Soracom Demo

Hello, and welcome to this Soracom overview video demo. Over the next thirty minutes or so, we’ll be exploring just some of the tools that Soracom offers to technical innovators for building a more connected world. We’ll start by providing an introduction to the Soracom platform. We’ll then show you how sim lifecycle management works in our user console and through programmatic APIs. We’ll show you how Soracom can integrate your data with the world’s leading cloud platforms, such as AWS, Google Cloud Platform, and Microsoft Azure. You’ll learn about how we keep data totally secure and the inner workings of our IoT back end. We’ll show you how to access your IoT devices remotely after they’ve been deployed in the field. And you’ll also find out just how quick and easy it is to get started on our platform. Let’s dive right in. starting with an introduction to the Soracom platform. Technical innovators are developing new IoT products; they often face numerous technical and logistical challenges. Soracom works from the ground up with a broad range of developers to deeply understand these pain points, delivering innovative solutions that help overcome and sometimes even avoid these challenges altogether. Our Soracom Air connectivity service connects devices securely to the Soracom platform by using cellular and Sigfox technologies. Customers can use 3g, 4g, LTE, LTE CAT M1, and 5g, where available, across multiple mobile network operators in one hundred and eighty different countries. From there, devices can rely on Soracom’s private networking services to connect their back end securely by using AWS VPC peering, VPN, or private fiber channel. Our advanced cloud integration services can authenticate devices with SIM or Sigfox device IDs, apply customer provided configuration and credentials, and call cloud service APIs on behalf of the devices. We provide customers with out the box data storage and visualization services so that anyone building on our platform who doesn’t yet have an IoT back end in place can get started without any friction. And our packet capture services for troubleshooting and remote access solutions allow customers to log in to their devices as needed from anywhere in the world. Soracom facilitates all this functionality without the customer having to set up any relay servers or SDKs on the actual hardware and without them having to reengineer any aspect of their IoT application from the ground up. The services provided in the Soracom platform are the building blocks for a scalable, secure IoT architecture. And best of all, every single Soracom service is built in a way so that you only have to set up your device once. Every other element of your IoT application is then controlled directly from Soracom without the need to change anything on the device after it’s been deployed in the field. But that’s not all. We recently rolled out a brand new service called Soracom Arc. Arc enables devices connected over the internet to establish a secure link to the Soracom platform, meaning devices connected over a customer’s home or office Wi Fi or Ethernet can also benefit from most our platform services without the need for a cellular connection. SIM Lifecycle Management After purchasing SIMs Customers can start organizing their fleet by adding names and tags to individual SIMs. SIMs can also be organized into groups, allowing customers to model the management of their devices according to project, region, end user, or other type of hierarchy. Groups also allow customers to enable additional functionality for multiple SIMs at once, such as custom DNS, data routing, private networking, and other settings. Groups can have independent settings, which gives customers the ability to easily change any number of settings applied to a SIM by simply moving the SIM from one group to another, such as moving from one group configured for a development environment to another group configured for a production environment. We’ll take a closer look at some of these additional features later. Customers can use the IMEI lock setting to pair their SIM with a device’s IMEI so that the SIM can only be used in that particular device and prevent it from being used in other devices. Customers can also set up CHAP authentication in order to apply their own credentials to the cellular connection. With CHAP authentication, a device will need to provide these custom credentials in order to connect to a cellular network rather than using Soracom’s standard authentication settings. Once SIMs are connected, customers can view each SIM’s online and offline status from the user console. The SIM management page provides an easy way to check the online status of multiple SIMs at once, as well as essential information such as the device’s IP address, which group it belongs to, where it’s located, its IMEI lock status, and so on. Customers can also change the speed class of a SIM in order to control the maximum upload and download bandwidth that the SIM can use. Additional details can be viewed by selecting a SIM and clicking Details. From here, customers can see the SIM’s data usage history by month, day, and hour, and also check the network connection history, including details about which networks the SIM has connected to. Subscription containers are a multi-IMSI solution that allows customers to add multiple subscriptions to existing SIMs in order to extend coverage, access more networks, and unlock lower data rates in certain regions. Soracom subscription containers can be managed directly by the customer and added to SIMs on demand. Simply choose a SIM, click ‘Add Subscription’, and select a subscription to add. A new IMSI will be provisioned immediately and securely pushed over the air to the SIM. Once the new IMSI has been delivered, the device can begin using the new subscription right away. Here, we can look at the network connection history and see that this SIM is now using its new IMSI to connect to a new network. The SIM management page also allows customers to manage the status of their SIMs. Each status corresponds to a different network connectivity and billing behavior. The status options are active, inactive, standby, suspended, and terminated. These statuses allow customers to model their SIM life cycle on the life cycle of the hardware device itself. Soracom also provides several features to assist in automating each SIM’s life cycle. The expiry function gives customers a simple way to specify an action to be performed on a SIM at a future date, such as deactivating or terminating a SIM. For advanced automation, Soracom’s Event Handler feature allows customers to define their own conditions and actions. For example, customers can configure a rule which will be triggered when a SIM’s monthly data usage exceeds fifty megabytes. Custom actions can be configured to run when this rule is triggered, such as deactivating the SIM to prevent further data usage, sending an email to notify the customer about the data usage, and automatically reactivating the SIM at the beginning of the next month. Soracom provides easy access to additional tools that allow customers to maintain operational control of their SIMs. For example, if a SIM is not able to establish a cellular connection, the customer can select the SIM and choose run diagnostics. Soracom will automatically analyze current and previous connection behavior in order to help customers identify potential issues. Finally, Soracom’s lifecycle controls are also available for Sigfox devices, M2M devices using Soracom Inventory, and devices connecting to SoracomM through Soracom ARC. All lifecycle controls are available via API, as well as a command line tool provided by Soracom, and can be used to programmatically control each aspect of SIM and device lifecycles. Full API documentation is published on Soracom’s developer website. Connecting to the cloud once devices gain a cellular connection with a SIM card, they are able to communicate securely over the closed cellular network provided by the Soracom architecture. Soracom is able to authenticate devices by their SIM card and data that is sent from devices will terminate in Soracom’s cellular core. It’s at this point that customers have the flexibility to modify the destination and maybe even the format of the payload before Soracom sends it on. For customers without their own back end destination, they may be able to use Soracom Harvest and Lagoon for easy data storage and visualization. When ready, the customer can simply enable our services offering direct integration with AWS, Azure, and Google Cloud Platform services, again, without any changes needed on the device. Additionally, the Soracom platform offers proxying data to any public endpoint as well. So why is this important? Well, when developing for cellular IoT, our customers want to offload as much complexity from their constrained devices as possible to save on battery power and data costs. With the Soracom cloud services, they reduce data sent from devices, offload data processing to cloud functions, and generally minimize requirements on the device side. Because the cellular connection natively offers a secure connection, devices can communicate in lightweight protocols like UDP, TCP, HTTP, and MQTT. And then Soracom can convert these to a higher protocol and add SSLTLS encryption before sending the data off to the final destination. For example, this means that if a customer wants to send data to AWS Kinesis, which only supports HTTPS, they don’t have to compromise. They still have the option to send data from their devices using lightweight UDP and save on that complexity and power consumption and have Soracom handle the heavy lifting for the HTTPS to connect with Kinesis. Another example might be offloading complex logic to function in the cloud instead of using device resources for that computation. Devices can send a lightweight message to Soracom, which will invoke a Lambda or Azure or Google Cloud function on its behalf and pass a result of that computation right back to the device. To go even further, we can offer data transformation as a middleman between device and cloud. Devices can compress data to binary format, for example, send it to Soracom, and have it expanded to cloud friendly JSON by Soracom before sending it to its final destination in the cloud. Whill is a manufacturer of personal mobility devices. By using Soracom, they were able to drastically cut down on their hardware battery consumption. The electric vehicles can send data by using lightweight and TCP into Soracom Beam. Soracom handles a secure transfer of data by converting these protocols to HTTPS to send on to Whill servers. An added benefit that we’ll discovered by using Soracom Beam is that anytime their server addresses changed, they could easily make the configuration change for all devices in one place in the Soracom console. Previously, they would have had to send someone to each vehicle to update manually. Overall, this saved more than thirty percent of power consumption on the devices and drastically cut down on development time. Securing devices and IoT back end. Security is one of the most important things to consider when it comes to IoT. However, keeping devices and IoT backend safe is challenging when they are exposed to the public internet. We have network services that can serve as an additional security layer for IoT devices and IoT back end. Soracom Virtual Private Gateway or VPG is a gateway dedicated for a customer. Once configured, the customer’s traffic is segregated from the rest and can be routed separately. The customer can configure the VPG to peer with their IoT back end by using AWS VPC peering, VPN, or with private fiber channel. It enables the customers to isolate their IoT system from the public network. Also, our new service, Soracom Arc, can establish a secure link over the Internet. By using the service, devices that are connected over Wi Fi, Ethernet, and satellite can also participate in the private network and securely communicate with the rest of the system. The provisioning of a VPG and setting up a private network can be done in self-service manner. Let’s see how a customer can set up a private network of devices and servers deployed in AWS VPC as in this diagram. First, go to VPG management view of the web console and then select the target VPG to peer with the backend. The next thing is to click on the Add VPC Peering Connection button and provide parameters that specify the target VPC, namely AWS account ID and the VPC ID, and also the region that the VPC resides in. Also, you would need to provide the VPC IP address range so that the routing can be configured properly. And that’s it. The Soracom back end will take care of the rest and now the VPC peering connection between customer’s VPC and Soracom VPG is completed. Here’s a case study of a customer, Hortau, who has done precision agriculture in North America since 2002. When they considered migration from an on premise system to AWS backend, they chose Soracom because we have cloud native cellular core network on AWS and they could use our VPC peering feature to establish a private network dedicated for their server backend and devices. This architecture has enabled secure environment for their sensors and actuators in the field and their backend servers. By combining Soracom AI cellular connectivity and our private networking services, customers can build highly secure end to end IoT system. For example, even if the attacker tries to tap the network in the middle, cellular link and our backhaul collection is protected. Even if the attacker tries to steal credentials to access the network, the SIM is tamper tolerant; customers can also use network side IMEI lock to make sure the SIM can only work with the designated device. The attacker might try to reach out to the devices via the public internet, but the access is blocked by firewall by default. The IoT backend is no longer exposed to the public internet if the private peering is established. Thus, there is no way for the attacker to reach out to the back end either. However, in the case of IoT, there are still risks to consider. What if attackers physically access devices or what if malware is loaded to devices? In that case, devices who have access to the private network can attack the back end or leak information to a third party or even attack third-party servers and your devices could be the attacker in that case. We have thought through the attack vectors and have implemented third party tool integration feature in Silicon Virtual Private Gateway. The customer can turn on the traffic mirroring feature, and then the VPG will start to copy and forward packets going through the VPG. If you specify a DPI, IPS, or IDS solution as the mirroring target, you can use the solution to detect malicious behavior of devices. We have worked with partners such as Trend Micro and Sandvine, and proved that the combined solution can detect malicious behaviors of devices and shut them down. Accessing and troubleshooting devices remotely on demand. Soracom has a set of troubleshooting tools built into our infrastructure that customers have access to that help resolve connectivity problems quickly. Soracom Napter is a service that leverages the cellular connectivity of a device to connect directly to it. From the console, select the SIM and click on Demand remote access. Fill in the port in which you would like to access, whether or not to use TLS, the amount of time before the access point should expire, and the accessing IP address. If left blank, it will default to your current IP address. You are then given settings to make your connection. Soracom Peak is a fully managed service that allows you to perform deep packet inspection on your device traffic without setting up any additional cloud and networking resources. This on demand packet capture can help troubleshoot abnormal behavior and provide the details needed to make security and performance improvements. Click start to begin a capture. Once it’s stopped, a PCAP file is generated and you can download for import into your favorite network protocol analyzer. Pinging is a commonly used technique for quickly checking that two network connected devices are able to reach each other. However, in some cases, you may want to send a ping request in the opposite direction – that is from the network to your device. This can be useful in situations where you cannot access the device directly, such as to check if the device is still reachable from the network or to check for potential packet loss problems due to a poor signal. The ping test tool allows you to send ping requests to your device directly from the user console or using the Soracom API or CLI. Let’s take a look at the administration tools provided by Soracom. From the user console, customers can navigate to the billing page in order to view the latest charges on their account. The running total is updated daily so that customers can quickly track usage. From here, customers can also check the billing history for previous months. Clicking on a billing month will reveal daily charges accrued within that month. Customers can also download or access different levels of billing details for a variety of administrative requirements. From the bills page, customers can download a CSV copy of their monthly bill, which provides a detailed list of service charges. The CSV file can then be imported into a spreadsheet application or processed by accounting software in order to sort, filter, or create pivot tables and to understand the breakdown of charges. Details of a SIEM’s tags or groups are also included in the CSV so that customers can filter charges accordingly. From the invoices page, customers can also download a PDF copy of their monthly invoices and orders for reporting and recordkeeping. For additional options, details related to service charges can also be queried via the API in order to integrate with other systems. Soracom has also enabled the use of multiple email addresses within each account, allowing customers in larger organizations to manage notification preferences, such as sending billing-related notifications to an accounting department. With Soracom Access Management, or SAM, customers can create and manage organizational access to their Soracom account. From the users page, customers can create individual accounts for people within their company. The permission for each user can be customized, such as disabling access to billing-related functions for a technical user or disabling access to life cycle controls for an accounting user. These permissions can also be defined as a customizable role, allowing administrators to apply specific permissions to multiple users at once. For additional security, multifactor authentication can also be enabled and managed from here. The audit logs feature allows administrators to audit the account activity of users associated within the Soracom account. Here, an administrator can check the timestamp and username of each activity as well as which part of the Soracom account the user is accessing and whether or not any errors occurred. Standard technical support is available to all Soracom customers at no cost. Customers can request support by creating a ticket directly from the user console. Soracom’s support team will respond within one business day. All customers also have access to a system status dashboard in order to quickly check for known issues that may be affecting their devices. Soracom also publishes platform documentation, tutorials, and other technical resources on its developer website. And that’s it for this introductory explanation of the Soracom platform. You’ve now seen just some of the tools that Soracom offers to technical innovators for building a more connected world. Ready to take the next step? You can get started right away, either by ordering a Soracom IoT SIM card and connecting your first device over cellular, or you can create a Soracom account and start exploring the capabilities of our platform right away by connecting over your home or office WiFi. Alternatively, our team of IoT experts is on hand and ready to talk to you about your project. Visit Soracom and click Contact Us to arrange a free IoT consultation now. Thanks for watching, and good luck. Soracom. You create. We connect.