Large-scale IoT, referred to by the industry as Massive IoT, is IoT systems with millions of sensors in small geographical areas. Large-scale IoT aims to collect data that can save resources such as time and money. But data must be reliable, and reliable data requires hardware that works year in and year out without problems.
Designing sustainable sensor ecosystems
The expectation for an IoT sensor is that its battery should last at least ten years. On top of this challenge, the sensor must operate autonomously for 10+ years of installation in a demanding environment. The sensor must be able to adapt to what is happening in the wireless network and what is happening in its internal hardware or software, and it must be able to parry for unexpected readings. So how do you design reliable ecosystems around the requirement for at least 10+ years of battery life?
Based on my experience, the simple explanation is that reliability comes first. Over the years, I have put hundreds of thousands of devices on the market. Reliability means, first and foremost, that you have a device with mechanisms to keep it connected to the network to handle failures. Below I will share a list of things you need to have in place on your device:
A watchdog monitors and manages errors in your device. In simple terms, it consists of either a hardware watchdog or a software watchdog. The simplest to implement is a software watchdog, a program sequence that is “fed” with code as long as code is executed. Should some process cause the code to stop executing, the watchdog program decides to restart the device when it is no longer being fed. A software watchdog is a good, simple and inexpensive way, but there are even more reliable solutions. Lifting out the watchdog in a second processor gives it a less vulnerable design. The secondary processor, the hardware watchdog, operates independently and only sees if the main process is running or not. A hardware watchdog is most efficient but also power-hungry and costly.
A watchdog can check and verify other functions, such as device registration on the mobile network. If not, the connectivity device is rebooted (the 4G module, for example). If it fails to initialize the sensor after some attempts, it puts the device to sleep for a more extended period to save battery.
Missing watchdog functions can lead to battery drain (devices trying to connect, repeated reboots due to software or hardware, or the device getting stuck due to poorly written Firmware and manually rebooted). So if these things are not in place in the device, the power consumption of the device during normal operation will matter less, and you will have to worry about other things.
Firmware over the Air
All devices will sooner or later need to be updated, especially over ten years of operation. Ten years without a battery change means you will need to download new Firmware to meet new security threats; no ten years in the 21st century has been without security threats solved with new Firmware. Since you have the devices installed in widely separated locations, you need to solve it all with updating over the Air, Firmware over the Air, or FOTA. FOTA is a watershed in IoT. The technology most talked about for extended battery life is LoRaWAN. But LoRaWAN could be better at handling FOTA; it can take weeks to get an update over to a device due to slow data rates. Compared to LoRaWAN, 4G/5G is far superior. If you attach importance to firmware updates, LoRaWAN is something you should carefully consider before choosing a connectivity technology.
Devices that do not have firmware validation when downloading new Firmware or devices that lack mechanisms for resetting to a secure version are what we would categorize as IoT devices to opt out of. Only select devices that accept updates that are digitally signed. Choose devices that have mechanisms to update the Firmware securely and remotely. Select only devices that do not lock up if the firmware update fails.
If you are doing a large rollout, it is costly to update devices if they need to be updated for security reasons. Perhaps more expensive than replacing the battery.
If you have installed many sensors in the field, you will want to keep track of things related to functionality and performance. The device can report on apparent parameters like battery voltage and signal strength even with simple protocols. The device can also include information on signal quality and provide feedback if any part of the hardware is not working. Measuring performance parameters can take time, ultimately costing battery life, but if your sensor manufacturer has thought of it, the sensor can pause signal strength analysis for a while; if the device had good signal strength at the last measurement, better that you get the values intermittently than not getting them at all and that you get more frequent updates in case of problems.
Even simple protocols can control functions in your device, which can be helpful. If you want to change update intervals, which sensors to deviate, or activate a fault indication line locally, it is helpful if these features can be initiated remotely. It’s possible to use standard protocols to influence sensor properties remotely easily; it’s all about how far your manufacturer has thought and tweaked their software.
A good device management platform often includes the ability for Firmware over-the-air updates, but sometimes different solutions are used for the two functions. Nonetheless, both are important.
Over ten years in the field, you will collect a lot of data you need to protect. Cellular devices (4G/5G) have a SIM card, a secure element that LoRaWAN devices lack. The SIM card is a security layer, but I recommend using multiple layers. Regardless of wireless technology, it is always recommended that you implement end-to-end encryption. This is based on the fact that you use security certificates and an encrypted transmission between the sensor and the server side. For networks, this can be likened to VPN connectivity, and in networks, it’s something you can use, but in large-scale IoT, it tends to fall behind (because the truth is that encryption reduces battery life).
The bottom line is that a trusted device manages the software and hardware so that data can be sent securely year after year. You should also see if the device you want to work with is CE-marked and electrical safety tested. Some devices on the market come from copied designs or hardware that doesn’t pass the tests; this is hardware that you really want to avoid.