- This line was added.
- This line was removed.
- Formatting was changed.
The LinkSmart® Border Gateway provides a single point of entry into an Internet of Things autonomous system (IoT AS) consisting of connected devices, their supporting services and the messaging infrastructure. These are the main functionalities:
- TLS offloading at the edge of the protected autonomous system for the following protocols:
- TLS-encrypted MQTT
- TLS-encrypted WebSocket
- Authentication and authorization for HTTP, MQTT and WebSocket requests. Users and their permissions can be defined using an Identity Provider conforming to the OpenID Connect protocol.
- Access control for HTTP requests can be defined for the type of protocol (HTTP or HTTPS), requested resources (or paths) and allowed HTTP methods.
- Access control for MQTT requests can be defined for topics, wildcards, and MQTT commands (publish, subscribe etc.).
- Access control for WebSocket connections can be defined for hostname, port and request paths.
- HTTP request forwarding to internal services according to location definitions (e.g. a request to https://iot.linksmart.eu/<location> can be forwarded to localhost or any other host protected by the Border Gateway on the correct port).
- Address translation for HTTP requests, i.e. internal IoT-AS addresses in HTTP responses can be translated to external addresses that the requester is able to connect to.
The Border Gateway can be easily deployed in a Docker container. The basic configuration requires a TLS certificate for the host and an available OpenID Connect provider.