Welcome back to our series on the VPN, APN & Fixed IP SIM topic.
In our previous post, we dove deep into the technicalities of each feature. This time the focus is on the actual deployment of different IoT applications that benefit from the security of APN, VPN, or Fixed IP configurations.
This overview aims to demonstrate all the available APN and VPN deployment models, and also be a conversation starter once you have started thinking about it for your use case.
The IoT applications that we're going to cover are:
Today in the IoT space, there are many examples of existing deployments all around the world. The majority of them do not rely on just a single choice between APN, VPN or Fixed IP but are rather combinations of these solutions applied together. Please keep in mind that specific deployments always depend on requirements from the customer’s organisation.
This example reflects one of the major groups of 1oT’s existing customers. Globally the e-Scooter industry is on the rise. Scooter sharing systems are one of the least expensive and most popular last-mile mobility options in urban areas.
Scooters are equipped with cellular connectivity (and built-in GPS modules) which allows them to broadcast their location in real-time during a trip. Through cellular tracking and GPS, companies can gather usage statistics, track which scooters are being used, and charge customers accordingly for the time spent per trip.
Traditionally, for users of an e-scooter sharing service, to be able to lock and unlock a scooter and immobilize its wheels it was required to send an SMS command from the service mobile app. Through that SMS the requested action was triggered. With this approach, the entire process has been quite costly and slow, and obviously, there was no security involved at all.
Going forward, with the use of a VPN SIM subscription, every e-scooter gets its own private and Fixed IP address (from a private network’s range of addresses), which is later represented as a Private APN entry configured on the IoT device (e-scooter connectivity module). It makes the entire solution much more secure, fast and low-cost.
As the process of managing and assigning a Fixed IP for each SIM subscription does not allow for a scalable solution for larger implementations, there is another approach that has proven to be popular.
It uses a specific network technology called Message Queuing Telemetry Transport (MQTT). This protocol runs over TCP/IP stack but does not require the assignment of IP addresses as a means for communication between hosts.
It has become very popular in the IoT world, mainly due to its design for minimal battery loss and bandwidth on low powered devices. MQTT can be used with regular SIMs (no Private APN, no VPN or Fixed IP configuration required).
The protocol defines two types of network entities: an MQTT broker (a server responsible for receiving and routing MQTT messages to destination clients) and a number of MQTT clients (IoT devices).
In this scenario, the MQTT clients do not have to be aware of each others’ IP addresses. Instead, all communication is based on the client's subscription to specific channels.
Each client can both produce and receive data by publishing and subscribing, e.g. an e-scooter IoT device can publish usage data and still be able to receive the configuration information or control commands from a client on the back-end system. This helps in both sharing data as well as managing and controlling devices.
Wireless connections have become the main trend in card payment terminals. The majority of them today transmit data over mobile network connections and Wi-Fi.
In the case of mobile networks, it is the SIM subscription that guarantees connectivity. As payment terminals handle sensitive banking information from their users, there is a need for additional security and the protection of data in transit over the Internet.
With a VPN SIM subscription, payment organisations can enforce an end-to-end encrypted mobile connection. Moreover, a VPN secured network separates the payment data from regular Internet traffic going to and from the terminal.
Charging stations (e.g. for electric cars) are often located remotely and connected to their organisations' networks via SIM cards. These stations can handle different types of functions, some of which require additional protection and security as well as others that can send traffic more openly.
One of the key functions that requires additional security is payment for the consumed electric power. Similar to mobile payment terminals, a charging station’s integrated payment terminal requires a secure VPN connection to a payment organisation.
With two APNs (dual APN setup) provisioned for the SIM, the same SIM subscription is capable of providing both types of connections. One APN to connect the SIM to the Internet, and used, for example, to send a charging station's logs to an organisation's back-end infrastructure.
While at the same time, the second APN connects via the same SIM subscription to a VPN tunnel of a payment processor organisation.
Connected cars provide all kinds of infotainment options, like streaming music or navigation maps. These services can no doubt use a regular connection via the public Internet.
At the same time, all diagnostic logs or critical firmware updates should be exchanged with a car manufacturer's infrastructure via a dedicated VPN tunnel.
Similarly to the charging station use case, using a dual APN setup on the SIM subscription allows that one SIM can fulfill both demands.
Digital signage is a new generation in advertising and public information solutions. It allows for real-time content display, from news to weather, prices, transport schedules and much more.
It is also widely deployed as a solution to digital dashboards, video walls, and artistic displays.
In general, managing content on the screens is done by media players connecting to a local network or the Internet. This allows for the centralised management of data and control via a dedicated content management server.
Communicating between screens and media players without a Fixed IP address connection is problematic. With the configuration of Public APN and assignment of Public Fixed IP, SIM subscriptions can resolve the issue and allow for bidirectional communication between the screen and the media player.
Vending technology is rapidly evolving. Real-time stocks tracking, adjusting pricing, or enabling secure payments have become standard features and they’re all managed as a remote process. Vending owners organisations can manage them with bidirectional communication using a Fixed IP SIM subscription.
A Private Fixed IP address associated with the SIM subscription provides access to the wireless router. Then the router can access the camera network, giving control rooms access to footage at all times.
Wind turbines are examples of large scale and complex IoT devices. Mostly they are packed with a large number of sensors. Remote connections to safety systems are also required to keep control of the entire system.
In such scenarios, bidirectional communication is the way forward to control potential turbine shutdowns. A Public Fixed IP SIM subscription can provide access to all required monitoring capabilities.
As you can see by now, each IoT application has its own requirements that dictate the need of an APN, VPN, or Fixed IP deployment. No evergreen solution exists right out of the box.
Therefore we encourage everybody to think through their needs before proceeding with specific solution implementation. In order to read more about security in IoT in more general terms, we suggest you read the article here.
If you need help deciding on the right deployment model for your IoT/M2M project, then don't hesitate to contact us at hacking@1oT.com.
If yes, don't hesitate to contact our experts to figure out your most urgent needs.