Overview
free

Course Setup and the Incremental Ladder
Why Sensors to Cities
How to Use This Course
The Incremental Ladder (Step 0 to Step 6)
The Course Lenses
Diagram Legend and Notation Types

What Is IoT and Smart Infrastructure?
From "Device with Wi-Fi" to Infrastructure
Consumer vs Industrial vs Smart City
Systems-of-Systems Thinking

Sensing, Actuation, and Feedback Loops
Measure-Decide-Act: the Minimal Control Loop
Physical to Digital: signals, samples, and events
Open-Loop vs Closed-Loop Control

Constraints in IoT Systems
Power, Bandwidth, Compute, Cost: Constraints as Architecture Inputs
Harsh Environments: When the World Is Part of the System
Longevity and Obsolescence: Designing for 10+ Years of Change

Reference Layers in IoT Architecture
Layered Model: Device, Connectivity, Edge/Gateway, Cloud Platform, Application
Control Planes vs Data Planes: Separating Configuration/Identity from Telemetry/Commands
Responsibilities and SLIs: Where You Measure Health and Who Owns Which Boundary

Diagramming IoT and Smart City Systems
Device Stack Diagrams: MCU, Sensors, Radios, Power, and Firmware Boundaries
Edge-Gateway-Cloud Topologies: Making Data and Control Paths Explicit
City-Scale Maps and Overlays: Domains, Zones, Tenants, and Failure Domains

Step 0 Sensors: Types and Characteristics
Sensor Families: Environmental, Motion, Position, Meters, and What Each Implies About Sampling and Trust
Range, Resolution, Accuracy, Drift: How Sensors Fail and How You Detect Quiet Degradation
Noise and Sampling Strategy: When Measurement Becomes a Data-Quality Problem at the Source

Step 0 Actuators and Mechanisms
Actuator Types: Relays, Motors, Valves, Lighting, Locks as "Outputs with Consequences"
Power Budgets and Duty Cycles: Thermal and Electrical Constraints as System Limits
Fail-Safe Positions and Mechanics: Designing Safe Behavior When Control Is Lost

Step 0 Low-Power Embedded Devices
MCU vs MPU vs SoC: Capability Envelopes and What They Buy You in Software Structure
Sleep/Wake and Duty Cycling: Energy as the Primary Scheduling Constraint
Local Storage and Memory Limits: Buffering, Loss, and Explainability

Step 0 Local Buses and Short-Range Links
I2C, SPI, UART, and GPIO Concepts as a Local Reliability Boundary
Polling and Bus Topologies as Failure Propagation Design
First Integration Failure Modes as Systems Bugs

Step 0 Connectivity Protocols: First Look
Wi-Fi, BLE, LPWAN-ish, Cellular, and Ethernet - Choosing Transport by Constraint
Range, Bandwidth, Power, and Cost Trade Space
Matching Connectivity to Use Case - Telemetry-Only vs Command-and-Control

Step 0 Single Device, Single Link Architectures
The Minimal "Thing" - Sensor + Controller + Link + Simple Backend
First Telemetry Loop - Sense -> Send -> Log, and What "Loss" Means
Why This Breaks at Scale - The Missing Concerns That Force Step 1 and Beyond

Step 1 Device Identity and Addressing
Hardware Identifiers - Serials, MACs, and Why They Are Not Enough on Their Own
Logical IDs and Namespaces - Stable Identities Across Networks, Vendors, and Replacements
Identity vs Addressing - Separating Who a Device Is from Where It Currently Is

Step 1 Provisioning and Onboarding
Manufacturing vs Field Provisioning - Different Trust Assumptions and Different Workflows
Keys, Certs, Secure Elements (Conceptual) - Bootstrapping Secure Comms Without Leaking Secrets
Commissioning UX - Installer Tools, QR Flows, and How Operational Mistakes Become Security Incidents

Step 1 Lifecycle States and Transitions
Fleet State Machines - Staging, Active, Suspended, and Decommissioned as Explicit System Reality
Faulted and Quarantined Modes - Containment as a First-Class Design Goal
Maintenance States - Designing Transitions That Do Not Strand Devices or Data

Step 1 Device Registry and Digital Twins (Conceptual)
Registry as System of Record - Why "Inventory" Is a Core Platform Service
Digital Twin Basics - Configuration, Status, and Telemetry as a Unified Representation
Assets vs Devices vs Locations - Modeling the World You Operate, Not Just the Hardware You Ship

Step 1 Configuration and Policy Management
Per-Device vs Group Policy - Scaling Intent Without Losing Exceptions and Overrides
Rollouts and Safety - Staged Configuration Changes and Blast-Radius Control
Misconfiguration Recovery - Detecting, Rolling Back, and Preventing Repeats

Step 1 Inventory, Ownership, and Metadata
Ownership and Zones - Mapping Devices to Customers, Districts, and Agencies
Metadata and Tagging - Capabilities, Firmware Versions, and Status as Queryable Control Surfaces
Governance of Visibility and Control - Who Can See and Operate What, and Why It Must Be Auditable

Step 2 Edge, Gateway, and Cloud Roles
Responsibility Boundaries - Device vs Gateway vs Cloud Services, and What Each Must Remain Correct Under Failure
Thin vs Smart Devices - Capability Distribution as a Lifecycle and Security Decision
Gateways as Translators - Aggregation, Buffering, and Protocol Translation as System Stabilizers

Step 2 Partitioning Logic: What Runs Where
Filtering and Aggregation at the Edge - Reducing Bandwidth and Improving Resilience with Local Decisions
Local vs Cloud Control - Latency and Reliability Requirements that Force Control Placement
Cost and Operability - Where Complexity Lives and Who Must Debug It at 3 a.m.

Step 2 Handling Intermittent Connectivity
Store-and-Forward - Buffering Semantics and Durability Expectations
Degraded Modes - What a Device or Gateway Does When It Cannot Reach the Cloud
Reconciliation After Reconnect - Deduplication, Ordering, and Eventual Truth for Telemetry and Commands

Step 2 Edge Application Models
Gateway App Models Conceptually - Containers or Processes as Deployable Edge Workloads
Secure Deployment and Updates - Pushing Code to the Edge Without Creating a New Attack Surface
Sandboxing and Resource Limits - Preventing One Workload from Destabilizing the Whole Site

Step 2 Cloud Services for IoT
Core Platform Services - Messaging, Registry, and Device Management Roles (Conceptual)
Processing and Analytics Stack - Turning Device Data into Usable System Outputs
Enterprise Integration Boundaries - APIs and Interoperability with Systems of Record

Step 2 Edge–Cloud Architecture Patterns
Canonical Telemetry Path - Sensor -> Gateway -> Event Hub -> Processing -> Storage
Local Clusters with Shared Gateways - Site-Level Isolation and Failure Containment
Multi-Tier Edge Hierarchies - Field -> Regional -> Cloud Patterns for Geography and Resilience

Step 3 Ingestion Pipelines for IoT Data
Protocol Families Conceptually - MQTT-ish, HTTP-ish, Streaming Ingestion and Their Semantics
Ingestion Endpoints and Gateways - Control Load and Validate Early
Backpressure and Admission Control - When "Accept Everything" Triggers City-Scale Outages

Step 3 Data Models for Telemetry and Events
Metrics vs Events vs Logs from Devices - Choosing Representations That Fit Queries and Decisions
Common Schema Skeleton - Timestamp, Device ID, Measurements, Tags as Stable Minimalism
Heterogeneous Devices - Schemas That Tolerate Missing Sensors and Evolving Capabilities

Step 3 Normalization and Enrichment
Unit Normalization and Calibration - Turning Raw Readings into Comparable Signals
Context Enrichment - Location, Asset, Topology, and Why "Where" Is Often the Primary Index
Validation and Filtering - Rejecting Bad Data Without Masking Real Incidents

Step 3 Storage for IoT and Smart Infrastructure
Storage Families Conceptually - Time-Series, Lakes, Operational DBs, and How Workloads Differ
Hot vs Cold Data - Retention, Aggregation, and Cost Boundaries
Indexing by Time, Device, and Geography - Designing for the Queries Operations Teams Actually Run

Step 3 Streaming and Batch for IoT
Real-Time Monitoring vs Batch Analytics - Freshness Versus Completeness as a Trade-Off
Streaming Pipelines Integration - Connecting to Broader Event and Stream Architectures
Reprocessing and Backfills - Changing Logic Without Losing Auditability of Past Outputs

Step 3 Data Access Patterns and APIs
Dashboards and Apps - Serving Humans and Systems With Different Latency and Correctness Needs
Query Dimensions - Location, Asset, Time Range, and Event Type as Core Access Keys
Multi-Tenant Data Access Control - Enforcing Visibility Boundaries Without Fragmenting the Platform

Step 4 Downlink Command Channels
Reliable vs Best-Effort Commands - Choosing Semantics That Match Actuator Consequences
Queues, ACKs, Retries - Delivery Mechanics and the New Failure Modes They Introduce
Idempotency and Sequencing - Preventing Duplicate Actions and Conflicting Commands

Step 4 Configuration, Firmware, and Policy Updates
OTA Update Patterns Conceptually - The Architecture of Changing Devices in the Field
Canary and Rollback - Minimizing Blast Radius Across Thousands of Devices
Update Safety Constraints - Power Loss, Intermittent Links, and Bricking Prevention

Step 4 Rules Engines and Automation Workflows
ECA Rules - Event-Condition-Action as a Compositional Automation Primitive
Schedules and Calendar Behaviors - Time as a Policy Input and a Source of Surprises
Cross-System Workflows - Coordinating Devices, Data, and External Services Without Runaway Loops

Step 4 Closed-Loop Control in IoT
Sensor Feedback to Actuation - Closing the Loop and Naming Control Boundaries
Latency and Jitter - When Network Variability Breaks Control Stability
Keeping Control Local - Deciding When Loops Must Stay On-Device or at the Edge

Step 4 Human-in-the-Loop Operations
Operator Overrides - Designing Safe Manual Control and Reconciliation with Automation
Alerts and Escalation - Turning Telemetry into Accountable Action
SCADA/BMS-like Integration Concepts - Interfacing with Existing Operational Systems and Practices

Step 4 Orchestrating Fleets and Zones
Policy by Group - Buildings, Districts, and Domains as Orchestration Units
Coordinated Behaviors - Demand Response and Other Multi-Device Programs as Distributed Control Problems
Priority and Conflict Resolution - What Happens When Rules Disagree and Humans Intervene

Step 5 Threat Models for IoT and Smart Cities
Device, Network, and Cloud Threats - Mapping Attack Paths Across Layers
Safety vs Security vs Privacy - Different Harms, Different Mitigations, Shared Boundaries
Impact Analysis - What "Outage" Means When Systems Affect Public Services

Step 5 Device and Firmware Security
Secure Boot Conceptually - Establishing Trust from Power-On to Runtime
Hardening and Minimizing Attack Surface - Making Compromise Harder and Less Valuable
Signed Updates - Preserving Integrity Across Long-Lived Devices and Changing Toolchains

Step 5 Network and Cloud Security for IoT
Mutual Authentication - Establishing Device-Gateway-Cloud Trust Without Shared Fantasy
Segmentation - OT vs IT Boundaries and the Real Problem of Lateral Movement
Zero-Trust-Inspired Patterns - Identity-Based Policy Enforcement for Device Traffic

Step 5 Safety and Fail-Safe Design
Safe States - Actuator Behavior Under Loss of Control, Corruption, or Uncertainty
Redundancy and Fallback - Designing for Partial Functionality Rather Than Total Collapse
Degradation Strategy - Graceful Degradation as a Platform Promise with Measurable Outcomes

Step 5 Monitoring, Alarming, and Incident Response
Security Monitoring for IoT - Detecting Anomalies Across Fleets and Zones
Containment Actions - Isolate Devices, Block Commands, Freeze Automation, and Communicate Impact
Post-Incident Remediation - Fleet-Wide Fixes, Policy Changes, and Preventing Recurrence

Step 5 Governance, Compliance, and Civic Responsibility
Data Privacy and Retention - Policies That Survive Vendor Change and Organizational Turnover
Public Trust and Transparency - Accountability as an Operational Requirement
Interoperability and Standards - Avoiding Lock-In and Enabling Multi-Vendor Ecosystems

Step 6 City-Scale Reference Domains
Mobility and Traffic - Sensing and Actuation Under Safety and Latency Constraints
Energy and Utilities - Reliability, Metering Integrity, and Cross-Domain Coordination
Environment and Public Safety - Monitoring, Alerts, and the Boundary Between Observation and Intervention

Step 6 Smart City Platforms and Data Hubs
Central vs Domain Platforms - Governance Trade-offs Between Uniformity and Specialization
APIs for Civic Apps and Partners - Designing Data Access Without Losing Privacy and Control
Cross-Agency Data Sharing - Boundaries, Contracts, and Operational Coordination

Step 6 Multi-Stakeholder Governance and Ownership
Stakeholder Map - City, Utilities, Operators, Vendors, Citizens as Competing Objectives
Responsibility Boundaries - Who Owns Outages, Data Quality, and Safety Outcomes
SLAs, Contracts, Accountability - Treating Governance as Part of System Architecture

Step 6 Operations, Maintenance, and Field Workflows
Work Orders and Truck Rolls - Field Operations as the Real Last Mile of Reliability
Asset and Lifecycle Management at Scale - Replacements, Upgrades, and Decommissioning as Routine
Predictive Maintenance Inputs - Using Telemetry to Schedule Work Without Over-Trusting Models

Step 6 Scaling from Pilot to City-Wide
Pilot vs Production - What Changes When the System Becomes Critical
Rollouts by District and Domain - Controlling Blast Radius and Learning Rate Simultaneously
Brownfield Integration - Coexistence with Legacy Systems and Partial Modernization

Step 6 Resilience, Disaster Scenarios, and Continuity
Designing for Outages: power loss, network loss, and degraded operations as expected states
Local autonomy vs central coordination: emergency postures and control placement
Testing and drills: validating resilience as an operational discipline, not a document

Step 6 Case-Style Reference Architectures
Smart Building Campus - Site Gateways, Automation, and Tenancy Boundaries
Traffic Corridor and Mobility Hub - Latency, Safety, and Operational Monitoring Patterns
Smart Grid Neighborhood - Reliability, Security, and Multi-Stakeholder Control Surfaces

IoT Architecture Patterns
Telemetry-Only vs Command-and-Control vs Control-Loop Systems: escalating responsibility and risk
Device-Gateway-Cloud vs Direct-to-Cloud: topology choices and failure containment
Narrowband Low-Power vs High-Bandwidth Systems: designing for constraints versus designing for richness

Operational and Organizational Patterns
Team Models: platform vs domain teams vs vendor partnerships and how boundaries affect reliability
Funding and Business Models: incentives that shape platform longevity and maintenance
Platform as Product for Civic Tech: roadmaps, onboarding, and measurable value delivery

Design Checklists for IoT and Smart Infrastructure
Device and Hardware Checklist: sensing, actuation, power, and field constraints
Connectivity, Edge, Cloud Checklist: identity, buffering, partitioning, and operability
Data, Automation, Safety, Governance Checklist: making outcomes safe, auditable, and sustainable

/sensors-to-cities/sensors-to-cities

Local autonomy vs central coordination: emergency postures and control placement

Sign in to access this lesson.

Sign in Create account