Hi TotallyInformation,
Will provide a little more information on the infrastructure of the project, will hopefully make more sense.
Have developed a bespoke RF communication stack, have created Nodes that will sit inside lights, wall switches, temp. sensors etc. and a modified Node that will either plug into the GPIO port on a Pi or into a USB port on a PC enabling two way serial communication via serial port over the RF network.
Local Mode
The Pi, has Node Red controlling the data in and out of the serial port, processes the data and maintains a MySQL database locally. It also has a web app running on it so you can login to the app run reports and push data out to the network either manually or via scheduled tasks.
The PC can be used in the same way, but is more designed for sites where you have several Pi's, as they could be spread across different buildings or on separate floors. In this case the PC will sync all the Pi databases onto a single database on the PC giving you a single pane to view all Node data across the site.
Cloud Mode
Node Red on the Pi has a switch, when activated will then maintain the data in the same way as above, but also send and receive data packets via MQTT to a Node Red flow on a cloud server, that also has a MySQL database and web app that allows remote login to view and run reports for several sites that a customer has deployed. So giving a digital twin in the nodes, on the Pi DB and cloud DB.
This way the customer has the option to run the solution on site or via the cloud for remote access and control. There could be thousands of Nodes on a site being controlled by many Pi's, it is only the Pi's that communicate to the cloud via the MQTT if set to this mode, and the customer could have many sites in different locations.
It is a commercial service is the respect that we will be providing it to customers, but it is being used as a mechanism to sell physical product, we will not be looking to charge for access to the data or web services, but may want to charge for additional services at some point in the future.
The data is not sensitive, will contain data points such as temperature history across the site, how long lights have been turned on etc. BUT, the ability to change settings in the Nodes remotely has been built in, so via the web app you could send a message to a Pi that would change how long a light stays on after presence was detected, or turn all the lights off in a group or across the whole site.
This is where the vulnerability is, am sure a customer would not be too pleased if someone started turning their lights on and off for fun. We can recover from this, if you pull the power to the Pi's, reset the Nodes they will work with retained settings as a copy of the setup is kept on net, so can run effectively run headless, would just lose data logging to the cloud until service was restored.
At the moment Node Red, web app and database is sitting on the same cloud server (have set up an Azure pay as you go server to play with) but they could sit on separate ones.
I have been writing software for many many years, but has all been PC based like CAD software etc. have little to no web based security knowledge so learning as I go along on this part, but am not naĂŻve enough to think that we do this without professional help, will be seeking the services of a good penetration tester 