Last week we have invited Philipp Dreimann from Amazon Web Services (AWS) to our IoT Webinar series. Philipp Dreimann is a solution architect guiding startup and mid-sized companies to fulfill their business requirements with cloud technologies. Read the webinar recap to learn how companies can utilize AWS and EMnify to improve their operational efficiency.
What is Cloud?
A simple definition by Philipp: “IT resources that you can use on-demand with a pay-as-you-go pricing." Putting this in perspective it means that you can instantly create a virtual machine, use additional services for, e.g. machine learning, and if you realize that it does not fulfill your requirements, you can liquidate the resources and only pay for the time you used them. This is not only great for experiments but also for scaling solutions that start small with unpredictable scale.
AWS Global Infrastructure
AWS currently has 24 global Regions, 1 local Region with 77 Availability Zones and 200+ Point of Presences – with more locations being constantly added.
A region: is a physical location in the world with multiple availability zones.
Availability zone (AZ): Consists of one or multiple data centers with redundant power, network and connectivity in different facilities (often cities). Applications and data in the AZ are replicated in real-time to another AZ in the region, thus workload becomes more fault-tolerant having higher availability and scalability.
Each region has two transit centers that connect to the AWS backbone and the public internet. From the transit center there are direct fibers to the availability zones – which are each interconnected.
Security requirements and Shared Responsibility Model
AWS ensures the security OF the cloud and services, so customers do not have to take care of hardware, software, network and facilities.
Customers need to ensure security IN the cloud - meaning that they must configure their services in an appropriate way to make them comply with the security requirements. For virtual machines this means that the customer is responsible for the operating system, patches, the application; but AWS helps with services, e.g. configuring firewall rules.
When looking at the security compliance that AWS has built for several customers in, for example, the financial and healthcare domains – it's clear AWS is compliant with most global regulation and certifications, such as GDPR.
IoT on AWS
AWS provides a suite of services for building an IoT solution – summarized as AWS IoT. AWS IoT is being used by B2B and B2C customers across all industry verticals.
Device software services
Free RTOS – a real-time operating system that is reliable and simple to integrate into AWS IoT services.
AWS IoT device SDK – in case customers already have their OS – but want to use the AWS IoT services they can use the SDK to simplify the integration.
AWS Greengrass – is like a local proxy on the device that can process data and make the decision locally, provides data messaging and buffering capabilities, for example, when connectivity is not available.
AWS IoT device tester – checks if the device can interoperate with FreeRTOS or the AWS IoT SDK and will be able to use AWS IoT services.
Cloud connectivity & control services
AWS IoT – service that provides an overview of all devices and scales to your needs. Connecting devices, sending and receiving messages.
AWS IoT device management – service that enables firmware updates, remote device configuration management and health monitoring.
How to get started with IoT on AWS?
There are usually two types of approaches that customers start with IoT on AWS – depending on the status of their journey. Customers that already have an IoT application in a hosted or on-premise environment and want to migrate their solution in a lift and shift model – or customers that are just starting their IoT solution or want to re-architect an existing solution are using AWS managed services.
Lift and Shift approach
When you open an AWS account and want to connect your IoT devices you need to:
- configure your networking (create public subnet)
- bring up a virtual machine in the public subnet (EC2)
- migrate the application software to the EC2 virtual machine
- use any IP transit (such as Wi-Fi or Cellular) to connect the device to the application
- reconfigure your DNS to point to the new public IP address or bring your IP address range to AWS
- you can integrate additional AWS services for analytics or machine learning
Note that you must manage the virtual machine, so take care about backup, redundancy, operation system updates
Using managed AWS services for IoT
If you are starting new and want quick results you would be using the AWS IoT core service. The device connects to AWS IoT Core and the received message is forwarded to AWS IoT analytics where the events are processed and stored. AWS IoT Core also allows AWS Quicksight, the business intelligence solution, to display the data.
Note that all these services are managed and therefore the only responsibility is to configure the service. The service scales to the needs and there is no additional maintenance required.
AWS smart product solution
AWS also provides a pre-made downloadable solution that includes all services required to a quick start. The smart production solution includes several of the previously described services and is already pre-configured to start right away.
AWS and Cellular Connectivity for IoT
The advantages of AWS for IoT solutions are further heightened when paired with cellular connectivity offered by EMnify . Cellular connectivity is not only an IP transit between the device and application, but if you use the right partners, you can also benefit from reduced operation and management costs.
Distributed IoT solution
IoT solution providers often start with deployments in a specific country – as soon as they found a product market fit, they start selling to new markets. With a customer base that is distributed globally, new challenges arise, even besides having the ability to connect the device at the customer site, which can be solved with global available cellular connectivity.
Routing data back to one central server or hosting site has several disadvantages:
- delay and loss of data
- additional power consumption with the device is being longer online due to the data propagation delay
- regulatory issues with customer's demand for keeping data locally
- high availability requires a globally distributed architecture.
Deploying a global IoT solution is easy with AWS - you can use a single contract to deploy services or infrastructure in any of the AWS Regions – either using the specialized AWS IoT service stack or by migrating your application software to distributed virtual machines (EC2). AWS gives you the service to route traffic to the closest region, e.g. using geographic DNS based load balancing with AWS Router 53.
Challenge with traditional cellular operators and solution with AWS and EMnify
The architecture of a traditional operator does prevent a distributed IoT solution because they home-route data; meaning that even when the device is on a different continent the data is routed back to the home country of the operator. This contradicts all the requirements of a distributed IoT solution, making any distributed model unfeasible.
EMnify’s cellular connectivity is different because it augments distributed IoT solutions with AWS IoT and EC2. EMnify’s core network is distributed in all major AWS Regions and the data is directly routed to the closest AWS Region (or to the region which you select); making a distributed IoT solution feasible.
Secure Private Network with cellular IoT devices and AWS IoT solution
When IoT devices are deployed at a customer site, out of reach from the solution provider, a need for a secure private network between the device and application arises. There are three main reasons for a secure private network:
- Support teams can access the device for device troubleshooting and debugging.
- It is an additional layer of security as the device data is transported encrypted over a secure channel (VPN/IPsec).
- It circumvents carrier-grade NAT which usually required additional services for port punch-holing (such as STUN for VoIP) for device to device communication.
With AWS the setup of private network is offered through an automated, standardized managed VPN service. With the support of the latest encryption formats and included high availability features (like redundant tunnels) AWS is a great choice building a secure tunnel between the mobile network operator and the IoT solution on AWS; making any IPsec appliance obsolete. Nevertheless, working with a traditional operator and AWS has still several drawbacks – the setup is complex and time-consuming because IP address configurations need to be sent back an forth, private APNs, static IPs and potentials radius servers need to be configured and provisioned. The required service on the operator side (private APN, static IP, Radius, DNS) often incurs upfront and recurring costs – with a time to deliver of weeks to months.
When working with AWS Partner EMnify – the establishment of a secure private network is simplified. With EMnify’s mobile network already being on AWS, EMnify takes care of the secure connection up to the AWS Region. You just need to use an intra-cloud connect using the AWS Transit Gateway service to connect to EMnify in the same AWS Region of your IoT solution – which is done in an automated fashion taking only minutes.
Operational Data, Alerts and Dashboards
When IoT solutions scale the necessity for efficiency is key. Support and operation teams need to have access to all relevant operational data, dashboards and alerts to efficiently detect and solve customer issues before they appear.
AWS provides managed services for example for:
- detecting anomalies (Amazon IoT device defender),
- sending alerts (Amazon SNS)
- developing dashboards without code (Amazon Quicksight)
Based on the services it is easy to integrate data from different sources, such as device, infrastructure and application data. Even when you're not using these managed services, you can choose a data store such as Amazon DynamoDB to develop your own operational dashboards within your application.
One component of the IoT solution where the operations teams are usually sightless is cellular connectivity. They can only detect that data is not arriving in the applications – but the root cause and how to fix it is hidden. With EMnify, connectivity metadata is provided through a real-time DataStreamer to AWS service S3 and Kinesis. Connectivity metadata are event and usage records that not only provide information about the data volume and cost each device consumed in relevant network, but also information that uncovers issues such as network attach, roaming issues or the cell identifier where the device is located.
When building an IoT solution that is sold to multiple customers, you need to think about how to efficiently scale while still being able to operate and manage it properly. To wrap up, what you need to consider:
- That the solution works globally so expansions can be done seamlessly.
- That resources are utilized efficiently and can focus on the key business objectives.
- That support teams can see and solve issues before they are affecting the customer.
IoT solutions work everywhere – or at least at your customer site
Using Amazon Web Services, you can deploy and run your solution on a reliable distributed infrastructure with global presences. EMnify not only enables that the device can connect globally to cellular networks but also provides data breakouts locally in all major AWS Regions, so data does not need to be home-routed.
Efficient utilization of resources
Using AWS managed services, you do not need to think about maintaining, scaling or redundancy of your IoT solution. The integration of IoT services for additional functionality such as analytics and machine learning is automated and simple. With EMnify, the integration of cellular connectivity is also done through AWS services in an automated, click-through way.
Support teams have the visibility they need
AWS provides managed services to process, analyze, store and display any kind of data – which makes it easy to not only build the IoT solution but also to integrate relevant data in operational dashboards, alerts and workflows for support teams. Getting device, application, and EMnify provided connectivity data in a single pane of glass enables support teams to solve issues faster.
Download the webinar slides here and feel free to reach out to us in case of any questions.