If I want to control a device in an IoT project where should the server run on the the raspberry or on the cloud machine?

For example :

Suppose I want to control my home water pump from outside the house. For this project I have chosen Raspberry which controls the driver circuit and the driver circuit controls the motor pump.

I need a server program to control my motor pump, will the program run on a cloud machine or will it run on a raspberry pi?

I think server program will run on the raspberry Pi not on cloud machine. But I see that it is often said that the project should be deployed on the cloud for security purpose. If I deploy server program on cloud I have no idea how cloud machine will control motor pump through raspberry Pi

 

There are multiple ways to do this. It does not strictly have to be a server / client model.

That said, every internet access device already has an http client (the browser), so it is easy to make the device under control an http server and talk to it via the browser on you phone, pc, tablet, whatever. The server is actually quite simple. It needs only a small fraction of what a full blown server would do.

Bob

 

There are multiple ways to do this. It does not strictly have to be a server / client model.

Yes it can be made in many ways. So client-server one way

That said, every internet access device already has an http client (the browser), so it is easy to make the device under control an http server and talk to it via the browser on you phone, pc, tablet, whatever. The server is actually quite simple. It needs only a small fraction of what a full blown server would do.

Bob

Sorry but I'm still not clear where the server program will run on the RPi or the cloud machine?

 

On the Pi. And it does not have to be the an Apache server. I run a (very simple) http server on a PIC.

Bob

 

On the Pi.

I found , it is not safe to run the Server on RPi Or PIC because of security purpose. That's why the server is deployed on the cloud machine. is this a really a valid reason?

I run a (very simple) http server on a PIC.

Just for curiosity what PIC do you use to run the server?

 

If I want to control a device in an IoT project where should the server run on the the raspberry or on the cloud machine?

For example :

Suppose I want to control my home water pump from outside the house. For this project I have chosen Raspberry which controls the driver circuit and the driver circuit controls the motor pump.

First and maybe I am reading this wrong and not quite understanding exactly what you want to do. If I use the cloud or any website including my own domain to control something Internet of Things I am using the Internet. Now if I connect a device like a Raspberry Pi on my home network using it as a web server to control things in my house it becomes Intranet. There is a difference. While I have not used a Raspberry Pi for home automation I have used assorted ESP 8266 modules and an Arduino Uno Rev 2. Controlling things like appliances, pumps and just about anything on my home network is local using an IP address like 192.168.0.xx is Intranet. Using my domain is http: www.mysite.com. Placing a server on a cloud requires paying for cloud space and bandwidth.

Ron

 

Yes, I am at a loss about where the cloud comes in. The cloud is for shared storage or compute power, neither of which is needed here.

Bob

 

Yes, I am at a loss about where the cloud comes in. The cloud is for shared storage or compute power, neither of which is needed here.

Bob

Beats me. When I want to turn something On/Off from a thousand miles away I just tell Alexa to do it. Several years ago someone gave me an Echo Dot for Christmas. Since my wife uses Amazon Prime anyway I started messing with it. It does all sorts of things remotely. A Raspberry Pi is on my list of things to get and play with.

Ron

 

Yes, I am at a loss about where the cloud comes in.
Bob

As I mentioned earlier we can run the server on cloud or in home. I thought the cloud is safer than running server at home.

@Reloadron

Do you use port forwarding technique?

How do you secure server at home?

 

As I mentioned earlier we can run the server on cloud or in home. I thought the cloud is safer than running server at home.

@Reloadron

Do you use port forwarding technique?

How do you secure server at home?

Running a server side at home is as safe as I can get. My home network is behind a router with WEP encryption and behind a firewall. It is also limited to my network WiFi range. So it is as safe as my home network. I use this mostly for wireless home applications for example monitoring my basement sump pump and general experiments. I also have several IOT things running on Alexa as mentioned. There are also a few other applications I have used like Smart Switch. I have a few 12 VDC wireless relay cards, lights and switches on IOT but use primarily Alexa (Amazon) since my wife already had an account.

Generally a cloud based server is going to come with a monthly cost unless you happen to own your own domain. All of this the security is about the same. Cloud applications as was mentioned, are generally used for storage and backing up data off site. So much of this depends on your objective. If you want to just control and monitor things within your own home network then doing what is covered for example here is just fine. If you want to monitor and control from miles away then a server based cloud application is viable.

Ron

 

You need to read up on "socket" programming - It is a large subject to cover.

C examples:
Linux:
https://www.binarytides.com/socket-programming-c-linux-tutorial/

Windows:
https://www.binarytides.com/winsock-socket-programming-tutorial/

https://en.m.wikipedia.org/wiki/Client–server_model

A "server" waits for an incoming connection. Much like a person waiting for a phonecall.

It has an IP address and is listening to a port number.

In an example of a RPi/website it is the website, but it can be anything.

The client is the one that seeks the connection. It has the IP address of the server and the port number for the connection. It is like the person who dials the number on a phonecall.

In that previous example it would be the RPi.

There are many examples of server/client code on the internet and for many programming languages.

When it comes to socket programming it pays to have C# or Python up your sleeve - Using a higher level language can save a lot of debugging time.

Learning about network security and best practices should be done along side learning about sockets

Must read for RPi:
https://raspberrytips.com/security-tips-raspberry-pi/

 

As I mentioned earlier we can run the server on cloud or in home. I thought the cloud is safer than running server at home.

@Reloadron

Do you use port forwarding technique?

How do you secure server at home?

I cannot even see my home network from outside. How would anyone even know it was there?

Bob

 

There are all sorts of security methods to open a RPi web server (or application) on your home network. Basic protection is an intelligent firewall at home that can be configured to block certain known "hacker" attacks, or block certain countries (not 100% reliable on that). You can also configure it to allow only certain registered country IP addresses. Higher end firewalls can detect VPN use, allowing you to block hackers from using VPN. Higher end firewalls even have "intrusion detection". Then, you use port address translation so your web server is NOT at a standard address, but one you configure to prevent standard web "probing" from attackers. Finally, you enable proper user authentication to log into your server and then run your application after that point.
All this is not trivial. You will need help setting something up of course. Try to talk to someone who knows network security. A well protected home server can be very secure in the long run, if done properly.

 

I cannot even see my home network from outside. How would anyone even know it was there?

Bob

Mine won't make it 50' to my garage. I can use a relay board and key fob but that id as good as it gets short of a WiFi extender. Everything in the house works fine.

Ron

 

I cannot even see my home network from outside. How would anyone even know it was there?

Bob

Then why are you trying to answer the OP's question if you only know how to set up a local network? The OP is asking for a secure way to run an INTERNET of things (IoT) device. The OP is not asking for a Local Network of Things device.

 

I found , it is not safe to run the Server on RPi Or PIC because of security purpose. That's why the server is deployed on the cloud machine. is this a really a valid reason?


Just for curiosity what PIC do you use to run the server?

The most secure way is to run a cloud server that you can access with your phone or remote computer (or you can allow anyone to access with some type of authentication as you wish. Submit a command by entering a value, setting a radio button or what ever interface you use. I like to write a webpage that accepts a value and some PHP or NodeJS pushes it to an SQL database on the server.
Then your IoT device can regularly query another PHP script on your cloud server that can return the latest value or commands in the database. It doesn't have to be PHP, it can UDP or what ever you are comfortable using.
Code on your IoT device can automatically query the cloud server every hour, or every minute or whatever is a reasonable update frequency you think is right for your device. Obviously, your IoT code must have some type of connection to your local router and then make an authenticated connection to your cloud server (unless you don't care if anyone else sees the values your IoT device uses. If your IoT is dropping information back onto the server (current status, or last run time), you probably want authentication w/IoT device.
With this type of setup, your local network is secure because it is a client. It plucks info from a cloud server. Your phone is also a client that you can use to set an on-time or whatever.
There are more advanced methods (and decreasingly secure methods) to allow push from the server to your device. This is difficult when you are using battery/low power systems that you want to puller up, connect, fetch, do something, then shut down ASAP- then push is not a great option.

 

 

An application server, if it only needs to be accessed from your home (home network) has NO need to be in the cloud. For that to work, you need either only initiate outbound connections to your server (and then accept incoming communications on the same socket)

OR you need to pay for a static incoming IP address or configure dynamic DNS software. Either is acceptable.

Then, you need a configurable firewall that only accepts connections from the IP Address (and Port) from you IoT device to your server. And from your server to your IoT device.

Or you run everything internal,
and block ALL access to to your IoT device and server except from each other.

None of this security is a given on a cloud server. You have to pay for firewall service and configuration services. Plus, maintaining DNS.

$$$ TANSTAAFL