How EMnify contributes to AWS Certification development

25.08.2021
guide-image

As EMnify operates all its systems on AWS, many of our colleagues hold one or more AWS certifications. Becoming certified not only proves a certain level of knowledge, but also helps the individual to focus their learnings on our cloud platform of choice – as there is a lot to learn when it comes to AWS.

Diagram Description automatically generated

Last autumn I was about to take the last certification on Pro/Specialty level that I hadn't done so far – the Machine Learning Specialty.

Being happy about what achieved; I was about to hunt for the next challenge – until I received an e-mail from the AWS certification team. There was this little checkbox that (I assume) many of us have ticked: Apply to join our Subject Matter Expert (SME) Program  an opportunity that I already received after passing my very first certification. Back then, I did not expect to hear from AWS, and I didn’t for more than two years (I was told that there is no official waiting time involved to become an SME, so this might be a lot quicker for you).

In this email, I was invited to apply to become an SME. Just a few hours after entering details about myself and explaining why I thought I would be a good SME for the Advanced Networking Specialty, I already received positive feedback. With that came the invitation to the first activity…

My first Item Development Workshop 

What people commonly call a question is called an item in certification terminology. Consequently, item development means creation and review of new questions for the certification exams.

In non-Corona times, we would have met for three days in the AWS Dublin office. Due to Corona, the workshop took place remotely with around a dozen participants – two-thirds from AWS and the rest external.

As one would expect, this all sounds easier than it is. And I can tell you: it was a lot harder than I imagined. For a Specialty level question, just asking what an AWS feature means is nowhere near enough. So, I ended up spending hours designing overly complex architectures (based on what we might have ended up with in our company – maybe), only to realize that nobody would ever understand the scenario.

In the peer-review part of the workshop, it quickly became apparent just how common overly ambiguous questions are. Almost every question circled back at least once to the author with suggestions for improvement. Only after comprehensive review by the group did an item start its journey through additional AWS-internal stages and finally into the exam.

Before you think that this was simple: keep in mind that every new question first enters an evaluation phase, during which it is not counted to the exam taker’s result. During this phase, statistical data is collected, and only when the question performs well does it end up counted in real exams. I was also told that the comments which one can give during the exam are all being read and considered in deciding for or against a question (while I must admit that I myself gave such feedback only during a beta exam a while ago).

After that workshop, three of my questions made it into an exam. Phew… one per day? I am sure I can become more effective in later workshops.

Job Task Analysis Workshops

After the interesting opportunity to contribute items, I was invited to a workshop entitled Job Task Analysis (JTA). As you can see in the following diagram, the JTA is where the whole exam development process starts - and interesting things are happening! This has been done so far only once when the Advanced Networking Specialty certification was created. Now, a little over three years later, everything must be re-evaluated to define how the certification will look during the next three years.

I was honored to be invited as a panelist to the JTA committee, again consisting of around a dozen AWS solution architects, Technical Field Experts and more - and just three external experts.

The JTA workshops were again held remotely over the course of a few weeks in March 2021, in total around 40 hours. And we really started with the fundamentals, including: Is the title ‘Advanced Networking’ still the right one, or should we give it a different one? 

For much of the workshop, we were discussing what typical job titles and responsibilities of the people in scope for the certification are and even more, what typical tasks they perform during work. What knowledge and what skills does the so-called Minimally Qualified Candidate (MQC) have - the person who is expected to just pass the certification. 

One artifact created after those hours and hours of group work and discussion include an updated version of the current Exam Guide, which outlines to exam takers what they are expected to know. In the new version created by us, this will also include the knowledge, skills, and abilities that we determined to demonstrate exam takers’ competency.

What was particularly interesting to me were the different views that people brought into the discussions. While we are cloud-natives and networking on AWS for me never involves connecting office networks or whole data centers to our VPCs, I understand that this is a frequent requirement for many AWS customers, with which Solution Architects are frequently confronted. Nevertheless, I felt the need to position myself (maybe a bit more than really needed) on the other extreme: less Direct Connect, more container networking, from ECS to EKS as well as cross-account connectivity. This is where I typically see challenges at EMnify.

On the less networking-technical side, it was an interesting experience to observe, how a certification is built. The entire process is facilitated by Nadine McBride, PhD, a Psychometrician. With her background and expertise, she very well explained to us networkers, what we do, what we should avoid etc. Overall, a very much data-driven approach to take decisions.

Fast forward a few weeks, all holders of the certification (which did not opt out from AWS communication) received an email with an invitation to the “Blueprint survey.” This survey was aimed at gathering their feedback on the content outline with the expected knowledge and skills that we created. Further, the feedback (aka. data) of survey participants helped to define the weight of different domains and thus the number of questions on design, operations, security, etc.

After having received feedback through hundreds of responses, we had two follow-up sessions to adjust and finally confirm our agreement with the created content outline.

What’s next?

First, existing questions must be evaluated regarding their fit for the new exam guide. Multiple Item Writing Workshops will take place to also create new questions. Finally, a new beta version of the networking specialty certification will be announced on the AWS Certifications page in a couple of months from now.

For myself, before my next workshop , I have it on my plate to renew my own Advanced Networking certification in September. Statistically, it is very unlikely that I would have to answer one of my own questions. Luckily, my peers have ensured that if this does happen, I will be able to understand my own words.

Final Words 

In case you want to learn more about what it means to be an SME for AWS certification, you can find some information as well as the training material online.

I want to thank EMnify for giving me this opportunity to contribute to AWS certifications.

I want to thank Nadine McBride, PhD, and Tim Barnosky from the AWS Certification team for their feedback on this blog post.
Image of Christian Henke

Christian Henke

If you want to understand how emnify customers are using the platform Christian has the insights. With a clear vision to build the most reliable and secure cellular network that can be controlled by IoT businesses Christian is leading the emnify product network team.

Related Posts

Image for post LwM2M vs MQTT: Which one is the best for IoT Solutions?

LwM2M vs MQTT: Which one is the best for IoT Solutions?

13.12.2021 –

While building IoT solutions, keeping the footprint small is of utmost importance. This requirement influences all design aspects of IoT solutions, including communication. Transferring data from your IoT devices to your application servers efficiently is important, but at the same time, you also need to have a lightweight way of doing so. In this post, I will compare MQTT and LwM2M communication protocols for IoT solutions. What are Communication Protocols? Simply put, communication protocols are rules that define how two connected systems communicate with each other. These protocols cover everything from authentication, signalling, security, data transfer, flow control to error detection and handling. The Internet of Things drives innovation in these protocols to make them more efficient and secure among other things. What is MQTT? MQTT stands for MQ Telemetry Transport where the MQ part comes from an IBM product called the MQ Series. MQTT is a protocol that was specifically built for M2M and IoT message transfer by Andy Stanford-Clark (IBM) and Arlen Nipper (Arcom). The protocol helps transfer messages using the publish and subscribe model which enables it to send messages to one or multiple subscribers. What is LwM2M? LwM2M stands for Light Weight M2M. It is a protocol designed by OMA SpecWork’s for device management but is also suitable for data transfer with the objective of attaining reduced power and data consumption. It is built on top of CoAP (Constrained Application Protocol) which increases its bandwidth efficiency. LwM2M has a transport agnostic design which by default uses UDP, but also supports TCP and SMS. Architecture MQTT As mentioned, MQTT has a publisher and subscriber model. There is no direct connection between the sender of the message and the receiver. There are 2 basic components in this architecture. Client Broker Clients can publish messages on topics to the broker. The broker then dispatches these messages to any clients that subscribe to that topic. Thus the broker decouples the publisher and the subscriber. MQTT brokers do not normally store messages, but do offer buffering of messages in some cases. MQTT uses TCP/IP to connect to the broker. The broker authenticates and authorizes the clients and maintains the session data of all active clients. The broker is responsible for receiving all messages, filtering the messages, determining who is subscribed to each message, and sending the message to these subscribed clients. LwM2M In an attempt to standardize device management and telemetry, LwM2M supports device management functions, in addition to data reporting (as MQTT does). Bootstrapping Device Configuration Firmware Update Fault Management Configuration & Control Reporting For all the above functions there are procedures defined, e.g. how the device registers at the server, or how the server initiates a client diagnosis. The common structure under all the above functions is a client - server model. The client initiates the connection with the server. The server then uses REST APIs to perform either of the above functions. Implementation MQTT An MQTT client can be any device that runs the MQTT library and connects to the MQTT broker and can have a very small footprint depending on the library used. An MQTT client usually sends data to the server, such as telemetry data. It contains scripts to publish messages to a topic. There are several MQTT client libraries available depending on your preferred programming language. An MQTT broker is the heart of this protocol and can handle millions of MQTT clients depending on the implementation. An MQTT broker needs to be highly scalable, integrated into your backend systems, and failure-resistant. The broker needs to receive, filter and forward all messages to the clients that subscribe to them. As mentioned earlier, it needs to maintain the data-sessions of all the clients connected to it. There are several implementations of the MQTT broker available as open-source or paid. LwM2M Depending on the function that you are using it for, there can be several implementations of the LwM2M client and server. The LwM2M client initiates a connection with the server. LwM2M uses a simple resource model with the core set of objects and resources defined in the specification. As an example, the device here is an object, with id 3 and the device has resources like firmware version, serial number, etc. which have a fix resource id. So to get information about a particular resource of the object device, the server can send a call like READ 3/3/0. The LwM2M client implementation contains code to initiate the connection with the server with credentials, sending the necessary data requested by the server, callback functions for LwM2M resource executions and send error events. It can also contain other functions depending on the use-case. The LwM2M server on the other hand needs to authenticate LwM2M clients, send correct requests using the REST API and process the requested information. There are several open-source as well as paid implementations available for the LwM2M client as well as server. LwM2M also has a Developer Toolkit which can be used to implement your own versions. Security MQTT MQTT supports various authentications and data security mechanisms. These mechanisms are configured on the broker and the client needs to comply with these mechanisms. MQTT uses TCP/IP and you can also leverage Transport Layer Security (TLS) to use secure the connection. LwM2M LwM2M also supports authentication and data transport security mechanisms. LwM2M uses CoAP which usually uses UDP as the transport protocol. When using UDP, LwM2M supports DTLS. CoAP also supports TCP and TLS accordingly. Use Cases MQTT MQTT is used for sending payload for low-power and constrained applications, thus making it a favorite choice for many IoT applications. MQTT brokers are a big component of Cloud based IoT solutions. Logistics - for connectivity and real-time monitoring of vehicles Manufacturing - For monitoring of manufacturing plants Smart Home - For energy monitoring, home security, home patient monitoring Oil and Gas - The use-case it was first built for, to monitor the oil pipelines Consumer products - Like smart appliances Urban Mobility - For city transportation systems, car sharing etc. LwM2M While LwM2M also supports sending telemetry data, it was built to standardize device management and provisioning, thus making it ideal for the 6 functions that it defines in its implementation. Bootstrapping - Enables headless device management, thus enabling shipping the devices without configuring them in the factory. Device Configuration - Enables device life cycle functionalities like enable, disable and update. Firmware Update - Enables FOTA/ SOTA for devices. Fault Management - Enables monitoring of statuses like battery level, memory, sw/hw version etc. Configuration & Control - Enables setting of APN and other functionalities for cellular connectivity, as well as activating, rebooting and disabling the device. Reporting - Enables error reporting from the devices Conclusion While deciding the right protocol for sending essential data from your connected devices to your application, the question is not whether you use MQTT or LwM2M. From the above description, you can see that both protocols were designed for different and specific purposes. So if your application needs a higher payload of data to be sent, you might choose MQTT and will have to implement functionalities like device provisioning, OTA on top of it. On the other hand, if the application needs to monitor critical statuses on the device, as well as needs the convenience of lightweight device management, you might want to choose LwM2M. Platforms like AWS IoT, Azure IoT Hub have an inbuilt version of the MQTT broker which you can use to send payload through your device. You then only have to configure the MQTT client on the device. The device management in AWS IoT and Azure IoT hub is then done through device shadow and device twins respectively. If you are hosting and managing your own cloud applications, you can use LwM2M for device management and build your own MQTT broker for messaging. There can also be use-cases where you might need to use a combination of both. In any case, it is important to understand that MQTT and LwM2M protocols are not replacements of one another but built for distinct use-cases. Stay glued to this space to see a comparison between MQTT and CoAP next. And if you wish to know more about protocols and IoT check out our Comprehensive Guide to IoT Protocols. Until then, Stay Connected!
Image for post DNS Filtering with EMnify Cloud Connect and AWS Route53

DNS Filtering with EMnify Cloud Connect and AWS Route53

20.08.2021 –

IoT devices come in various shapes and sizes. And with that, security can vary from device to device depending on the platform, components, OS, firmware and application. In this post, I will use a mobile phone (Android/ iOS) as a payment terminal and outline how you can use DNS filtering to restrict internet access on all such devices in a centralized way.
Image for post 5 ways to detect connection errors and how to resolve them

5 ways to detect connection errors and how to resolve them

30.09.2021 –

Cellular communication is the most stable wide-area wireless technology available today. The technology uses reserved frequency bands and commercial, well-maintained infrastructure. Having said that, there are several scenarios where your devices can experience connectivity issues. For example: