The Internet of Things is a powerful concept, especially in the industrial world—but it's also full of potential security disasters and hidden computing and networking costs. But what if all you had to do to create a secure network of distributed Linux systems—complete with location awareness and custom application support capable of supporting location-based applications like asset tracking, robotic delivery, and "smart rooms"—was to change the lightbulbs?

That's the concept behind Lunera's Smart Lamps. These LED-based replacements for fluorescent and other commercial lighting systems also have a full Linux server with Wi-Fi and Bluetooth, 2 gigabytes of RAM, and 2 gigabytes of Flash storage embedded in their end-caps. The Bluetooth capability includes iBeacon micro-location services—enabling retail, medical, and industrial location services. And the Wi-Fi "enables Wi-Fi network monitoring and also extending the Wi-Fi mesh," CEO John Bruggeman explained in an interview with Ars. "Wi-Fi and Bluetooth are like electricity and water for the digital experience."

Lunera had previously shipped LED replacements for commercial lighting system tubes and lamps, including fluorescent and high-pressure sodium (HPS) bulbs. But the new Smart Lamps carry quad-core, 700 MhZ ARM-based processors with memory and storage on the same die. Configurable with a mobile application and controlled through a cloud portal via a dedicated virtual private network, Lunera's smart lamps can sense each other and create a location-sensitive wireless network mesh using Bluetooth iBeacons—a mesh that can be mapped to CAD drawings of commercial facilities' lighting systems. And these lamps can run Docker containers, allowing anyone to develop applications that leverage location and Wi-Fi services and what Bruggeman describes as "ambient compute services."

The potential computing and network power of Lunera's Smart Lamps, when deployed en masse, is significant. Facilities could have hundreds or thousands of lighting fixtures instantly turned into networking and computing infrastructure without the need to add new power distribution, hard-wired networks, or cooling. And according to Bruggeman, setting up the system is on par with setting up a home smart-lighting system: "Install one light, and that install is done through a mobile phone app, a 30-second install. Stand under the light with a phone and configure it, and once that first light is established, it starts talking to its neighbors."

Once configured, all the lamps—and their onboard servers—are managed from Lunera's cloud console. "If you have 1,000 lamps," Bruggeman said, "you can see their status, position, and what's going on across all 1,000 of them, across a room, building, or campus." And Bruggeman noted that Lunera already has 11 ecosystem partners with 20 applications ready to deploy and integrate with IoT devices on the "ambient cloud" created by those hundreds or thousands of lamp-servers.

As Smart Lamps are deployed, typically two meters away from each other, "each light listens to another light," said Lunera's chief technology officer and former Google and Cisco executive, Ajay Malik. "They create a map of the network based on relative positioning," he said, using relative signal strengths to triangulate their own location in the grid. That map can be imported into the reflective ceiling plan for the building in which they're deployed to associate the map with actual physical location—allowing location services within a building.

While there is some overhead for maintaining the self-configuring mesh network that the Smart Lamps create and managing the secure virtual private network back to Lunera's cloud-based management system, at least two of the cores are left available for applications. The system can be used out of the box to monitor quality of service of other Wi-Fi networks as well and to provide guest Wi-Fi services—the network doesn't need to connect to the enterprise network.

Malik said that the core operating platform for Smart Lights is "distributed Linux and Google Things," as well as the Docker application virtualization sandbox. "We use standards‑based Docker and hardened APIs" (application programming interfaces), Malik said, "and we are publishing all the APIS so that you can integrate with our platform." Lunera is looking at various potential orchestration platforms to integrate with its platform in the future.

Security has been a major consideration in the design of the Smart Lamp's computing—the storage is encrypted with AES, and the debug settings on the system's microcontroller firmware and external boot capabilities are permanently disabled. A trusted boot chain is used to allow access to storage for boot-up. The chain is stored in one-time programmable memory on the die of the microcontroller itself at manufacture, including an AES 128-bit key and an RSA-2048 signature. The VPN connection back to the cloud also uses AES 128-bit encryption over a TLS connection, using an internal X.509 certificate. Traffic to the cloud is kept completely segregated from local application traffic and is sent only over the VPN connection.

Oh, and you can also tune and control the lighting.