Skip to Content
Author's profile photo Former Member

SAP Internet of Things and F5 BIG-IPs

I put together a few use cases for SAP Internet of Things and F5 BIG-IPs (along with video demos).

Let’s get started with a video demo ( showing the SAP Internet of Things Cockpit for:

  • Device Management of different device types (car devices, industrial sensors) using message types s.a.

      MQTT for the car devices and ModbusTCP for the industrial sensors

  • Registering devices and generating OAuth tokens for them
  • Sending and receiving messages using HTTP and WebSockets
  • Displaying the messages stored in the backend SAP HANA database

Possible use cases for F5 BIG-IP:

  • federation scenarios (OAuth, SAML) and
  • visibility and security at scale for MQTT,  ModbusTCP etc

The second video demo ( illustrates the following scenario: Modbus master sends traffic via F5 BIG-IP devices, which apply security rules and send good traffic to the Modbus slave. We could also use the F5 BIG-IP outside of the live traffic path, sending it a copy of traffic. This would allow visibility into current/normal traffic patterns.

ModbusTCP – Possible use cases for F5 BIG-IP
Protocol validation; Modbus TCP packets that are of wrong size or length
Potential DoS attacks – Traffic from a server to many slaves
Traffic on TCP port 502 that is not Modbus
Function and configuration scans
Function codes putting slave devices into listen-only mode
Function codes that modify diagnostic information
Function codes that cause the unit to shutdown, requiring someone physically at the site to restart the device
Intercept exception PDUs

The third and last video demo ( illustrates streaming telemetry data to cloud from devices using MQTT and terminating TLS at BigIP/F5 for deep packet inspection.

MQTT/TLS – Possible use cases for F5 BIG-IP

perform certificate validation;

block / alert on excessively large MQTT messages;

control authorization;

stop malicious clients from making large numbers of subscriptions;

stop malicious clients from posting large numbers of messages

allow geographic collocation of sensors and brokers, i.e. pick the broker that is geographically closest to the sensor as determined by the source IP address, etc. If there is a group of eligible brokers after the source-IP decision, then the client ID could be used to further select among them.

There is no audio but here is the demo flow:

  • Showing the Kibana dashboard; refresh it to show that there is no (IoT) data yet
  • Send MQTT/TLS traffic to multiple topics; show the BIG-IP logs; show that the MQTT/TLS message reach their final destination
  • Refresh the Kibana dashboard and show that now we have the info on devices (common name from the device certificate in our example), the topics we just published to and timestamps

A version using Analytics | SAP HANA Cloud Platform should be available soon.

Assigned Tags

      Be the first to leave a comment
      You must be Logged on to comment or reply to a post.