RDC MVP IoT Platform

Safety Monitoring Next Generation System
Proposed by Conifer Technologies LLC

Project Overview

A comprehensive IoT safety monitoring platform built with AWS IoT Core architecture

Project Philosophy

This project will be approached with an agile methodology emphasizing real demonstrable value rolled out in discrete steps. Practically this means that the project will have a two week sprint cycle with the deadline of each sprint being a demonstration of a core aspect of the project. The demonstration for the final sprint will be a walkthrough of the entire product demonstration.

Phase 0: Weeks 1-2

Architecture & Planning

  • Technology stack confirmation (database decision, etc.)
  • UI/UX Wireframe with Figma
  • Define performance and scalability considerations for each tenant
  • System architecture and data flow diagrams
  • Finalize database schema design
  • Define API endpoint specifications
  • Document Security approach (authentication, authorization, data encryption)
  • Define authentication provider (NextAuth, AWS Cognito, Oauth, etc.)
  • Define MQTT topic structure and message formats
  • Define and document device provisioning methodology
  • Deployment strategy and CI/CD pipeline design
  • Repo, AWS root account, billing, and access control setup
Deliverable: Client approval required before proceeding to Phase 1
Phase 1: Weeks 3-4

Infrastructure Foundation

  • CDK infrastructure setup & deployment automation (CI/CD)
  • IoT Core device data ingest configuration with message routing rules
  • Lambda functions for data processing & validation
  • DynamoDB and TimeStream database setup
  • Basic device simulator for 1 device type (dosimeter)
Deliverable: Demonstrate end-to-end data path from device to database
Phase 2: Weeks 5-6

User Management

  • User authentication
  • With MFA capability
  • Tenant (Customer Organization) profile and management
  • User session management system
  • User role-based access (3 permission levels)
  • Basic React dashboard to demonstrate device data
  • API Gateway configuration with REST endpoints for the dashboard
Deliverable: Demonstrate a functional dashboard showing devices and real-time data with functioning login and user management
Phase 3: Weeks 7-9

Device Management

  • Device registration, provisioning, & claim management
  • Customer isolation
  • MQTT topic finalization, routing, and testing
  • Device deployment
  • With loadout management (use case)
  • Device management
  • Create a single screen device provisioning and management tool for the RDC internal operations team to manage inventory, device assignment, and provisioning
Deliverable: Demonstrate device provisioning, customer data isolation, and device management
Phase 4: Weeks 10-11

Alerts and Event Management

  • Event lifecycle management (latency requirements, persistence, storage)
  • Alert management
  • User assignment
  • Threshold configuration
  • Alert deescalation
  • Alert history & auditing
  • SNS integration for email & SMS notifications
  • 100% test coverage for alerting code
Deliverable: Demonstrate a complete alert event and event management
Phase 5: Weeks 12-13

Frontend & Integration

  • Home page, login, layout
  • Customer device management page
  • Websocket implementation & Testing
  • Requires device mode change to enable web socket communication
  • Device monitoring page (real time)
  • Event management page
  • Event completion and documentation
  • Ensure Mobile-responsive design
  • Complete front end workflow integration
  • First time user sign up
  • Integrate alert management
  • Password reset
Deliverable: Demonstrate a production-ready user interface
Phase 6: Weeks 14-16

Testing, System Performance, & Delivery

  • Define high risk/volatility areas of the code and ensure clear boundaries. At a minimum automate test coverage for:
  • All access points (APIs)
  • Data pipeline
  • Alerts
  • MQTT service
  • Authentication
  • Enforce strict error boundaries on all code
  • Ensure no prop drilling, shared responsibility, or other opaque error boundaries
  • Generate comprehensive documentation (README, API docs, architecture)
  • Performance optimization and monitoring setup
  • Demo preparation and deployment guides
  • Document test coverage and boundaries
  • Incorporate automated testing into CI/CD deployment process
Deliverable: Complete system ready for production deployment

Project Timeline

16-week development plan with clear milestones and deliverables

Phase / Task Week 1 Week 2 Week 3 Week 4 Week 5 Week 6 Week 7 Week 8 Week 9 Week 10 Week 11 Week 12 Week 13 Week 14 Week 15 Week 16
Phase 0: Architecture & Planning (Weeks 1-2)
Technology stack confirmation & database decision
UI/UX Wireframe with Figma
System architecture & data flow diagrams
Database schema & API specifications
Security approach & authentication provider
🎯 Client Architecture Approval Required
M0
Phase 1: Infrastructure Foundation (Weeks 3-4)
CDK infrastructure setup & deployment automation
IoT Core data ingest with message routing
Lambda functions & database setup
Basic device simulator (dosimeter)
🎯 Demonstrate end-to-end data path from device to database
M1
Phase 2: User Management (Weeks 5-6)
User authentication with MFA capability
Tenant management & role-based access
Basic React dashboard & API Gateway
🎯 Functional dashboard with login & user management
M2
Phase 3: Device Management (Weeks 7-9)
Device registration & provisioning
Customer isolation & MQTT finalization
Device management & provisioning tool
🎯 Device provisioning, customer isolation & management
M3
Phase 4: Alerts & Event Management (Weeks 10-11)
Event lifecycle & alert management
SNS integration & 100% alert test coverage
🎯 Complete alert & event management
M4
Phase 5: Frontend & Integration (Weeks 12-13)
Complete UI design & WebSocket implementation
Real-time monitoring & event management pages
Mobile-responsive design & workflow integration
🎯 Production-ready user interface
M5
Phase 6: Testing, Performance & Delivery (Weeks 14-16)
Comprehensive test coverage & error boundaries
Documentation & performance optimization
CI/CD integration & deployment guides
🎯 Production Ready System
M6

Cost Analysis

Expected Development and Operational Costs

$93,150
Total Development Cost
Estimated ~$23,000/month
16-week timeline
$4,500
Estimated Ongoing Maintenance
Suggested 20 hours/month budget
Retainer + additional hours as needed
$20-400
Estimated Monthly AWS Costs
For <100 devices
Scales with usage

Proven Track Record

Conifer Technologies has successfully delivered IoT solutions for leading companies across multiple industries

Canary Air Quality

Lunar Outpost Partnership

Ryan Kelley served as Technical Program Manager overseeing the implementation of the AWS IoT Core Cloud Infrastructure as well as the production and deployment of IoT air quality monitors for space and commercial applications.

3,000+
Deployed Devices
1,000+
Units/Year
1-minute
Sample Frequency

Hazardous gas detection for space station and oil & gas industry. Monitors CH4, TVOCs, PM, Ammonia, and more with real-time cloud analytics.

AWS IoT Core Lambda DynamoDB Cellular IoT Real-time Analytics

CryoScout™ Monitoring

Boreas Monitoring - 2+ Year Partnership

Conifer Technologies partnered with Boreas Monitoring to implement a complete IoT solution for mission-critical cryogenic storage monitoring with gram-accurate liquid nitrogen measurements.

300+
Deployed Devices
1-month
Battery Life
24/7
Monitoring

Critical liquid nitrogen monitoring for cryogenic storage. Developed by fertility lab professionals to address flaws in temperature-based monitoring.

AWS IoT Device Management Alert Systems Mobile Apps Data Logging

VitalFlo Health

VP of Engineering and Product

Ryan Kelley served as VP of Engineering and Product at VitalFlo Health, leading the development of a mobile application, web dashboard, and backend services for a remote patient monitoring IoT platform.

500+
Deployed Devices
5,000+
Users
Acquired
2025

Critical real time patient monitoring for patients with Asthma, COPD, and other chronic conditions. VitalFlo enabled real time alerts from a number of connected medical devices, air quality monitors, and EHR systems.

Particle Cloud Cellular IoT WiFi Satellite Device Fleet Management

Secure Architecture

Silo Pattern Architecture with Shared Control Plane for optimal isolation and cost efficiency

AWS Multi-Tenancy Implementation

🌐 Shared Device Platform & Services (Deploy Once)

  • IoT Core Provisioning Template
  • Route 53 DNS Zone
  • ACM SSL Certificate
  • S3 Firmware Bucket
  • Config Templates
  • CloudWatch Logs
  • Parameter Store
  • IAM Roles

🏥 Hospital St. Mary's

  • API Gateway
  • WebSocket API
  • Lambda Functions
  • DynamoDB Tables
  • TimeStream DB
  • VPC Network
  • SQS/SNS
  • S3 Data Bucket

🏭 Chemical Plant

  • API Gateway
  • WebSocket API
  • Lambda Functions
  • DynamoDB Tables
  • TimeStream DB
  • VPC Network
  • SQS/SNS
  • S3 Data Bucket

🏢 General Hospital

  • API Gateway
  • WebSocket API
  • Lambda Functions
  • DynamoDB Tables
  • TimeStream DB
  • VPC Network
  • SQS/SNS
  • S3 Data Bucket

🔒 Security Architecture & Data Flow

🌐
Internet
Untrusted Network
Devices Only
Users Only
📡
AWS IoT Core
Device Path Only
AWS managed service, multitenant.
Devices and data segregated by
certificates, policies, and IAM roles.
🛡️
VPC Boundary
Private Network
Security Groups
Inside VPC - Private Network
🚪
API Gateway
User Path Only
User Authentication
Rate Limiting
WAF Protection
⚙️
Lambda Functions
IAM Roles
Least Privilege
Customer Isolation
💻
Web Application
React Dashboard
Real-time Monitoring
Mobile Responsive
🗄️
Database Layer
Encryption at Rest
Tenant Isolation
Access Controls

🔐 Security Layers:

Device Level:
  • X.509 Certificate Authentication
  • TLS 1.2+ Encryption
  • Device-specific IAM policies
Application Level:
  • Multi-factor Authentication
  • Role-based Access Control
  • API Rate Limiting
Network Level:
  • VPC Isolation
  • Security Groups
  • WAF Protection
Data Level:
  • Encryption at Rest & Transit
  • Customer Data Isolation
  • Audit Logging

Database Architecture: DynamoDB + TimeStream

Strategic Choice Justification:

  • Native JSON handling eliminates data transformation overhead
  • TimeStream purpose-built for IoT time-series data with automatic scaling
  • Serverless scaling matches global project architecture patterns
  • Better performance for IoT workloads than relational databases
  • Built-in encryption and customer isolation capabilities
  • Cost-effective scaling from prototype to production

Possible Technical Implementation

Detailed MQTT structure, API design, and database architecture

MQTT Topic Structure

{customer-id}/
radiation-badge/
{device-id}/
• telemetry
• alerts
• heartbeat
• commands
gas-detector/
{device-id}/
• telemetry
• alerts
• heartbeat
• commands
events/
{event-id}/
• participants
• telemetry
• status
Example Topics:
hospital-abc/radiation-badge/device-001/telemetry
hospital-abc/events/event-123/participants

Database Architecture

DynamoDB Tables (Per Customer)

  • devices-{customer-id}
  • users-{customer-id}
  • events-{customer-id}
  • alerts-{customer-id}
  • configurations-{customer-id}
  • sessions-{customer-id}

TimeStream Database

  • sensor-data-{customer-id}

API Endpoints

Device Management:
GET /api/devices
GET /api/devices/{id}
PUT /api/devices/{id}/config
User Management:
POST /api/auth/login
GET /api/users
POST /api/users
Monitoring & Data:
GET /api/devices/{device_id}/data
GET /api/user/devices
Alerts & Events:
GET /api/alerts
POST /api/events
POST /api/events/{id}/complete

Data Flow Process

  1. Device Connects: IoT Core Shared Endpoint
  2. Topic Routing: customer-id/* topics
  3. Process Data: Customer Lambda
  4. Store & Alert: Customer Database
  5. Real-time UI: Customer WebSocket

Risk Assessment & Mitigation

Identified risks and our strategies to address them proactively

Technical Risks

Real-time Performance Requirements

1-second latency requirement for live monitoring

Mitigation: Optimize Lambda functions, use provisioned concurrency for critical paths

WebSocket Connection Reliability

Device interaction for real-time mode

Mitigation: Implement connection retry logic, graceful degradation

Timeline Risks

Hardware Team Integration

Coordination with device development

Mitigation: Weekly checkins, demo after every sprint

Design Scope Creep

UI complexity expansion

Mitigation: Push UI completion and revision to the end of the project

Integration Risks

Device Simulator Realism

Accurate testing environment

Mitigation: Research actual sensor patterns, include realistic variability

Customer Onboarding Process

Deployment automation requirements

Mitigation: Define onboarding workflow early in Phase 0

Ready to Start Your IoT Platform?

Let's discuss how our proven AWS cloud architecture and IoT expertise can accelerate your project from prototype to production.

Start Your Project