Technical Description

Remote Control & Telemetry — how iottly works under the hood.

How does it work?

How iottly works
1

Connect

Instantly install and launch iottlyAgent on devices

2

Cloud Link

Devices autonomously connect to iottlyCloud (MQTT/TLS)

3

Operate

Technicians operate on the devices from everywhere via the web app

iottlyAgent — Technical Specs

Footprint
30 MB flash, 6 MB RAM
OS
Linux
Architectures
ARMv5, ARMv6+, AMD64, i386
Portability
Rapid portability on any platform
Connectivity
LAN, WiFi, LTE, GPRS
Outbound connections
iottlyCloud port 8883 (MQTT/TLS) · port 2200 (SSH)
Protocol
Lightweight MQTT
Security
TLS 2048-bit, X.509 certificates
Coexistence
Coexists without interfering with third-party firmware

iottlyAgent Architecture

iottlyAgent runs on top of the device OS (Linux + Python) and exposes a set of services:

  • MQTT client — secure bidirectional communication with iottlyCloud
  • SSH Client + Server + Manager — enables web-based terminal access
  • Scripting Engine — OTA script sync and execution
  • SDK Manager — handles third-party firmware/software integration
  • Unix sockets — internal IPC for third-party messages
iottlyAgent Architecture

iottlyCloud Architecture

Deployable on AWS EC2 or on-premise self-hosted infrastructure.

  • MQTT Brokers — handle device connections (port 8883, MQTT/TLS)
  • SSH Bastions + Session Managers — isolated SSH sandboxes (1 per session)
  • API Servers — REST API for third-party integrations
  • User Authenticators — role-based access control
  • Database Replicas — high availability
  • Internal CA — certificate authority for device X.509 certs
  • Encrypted SSH key storage — keys mounted in RAM per session

Ports

  • HTTPS: 443
  • MQTT/TLS: 8883
  • SSH: 2200
iottlyCloud Architecture

Off-the-shelf Security

MQTT X.509 Certificate Chain

iottly uses a full X.509 certificate chain for mutual authentication between devices and brokers:

  • Internal CA issues device certificates
  • Device authenticates to broker via SSL handshake
  • Device verifies broker identity via SSL handshake
  • Integrable with third-party CAs

Secure Device Pairing

  • Ephemeral unique device token generated per pairing request
  • Unique and unambiguous device identification
  • MQTT certificates + SSH keys provisioned during pairing
  • Integrable with third-party bulk flashing systems

Everywhere Web SSH — Key Management

  • Device key pair stored on device during pairing
  • Sandbox key pair stored in encrypted storage, mounted in RAM per session
  • Optionally: both key pairs dynamically generated per session
  • Zero inbound connections — no open ports on device
Off-the-shelf Security

Telemetry Middleware via Cloud APIs

Telemetry Middleware via Cloud APIs

Device → Cloud

  • Devices connected over secure internet (TLS 2048 / X.509)
  • Standard iottlyAgent installed on any device type
  • Edge domain vertical app runs on device
  • MQTT protocol for lightweight real-time messaging

Cloud → Third-party Apps

  • Webhooks — iottly pushes real-time device messages to external apps
  • REST APIs — trusted active controls from external applications
  • Supports monitoring, control frontends and enterprise integrations

Want to see it in action?

Sign UpSign Up