In this talk, we describe using Redis, an open source, in-memory key-value store, to capture large volumes of data from numerous remote sources while also allowing real-time monitoring and analytics. With this approach, we were able to capture a high volume of continuous data from numerous remote environmental sensors while consistently querying our database for real time monitoring and analytics. * See more of my work at http://www.codehenge.net

1. Large-Scale Data Collection Using
Redis
C. Aaron Cois, Ph.D. -- Tim Palko
CMU Software Engineering Institute
© 2011 Carnegie Mellon University

2. Us
C. Aaron Cois, Ph.D. Tim Palko
Software Architect, Team Lead Senior Software Engineer
CMU Software Engineering CMU Software Engineering
Institute Institute
Digital Intelligence and Digital Intelligence and
Investigations Directorate Investigations Directorate
@aaroncois
© 2011 Carnegie Mellon University

3. Overview
• Problem Statement
• Sensor Hardware & System Requirements
• System Overview
– Data Collection
– Data Modeling
– Data Access
– Event Monitoring and Notification
• Conclusions and Future Work

4. The Goal
Critical infrastructure/facility
protection
via
Environmental Monitoring

5. Why?
Stuxnet
• Two major components:
1) Send centrifuges spinning wildly out of control
2) Record ‘normal operations’ and play them back
to operators during the attack 1
• Environmental monitoring provides secondary
indicators, such as abnormal
heat/motion/sound
1 http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html?_r=2&

6. The Broader Vision
Quick, flexible out-of-band monitoring
• Set up monitoring in minutes
• Versatile sensors, easily repurposed
• Data communication is secure (P2P VPN) and
requires no existing systems other than
outbound networking

7. The Platform
A CMU research project called Sensor Andrew
• Features:
– Open-source sensor platform
– Scalable and generalist system supporting a
wide variety of applications
– Extensible architecture
• Can integrate diverse sensor types

8. Sensor Andrew

9. End
Users
Nodes
Gateway
Server
Gateway
Sensor Andrew Overview

10. What is a Node?
A node collects data and sends it to a collector, or gateway
Environment Node Power Node Radiation Node
Sensors Sensors Sensors
• Light • Current • Alpha particle
• Voltage count per minute
• Audio
• Humidity • True Power
• Pressure • Energy Particulate
• Motion Node Sensors
• Temperature • Small Part. Count
• Acceleration • Large Part. Count

11. What is a Gateway?
• A gateway receives UDP data
from all nodes registered to Gateway
it
• An internal service:
– Receives data continuously
– Opens a server on a specified
port
– Continually transmits UDP
data over this port

12. Requirements
We need to..
1. Collect data from nodes once per second
2. Scale to 100 gateways each with 64 nodes
3. Detect events in real-time
4. Notify users about events in real-time
5. Retain all data collected for years, at least

13. What Is Big Data?

14. What Is Big Data?
“When your data sets become so
large that you have to start innovating
around how to collect, store,
organize, analyze and share it.”

15. Problems
Size Transmission
Rate Storage

16. Problems
Size Transmission
Rate Storage

17. Problems
Size Transmission
Rate Storage

18. Problems
Size Transmission
Rate Storage

19. Problems
Size Transmission
Rate Storage

20. Problems
Size Transmission
Rate Storage
Retrieval

21. Collecting Data
Problem: Store and retrieve immense amounts of data at a high rate.
Constraints: Data cannot remain on the nodes or gateways due to
security concerns.
Limited infrastructure.
8 GB / hour
Gateway
?

22. We Tried PostgreSQL…
• Advantages:
– Reliable, tested and scalable
– Relational => complex queries => analytics
• Problems:
– Performance problems reading while writing at a
high rate; real-time event detection suffers
– ‘COPY FROM’ doesn’t permit horizontal scaling

23. Q: How can we decrease I/O load?

24. Q: How can we decrease I/O load?
A: Read and write collected data directly
from memory

25. Enter Redis
Redis is an in-memory
NoSQL database
Commonly used as a web application cache or
pub/sub server

26. Redis
• Created in 2009
• Fully In-memory key-value store
– Fast I/O: R/W operations are equally fast
– Advanced data structures
• Publish/Subscribe Functionality
– In addition to data store functions
– Separate from stored key-value data

27. Persistence
• Snapshotting
– Data is asynchronously transferred from memory
to disk
• AOF (Append Only File)
– Each modifying operation is written to a file
– Can recreate data store by replaying operations
– Without interrupting service, will rebuild AOF as
the shortest sequence of commands needed to
rebuild the current dataset in memory

28. Replication
• Redis supports master-slave replication
• Master-slave replication can be chained
• Be careful:
– Slaves are writeable!
– Potential for data inconsistency
• Fully compatible with Pub/Sub features

29. Redis Features Advanced Data
Structures
List Set Sorted Set Hash
A:3 field1 “A”
“A”
A
field2 “B”
“B” B C:1 B:4
D
field3 “C”
“C”
C D:2
“D” field4 “D”
{value:score} {key:value}
[A, B, C, D] {A, B, C, D} {C:1, D:2, A:3, D:4} {field1:“A”, field2:“B”…}

30. Our Data Model

31. Constraints
Our data store must:
– Hold time-series data
– Be flexible in querying (by time, node, sensor)
– Allow efficient querying of many records
– Accept data out of order

32. Tradeoffs: Efficiency vs. Flexibility
One record per One record per
timestamp sensor data type
VS
Motion Light
Motion
Audio
Light Temperature
Pressure
Humidity Audio Humidity
Acceleration
Temperature Pressure Acceleration
A

33. Our Solution: Sorted Set
Datapoint sensor:env:101
Score 1357542004000
{“bat”: 192, "temp": 523, "digital_temp": 216,
"mac_address": "20f", "humidity": 22, "motion":
203, "pressure": 99007, "node_type": "env",
Value
"timestamp": 1357542004000, "audio_p2p":
460, "light": 820, "acc_z": 464, "acc_y": 351,
"acc_x": 311}

34. Our Solution: Sorted Set
Datapoint sensor:env:101
Score 1357542004000
{“bat”: 192, "temp": 523, "digital_temp": 216,
"mac_address": "20f", "humidity": 22, "motion":
203, "pressure": 99007, "node_type": "env",
Value
"timestamp": 1357542004000, "audio_p2p":
460, "light": 820, "acc_z": 464, "acc_y": 351,
"acc_x": 311}

35. Our Solution: Sorted Set
Datapoint sensor:env:101
Score 1357542004000
{“bat”: 192, "temp": 523, "digital_temp": 216,
"mac_address": "20f", "humidity": 22, "motion":
203, "pressure": 99007, "node_type": "env",
Value
"timestamp": 1357542004000, "audio_p2p":
460, "light": 820, "acc_z": 464, "acc_y": 351,
"acc_x": 311}

36. Our Solution: Sorted Set
Datapoint sensor:env:101
Score 1357542004000
{“bat”: 192, "temp": 523, "digital_temp": 216,
"mac_address": "20f", "humidity": 22, "motion":
203, "pressure": 99007, "node_type": "env",
Value
"timestamp": 1357542004000, "audio_p2p":
460, "light": 820, "acc_z": 464, "acc_y": 351,
"acc_x": 311}

37. Sorted Set
1357542004000: {“temp”:523,..}
1357542005000: {“temp”:523,..}
1357542007000: {“temp”:530,..}
1357542008000: {“temp”:531,..}
1357542009000: {“temp”:540,..}
1357542001000: {“temp”:545,..}
…

38. Sorted Set
1357542004000: {“temp”:523,..}
1357542005000: {“temp”:523,..}
1357542006000: {“temp”:527,..} <- fits nicely
1357542007000: {“temp”:530,..}
1357542008000: {“temp”:531,..}
1357542009000: {“temp”:540,..}
1357542001000: {“temp”:545,..}
…

39. Know your data structure!
A set is still a set…
Datapoint
Score 1357542004000
{“bat”: 192, "temp": 523, "digital_temp": 216,
"mac_address": "20f", "humidity": 22, "motion":
203, "pressure": 99007, "node_type": "env",
Value
"timestamp": 1357542004000, "audio_p2p":
460, "light": 820, "acc_z": 464, "acc_y": 351,
"acc_x": 311}

40. Requirement Satisfied
Gateway
Redis

41. There is a disturbance in the Force..

42. Collecting Data
Gateway
Redis

43. “In Memory” Means Many Things
• The data store capacity is aggressively
capped
– Redis can only store as much data as the server
has RAM

44. Collecting Big Data
Gateway
Redis

45. We could throw away data…
• If we only cared about current values
• However, our data
– Must be stored for 1+ years for compliance
– Must be able to be queried for historical/trend
analysis

46. We Still Need Long-term Data Storage
Solution? Migrate data to an archive with
expansive storage capacity

47. Winning
Redis
Gateway
Archiver
Postgre
SQL

48. Winning?
Redis
Gateway
Archiver
?
? Postgre
Some Poor Client SQL
?

49. Yes, Winning
Redis
Gateway A
Archiver
P
I
Postgre
Some Happy Client SQL

50. Gateway
Redi
Best of both worlds
s
Redis allows quick access to
A real-time data, for
Archiver
P monitoring and event
I detection
Postg PostgreSQL allows complex
reSQL queries and scalable storage
for deep and historical
analysis

51. We Have the Data, Now What?
Incoming data must be monitored and
analyzed, to detect significant events

52. We Have the Data, Now What?
Incoming data must be monitored and
analyzed, to detect significant events
What is “significant”?

53. We Have the Data, Now What?
Incoming data must be monitored and
analyzed, to detect significant events
What is “significant”?
What about new data types?

54. Gateway
Redis
A
Archiver
P
I
Postgre motion > x
SQL
&& pressure < y
&& audio > z
New guy: provide a way
App Django to read the data and
DB App create rules

55. Gateway
Redis
A
Archiver
P
I
motion > x Postgre
SQL
All true? pressure < y
audio > z
New guy:
Event
read the rules and Event App Django
Monitor
data, trigger Monitor DB App
alarms

56. Gateway
Redis
A
Archiver
P
I
Postgre
SQL
Event monitor
services can be
scaled
independently Event
Event App Django
Monitor
Monitor DB App

57. Getting The Message Out

58. Getting The Message Out
Considerations
• Event monitor already has a job, avoid re-
tasking as a notification engine

59. Getting The Message Out
Considerations
• Event monitor already has a job, avoid re-
tasking as a notification engine
• Notifications most efficiently should be a
“push” instead of needing to poll

60. Getting The Message Out
Considerations
• Event monitor already has a job, avoid re-
tasking as a notification engine
• Notifications most efficiently should be a
“push” instead of needing to poll
• Notification system should be generalized,
e.g. SMTP, SMS

61. If only…

62. Pub/Sub with synchronized
workers is an optimal solution to
real-time event notifications.
No need to add
another system,
Redis Data Redis offers
Gateway
pub/sub services
Redis as well!
Pub/Sub
A
Archiver
P
I
Worker
Postgre Worker
Notificatio
SQL n Worker
Event
Event App Django SMTP
Monitor
Monitor DB App

63. Conclusions
• Redis is a powerful tool for collecting large
amounts of data in real-time
• In addition to maintaining a rapid pace of
data insertion, we were able to concurrently
query, monitor, and detect events on our
Redis data collection system
• Bonus: Redis also enabled a robust, scalable
real-time notification system using pub/sub

64. Things to watch
• Data persistence
– if Redis needs to restart, it takes 10-20 seconds
per gigabyte to re-load all data into memory 1
– Redis is unresponsive during startup
1 http://oldblog.antirez.com/post/redis-persistence-demystified.html

65. Future Work
• Improve scalability through:
– Data encoding
– Data compression
– Parallel batch inserts for all nodes on a gateway
• Deep historical data analytics

66. Acknowledgements
• Project engineers Chris Taschner and Jeff
Hamed @ CMU SEI
• Prof. Anthony Rowe & CMU ECE WiSE Lab
http://wise.ece.cmu.edu/
• Our organizations
CMU https://www.cmu.edu
CERT http://www.cert.org
SEI http://www.sei.cmu.edu
Cylab https://www.cylab.cmu.edu

67. Thank You

68. Thank You
Questions?

69. Slides of Live Redis Demo

70. A Closer Look at Redis Data
redis> keys *
1)"sensor:environment:f80”
2)"sensor:environment:f81”
3)"sensor:environment:f82"
4)"sensor:environment:f83"
5)"sensor:environment:f84"
6)"sensor:power:f85"
7)"sensor:power:f86"
8)"sensor:radiation:f87"
9)"sensor:particulate:f88"

71. A Closer Look at Redis Data
redis> keys sensor:power:*
1)"sensor:power:f85"
2)"sensor:power:f86”

72. A Closer Look at Redis Data
redis> zcount sensor:power:f85 –inf +inf
(integer) 3565958
(45.38s)

73. A Closer Look at Redis Data
redis> zcount sensor:power:f85 1359728113000 +inf
(integer) 47

74. A Closer Look at Redis Data
redis> zrange sensor:power:f85 -1000 -1
1) "{"long_energy1": 73692453, "total_secs":
6784, "energy": [49, 175, 62, 0, 0, 0],
"c2_center": 485, "socket_state": 1,
"node_type": "power", "c_p2p_low2": 437,
"socket_state1": 0, "mac_address": "103",
"c_p2p_low": 494, "rms_current": 6,
"true_power": 1158, "timestamp":
1359728143000, "v_p2p_low": 170, "c_p2p_high":
511, "rms_current1": 113, "freq": 60,
"long_energy": 4108081, "v_center": 530,
"c_p2p_high2": 719, "energy1": [37, 117, 100,
4, 0, 0], "v_p2p_high": 883, "c_center": 509,
"rms_voltage": 255, "true_power1": 23235}”
2) …

75. Redis Python API
import redis
pool = redis.ConnectionPool(host=127.0.0.1, port=6379, db=0)
r = redis.Redis(connection_pool=pool)
byindex = r.zrange(“sensor:env:f85”, -50, -1)
# ['{"acc_z":663,"bat":0,"gpio_state":1,"temp":663,"light”:…
byscore = r.zrangebyscore(“sensor:env:f85”,
1361423071000,
1361423072000)
# ['{"acc_z":734,"bat":0,"gpio_state":1,"temp":734,"light”:…
size = r.zcount(“sensor:env:f85”, "-inf", "+inf")
# 237327L