Deploy a Smart Mailbox and Package Delivery Logistics Platform on Oracle Cloud
Package theft is a worldwide issue. It is estimated that more than 210 million packages were stolen from porches in the United States alone. Package losses totaled more than $2.4 billion USD.
Arrive has created a platform to solve this problem. The platform consists of smart enclosures, drones, integration-to-delivery services, and a lightweight messaging protocol for remote devices with MQ Telemetry Transport (MQTT) hosted on Oracle Cloud Infrastructure (OCI). Today, packages are dropped onto doorsteps, into mailboxes with no security, or left with an authorized person aged 18 or older. There is no verification that a package actually reaches the person for whom it is intended, which leads to package theft and mishandled packages, all at the expense of the package originator. The Arrive platform ensures that packages arrive safe in the last mile.
Architecture
Arrive provides a secure, connected, and smart enclosure that communicates enclosure and package status to the Arrive platform hosted on Oracle Cloud Infrastructure (OCI).
The platform notifies the recipient when the package is delivered to the smart enclosure. The smart enclosure is climate-controlled to protect food, mail, packages, and medicine from weather, animals, and thieves. With the use of a smart device or app, the enclosure authenticates and authorizes the recipient prior to releasing the delivery, ensuring that the correct person receives the correct deliveries.
The following diagram illustrates the architecture:
Devices and users access the Arrive platform by using an API service, a mobile app, or a web browser. The app receives notifications such as delivery status, package details, and drone status. The app also requests authentication and authorization to unlock an enclosure to receive a package. The enclosure, connected by celluar service, interacts with the platform through MQTT Mosquitto brokers, which receive regular updates on the enclosure status, operation, and connectivity. The brokers provide data to the node servers which then send the data to users with their package information. The node servers store data in a MongoDB Atlas Cluster in Amazon Web Services (AWS). OCI and AWS are connected by using site-to-site VPN.
The Mosquitto brokers and nodes servers are all protected with a web application firewall (WAF) and are load balanced across two fault domains. Drones, delivery services, enclosures, and mobile apps access the platform by using API services.
The Mosquitto brokers and nodes servers are part of an instance pool that allows these instances to autoscale when needed.
On the roadmap for Arrive are the following enhancements:
- Migrate the MongoDB Atlas Cluster to Oracle Autonomous JSON Database
- Leverage Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) for the Mosquitto broker and node servers
- Leverage Oracle Cloud Infrastructure DevOps in conjunction with OKE for container registry and image management
- Investigate image processing storage, leveraging block storage for hot storage and object storage for cold storage
The following diagram illustrates the future state architecture:
The architecture has the following components:
- Tenancy
A tenancy is a secure and isolated partition that Oracle sets up within Oracle Cloud when you sign up for Oracle Cloud Infrastructure. You can create, organize, and administer your resources in Oracle Cloud within your tenancy. A tenancy is synonymous with a company or organization. Usually, a company will have a single tenancy and reflect its organizational structure within that tenancy. A single tenancy is usually associated with a single subscription, and a single subscription usually only has one tenancy.
- Region
An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).
- Compartment
Compartments are cross-region logical partitions within an Oracle Cloud Infrastructure tenancy. Use compartments to organize your resources in Oracle Cloud, control access to the resources, and set usage quotas. To control access to the resources in a given compartment, you define policies that specify who can access the resources and what actions they can perform.
- Availability domain
Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.
- Fault domain
A fault domain is a grouping of hardware and infrastructure within an availability domain. Each availability domain has three fault domains with independent power and hardware. When you distribute resources across multiple fault domains, your applications can tolerate physical server failure, system maintenance, and power failures inside a fault domain.
- Virtual cloud network (VCN) and subnets
A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.
- Route table
Virtual route tables contain rules to route traffic from subnets to destinations outside a VCN, typically through gateways.
- Security list
For each subnet, you can create security rules that specify the source, destination, and type of traffic that must be allowed in and out of the subnet.
- Site-to-Site VPN
Site-to-Site VPN provides IPSec VPN connectivity between your on-premises network and VCNs in Oracle Cloud Infrastructure. The IPSec protocol suite encrypts IP traffic before the packets are transferred from the source to the destination and decrypts the traffic when it arrives.
- Web Application Firewall (WAF)
Oracle Cloud Infrastructure Web Application Firewall (WAF) is a payment card industry (PCI) compliant, regional-based and edge enforcement service that is attached to an enforcement point, such as a load balancer or a web application domain name. WAF protects applications from malicious and unwanted internet traffic. WAF can protect any internet facing endpoint, providing consistent rule enforcement across a customer's applications.
- Internet gateway
The internet gateway allows traffic between the public subnets in a VCN and the public internet.
- Dynamic routing gateway (DRG)
The DRG is a virtual router that provides a path for private network traffic between VCNs in the same region, between a VCN and a network outside the region, such as a VCN in another Oracle Cloud Infrastructure region, an on-premises network, or a network in another cloud provider.
- Service gateway
The service gateway provides access from a VCN to other services, such as Oracle Cloud Infrastructure Object Storage. The traffic from the VCN to the Oracle service travels over the Oracle network fabric and never traverses the internet.
- Load balancer
The Oracle Cloud Infrastructure Load Balancing service provides automated traffic distribution from a single entry point to multiple servers in the back end.
- Compute
The Oracle Cloud Infrastructure Compute service enables you to provision and manage compute hosts in the cloud. You can launch compute instances with shapes that meet your resource requirements for CPU, memory, network bandwidth, and storage. After creating a compute instance, you can access it securely, restart it, attach and detach volumes, and terminate it when you no longer need it.
- Instance pool
An instance pool is a group of instances within a region that are created from the same instance configuration and managed as a group.
- Identity and Access Management (IAM)
Oracle Cloud Infrastructure Identity and Access Management (IAM) is the access control plane for Oracle Cloud Infrastructure (OCI) and Oracle Cloud Applications. The IAM API and the user interface enable you to manage identity domains and the resources within the identity domain. Each OCI IAM identity domain represents a standalone identity and access management solution or a different user population.
Get Featured in Built and Deployed
Want to show off what you built on Oracle Cloud Infrastructure? Care to share your lessons learned, best practices, and reference architectures with our global community of cloud architects? Let us help you get started.
- Download the template (PPTX)
Illustrate your own reference architecture by dragging and dropping the icons into the sample wireframe.
- Watch the architecture tutorial
Get step by step instructions on how to create a reference architecture.
- Submit your diagram
Send us an email with your diagram. Our cloud architects will review your diagram and contact you to discuss your architecture.