Glossary
This glossary is a list of terms used in the documentation to help even the most novice users glide through the setup process.
Containers
Containers are a standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another. A Docker container image is a lightweight, standalone, executable package of software that includes everything needed to run a piece of software, including the code, a runtime, libraries, environment variables, and config files. You can think of containers as your 'apps'.
Docker, Podman and Other Container Runtimes
Container runtimes are the software that is responsible for running containers. They are responsible for creating, starting, stopping, and deleting containers. Docker and Podman are examples of container runtimes.
Docker
Docker is a platform for developing, shipping, and running applications using containerisation. It allows you to package your application and its dependencies into a container that can run on any Linux, macOS, or Windows system.
Podman
Podman is a daemonless container engine for developing, managing, and running containers on your Linux system. Simply put, Podman is a daemonless alternative to Docker, which means you can update Podman without restarting your containers.
Docker Compose
Docker Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a file to configure your application's services. Then, with a single command, you create and start all the services from your configuration at once. Docker Compose, and the Compose files are like the 'blueprints' for your 'app'. Although these are called Docker Compose files, they can be used with Podman too.
Firewall Groups
Firewall groups are a way to manage permissions for devices on your network. They allow you to group devices together and apply a set of rules to control how they can communicate with each other. For example, you could create a firewall group for your IoT devices and another for your servers, each with different rules to restrict or allow communication between devices.
Over-The-Air (OTA) updates
Over-the-air (OTA) updates refer to the process of updating software on a device remotely, without the need for physical access. It has become an integral part of the modern technology landscape, enabling manufacturers and developers to keep their devices up-to-date, secure, and equipped with the latest features.
Mesh Networks
Traditional networks usually involve a centralised server that connects all devices in a star or tree-like structure. All traffic passes through the centralised server before being relayed to devices. In contrast, a mesh network eliminates the reliance on a single central server by allowing each device to act as a node that can transmit and receive data directly to and from other nodes, creating a robust, scalable, and flexible means of communication.
This decentralised approach provides several advantages:
- Increased reliability: Mesh networks are highly resilient because they do not depend on any centralised service to route traffic. Instead, two devices can communicate with each other directly.
- Improved performance: Mesh networks can optimize data transmission paths by dynamically selecting the most efficient route without any dependency on centralised services. This feature helps reduce latency and congestion, leading to improved network performance and better user experiences.
- Scalability: Mesh networks can easily scale to accommodate a growing number of devices. New nodes can be added without configuration changes to other nodes, making them suitable for both small and large deployments.
- Security: In scenarios where traditional networks may be vulnerable to surveillance or interference, mesh networks provide a more robust and resilient option, ensuring privacy and protection of sensitive information by routing directly to other devices and removing the need for a centralised service that could intercept your traffic.
The Mesh of Things uses a mesh network architecture to provide a decentralised alternative to traditional IoT device networking and over-the-air update solutions. We provide your own private, secure overlay network, allowing you to connect your devices to each other as if they were on your local network.
Access Relay
Access Relay is a network mode that routes mesh traffic through one of the MoT-hosted relay servers when a direct peer-to-peer connection cannot be established. This is useful for devices behind strict firewalls, double-NAT configurations, or restrictive corporate networks.
The relay node forwards encrypted packets between devices without decrypting them — your traffic remains end-to-end encrypted. Direct connections are always preferred; the relay is used only as a fallback or when explicitly configured.
Access Relay is available on supported plans. See Network Modes – Access Relay for setup details.
Overlay Networks
An overlay network is a virtual network that runs on top of another network, such as the internet. It involves creating virtual connections between nodes that may be geographically dispersed, allowing them to communicate and interact as if they were part of a single local network. The Mesh of Things provides your own overlay network, which allows secure communication for sending updates and monitoring devices from the central MoT dashboard, and also allows your devices to communicate peer-to-peer with each other.
In practice, this means that when you provision multiple devices, they will each get their own fixed private IP address that is exposed to one another, but not to the internet, which helps protect your devices. The overlay network can support TCP, UDP, and ICMP traffic, meaning you could ping another device thousands of miles away as if it were on your local network and build secure cross-device communication solutions. You also have the option of exposing devices to the internet for public traffic when needed.
Devices are provisioned by issuing certificates that assert the device's IP address, name, and permissions, which allow or prevent communication with other devices. This allows you to create groups of devices that can communicate with each other, and groups that cannot.
Certificates are issued by the MoT dashboard and can be revoked at any time. This means that if a device is compromised, you can revoke its certificate and it will no longer be able to communicate with other devices on your network.