netmcu_dev OP
5 days ago
We're running a fleet of ESP32-S3 nodes collecting vibration data from industrial motors, pushing over MQTT with mutual TLS to a local broker, and I wanted to layer on-device anomaly detection rather than shipping all raw data to the cloud — bandwidth costs were eating us alive. The S3 has enough flash for a small Keras model converted to TFLite Micro, and the AI accelerator vector extensions help at the margins, but the real unlock was ESP-IDF 5.2 which finally has stable mbedTLS 3.x support — meaning we can use TLS 1.3 with hardware-accelerated AES-GCM. The combination of encrypted MQTT comms and local inference means our sensor data never leaves the site unencrypted. Happy to share config details if anyone's attempting something similar.

pb_embedded
4 days ago
This is the right architecture for 2026 IIoT. One thing to watch: certificate rotation on ESP32 fleets at scale is genuinely painful if you don't design it in from the start. We use mutual TLS with a device-specific client cert signed by our private CA, and we baked in OTA cert rotation via ESP-IDF's NVS flash partition scheme. For the TFLite Micro side, your vibration anomaly model will likely fit in ~40KB RAM if you're running a 1D-CNN over a short time window — use MicroMutableOpResolver and register only the ops you actually need. The full AllOpsResolver wastes ~120KB of RAM that you simply don't have on a microcontroller:

// Only register ops your model actually uses — never AllOpsResolver
tflite::MicroMutableOpResolver<5> resolver;
resolver.AddConv2D();
resolver.AddDepthwiseConv2D();
resolver.AddFullyConnected();
resolver.AddReshape();
resolver.AddSoftmax();

tflite::MicroInterpreter interpreter(
model, resolver, tensor_arena,
kTensorArenaSize, nullptr, nullptr
);

// Profile arena usage AFTER AllocateTensors()
interpreter.AllocateTensors();
printf("Arena used: %d bytesn",
interpreter.arena_used_bytes());
Profile your kTensorArenaSize with arena_used_bytes() and trim it right down — we got ours to 34KB for a vibration classifier. Every byte matters on this hardware.

TK
tomas_k_iot
3 days ago
Security angle worth flagging loudly: the ESP32-S3 has a hardware Digital Signature peripheral that can store private keys in eFuse-backed encrypted storage — the private key literally never leaves the chip in plaintext. If you're doing mutual TLS in a production deployment, use the DS peripheral for your client private key rather than storing it in plain NVS flash. It takes some setup with espefuse.py but it gives you a real hardware security anchor. Also — and I cannot stress this enough — enable secure boot v2 and flash encryption in your production builds. I've audited IoT deployments in 2025 where entire motor monitoring fleets were running unencrypted flash. One physical device opened on a factory floor and the whole fleet's credentials are exposed. It takes one afternoon to set up properly.

hana_l
2 days ago
We ran a proper benchmark of MQTT vs CoAP over DTLS on the S3 for our sensor nodes — MQTT with TLS 1.3 won on both throughput and latency for our typical payload sizes (256–512 bytes). CoAP DTLS was better for power on battery nodes but our ESP32-S3 setup is mains-powered so it wasn't relevant. Here's an honest take on the AI piece though: we trained a simple Isolation Forest model offline, then converted its decision paths into hand-written C threshold comparisons rather than running TFLite at all. Result: 200 bytes of code, executes in microseconds, works perfectly for univariate time-series anomaly detection on motor vibration. Sometimes the right "AI" answer is a lookup table and four comparisons — don't overcomplicate it just because a neural net is available.