Edge Computing for IoT: When to Process on Device vs in the Cloud
Edge computing tiers: device (sub-ms) — gateway (local LAN) — cloud analytics (global)
“Put everything in the cloud” breaks the moment your device is in a tunnel, on a ship at sea, or processing video data that would saturate your LTE connection.
The Three Tiers
- Device (MCU) — Sub-millisecond response, works offline. Sensor reading, local control logic, safety cutoffs, data filtering.
- Edge gateway — 1–100ms response, aggregates devices. Local ML inference, protocol translation, data buffering during outages.
- Cloud — Unlimited compute, global. Long-term storage, fleet analytics, dashboard, OTA distribution.
ML at the Edge: ESP32-S3
tflite::MicroInterpreter interp(model, ops, arena, 50*1024); interp.AllocateTensors(); interp.input(0)->data.f[0] = sensor_value; interp.Invoke(); float score = interp.output(0)->data.f[0]; if (score > ANOMALY_THRESHOLD) send_to_cloud(event);
Offline-First Architecture
Designing for offline-first means the device is always operational regardless of cloud connectivity — cloud access becomes a synchronisation opportunity rather than a dependency. The device stores events locally in a circular buffer (or SQLite database for structured data), tags each event with a timestamp, and uploads in batches when connectivity is available. Timestamps must come from the device’s RTC — do not rely on network time for event sequencing.
YIS implements this pattern with 30 days of local storage. The vessel’s engine data, GPS track, and alarm history are always complete on the device. When the vessel connects to Starlink or a port WiFi network, the gateway syncs the delta to Azure — only new data since the last sync. The owner can pull any time range from the cloud dashboard; the vessel crew always has the local display regardless of connectivity.
Edge Gateway Hardware Selection
Edge gateways range from Raspberry Pi 4 (suitable for moderate IoT loads in indoor environments) to industrial-grade hardware like the Advantech UNO series or DIN-rail mounted PCs for harsh environments. Key selection criteria: operating temperature range (standard Raspberry Pi is rated 0–85°C; industrial environments may require -40°C to +85°C), mean time between failures (MTBF), and local storage reliability (industrial eMMC or SSD vs SD card, which fails under write-intensive workloads).
For marine deployments, we use fanless industrial PCs with solid-state storage and conformal-coated PCBs. The higher upfront cost is trivial compared to the cost of dispatching a technician to a vessel at sea for a gateway failure that could have been avoided with appropriate hardware selection.
Edge Security Considerations
An edge gateway sitting in a customer’s facility or aboard a vessel is physically accessible to anyone on-site. Apply the same security principles as cloud infrastructure: disk encryption, OS hardening, minimal attack surface (no unnecessary services listening on the network), automatic security updates, and certificate-based authentication for cloud connectivity. The gateway’s private key for cloud authentication should be stored in a TPM (Trusted Platform Module) if the hardware supports it — not in a file on the filesystem.
Building an IoT product?
FSS is a full-stack IoT engineering team — hardware, firmware, cloud, and mobile in one place.