OVH Guide

Managing IoT applications with the Runabove Manager

iot

This tutorial assumes you already have a RunAbove account and have subscribed to the IoT lab.

Concepts

IoT applications

An application is an isolated container for your metrics data. You can define separate applications for projects that have no relation, e.g. one for greenhouse monitoring in a farm, and another one for all the sensors in a building. Access to the data is defined per application.

If a project or product has multiple tenants that should see only a subset of the data, use a single applications and create separate tokens (see below) for each tenant.

Access tokens

Tokens are used for authentication and authorization. They have a unique identifier, and contain :

  • a name
  • a key, used to authenticate the token,
  • permissions (read or write),
  • tags (key/value pairs) that define the subset in the application's data that can be accessed with the token.

The tags attached to a write token are automatically added to any value written using this token, and the tags attached to a read token are automatically added as filters to any query made with this token. This allows tags to effectively restrict the scope of the token to a subset of the application's data.

Typical use cases for tags:

  • with write token tags, enforce a device identifier (or data source), making sure a device cannot write data on behalf of others. It also limits potential data corruption if a device's token is compromised.
  • with read tokens tags, restrict visibility of a given user to the devices owned by that user.

How to create a new application

Go to the RunAbove Manager and choose "Internet of Things" in the left menu.

main-page

To create your first application, click on the "New application" button in the upper-right corner.

Enter the name, description and cluster of your new application :

  • The name can contain only alphanumeric characters and dash and are case sensitive.
  • The cluster is the location where your data are stored.

application-creation-page

Once you click "Ok", the application is shown in the list and is ready for further actions.

application-creation-page

Use the left column action icons to:

  • go to the token list for this application.
  • edit the application. Only the name and description can be changed, not the storage location.
  • delete the application.

How to create a new token

From the application list, either select the application name or the key icon. This will show the token management screen.

token-page

Select the "New token" top right button. In the example below, we create a specific token for the greenhouse's ceiling sensor gateway. The token has a "location" tags that will automatically tag metrics with their origin.

Having a separate token for the ceiling sensors also strengthens the system's security. If that device and its token are compromised, the impact is limited since the token can only write to a narrow subset of the application's full data set.

token-creation-page

Once you have defined the token's parameters, it is displayed in the application's token list. That list also contain the token's read and write identifier and keys.

token-list

You can then copy/paste these identifiers and keys to send data to the metric storage or query that storage.

Use the left column action icons to:

  • edit the token's name and tags,
  • download a JSON representation the token,
  • delete the token.