Aptilo IoT CCS – Hyperscale IoT Connectivity Management

In the utilities market a customer may need to connect hundreds of thousands, maybe millions, of “dumb” IoT devices such as electrical meters. They are dumb in the sense that they are simple and cheap, so they often lack security features such as VPN connectivity.

These devices have a vulnerable position in people’s homes. Thus, they need to be protected by firewalls. Some of the traffic may also need to be delivered through VPN from Aptilo IoT CCS.

Anomalies in the traffic patterns may also need to be analyzed.

A modern car is really a hub of multiple IoT devices. These devices come from subcontractors of things such as suspension, batteries, brakes, security systems, entertainment systems and more. They all need a private connectivity for firmware upgrades and predictive maintenance.

There’s a vast variety of different needs and use cases:

Car-2-car communication requires low latency. Upload of extensive real-time analytics, require high upstream data capacity. Download of software or passenger entertainment, need high downstream data capacity. They may also need geographical routing rules determined by device profile settings. Furthermore, there may be a need to have localized Internet. The service must be able to route the Internet traffic to the home-country’s Internet breakout, to enable users to, e.g., watch their local streaming content while abroad.

There’s a need to secure the transport of sensitive data, such as analytics, software upgrades and data for predictive maintenance. Best way to secure this data is to establish end-to-end connectivity through VPN tunnels. The service provider must support a one-to-many VPN connectivity that is controlled by the car manufacturer.

Car manufacturers also has high security requirements, end-to-end security, DDoS protection, anomaly detection, etc.

A small local taxi and transport company is part of the small and medium-sized enterprise (SME) customer segment. The SME segment is the direct opposite to a car manufacturer in the sense that they have no IT resources, and they only have a handful of devices to cater for.

They may run a few legacy systems that need to have contact with the cars at all times. These systems have very limited security functions, as they were established already before the birth of Internet. So, they need operator managed security. VPN tunnels are not an option for this customer, because they can’t set up and manage VPN connections.

From the operator’s perspective, they need this type of customer to handle their own settings. In this mass market, it is just not profitable if the customer needs too much assistance from the operator. There’s an enormous volume of potential customers in the SME segment, but each customer does not contribute with much revenue. This is a volume game. For the self-management to work, a easy-to-use web GUI or app with basic settings is a must.

Companies offering app-based short-time rental of electrical scooters are popping up like mushrooms in larger cities globally.

They have tens of thousands of relatively low-end devices in the form of electrical scooters. This type of company needs to secure traffic from their scooters to the receiving servers. They may also need automatic detection of usage anomalies, e.g. unexpected data patterns.

The scooters are exposed to potential user manipulations. Furthermore, they commission and decommission them regularly and an average lifespan of a scooter is just a few months.

Scooters must only be mobile within in a pre-defined area in the city, so they need to:

• Limit usage outside of defined localities.
• Enable direct connectivity to each unique device, hence they need to have a private IP-address.
• Allow for easy and instant blocking of lost devices or the ones taken out of service.

The forestry Industry need complex domestic IoT connectivity. They need a secure connectivity over an Enterprise APN to their headquarters for services such as:

• Location tracking of vehicles.
• Report quantity of cut timber.
• Report machinery operation hours.
• etc, etc…

More over, they need secure connections (VPN) to other destinations:

• Upgrade of vehicle firmware with the truck vendor.
• Data exchange with the forestry machinery vendor to enable predictive maintenance.

They may also want to enable Internet connection for the integrated tablet device available in many forestry machines. This traffic must be protected by a firewall and they need to control this connection according to corporate policies.

Let’s explore how mobile operators can combine a connectivity control service such as Aptilo IoT CCS with their own ability to do dynamic eSIM localization. They can provision and upgrade settings in the eSIM, using their over-the-air (OTA) systems and the latest eUICC technology, and change the profile to the local operator on the fly.

This is great news for a transport company operating over all North- and Central America. They can turn to one mobile operator in Canada to solve all their connectivity needs both domestically and abroad under one contract.

By connecting all partner MNOs to the Aptilo IoT CCS, the mobile operator can offer a unified global APN+VPN connectivity without roaming. The truck will, for instance, maintain its IP-address across borders.

Let’s see what happens as the truck passes different countries. We start in Canada. When the truck enters the United States, this enables the profile for the US partner MNO over-the-air. The truck continues to Mexico and the OTA system makes sure that the eSIM switch to the local MNO partner in Mexico.

If needed, the Aptilo IoT CCS service can offer policy-based breakout for all or parts of the traffic to the nearest AWS point-of-presence.

The need for global connectivity can also just be a matter of logistics. Take a manufacturer of coffee machines rented out to coffee shops all over the world.

Just imagine the benefits, in manufacturing and less tied up capital in stock, by just storing one version of the machine instead of individual versions for each country. Doing this under one mobile operator contract, and still be able to apply the same security and policies (through Aptilo IoT CCS) across the board, while allowing some of the traffic to break-out in the local country and some routed home in secure VPNs.

In both cases with global connectivity, the mobile operator must go beyond roaming and instead localize eSIMs over-the-air (OTA) to local subscriptions. This will eliminate the issue of blocking of IoT devices due to breach of regulations and commercial agreements that is prohibiting permanent roaming.