Server - setup - vendor - company

[jab99407]

Assume I have developed a hobby product that measures the temperature of X mechanical machine from a minimum of 0 C to a maximum of 1000 C.

In a product hardware i have used thermocouple and raspberry pi to measure temperature.

I have used Flask Framework and SQL Database.

In a software I have developed an application which shows the actual temperature of the machine with machine name and operator details.

Earlier i was accessing my product locally but i just took public ip from isp so if i know username and password i can access my product anywhere.

Let's say I have 10 customers and they are interested in buying my product.

Question?
Will each customer use their own server or will I give access to my server to each customer with the username and password?

Note I have created a hypothetical situation here to understand the basic concept. What do you do if many customers want to use your product? Do you share the server with authentication or deploy code in their server

 

[rjenkinsgb]

The simplest way is surely to access the device directly, with values in a web page or JSON string (eg. on two different pages)? A raspberry pi is easily capable of doing that type of task & you could sqlite for the database.

I would suggest using a USB flash drive (memory stick) for data storage though, so you do not degrade the SD card by using that for continuously changing data.

You can use Dynamic DNS and UPnP to access the device outside the users local network, or port forwarding if the side does not allow UPnP

You could also add a facility to post data to a users MQTT system on a regular basis.

 

[jab99407]

The simplest way is surely to access the device directly, with values in a web page or JSON string (eg. on two different pages)? A raspberry pi is easily capable of doing that type of task & you could sqlite for the database.

Should there be a centralized server and each user will have unique user ID and password to access the application

 

[Nigel Goodwin]

Should there be a centralized server and each user will have unique user ID and password to access the application

Generally that's how it's done - exactly in the way these forums work - you need to log-in to access what you have access to from a common database.

Personally I do it using my domain webspace (so not hosted locally), using PHP and a MYSQL database.

As our products are aimed at a relatively small number of large companies I give each one their own directory on the server, and slightly edited PHP scripts in each one (to personalise their pages). The PHP scripts in each directory ensures they can only access their own data.

So, for example: http://www.xxxx.com/Company1/login.php or http://www.xxxx.com/Company2/login.php etc.

Depending on the application, you then have the option of one company login name/password, or individual name/password for individual users of that company. In our case it's done on a company basis, as that's all that's required.

 

[rjenkinsgb]

Should there be a centralized server and each user will have unique user ID and password to access the application

If the data was being sourced by the central server, I'd say yes.

However unless I'm misunderstanding, you are talking about devices to be sold to and used by different customers in different locations, purely for their own purposes.

Under those conditions there is no reason at all that I can see, to have a centralised system that means the devices need internet access. It's both a security risk and it puts you in the realms of data protection regulations and legally securing customers IDs and login info etc.

Having the data access directly from the device or allowing people to configure each device to post data to a configurable address or server etc. of their choice (and which they have responsibility for) seems far safer and far less likely to leave you open to future legal action!


ps. If you were purely posting to a server rather than doing any local storage, a Pi is massive overkill - you can do things like that with such as an ESP2866 or ESP32 etc., for a fraction the cost - I've got home built devices monitoring and both storing data and accepting commands from a central server (in my home) & each independent WiFi connected node cost less than £2

Having the storage and web access within the unit itself is what could give your device the advantage over existing commercial remote sensors - eg. ready to use remote sensor modules that connect to various temperature sensors and communicate with a central server that has web access, are readily available for about £30 each.

Not requiring a server is what could make yours worth the cost.

 

[jab99407]

However unless I'm misunderstanding, you are talking about devices to be sold to and used by different customers in different locations, purely for their own purposes

https://www.esslsecurity.com/doorcontroller

Please see the screenshot, What are they mentioning about the server in the given link?

 

[rjenkinsgb]

Please see the screenshot, What are they mentioning about the server in the given link?

???
There is no mention of (internet) Servers anywhere I can find??

"eSSL serves over 2000000 Customers", "Services", "Repair and service centre"

It's all "Customer service" type references; boasting the number of customers using their products, and how to get help or repairs.

[eg. When you buy something in a shop, you are a customer or "client" and the person that serves you is a "server" and provides a service; computer/internet terminology is adopted from that, for the computers or devices that use and provide facilities respectively - but in a totally separate and unrelated context, just typical re-use of older words for newer concepts).


From one of the device user manuals in the linked page: A network diagram - all local Ethernet, just using a PC on the network for configuration of the units and reading logs etc.

Everything is local to the customer; there is no centralised system or server at the manufacturers site that they connect to.
It's just as I said a control / monitoring setup should be in my previous post, purely on the end users site.

 

[Pommie]

Everything is local to the customer; there is no centralised system or server at the manufacturers site that they connect to.
It's just as I said a control / monitoring setup should be in my previous post, purely on the end users site.

Is such a system deemed free of the various data protection/integrity laws in the various countries/jurisdictions? Does it also need to be isolated (disconnected) from any internal network?
Just a "in your personal opinion" way, not a "legally binding" kinda way.

Thanks,

Mike.

 

[rjenkinsgb]

Is such a system deemed free of the various data protection/integrity laws in the various countries/jurisdictions?

Yes, as long as the use of the system is included in employee contracts and the controlling / logging PC software is password protected. It would then be under the same exceptions as having employee data in such as a payroll database.

A guide to lawful basis

ico.org.uk

In EU / UK data protection law, It would be covered under any of these legal categories:
"Consent",
"Contract" and
"Legitimate interest".

Home or personal use on your own equipment is generally outside the legal framework.


A centralised server is a very different matter, as it means the operator storing personal data for all the customers that use the system, and storing any other data they enter, on their behalf.

For such as a web site / forum (as with Nigel's reference to ETO), the system fundamentally cannot function without user access, so the "Consent" and "Public task" exceptions apply, as long as the user registration form requires agreement and explicit consent, and the user database is properly encrypted and secured; any data leaks can still result in massive fines.


But using a central server and requiring customers to create accounts and store login information to use a product that has no fundamental requirement to have a central server is illegal, at least under EU / UK law:

• Most lawful bases require that processing is ‘necessary’ for a specific purpose. If you can reasonably achieve the same purpose without the processing, you won’t have a lawful basis.

Many other countries either already have or are in the process of introducing similar data protection laws, so there is no way anyone should consider any storage of customer data unless there are zero other options.