Tag: static IP

Posted on

IoT SIM Card Deployments in Global AgTech: A Case Study

IoT Sim cardfor AgTech
AgTech IoT SIM card Connectivity

Introduction

As Agricultural Technology grows (pun intended) in popularity around the world, connecting all of these “things” is increasingly more difficult. International implementations face many obstacles. We focus on the issues with IoT SIM card use in worldwide operations. Some of the same complications occur in single country use as well. Streamlining these deployments saves time, money & headaches. This article focuses on one such case.  We will discuss a soil moisture sensor company struggling with their multi-national deployments. We will cover their solution, their initial problem, the steps they took to remedy the situation, and the solution they chose.

The Customer’s Description

As a Start-Up, this company needed to grow fast and were sending their moisture sensors all over the world, and they had pilots currently running in 27 different countries. Their solution includes a mesh network of wireless sensors spread over the fields of a grower and all of the data aggregated in a gateway device that sends all of the data back to a server for analysis and reporting on their UI. The gateway device is a standard rugged router. It uses a 3FF global IoT SIM card powering the connection to the back end through cellular networks. The gateway required bi-directional proactive communication because they needed to reach the gateway from time to time on demand.  Their sensors test the soil every 3 hours. The total amount of data per gateway averages 72MB per month.

The Problem

They struggled with how they would put together a solution for all of these disparate countries, though. It takes time and resources to find an IoT SIM card provider in each country. Using these various providers further complicates matters because they had to manage multiple SIM management portals, multiple APNs, SKUs for each IoT SIM card provider, and several languages to deal with (English, French, Spanish, Portuguese, Russian, Chinese, and German to name a few).

All of this takes time and resources. As a small company, their time really does mean money, because navigating all of the vendors, and programming their routers based on where the devices were being sent took time away from marketing and selling their solution. They estimated it took 47% of their time finding local cellular providers. Also setting up the new vendors’ APN’s and SKUs into their workflow, learning a new portal for SIM card management, etc., etc. That is all time when they could be building a strong sales funnel, meeting with new prospects, working on marketing  efforts, and so forth.  They estimated if they could focus 47% more time on these tasks, their annual revenue would grow over $1M.

What They Tried

Over the last 6 months they tried to standardize their connectivity providers to a smaller number. They thought this would solve the issues. What they discovered was that it did help, but the benefits were not sufficient. The CTO and COO still had to think about how devices needed to be configured for each country. They also had to manage multiple platforms which takes time to learn and implement different portals and the API’s each portal used (if they supported API’s). They also had different IP ranges to deal with, where a single IP range would be easier to manage because they could used a single VPN with a single IP range.

The OneSimCard IoT Sim Card Solution

OneSimCard IoT logoWe came to the table with our ears open. We heard their problems and developed a solution tailored to their particular needs. What we came up with was a single, Multi-IMSI, eUICC enabled  Global IoT SIM card. Our IoT SIM card  is used virtually anywhere in the world with a single APN. OneSimCard IoT covers 200+ countries and territories.  A single APN means they are able to set-up all of their devices the same, regardless of the device’s destination.

We also provided the client a single private static IP range large enough to support all of their IoT SIM card deployments for the foreseeable future. We recommended an OpenVPN solution for their bidirectional proactive communication to their cellular gateways. Because it only allows one concurrent user, OpenVPN is a low cost alternative to our IPSec VPN solution. It provides the communication this client needed, though.

The client also benefited from the use of our OSCAR SIM management Portal.  OSCAR is built in-house from the ground up. When a customer wants to make a change, we make that change quickly. This flexibility helps our clients by catering to their specific requirements without over-complicating the experience. OneSimCard IoT’s portal is cloud based and has mobile apps available on Google Play as well as Apple’s App Store. We also provide a full set of API’s to our Portal. This allowed the client to tie their portal to ours with only one set of API’s.

The Result

The benefit was immediate. Streamlining to a single provider gave the client back their valuable time. They now can concentrate more time and resources on revenue producing activities. In the first month since the change to OneSimCard IoT, they were able to implement 20% more solutions. They also were able to add 25% more new opportunities into their sales funnel. If 5% of these prospects close, this adds $1.5M in annual revenue.

If you have an AgTech solution, or any other IoT solution that needs connectivity, contact us. Our IoT experts will be happy to listen to your requirements and develop a solution just for you. The best way to reach is is by email sales@onesimcard.com. You can also fill out our contact form, and we will be in touch!

Posted on

Securing Your IoT Deployment by Replacing Public Static IP’s

Securing Your IoT Deployment
Securing Your IoT Deployment

Security is on top of mind for every stakeholder of IoT device deployments and discussions of the best way to secure data is ongoing and constantly evolving. We are regularly consulted on how to harden IoT device data specifically related to IoT SIM cards and data transfer. The goal of this article is to share best practices we have learned over the many years we have been dealing with this question particularly related to the risk of Public Static IP’s and how to mitigate this risk.

Most devices that are deployed with IoT SIM cards deliver data unidirectionally by sending data from the device to your server based on time interval or event triggers and no reply/response is required from the server back to the device, or bidirectionally sending data to and receiving data from the IoT device. This bidirectional communication is where we will concentrate.

Bidirectional data transfer without using Static IPs is typically accomplished using 2 distinct methods:

  1. Polling – this is accomplished by the IoT device initiating communication with your server using protocols like HTTP to request information from the server. Your server can then capture the IP address of the IoT SIM and send its response back to the device using this now known dynamic IP address. This works well for cases when the IoT device is able to initiate communication, or “poll,” typically based on time intervals or if a certain event triggers this communication.
  2. Socket based – where the device maintains an open connection with your server using protocols such as MQTT. The persistent, open connection allows both the IoT device and your server to communicate with each other independently from one another. Unlike polling, neither the device nor the server relies on the other to initiate communication.

While these examples of bidirectional communication are viable, they do have significant drawbacks:

  • Polling relies on the IoT device to initiate communication with the server and this, as previously mentioned, is based on time or event triggers which don’t allow for you to connect with the IoT device whenever you want; you have to wait for the device to initiate and this could be too long of a period of time.
  • Socket based communication relies on the persistent connection which for a number of reasons could get interrupted. If the connection is interrupted, then you must wait for the device to open another connection because the dynamic IP address of the IoT SIM card could have changed and there is no way of knowing the new IP address for the IoT SIM card.
  • Not all devices support these types of communication protocols and this limits your choices when choosing IoT devices for your project.

Because of these considerable drawbacks, enterprises use Static IPs on IoT SIM cards for much more reliable bidirectional communication. Static IPs allow you to communicate with the IoT device at any time because, by definition, you always know the IP address of the SIM card. There are two types of Static IPs, Public and Private. We are going to talk about replacing Public Static IPs with Private Static IPs because of the security and cost concerns with Public Static IPs.

First, it is important to understand a bit more about Public Static IPs.

 

Public Static IPs

IoT SIM cards with Public Static IPs have been used for IoT deployments for bidirectional communication between IoT devices and servers for many years. These static IPs allow you to proactively reach out to a remote IoT device in the field at any time using the known IP address. Because these are Public IP addresses, you can communicate with your devices from any machine which, on first blush, seems like a handy solution. This access raises an enormous security concern though. By definition, these IPs are addressable to any machine on the public internet, which forces organizations to implement ancillary security methods like rotating passwords, whitelisting incoming connections and turning off services which aren’t being used. This security concern also extends to the server to which the IoT device connects, because that server also needs to be publicly available. Here is a diagram of this design:

Public Static IPs
Security Flaws of Public Static IPs

As you can see, this design is inherently flawed from a security standpoint because the use of publicly accessible IPs exposes your deployment to intrusion by hackers from anywhere in the world.

Security isn’t the only concern when using IoT SIM cards with Public IPs, though. Cost is another consideration. Just like Real Estate, there is a finite number of Public IPs available. This drives the cost of Public Static IPs higher and it takes time to deploy these Public IPs from the network carriers. Cost and time are major hindrances to effective IoT device deployment.

 

IoT SIM cards with Private Static IPs – The Solution to Replace Public Static IPs

The other method to bidirectional communication is to deploy Private Static IPs on your IoT SIM cards. Just like Public Static IPs, Private Static IPs allow you to always know the address of your device and access the device at any time. However, IoT Sim cards with Private Static IPs do not allow public access to the IoT device because only devices or servers on the private network are allowed to communicate with the devices within the network. It is possible, if necessary, to send data from the IoT device to a place on the public internet (external site) but proactive communication to the IoT SIM card can only be initiated from within the private network. We create this private network in 2 ways.

  1. Peer to Peer communication. This method uses an IoT SIM card with Private Static IP in your IoT device and another IoT SIM card either in a router behind your firewall, or in another IoT device if the devices need to communicate with each other. Peer to Peer communication is typically used when small amounts of data is being used because you are essentially doubling your cellular data consumption because the IoT SIM card on your server is acting as the data connection rather than traditional ISPs. This can be expensive if large amounts of data are being transferred, and;
  2. VPN connection. VPN (IPsec or OpenVPN) is a much more common method to create the connection to the IoT SIM card with Private Static IP. The way this works is a VPN connection is made from your server to our server which, by rule, is connected to all of our IoT SIM cards. This tunnel communicates securely to your IoT devices because the traffic is encrypted end to end and all traffic is kept within this secure tunnel. This is by far the most secure and cost-effective way to maintain bidirectional communication with your IoT devices.

Below are diagrams demonstrating Peer to Peer and VPN connections with Private Static IPs:

Peer to Peer Connection:

Peer to Peer Connection

VPN Connection with Private Static IPs:

VPN Connection with Private Static IPs

Clearly, using Private Static IPs on IoT SIM cards is a much more elegant and secure way to communicate. This setup will allow reliable, cost-effective bidirectional communication between your servers and your IoT devices and it reduces the need for further hardening which is required when using Public Static IPs.

If you would like to speak with one of our IoT experts, please reach out to us anytime at sales@onesimcard.com.