Ubiquitous IoT connectivity and security is a necessity for countless applications, but it’s not as easy to achieve as you might think. IoT solutions architects are often faced with a set competing priorities. On one hand customers want their things to have ubiquitous connectivity regardless of where in the city, country, or even the world they are. This is especially true of mobile things – cars, trucks, shipping containers, portable industrial equipment, just to name a few. On the other hand, they want all of those things connect to their IoT platform with reliability and security. As they move, devices often jump from one mobile provider to the next, making the usual security measures (like IP whitelisting) impractical.
We see this issue on a regular basis working with our IoT customers and partners, and teamed up with our friends in the Tata Communications MOVE division to tackle the ubiquitous IoT connectivity & security problem.
IoT Connectivity: Tata Communications MOVE
Tata Communications’ MOVE provides seamless, low cost mobile connectivity that works everywhere. The platform is underpinned by Tata Communications’ global network and partnerships with 900+ mobile service providers across the globe and acts as the ubiquitous IoT connectivity side of our solution.
IoT Security: The NetFoundry Platform
NetFoundry makes it possible to instantly connect IoT to fog, core, and cloud at scale over any Internet connection. We enable context-specific, micro-segmentation while eliminating the cost and complexity of traditional VPNs. Using our platform, administrators and partners can easily establish software-only, zero trust, identity-driven networks called AppWANs with application and device specificity at scale. IoT AppWANs are secure-by-design, leveraging software defined perimeter (SDP) architectures, least privilege access, and virtual network function (VNF) architectures to secure, protect, and isolate IoT app from attacks such as DDoS, Man-in-the-Middle, botnets, and spoofing.
Under the Hood: NetFoundry + MOVE
By combining the ubiquitous IoT connectivity offered by Tata’s MOVE platform with the network-agnostic, context-specific security of the NetFoundry platform, we are able to deliver a mobile, secure, end-to-end IoT solution.
In our proof of concept, we used Dell 3001 IoT gateways configured with mobile SIM/MOVE connectivity. The sensor data was collected by Raspberry PI connectors to said gateways. This configuration was used because of its potential to be found in real world use cases (think trucks, power generators, and any equipment that does not have a fixed permanent location). The data collection was handled by NodeRed flow engines that forwarded telemetry to the IoT platform.
Tying things together was relatively simple.
First, we spun up a NetFoundry network control fabric instance through our web console. Next, we spun up Netfoundry Gateway in the same VPC as the ThingWorx platform using the AMI published in the AWS Marketplace.
Next, we installed a Netfoundry endpoint client on the Dell IoT gateway.
Then, we tied the gateway in AWS to the endpoint client on the Dell IoT gateway with an AppWAN. AppWANs are established when our orchestration tools are used to assign an endpoint or group of endpoints (which can be any combination of virtual gateways, virtual machines, IoT devices, smartphones, laptops, etc.) permission to access a service or set of services (typically an application) over our network control fabric. With the AppWAN in place, the IoT platform is completely protected from the public Internet, while still being able to harness its ubiquity. The only traffic that can reach it would be from the Netfoundry gateway.
We then configured the Dell IoT gateway to intercept telemetry traffic and forward it over the AppWAN.
Quod Erat Demonstrandum
In the end, we were able to demonstrate that it is both simple and possible to deploy a secure end-to-end IoT solution with widely deployed mobile assets, utilizing seamless connectivity from MOVE and secure networking from Netfoundry.
Make sure to stop by the Tata Communications booth (Hall 2 Stand 2H30) at Mobile World Congress in Barcelona this week or reach out and set up a personalized demo of our platform. You’d be amazed at the ways NetFoundry liberates applications and use cases from the constraints of the old way of networking.