device to another. It uses a simple architecture consisting of three core components - a routing server, connected endpoints and a browser interface for endpoint device management.

Routing Server
The main function of the routing server is to deliver the payload securely from one endpoint device to another in real-time. It also provides authentication and security services as well as online code management in real-time.

The server can be hosted on-premises on single board computers (SBC) such as Raspberry Pi (Rpi 3 and above) or in any standard x64 PC (Linux or Windows). You can deploy it in bare-metal, in containers (virtual OS), or virtual machines or deploy them in the cloud as SaaS (software as a service).

Client, Server and Edge Endpoints
The connected endpoints are accessible from the cloud for configuration and application code management. All data processing will be performed at your endpoints away from the central server. All processed data will stay in your endpoints. You can take advantage of the computational power of modern computers such as multi-core x64 processors and low-power 64-bit arm processors.

Built-in security

Zero Setup and end-to-end encryption
Remote client and device endpoints are connected behind firewall through the internet with zero configuration which means less vulnerabilities. All communications traffic between the client and device endpoints are fully encrypted using TLS or a hybrid encryption - a combination of standard public and private encryption methods.

Two-factor authentication
During the initial endpoint-server handshake, each endpoint submits an encrypted user credentials to the server for authentication. The server then generates a set of user tokens and send it back to the requesting endpoint for subsequent re-authentication process. Besides the user token, a user security code must be provided during the re-authentication process. These two-factor authentication (2FA) adds an additional layer of security to the authentication process making it harder for attackers to gain access to endpoint devices. Any brute-force attack in the security code will immediately lock the user's account.

Isolated User Space
Access to endpoint devices is restricted to authenticated and authorized users only. This restriction creates a secure virtual private network (VPN using TLS encryption) environment for each user. Each user can only access the registered endpoint devices available to his/her account and does not have access to other endpoint devices.

Integrated FIM (file integrity monitoring)
Each endpoint device has a built-in FIM (file integrity monitoring) feature with active response. You can set it from the browser interface. Once set any unauthorized changes/tampering on the application code and system files will immediately disable or isolate the affected endpoints and a corresponding email alert is sent in real-time. You can re-enable/reset the affected endpoints from the browser after conducting a full investigation.

Simple API

Currently, m2m (npm module) is available as node.js library for application development. However in the future, bindings can be created for other popular languages such as C, C++, C#, and Java. Users who wants to use other programming languages can use an IPC (inter-process-communication) or microservices to access data from m2m applications.

Flexible Application Model

You can develop your application using a pub-sub model providing a bandwidth-efficient network communication and a simpler application logic. Or use a client-server model where clients send requests for available resources/services from remote endpoint servers. You can also use a master-slave model where resources are allocated from many remote slave endpoints. A master client then captures the required resources from a particular remote slave depending on the application logic facilitating an efficient management of distributed resources.

Deploy your client applications on-prem or in the cloud

You can run your client applications locally or deploy them in the cloud.
m2m applications is very portable via the npm package manager. You can easily move and run your applications from Linux to Windows and vice versa.
You can also host your client applications on-prem using single board computers (SBC) such as Raspberry Pi's or any Intel-based/x64 low-power devices.
If your remote devices are using one of these low-powered SBC's, you can even host your client applications alongside with the remote device/server applications in the same SBC.