Cloud-Agnostic IoT Dashboards: A Practical Playbook
Most IoT dashboards get welded to a single cloud. That’s fine—until costs spike, an ICCC requires a different stack, or your client mandates on-prem. This post shows how to build one dashboard that runs on any major cloud (or edge) without rewrites.
Context: Our team at Envitus (Alcodex) has delivered 14+ smart-city deployments in India, with exports to UAE, Qatar, Singapore, Vietnam, USA, Canada, Malaysia—ruggedized outdoor devices and ICCC integrations, backed by long term AMC contracts. The approach below is field-tested.
1) Start with open, boring protocols
- Device → Edge: Modbus/RS485, BLE, LoRaWAN
- Edge → Cloud: MQTT or HTTP/REST (avoid proprietary SDKs on day one)
- Event envelope: adopt CloudEvents (simple JSON) so messages look identical on AWS/GCP/Azure/K3s.
This means your payloads aren’t tied to AWS IoT “things,” GCP registries, or Azure device twins. You can still map to them later—but your app logic stays portable.
2) Decouple transport from application
Pick a broker/queue abstraction you can swap:
- MQTT broker (EMQX/Mosquitto/NATS) or managed services (AWS IoT Core / PubSub / Event Hubs).
- Hide this behind a tiny ingest service:
/ingest/mqtt→ normalize → publish to/events/*.
Result: Changing clouds = changing a Helm value, not rewriting the app.
3) Choose portable storage
Your dashboard will need time-series, metadata, and files (images/reports):
- Time-series: TimescaleDB or InfluxDB (both run anywhere).
- Operational DB (RBAC, tenants): Postgres.
- Object store: S3-compatible (MinIO in any cloud/on-prem). You can still point to AWS S3, GCS, or Azure Blob—your app uses the same S3 API.
Use a repository pattern so reads/writes go through a clean interface. You can add managed cloud backends later without touching UI code.
4) Run on Kubernetes (so “anywhere” is real)
Containerize services and ship with:
- Kubernetes (EKS/GKE/AKS/K3s) + Helm charts
- Terraform for infra (providers for AWS/GCP/Azure/on-prem)
- Secrets via Kubernetes Secrets or Vault
A single values file (URLs, creds, bucket names) lets you redeploy the same app across clouds.
5) Build an operator-first UI
A cloud-agnostic dashboard isn’t just portable—it’s usable by ops:
- Operator view (today): 5–7 key metrics, alert banner, acknowledge/assign ticket in one click.
- Supervisor view (7-day): trends, site comparisons, SLA timers.
- Ticketing: alerts → work orders with status, ETA, comments.
- Mobile flows: scan device QR, check signal/last seen, file photo, close ticket.
Tech stack: React/Next.js front-end, Grafana for quick trends if needed, RBAC via JWT/OAuth2, feature flags to toggle ICCC connectors per customer.
6) Make ICCC integration a plugin, not a fork
Treat each ICCC as an adapter:
- Input: your normalized events (CloudEvents).
- Map: severity, dedupe, ack/clear semantics to ICCC’s API.
- Test: auth, rate limits, retries/backoff, audit logs.
Ship these adapters as independent services so your core doesn’t know (or care) which ICCC you’re sending to.
7) Observability that travels with you
- OpenTelemetry for traces/metrics/logs
- Prometheus + Loki + Tempo stack (or managed equivalents)
- Health checks and SLOs are the same regardless of cloud.
8) Security & longevity
- Device identity: X.509 per device, rotate certs; TLS everywhere.
- Zero trust: short-lived tokens between services, least-privilege IAM.
- OTA: staged rollouts, rollback plan.
- AMC: monthly reports, spares plan, firmware cadence—your ops layer shouldn’t change with the cloud.
Sensors → Edge gateway (Modbus/RS485/BLE/LoRaWAN; store-and-forward) → Ingest service (HTTP/MQTT; CloudEvents) → Broker/Queue → Processor services (validation, enrichment, alerts) → Time-series DB + Postgres + S3-compatible storage → API gateway → React/Next.js dashboard + mobile → ICCC adapter(s) (optional). Platform: Kubernetes + Helm, Terraform IaC, OpenTelemetry, Prometheus/Loki/Tempo, Vault/Secrets.
A 6–8 week rollout plan
- Week 1: site audit, data dictionary, acceptance tests
- Week 2: ingest service + broker + storage scaffold on K8s
- Week 3: device flows (register, last-seen, telemetry, alerts)
- Week 4: operator UI (current state, ack, ticket), mobile quick actions
- Week 5: ICCC adapter (if required) + soak tests
- Week 6–8: pilot at 3–5 sites, training, SOPs, AMC schedule
Costs & flexibility
Start portable (MQTT + Postgres/Timescale + S3-compatible). If a client demands native managed services later, you can swap implementations behind your interfaces without changing UI/UX. Portability today; optimizations tomorrow.
If you’d like, we can share a 1-page cloud-agnostic checklist you can map to your PLC/SCADA stack.
