ThingsBoard CE¶
Layer: IoT Layer
Purpose¶
ThingsBoard Community Edition is the core IoT platform for FlexGalaxy.AI, wrapped by DeviceAdmin for device management and alert monitoring. ThingsBoard provides device registration, multi-protocol connectivity, telemetry ingestion and storage, and a rule engine for event routing. Its telemetry data feeds into ThingIO via Kafka for advanced analytics and dashboard visualization.
ThingsBoard is never exposed directly to developers or operators — all access goes through DeviceAdmin (enrollment, alerts, OTA status) and ThingIO (dashboards, analytics).
Why ThingsBoard CE¶
Criterion |
ThingsBoard CE |
|---|---|
License |
Apache 2.0 — no vendor lock-in |
Protocol support |
MQTT, HTTP, CoAP, LwM2M, SNMP |
Multi-tenancy |
Native tenant isolation (maps to FlexGalaxy accounts) |
Deployment |
Microservices mode with official Helm charts |
Maturity |
9+ years, 18k+ GitHub stars, production-proven at scale |
Rule engine |
Configurable event routing, transformation, and alerting |
Dashboards |
Built-in visualization for device monitoring |
API |
REST API for full device and telemetry management |
Platform Mapping¶
Data Plane Service |
ThingsBoard Feature |
|---|---|
DeviceAdmin — device registry |
Device management (create, update, delete) |
DeviceAdmin — device types |
Device profiles |
DeviceAdmin — device credentials |
Device credentials (access tokens, X.509, MQTT basic) |
DeviceAdmin — alert monitoring |
Rule engine alerts (battery, connectivity, threshold) |
ThingIO — data ingestion |
Transport layer (MQTT, HTTP, CoAP, LwM2M) |
ThingIO — time-series storage |
Time-series database (Cassandra or TimescaleDB) |
ThingIO — real-time streaming |
WebSocket subscriptions |
ThingIO — historical queries |
REST API with time-range filtering |
Multi-Tenancy Model¶
ThingsBoard’s native tenancy maps directly to the FlexGalaxy account model:
ThingsBoard FlexGalaxy
───────────── ──────────
System Admin ───► Platform operator
Tenant ───► Account (from Org Service)
Customer ───► Sub-account or end-user
Device ───► Registered IoT device
The Provisioning Service creates ThingsBoard tenants when new accounts are onboarded and assigns devices to the correct tenant during enrollment.
Device Connectivity¶
Supported Protocols¶
Protocol |
Port |
Use Case |
|---|---|---|
MQTT |
1883 / 8883 (TLS) |
Primary device-to-cloud — AMRs, cleaning robots |
CoAP |
5683 / 5684 (DTLS) |
Constrained sensors, battery-powered devices |
HTTP |
443 |
Gateways, simulators, batch ingestion |
LwM2M |
5685 / 5686 |
OMA-standard device management for constrained IoT |
Credential Types¶
Type |
Use Case |
Provisioning |
|---|---|---|
Access token |
Simple sensors, development |
Generated during provisioning |
X.509 certificate |
Robots, production devices |
Subordinate CA per manufacturer |
MQTT basic auth |
Legacy device integration |
Username/password pair |
Rule Engine Integration¶
ThingsBoard’s rule engine routes telemetry and events to platform services:
Device telemetry
│
▼
┌──────────────┐
│ Rule Engine │
├──────────────┤
│ Filter │──► Drop noise / validate schema
│ Transform │──► Normalize units, enrich metadata
│ Route │──► Kafka topics for downstream consumers
│ Alert │──► Basic threshold alerts (battery low, offline)
│ RPC │──► Device commands (reboot, configure)
└──────────────┘
│
├──► Kafka: tb.telemetry.* ──► StreamPipes (analytics)
├──► Kafka: tb.events.* ──► Platform services
└──► Internal storage ──► Time-series DB
The rule engine handles basic event routing and threshold alerting. DeviceAdmin surfaces these alerts to operators. Complex analytics (pattern detection, ML inference, multi-source correlation) flow through Kafka to StreamPipes, exposed via ThingIO.
Deployment Architecture¶
ThingsBoard runs in microservices mode on the shared EKS cluster:
Component |
Replicas |
Resource |
|---|---|---|
tb-core |
2+ |
Core API, rule engine coordination |
tb-rule-engine |
2+ |
Rule chain execution |
tb-transport-mqtt |
2+ |
MQTT endpoint |
tb-transport-http |
1+ |
HTTP endpoint |
tb-transport-coap |
1+ |
CoAP endpoint |
tb-js-executor |
2+ |
JavaScript rule node execution |
Storage¶
Store |
Technology |
Purpose |
|---|---|---|
Entity DB |
PostgreSQL (RDS) |
Devices, tenants, dashboards, rule chains |
Time-series DB |
TimescaleDB (RDS) or Cassandra |
Telemetry data points |
Message queue |
Kafka (MSK) |
Internal microservice communication |
Cache |
Redis (ElastiCache) |
Session cache, rate limiting |
Sizing Guidelines¶
Scale |
Devices |
Messages/sec |
TB Cores |
TB Rule Engines |
|---|---|---|---|---|
Small (dev) |
< 1,000 |
< 1,000 |
1 |
1 |
Medium |
1,000–10,000 |
1,000–10,000 |
2 |
2 |
Large |
10,000–100,000 |
10,000–50,000 |
3+ |
3+ |
API Integration Points¶
REST API (Platform → ThingsBoard)¶
Operation |
Endpoint |
Usage |
|---|---|---|
Create device |
|
Provisioning Service creates devices |
Get device |
|
DeviceAdmin queries |
Save attributes |
|
Set device metadata |
Query telemetry |
|
Historical data |
Send RPC |
|
Device commands |
Manage tenants |
|
Account onboarding |
Kafka (ThingsBoard → Platform)¶
Topic |
Payload |
Consumer |
|---|---|---|
|
Raw telemetry events |
StreamPipes |
|
Rule engine alerts |
Platform alerting |
|
Connect/disconnect/provision events |
Provisioning, Monitoring |
Boundaries¶
ThingsBoard handles:
Device connectivity and protocol translation
Telemetry ingestion and storage
Basic rule-based event routing and alerting
Device credential management (for IoT protocols)
ThingsBoard does not handle:
Platform-level identity and authorization → DotID
Complex stream analytics and dashboards → StreamPipes (via ThingIO)
OTA updates and artifact delivery → hawkBit (via OTAForge)
Device provisioning workflow → DeviceAdmin (via Provisioning Service)
Business API authentication → DotID (Keycloak M2M tokens)
Important: ThingsBoard’s built-in dashboard engine is not exposed to developers or operators. All visualization goes through ThingIO.