Ensuring Security and Efficiency With Cellular IoT Cloud Connectivity
Written by: Alexis Susset
Published: May 25, 2017
When connecting devices over cellular, it’s important to think about the way they will interact with Cloud computing environments. There are many ways to secure data exchange, but unfortunately, many of these solutions generate high bandwidth consumption, which can quickly add up to high cellular IoT connectivity bills. These solutions also often support only one-way communication and do not allow getting back on the device itself.
Cellular IoT Solutions By Soracom
Some of the solutions that we’ve created at Soracom are called Canal, Gate, and Door:
- Canal enables our users to put in place AWS VPC peering, basically assigning their own preferred private subnet to each Soracom Air SIM card. This ensures that data flows only to specific cloud infrastructure private network, giving full control of what connectivity the device can use via firewall controls
- Gate has been designed to allow bi-directional communication with the devices. When enabled, Gate creates a router that allows your cloud system to connect back to devices’ private IP addresses
- Door supports use cases where the Cloud or data center workloads are running outside of AWS. It is effectively identical to Canal and Gate but using IPSec based VPN
Soracom has also created the notion of groups, which means that these functionalities can be assigned on a per-SIM group level, allowing for multiple private networks on a single, centralized account.
These cellular IoT solutions not only add security to device communication but also allow for data-efficient connectivity. This is done by using non-encrypted protocols such as UDP, TCP and HTTP. Since the cellular link is already encrypted all the way to cloud systems, security is kept intact while making sure the cellular link is only used to transmit useful data. With this architecture, we’ve seen many use-cases saving up to 80% of their devices’ bandwidth consumption.
Are Soracom SIMs the Ultimate Cellular IoT Solution?
An architecture I am particularly fond of is to use the SIM card as a unique device identifier in combination with Canal and Gate. Leveraging Soracom management APIs, I was able to create direct AWS cloud system-to-device interactions (more details on that setup in a future blog).
Since each IMSI translates into a private IP that is addressable from EC2 instances, backend systems and/or operation teams can securely connect back directly to the device. This enables both advanced use cases and also ease of administration and troubleshooting when needed.
…
In coming months we’ll be running Hands-On workshops across Europe and the US. Follow us on your prefered social networks for location information and more Cellular IoT tutorials!
Twitter: @SoracomIoT and @alexis_susset
LinkedIn: Soracom
Facebook: Soracom
Bay Area MeetUp: Soracom SV-IoT
European MeetUp: Soracom IoT-WS
………………
Got a question for Soracom? Whether you’re an existing customer, interested in learning more about our product and services, or want to learn about our Partner program – we’d love to hear from you
