IoT Architecture Patterns
What IoT Architecture Patterns Are and Why They Matter
IoT systems face a set of challenges that differ substantially from conventional web or enterprise software. Devices are physically distributed, often running on constrained hardware, connected over unreliable networks, and generating continuous streams of data. A factory floor might have thousands of sensors producing readings every second. A smart grid might span millions of metered endpoints across a continent. A vehicle fleet might need sub-millisecond decisions that cannot tolerate a round-trip to the cloud.
These pressures have produced a recognizable set of architectural patterns that address where computation happens, how devices communicate with cloud systems, how data flows at scale, and how systems remain functional when connectivity is intermittent. Understanding these patterns is not about finding a single correct design. Different combinations of patterns suit different scales, latency requirements, and operational contexts. Knowing when to apply each pattern and what tradeoffs it introduces is the practical skill that separates workable IoT systems from ones that collapse under real-world conditions.
Edge Computing Patterns
Edge computing is the practice of moving computation closer to where data is generated rather than sending everything to a central cloud. For IoT systems, this usually means processing data on or very near the device itself, before it travels over the network.
Local Filtering and Aggregation
The most common edge computing pattern is filtering and aggregating raw data before transmission. A vibration sensor on a motor might sample at 10,000 readings per second. Sending all those raw readings to the cloud is rarely necessary and often impractical. What matters is whether the vibration profile indicates normal operation, developing wear, or imminent failure.
Local filtering discards readings that fall within normal bounds, keeping only anomalies or values that cross defined thresholds. Aggregation computes summaries such as averages, maximums, or standard deviations over a time window and transmits the summary rather than the individual readings. The result is a dramatic reduction in network bandwidth consumption and cloud ingestion costs, often by several orders of magnitude, with minimal loss of analytical value.
This pattern works well when the raw data has high redundancy (many consecutive readings are nearly identical), when anomalies are rare and easily characterizable, and when downstream systems care about trends rather than individual samples. It works less well when the raw signal itself carries diagnostic information that summaries would destroy, such as acoustic waveforms used for fault detection.
Store and Forward
Connectivity in real IoT deployments is rarely guaranteed. A truck passing through a tunnel, a ship at sea, a sensor in a remote location with intermittent cellular coverage, or a factory network experiencing a maintenance window are all situations where the path to the cloud is temporarily unavailable.
The store and forward pattern addresses this by buffering data locally in persistent storage when connectivity is absent and transmitting it when the connection resumes. The device or edge gateway maintains a local queue, typically written to disk or flash storage rather than volatile memory, so data survives restarts. When connectivity returns, the buffer drains in order, preserving the chronological record of what happened.
The tricky design decisions in store and forward involve what to do when the local buffer fills before connectivity returns. Options include dropping the oldest data (prioritizing recency), dropping the newest data (preserving historical continuity), compressing stored data more aggressively, or alerting that the buffer is approaching capacity. Each choice reflects a different priority about what the data is for. A billing system needs every reading; an environmental monitoring system might tolerate losing some detail in exchange for recency.
Store and forward also requires that downstream systems handle out-of-order and delayed data gracefully, since a large backlog arriving after reconnection will have timestamps significantly in the past relative to the current moment.
Local Decision Making
Some decisions in IoT systems cannot wait for a round-trip to the cloud. A safety interlock on industrial machinery might need to cut power within milliseconds of detecting a dangerous condition. An autonomous vehicle needs to react to obstacles faster than any network can respond. A smart thermostat should still maintain temperature even when its internet connection drops.
Local decision making means embedding the logic that governs time-critical or connectivity-independent actions directly on the device or edge gateway. The device acts on its own sensor readings without consulting a remote system for each decision. The cloud might still receive telemetry and update the rules or thresholds that govern local decisions, but the execution of those decisions is entirely local.
This pattern introduces a governance challenge: how do you update the decision logic deployed across thousands of edge devices, and how do you ensure all devices are running consistent versions? Device management platforms handle firmware updates, configuration pushes, and version tracking. The operational complexity of managing distributed logic at scale should be factored into any design that relies heavily on local decision making.
Fog Computing
Fog computing occupies the middle layer of the IoT topology, sitting between the constrained sensors and actuators at the edge and the full-scale compute resources in the cloud. The term describes near-edge infrastructure with meaningful compute capacity, such as industrial gateways, ruggedized on-premises servers, micro data centers at telecom base stations, or edge nodes within a campus network.
The Fog Layer’s Role
Where a typical edge device might be a microcontroller with kilobytes of RAM and a simple real-time operating system, a fog node might run Linux, have gigabytes of memory, and support containerized workloads. This gives fog nodes the ability to run more sophisticated analytics, act as local brokers or orchestrators for groups of devices, and serve as aggregation points before data travels to the cloud.
A manufacturing plant is a good illustration. Sensors on individual machines are genuine edge devices with minimal compute. A server rack in the plant’s electrical room can run local analytics, store hours of historical data for immediate queries, coordinate between machines in the same production line, and batch data for cloud upload rather than streaming everything. That server rack is the fog layer.
Fog computing is appropriate when latency requirements are tighter than the cloud can meet but looser than pure on-device processing, when the volume of raw data makes cloud transmission expensive or impractical without local preprocessing, when local analytics need more compute than edge devices can provide, or when regulatory requirements mandate that certain data not leave a physical facility.
Fog vs Edge vs Cloud
The choice between pure edge, fog, and cloud for a given function is a spectrum, not a binary decision.
| Consideration | Edge Device | Fog Node | Cloud |
|---|---|---|---|
| Compute capacity | Very limited | Moderate to substantial | Unlimited (managed by provider) |
| Latency to decision | Sub-millisecond | Low milliseconds | Tens to hundreds of milliseconds |
| Data locality | Fully local | Local to site or region | Centralized |
| Operational complexity | Simple firmware | Moderate (local infra) | Managed by provider |
| Cost of data transmission | Near zero (no network hop) | Low (local network) | Bandwidth and ingestion costs |
| Long-term data retention | Minimal | Hours to days | Unlimited |
Most real systems use all three layers. Safety-critical decisions happen on the device. Local analytics and coordination happen in the fog. Historical analysis, machine learning model training, fleet management, and reporting happen in the cloud.
Device-Cloud Communication Patterns
The four primary patterns for how devices and cloud systems exchange information each solve a different problem and suit a different kind of interaction.
Telemetry Ingestion
Telemetry is the flow of sensor data from devices to the cloud. Devices produce readings such as temperature, pressure, location, or power consumption, and push those readings to an ingestion endpoint at some interval or whenever the value changes beyond a defined threshold.
Cloud-side, telemetry ingestion pipelines are designed to handle massive concurrency. Thousands or millions of devices all pushing data simultaneously requires horizontal scalability at the ingestion layer, typically implemented as message brokers or event streaming platforms that can accept, buffer, and route messages independently of downstream processing speed.
The key design decisions in telemetry ingestion are the protocol (MQTT is common for constrained devices, AMQP for higher-throughput scenarios, HTTPS for simplicity), the message format (whether to use structured schemas or flexible JSON), and the delivery guarantee (at-most-once, at-least-once, or exactly-once semantics). Most IoT telemetry uses at-least-once delivery because some duplicate readings are tolerable, while message loss could mean missing an anomaly.
Command and Control
Where telemetry flows from device to cloud, command and control flows in the opposite direction. The cloud sends instructions to devices: start a motor, update a configuration value, trigger a firmware download, change a setpoint.
This pattern is more complex than telemetry because it involves a response cycle. The cloud system needs to know whether the device received the command, whether it executed successfully, and what the outcome was. Sending commands to devices that may be offline or unreachable adds further complexity.
Most IoT platforms implement command and control through two mechanisms. Direct methods are synchronous: the cloud calls a method on the device and waits for a response within a timeout period. These work well for immediate actions where the cloud needs confirmation. Cloud-to-device messages are asynchronous: the cloud queues a message for the device, which retrieves it when connected. These work better for devices that are intermittently online or when the command doesn’t require an immediate response.
Device Twins and Shadows
Device twins (the Azure IoT Hub term) and device shadows (the AWS IoT Core term) solve the problem of representing device state when the device itself may be offline. A device twin is a JSON document stored in the cloud that has two sections: the desired state (what the cloud wants the device to be configured as) and the reported state (what the device last reported its actual configuration to be).
When the cloud wants to change a device’s behavior, it updates the desired state of the twin. When the device reconnects after being offline, it reads the desired state, reconciles it with its current configuration, applies any changes, and updates the reported state. This pattern means the cloud never needs to know whether a device is online at the moment of configuration change. The change waits in the twin until the device is ready to process it.
Device twins are also useful for queries. Instead of asking each device directly for its current state, a fleet management system queries the twin store to find all devices where reported firmware version differs from desired firmware version. This kind of fleet-wide state query would be impossible if the only way to get state was to ask each device individually.
The reported and desired sections can diverge for extended periods when devices are offline, during over-the-air update rollouts, or when a device fails to apply a configuration change. Monitoring the gap between desired and reported state is an important operational concern.
File Upload
Some device data doesn’t fit the message-oriented models above. A camera capturing images for defect detection, an ECU generating a full diagnostic dump, or a device producing large log archives all generate data too large to pass through a message broker efficiently.
The file upload pattern addresses this by giving devices a way to upload large blobs directly to cloud object storage, typically using pre-signed URLs that grant temporary, scoped upload permissions. The device receives a URL from the IoT platform, uploads the file directly to storage without routing the payload through the platform itself, and then notifies the platform that the upload is complete. This keeps large payloads out of the message bus while still giving the platform visibility into what was uploaded and when.
File uploads are appropriate for images and video, large log bundles, firmware diagnostics, and any payload measured in megabytes or gigabytes rather than bytes or kilobytes.
Protocol Translation Gateways
The IoT landscape includes an enormous variety of device protocols, many of them decades old and designed for specific industrial or building automation contexts. Connecting these devices to modern cloud platforms often requires a gateway that translates between the device-native protocol and the protocol the cloud speaks.
Common Device Protocols
The protocols most frequently encountered in IoT gateway design include Modbus, OPC-UA, BLE, Zigbee, and Z-Wave on the device side, and MQTT, AMQP, and HTTPS on the cloud side.
Modbus is a serial communication protocol from 1979 that remains ubiquitous in industrial equipment. It has no built-in security, operates over RS-485 serial or TCP/IP, and uses a simple register-based data model. Enormous amounts of installed industrial infrastructure communicate only via Modbus.
OPC-UA is the modern industrial interoperability standard, designed with security, complex data modeling, and platform independence in mind. It supports discovery, subscription, and a rich type system. OPC-UA is increasingly the default for new industrial installations.
BLE, Zigbee, and Z-Wave are short-range wireless protocols common in building automation, consumer IoT, and smart home applications. They operate in the 2.4 GHz band and are designed for low-power, low-data-rate communication.
MQTT and AMQP are the dominant cloud-side protocols for IoT. MQTT is lightweight, designed for constrained devices, and uses a publish-subscribe model. AMQP is heavier but supports richer routing and guaranteed delivery semantics. Most major IoT platforms natively support both.
Gateway vs Transparent Proxy
A protocol translation gateway actively interprets the device-side protocol and re-encodes the data in the cloud-side protocol. It understands the semantics of Modbus registers or OPC-UA nodes and converts them into MQTT messages with appropriate topic structures and JSON payloads. The cloud never sees the original wire protocol.
A transparent proxy, by contrast, forwards raw bytes or packets without interpreting them. It handles network-level concerns like NAT traversal, TLS termination, or load balancing, but leaves semantic translation to the endpoints. Transparent proxies are simpler and lower latency but only work when both sides already speak compatible protocols.
Gateways are necessary when the device protocol is not supported by the cloud platform, when the device uses a transport (like serial RS-485) that cannot directly reach the internet, when security needs to be added to a protocol that lacks it (like Modbus), or when data needs normalization before reaching the cloud (mapping proprietary sensor identifiers to a standard schema).
Gateway Architecture Considerations
A gateway’s core function is protocol translation, but production gateways typically do more. They often implement local buffering for store and forward, device authentication and credential management, data filtering and aggregation before cloud transmission, and local alarming for critical conditions.
Gateways introduce a single point of dependency for all devices behind them. A gateway failure makes all connected devices unreachable from the cloud’s perspective. High-availability designs use redundant gateways or failover configurations, though this adds cost and complexity. The tradeoff between gateway simplicity and resilience depends on what the devices are monitoring and what happens if the cloud loses visibility into them.
Data Processing Architectures: Lambda and Kappa
IoT telemetry pipelines face a challenge that general data processing systems share: how to efficiently answer both real-time queries (“what is the current temperature on line 3?”) and historical queries (“what was the average temperature on line 3 over the past 30 days?”). Lambda and Kappa architectures are two approaches to this problem.
Lambda Architecture
Lambda architecture separates data processing into two parallel paths that serve different query latencies.
The batch layer stores all incoming data in an immutable append-only dataset and periodically runs batch jobs over the entire history to produce accurate, comprehensive views. Batch jobs can afford to be slow because they run on a schedule (hourly, nightly) and produce results that are stored for later queries. Because they process the full dataset, batch views are accurate but always somewhat stale.
The speed layer processes the same incoming stream in real time, producing approximate or incremental results with very low latency. The speed layer only needs to handle data since the last batch job ran; once the batch catches up, the speed layer’s results are superseded.
A serving layer merges results from both paths to answer queries, combining the accurate (but stale) batch view with the recent (but potentially approximate) speed layer view.
For IoT pipelines, Lambda works well when historical accuracy matters (a utility needs precise consumption records), when the batch computation is too expensive to run continuously, and when the existing infrastructure includes mature batch processing tooling. The main cost is operational complexity: two separate processing paths for the same data means two codebases, two sets of bugs, and two systems to monitor.
Kappa Architecture
Kappa architecture eliminates the batch layer entirely. All processing happens as a stream, and historical reprocessing is handled by replaying the event stream from the beginning rather than running separate batch jobs.
This simplification is only viable if the event stream is retained long enough to replay (which requires a replayable log like Apache Kafka or Azure Event Hubs with sufficient retention), and if the stream processing system is capable of handling both real-time and historical data efficiently.
For IoT telemetry, Kappa is attractive when the stream processing framework is already capable of historical reprocessing, when operational simplicity matters, and when the team wants to maintain a single processing codebase. It works well for systems where the volume of historical data is manageable within a single streaming framework and where reprocessing time is acceptable when the processing logic changes.
The tradeoff is that Kappa requires more careful event log management. If the log retention window is shorter than the reprocessing needs, historical data is lost. Very long retention periods for high-volume IoT streams can be expensive.
Choosing Between Lambda and Kappa for IoT
The decision often comes down to the scale and nature of the historical data, the team’s operational capabilities, and whether the stream processing framework can handle reprocessing workloads.
| Factor | Favors Lambda | Favors Kappa |
|---|---|---|
| Historical data volume | Very high; batch is more efficient | Manageable within stream processing |
| Reprocessing frequency | Rare; batch runs on schedule | Frequent; stream replay is needed often |
| Processing complexity | Different logic for batch and streaming | Single logic path for all processing |
| Operational maturity | Strong batch tooling already in place | Strong stream processing capability |
| Data retention requirements | Can tolerate approximate recent data | Requires full historical accuracy from stream |
Most mature IoT platforms have moved toward Kappa or Kappa-like architectures as stream processing frameworks have grown more capable, but Lambda remains valid for systems with extreme historical data volumes or regulatory accuracy requirements.
Scalability Patterns for IoT Fleets
As an IoT deployment grows from hundreds of devices to tens of thousands or millions, the architecture must evolve. Patterns that work at small scale often create bottlenecks or operational nightmares at fleet scale.
Horizontal Partitioning of Device Connections
A single IoT hub or broker instance has connection limits. Scaling to millions of devices requires distributing connections across multiple instances, with devices assigned to instances based on some partitioning strategy such as device ID hash, geographic region, or organizational group.
Partitioning introduces the question of how to route messages between partitions when, for example, a command needs to reach a device on a different partition than the one the command originator is connected to. Most IoT platforms handle this internally, but custom or hybrid architectures need to account for cross-partition routing explicitly.
The partitioning strategy also affects operational behavior. Hash-based partitioning distributes load evenly but makes geographic routing harder. Geographic partitioning simplifies regional compliance and latency but can create hot partitions if device density is uneven.
Message Routing and Fan-Out
IoT platforms receive telemetry and need to route it to multiple downstream consumers: a real-time alerting system, a time-series database, a data lake for batch analytics, and a fleet management dashboard might all need the same device message. Sending separate copies of each message to each consumer from the ingestion layer does not scale well.
Message routing patterns use a publish-subscribe broker where the ingestion layer publishes messages to topics and downstream consumers subscribe to relevant topics. Fan-out happens at the broker layer without the ingestion layer needing to know how many consumers exist or what they do. Adding a new downstream consumer means adding a subscription, not modifying the ingestion pipeline.
This pattern also provides backpressure isolation: if the data lake consumer falls behind, it does not slow down the real-time alerting consumer. Each consumer processes at its own pace from its own position in the message log.
Multi-Region Deployments for Global Fleets
A fleet spanning multiple continents faces latency, data residency, and failure isolation requirements that single-region architectures cannot meet. A device in Tokyo should not need to send telemetry to US East to reach its cloud endpoint; the latency and the potential failure modes of a trans-Pacific hop make this impractical at scale.
Multi-region deployments assign devices to a regional ingestion endpoint geographically close to them. Regional endpoints handle telemetry ingestion, command delivery, and device twin synchronization locally. Data is then replicated or synchronized to a global tier for fleet-wide queries, cross-region reporting, and workloads that need a unified view.
The design challenges in multi-region IoT are similar to those in any distributed system: how to handle eventual consistency between regional data stores, how to route commands when a device’s regional assignment changes (a vehicle crossing a continental boundary, for example), and how to aggregate regional data for global dashboards without creating a single point of failure at the aggregation layer.
Data residency regulations complicate multi-region designs further. Some jurisdictions require that data about residents or critical infrastructure not leave specified geographic boundaries. The architecture must enforce these boundaries while still enabling necessary global coordination.
Choosing and Combining Patterns
Real IoT systems do not implement a single pattern in isolation. A typical industrial IoT deployment might combine local filtering at the sensor level to reduce data volume, a fog node in the plant running OPC-UA to MQTT translation and store-and-forward buffering, device twins for configuration management across the fleet, a cloud-side MQTT broker with fan-out to multiple downstream systems, and a Kappa architecture pipeline for real-time analytics with replay capability for reprocessing when detection models are updated.
The selection of which patterns to apply, and at what layer, depends on answering a small set of questions about the system’s real requirements. What latency do decisions require? What happens when connectivity is lost? How much does bandwidth cost, and how much data do devices generate? What protocols do existing devices speak? What are the data residency and compliance constraints? How large will the fleet grow, and over what timeframe?
Starting with the physical and operational realities of the devices and the network before choosing architectural patterns prevents the common failure mode of applying a cloud-native architecture to a problem where the network is unreliable, the devices are constrained, and the latency requirements are tight. The patterns described in this guide exist precisely because those physical and operational realities create architectural pressures that generic cloud design does not address.
Found this guide helpful? Share it with your team:
Share on LinkedIn