AWS Partner Network (APN) Blog
How Cardinal Peak Harnessed AWS IoT ExpressLink to Speed Implementation Across the Development Lifecycle
By Evan Gates, Embedded Software Director – Cardinal Peak
By Ramandeep Kaur, Staff Engineer – Cardinal Peak
By Andrew Sargent, Staff Engineer – Cardinal Peak
By Venkat Gomatham, Sr. Partner Solutions Architect – AWS
Cardinal Peak |
Connecting Internet of Things (IoT) devices to the cloud can be a complex and challenging task. Yet, in today’s digital era staying ahead of the curve is essential for businesses seeking to bring innovative products to market quickly, securely, and efficiently.
AWS IoT ExpressLink is a software that powers a range of hardware connectivity modules developed and offered by AWS Partners. It simplifies and accelerates the process of connecting IoT devices securely to Amazon Web Services (AWS) at each stage of the product development cycle—from prototyping to full-scale field deployments.
AWS IoT ExpressLink’s connectivity modules include software implementing AWS-mandated security requirements, making it faster and easier to securely connect devices to the cloud and seamlessly integrate with a range of AWS services.
In this post, we will discuss how Cardinal Peak harnessed AWS IoT ExpressLink-powered connectivity modules to accelerate the IoT product prototyping phase. This helped them rapidly identify and mitigate risks earlier in the development process to reduce the time and engineering resources spent on development and quickly gain valuable insight into our client’s newly connected IoT solution.
Cardinal Peak is an AWS Specialization Partner and AWS Marketplace Seller that provides end-to-end product design services for connected devices, reducing the risk of outsourcing your engineering project.
Developing IoT Device Hardware
Integrating AWS IoT ExpressLink connectivity modules into a new or existing device saves time and money. Opting for a complete hardware redesign is a lengthy and expensive process that typically involves redesigning the printed circuit board (PCB) layout, routing the new board and other complexities with the potential to introduce new challenges not present in the original design.
Without AWS IoT ExpressLink, Cardinal Peak’s project demanded separate Wi-Fi or Bluetooth chips and the integration of redesigned hardware into a host processor, increasing the complexity of the product’s design.
Figure 1 – AWS IoT ExpressLink simplified hardware block diagram.
Designed with a simpler interface with fewer traces, AWS IoT ExpressLink eliminates the steps involved in integrating the networking and cryptography layers to the hardware connectivity modules—from generating certificates to provisioning devices to setting up encryption on the embedded and cloud sides. This accelerates IoT product development to a fraction of the time while incorporating security best practices into the design.
Easy to integrate into new and existing devices, the AWS IoT ExpressLink specification defines an interface and rigorous set of tests for AWS Partners and manufacturers of wireless modules to follow, including providing a ready-made provisioning and onboarding solution with built-in security features. This ease of integration delivers confidence in the product design and implementation.
Adding new connectivity features and AWS IoT ExpressLink’s built-in security aspects to an existing device without reworking the underlying hardware saved Cardinal Peak two to four months of engineering time—one to two months each for a hardware engineer and an embedded software engineer.
Embedded Firmware Development
From connectivity and security to resource constraints, different hardware and software configurations, testing and deployment, embedded firmware development is a complex and time-consuming process that can take several months or even years depending on the device’s functionality and performance requirements.
Connecting devices to the cloud previously required developers to integrate potentially complex external libraries to handle the security and communication aspects of their project. Merging this code with the application code requires in-depth networking and security knowledge to ensure device functionality and implement security best practices.
With simpler firmware, AWS IoT ExpressLink software acts as a building block that helps devices easily establish a two-way connection with AWS IoT Core through native support of MQTT, enabling efficient communication for resource-constrained devices.
With no fancy driver or new hardware and no need to debug complicated communications protocols, AWS IoT ExpressLink allowed Cardinal Peak to connect directly to the device with a couple of serial lines and API calls. Just open a terminal, connect to the serial port, and type messages as simple as connect, send, and subscribe to send data to and receive data from the cloud. The human-readable text commands make debugging the interface straightforward.
Additionally, AWS IoT ExpressLink modules natively support firmware updates, allowing developers to update their firmware remotely and securely. This simplifies firmware updates on IoT devices in the field and makes IoT product development faster and more cost-effective.
For this prototype project, Cardinal Peak set up the dev kit, connected directly to its computer, and manually sent simple messages to the cloud in a single afternoon. By assembling a Wi-Fi-connected product demo with minimal changes to the existing firmware, the team ultimately sent sensor data to the cloud—getting live interaction data from the device to the cloud—in about a week.
Comparing the development timeline against similar projects executing security and MQTT communication integration in-house, AWS IoT ExpressLink helped unlock one to two months of engineering time for Cardinal Peak.
IoT Device Manufacturing and Quality Assurance
Ensuring every device undergoes proper testing and meets quality standards while managing costs effectively can be challenging as the production volume increases and demands meticulous planning, coordination, and attention to detail.
Between evolving security requirements, key pair generation, unique device identities, and renewal, expiration and revocation concerns, generating and managing certificates is a complex and time-consuming process, especially when dealing with large numbers of devices.
AWS IoT ExpressLink simplifies provisioning with cryptographically secured preinstalled certificates—such as an X.509 certificate containing a 128-bit unique ID—when setting up the manufacturing line. This eliminates the need to generate certificates, load certificates onto devices, track devices in the database, and correctly upload them to the AWS cloud to communicate with other devices.
The connectivity module also includes software implementing AWS-mandated provisioning and security procedures and requirements, such as cryptographically secured boot and over-the-air (OTA) firmware updates, TLS v1.2 encryption, and compliance with the security regression test suite. By featuring best practices for device-to-cloud connectivity and security, AWS IoT ExpressLink reduces the risk of vulnerabilities and errors during manufacturing, ultimately saving time and money.
Cardinal Peak completed projects that demand the generation, management, and installation of certificates on devices and connecting them to the cloud system, discovering that AWS IoT ExpressLink’s ease of implementation and flexibility helped save one to two months of engineer time.
Onboarding IoT Devices to the Cloud
Cloud onboarding typically involves:
- Establishing secure channels for data transmission.
- Verifying the device’s authenticity, identity, and ownership.
- Organizing access policies and permissions to add devices to your cloud system.
- Managing and analyzing data.
- Triggering actions and notifications based on the received data.
Adding a compromised device into a cloud system can introduce security vulnerabilities, data breaches, or malicious attacks. Even worse, bad actors can potentially access and manipulate sensitive data, spread malware to other devices in the network, or cause different types of damage to the system.
AWS IoT ExpressLink’s onboarding-by-claim feature helped Cardinal Peak streamline the process of securely connecting devices to AWS IoT Core wirelessly, simplifying device authenticity and ownership to take control of devices and add them to cloud systems.
By allowing the team to easily associate physical devices to an AWS IoT Core “thing” in the cloud and add them to the company’s AWS IoT account, AWS IoT ExpressLink eliminated the need to set up extra cloud services or infrastructure.
Figure 2 – AWS IoT ExpressLink onboarding by claim.
Since devices are already waiting for end users to register the finished product, they are automatically moved from the staging account, or lobby, to the cloud account, allowing greater flexibility in the endpoint selection. This implementation also removes the need to share credentials with other parties in the supply chain, helping minimize exposure to third-party security breaches.
With AWS IoT ExpressLink, there’s no need to upload certificates, keep track of them, and implement your own cloud onboarding. For Cardinal Peak, this unlocked another one to two months of engineering time savings.
Unlocking IoT Success with Streamlined Prototyping
Innovation. Efficiency. Speed. These are the building blocks of successful IoT product development. From hardware design through cloud onboarding, AWS IoT ExpressLink-powered connectivity modules provided Cardinal Peak’s project with a streamlined wireless connectivity and cloud integration solution that unlocked innovation, efficiency, and speed at every stage of the development cycle.
By simplifying the process of isolating and testing specific elements of Cardinal Peak’s connected product, AWS IoT ExpressLink made verifying the functionality, reliability, and security of each component simple. This helped streamline the development process and ensure each piece of the solution meets intended requirements and functions as expected.
By avoiding rewriting the application from scratch and retaining the device’s existing processors, Cardinal Peak’s prototype leveraged AWS IoT ExpressLink-connected modules to connect to the cloud quickly.
Conclusion
With the ability to avoid costly hardware redesign, simpler firmware, preinstalled certificates, a smaller impact on manufacturing, provisioning options, and efficient cloud onboarding by claim, AWS IoT ExpressLink empowered Cardinal Peak to shave over six months of engineering time while improving the overall quality of the final product.
Quickly transforming an embedded device into an IoT-connected device using AWS IoT ExpressLink speeds up time to market, lowers development costs, and enables teams to focus on engineering elevated product experiences.
If you’d like to learn more, please contact AWS IoT Design Partner Cardinal Peak.
Cardinal Peak – AWS Partner Spotlight
Cardinal Peak is an AWS Specialization Partner that provides end-to-end product design services for connected devices, reducing the risk of outsourcing your engineering project.