IBM Cloud Satellite: Build faster. Securely. Anywhere. Read more

Archived | Lessons learned from my first experiences in IoT development

Archived content

Archive date: 2020-03-10

This content is no longer being updated or maintained. The content is provided “as is.” Given the rapid evolution of technology, some content, steps, or illustrations may have changed.

When you set out to build an IoT application, you have to consider various devices, hardware kits, SDKs, and communication protocols on top of your typical software development environment. As I ventured into IoT development, I learned several important lessons:

  • You need experience with multiple device SDKs
  • MQTT is the best communication protocol for IoT
  • Containers greatly simplify your IoT development
  • You can use blockchain technology for securing IoT solutions

What makes IoT development unique?

IoT application development is different from other kinds of software development due to IoT’s unique characteristics:

  • Each IoT device typically has a small amount of computing power. Compared with computers or smartphones, IoT devices’ primary function is not computing. They typically only have a small microcontroller unit (MCU) board attached to a device that is designed for other purposes.

  • IoT devices have their own programming environments. Because of the constraints imposed by the limited computing power of the devices, it is impossible for IoT devices to run traditional operating systems or developer tools that are designed for much more powerful devices. Also, IoT devices typically do not have a screen or keyboard for programmer access.

  • IoT devices often operate in low bandwidth and unreliable network environments. Many IoT devices are mobile or in the field. They have to connect to whatever wireless network that is available, and have to keep functioning when there is no network.

  • Deploying and managing IoT device software is a major challenge. Without a traditional UI or a reliable network, it is nearly impossible for users to manually update all devices in the field when a software update comes out.

  • IoT applications are machine-to-machine (M2M) applications. Each IoT device typically generates a series of timestamped sensor data points. For humans, such data is hard to understand and provides limited value. The IoT data is typically aggregated and processed by other machines and devices.

  • IoT devices could be tampered with in the field. There could be many more IoT devices than people. So, most IoT devices are left unattended for long periods of time. They are subject to tampering and other malicious attacks.

Lesson 1: Learn and experiment with multiple device SDKs

Due to the diversity of IoT devices and application scenarios, IoT application development tends to be specialized. Instead of a general-purpose computer, developers must choose different hardware and software combinations to optimize for specific use cases.

In one of my previous articles, Build a practical IoT app – an air quality monitor, I used the NodeMCU board as the basis for my IoT application. The NodeMCU has some very distinctive advantages (which I presented in a previous article, Getting to know NodeMCU and its DEVKIT board), including built-in support for wifi, very low cost, and support for the LUA programming language. However, NodeMCU also lacks a big developer community. As a result, the NodeMCU is not thoroughly tested and supported by the sensor manufacturer’s community. While most sensors work well with NodeMCU (it does support standard digital and analog PINs for data I/O after all), developers often need to do a fair amounts of trial and error in order to make the system work reliably.

To prototype a simple IoT application, you could also start from the Arduino starter kit. The advantage of the Arduino board is its simplicity. It is just a computer with I/O pins, and it supports multiple programming environments including a kids-friendly block-based programming environment and a traditional C programming language. Because it has a large community, and is widely used to teach children how to program, an ecosystem of sensors, periphery devices (for example, wifi and cellular networking modules or LED lights), and tutorials and code examples have been developed for Arduino boards. For proof-of-concept or educational projects, the Arduino development kit is ideal.

For applications that require more than interfacing with sensors, one might find the computing power provided by Arduino or NodeMCU insufficient. Raspberry Pi dev kits include low-cost boards that provide an intel x86 CPU. Since the x86 is very widely used, there is a lot of software (especially open source software, including many device drivers developed by the Linux community over the years) that can be reused by Raspberry Pi developers. However, the downsides of an x86 based solution is also obvious — it is complex and not at all power-efficient.

Besides those general dev kits, there are specialized dev kits for industry or application-specific solutions. For example,

  • The Nvidia Jetson TX2 module is an embedded board that supports GPU-based deep learning on devices such as surveillance cameras and self-driving cars.

  • The MATRIX Voice module is an integrated board with a microphone array (sensors), a specialized voice recognition and processing chip (FPGA), and an ESP controller (NodeMCU). It could be embedded into other devices to enable voice control functions.

Additionally, many other specialized solutions for industry verticals also exist. Be sure to research them before you start your own projects.

Lesson 2: Take the time to learn and take advantage of MQTT

For beginners, while it is tempting to use the familiar HTTP for network communications, it pays to learn and use MQTT as your communications protocol. It is a more efficient and reliable protocol for time series sensor data that is generated by your IoT devices.

MQTT provides a mechanism for two-way communication between servers and devices. The server can send commands to the device and potentially reconfigure the device to better manage power, bandwidth, or other resources.

Furthermore, MQTT also allows for peer-to-peer communication between devices. By organizing devices into topics, devices can exchange data or commands with each other or in a group. This structure can allow the application developer to set up a hierarchy of devices with complex controlling schemes.

You can learn more about MQTT and get started with MQTT development with my previous article, Getting to know MQTT – why MQTT is one of the best network protocols for the Internet of Things.

Lesson 3: Use a container framework

For complex IoT applications, it is sometimes necessary to manage software updates across potentially millions of unattended devices in the field. To accomplish that, we can use software containers that can download new modules on demand and update themselves. A good example is the OSGi container.

The OSGi container was invented by the IBM Pervasive Computing lab, and it was envisioned to be run inside home set top boxes, where it can be managed and updated remotely without user intervention. Today, the OSGi is primarily used in server-side applications, where DevOps teams need to automatically and remotely manage and update a large number of servers across data centers. It serves as an alternative to the heavy weight Java EE application frameworks. However, as OSGi still requires a Java virtual machine and its related libraries to run, it is suitable for relatively complex IoT applications on powerful devices that run fully fledged operating systems.

Examples of open source OSGi implementations include these more popular ones:

On a powerful device like the Raspberry Pi, you can also install Docker and then Linux in the Docker container. This allows us to automatically install and manage pre-configured software on a large number of devices. (You can read more about using Docker containers for IoT development in this article.) Docker and OSGi complement each other, as Docker manages at the operating system level, and OSGi manages at the application component level.

Lesson 4: IoT and blockchain

Finally, security and auditability are critical to IoT applications. Because IoT applications generate large amounts of M2M data and no human can actively monitor the data in real time to ensure its accuracy, your IoT app needs to establish “trust” between machines and be able to audit the data when anything goes wrong.

The data from IoT devices typically consists of a long stream of timestamp facts, such as sensor readings and locations. Those data points are “facts” and hence immutable. To protect data integrity and prevent tampering, the system could store the data points on a blockchain. IBM Watson IoT Platform and IBM Blockchain offers such services. To learn more about how to implement blockchain for IoT applications, you can review this tutorial, Integrate device data with smart contracts in IBM Blockchain.

Besides storing data points, the blockchain can also support transactions in the IoT network. A simple example is RFIDs in a supply chain network. IoT devices can track the RFIDs tagged on physical goods and record trusted transactions as goods move from one vendor to the next. Such transactions are not limited to device-generated data. They could also be applied to manage the devices themselves. For example, any changes to each device’s location, status, and configuration could also be recorded in the blockchain as transactions to track the devices.

The traditional blockchains are sometimes too computationally expensive to be used by IoT devices. New blockchain-like protocols are now being invented to specifically address the IoT use case. For example, the IOTA project developed a network data structure called tangle (as opposed to chains) to establish trust and immutability. It might be a reasonable substitute for blockchains in the IoT area. Time will tell.


We discussed challenges in developing IoT applications and some approaches to address those challenges. Specifically, due to the diversity of IoT applications and the constraints on the devices, it pays to learn multiple development kits, SDKs, and protocols like MQTT. To better manage IoT application deployment and security, you can use container frameworks, such as OSGi and Docker, and blockchain networks.