seamless and secure data provision to aws iot core...aws iot core and its suite of cloud...
TRANSCRIPT
1.©2020 Eseye Limited
Seamless and Secure Data Provision to AWS IoT CoreEseye AnyNet Cellular Connectivity for AWS IoT
3.2. ©2020 Eseye Limited
The Internet of Things (IoT) has unlocked the potential for organisations to gather up-to-the-minute customer and market intelligence. Yet, while a torrent of new IoT ideas create great opportunities they also introduce fresh IT deployment challenges. Establishing an IoT infrastructure, designing and deploying devices connecting them to the internet, gathering and analysing a steady stream of rich data can be challenging, costly and time consuming. In response, Eseye created the AnyNet for AWS Solution. It enables enterprises to harness the power of Eseye’s AnyNet Cellular Connectivity and seamlessly provision the data from their devices to AWS IoT Core. This enables fast, simple and secure IoT deployment on a global scale.
Enterprises deploying IoT face a number of logistical and technical challenges that must be negotiated in order for the project to be deemed a success. It is these barriers that have so far limited the mainstream adoption of IoT. They include 3 key challenges:
Consistent reliable global device connectivity
Thedifficultiesinmanagingtheirdevicesandensuringtheycan provision data to the chosen cloud provider
Ensuring the security of their devices and their data
AWS IoT Core and its suite of cloud applications provides a powerful and simple way to manage your IoT devices. Eseye’s connection to AWS IoT Core securely delivers seamless provisioning,simplifiedmanagement,andubiquitousglobalcellularconnectivityforyourIoTdevicesthroughtheAWSIoTmanagedcloudservice.Eseyeuseauniqueapproachtoavoid the typical security concerns found in deploying, connecting and managing your IoT devices.It alsosignificantlysimplifiesandautomatestheimplementationofsecurityandidentitycertificatesfornewdevicesconnectingtothenetwork.
Introduction
The Challenges in IoT Device Deployment
How Eseye AnyNet Cellular Connectivity for AWS Addresses these Challenges
2.
UNIFIED BILLING
1 SIM1 SKU
100% CONNECTIVITY
YOURDEVICE
ZERO TOUCH SECURITY CERTIFICATES
SENT OTA TO YOUR DEVICE
WE AUTOMATICALLY PROVISION THE DEVICE
ONTO THE AWS IoT CORE
ESEYE ANYNET INTELLIGENT SIM
YOUR AWS ACCOUNT
SINGLE PANE OF GLASS MANAGEMENT
SINGLE SUPPORT INTERFACE
5.4. ©2020 Eseye Limited
Eseye’suniqueintelligentAnyNettechnologyhasmultipleprofilesorIMSI’sthatcanbeupdatedover the air – or localised to the relevant mobile network. This proactively managed connectivity can help enterprises achieve near 100% global uptime.
Enabling this connectivity directly into your AWS Account meansyoucanbuyyourSIM,globalconnectivity,andmanageyour whole IoT estate through your AWS account. Likewise, you only get one bill linked to account activity and so all your invoicing is in one place. Linking seamlessly to AWS IoT Device Manageryoucanveryquickly,easilyandsecurelyonboard,organise, remotely manage, and monitor your IoT devices at scalethroughouttheirlifecycle,reducingtheeffortandcosttypically associated with extensive IoT deployments. Device information can be regularly updatedandconfiguredindevicesdeployedacrossmultiplelocations.ThisincludesupdatingdevicesoftwareandfirmwaresecurelyOver-the-Air(OTA),whichhelpstocontrolyour maintenance costs.
For more information
on how Eseye’s
intelligent Connectivity
Management Platform
and IoT hardware
optimisation expertise
can provide near
100% global
connectivity visit
eseye.com/solutions
SimplylogintoyourAWSaccountareatocreatea‘Thing’andentertheEseyeAnyNetSIMID.
Oncethe‘Thing’iscreatedtheSIMisautomaticallyactivatedandyourprovisioning is triggered.
At this point creating a ‘Thing Shadow’ also establishes a digital copy of your device that will provide a digital store of information and powerful analytics about your device
Tosetupadeviceyoudon’tneedtonegotiateaservicewithMobileNetworkOperators(MNOs)becauseallcontractsandpaymentsarehandled through your AWS account.
The deployment of security and identity information and Amazon SSL/TLS certificatessimilarlytakesplaceautomatically,enablingzerotouchprovisioning.
How it Works
Your AWS account
Thing Shadow
Aws IoT CoreAPPLICATION
MO
DEM
Device or ‘Thing’
SIM + MODEM + APPLICATION
MICROPROCESSOR
InternetMobile Network
3G / LTE
APN APPLICATION DATA PATH
(MQTTS)
ESEYE BILLING
S E C U R I T Y + I D E N T I T Y O T A
Eseye AnyNet SIM installed in
customer device
1
Benefits
Single global
device SKU
2
Devices connect to the best local
network on power up
Benefits
One SIM for all global
connectivity & zero touch
provisioning
3
Benefits
Out of the box cloud
enablement
Automatic connectivity &
registration into AWS IoT
5
Eseye switches the IMSI OTA based on service provision
availability
Benefits
99.75% connectivity
enabled by 700+ MNO networks
6
Devices are fully manged within AWS enabling
rules based policy
Benefits
Single pane of glass
management & billing within
AWS
4
Auto AWS security certificate creation and storage in the
device
Benefits
AWS certified Secure devices
certificate
More rapid delivery of business
outcomes for IoT
7
Benefits
Customer focus on business value not IT
AWS IoT DEVICE MANAGEMENT
SIMPLIFIED IOT FROM DEVICE TO CLOUD IN 7 STEPS
Eseye AnyNet SIM installed in
customer device
7.6. ©2020 Eseye Limited
Security is a key concern for many organisations deploying IoT. Creating and deploying yourrootcertificate,privatekeyandaserverpublickeyinformationcanraiseanumberof security challenges, such as: Eseyemanufacturemarketleadingmulti-IMSIandintelligentSIMcards(AnyNetCellular
Connectivity),toGSMAeUICCspecifications,andeachhasauniquesecuritykey,identicaltothoseusedforthemanagementoftheGSMnetwork.ThisgivesEseyeuniqueanddirectaccesstoreprogramtheSIMcardsandsetconnectivitypreferences.Whenthedevice connects to a network, security and identity creation automatically takes place.
Bydefault,AWSCertificateManager(ACM)isusedtogeneratesecuritymaterialandis designed to simplify and automate many of the tasks traditionally associated with managementofSSL/TLScertificates.ACMtakescareofthecomplexitysurroundingtheprovisioning,deployment,andrenewalofdigitalcertificates.CertificatesprovidedbyACMareverifiedbyAmazon’sCertificateAuthority(CA),AmazonTrustServices(ATS).
SSL/TLScertificatesprovisionedthroughAWSCertificateManagerareautomaticallysentOTAandusingGSMAsecuritystandards.Deliveredoverthesignallingchannels,itisthenwrittenintopersistentfilestorageintheSIM.ProgrammingmessagesandupdatescanbesentdirectlytothedeviceandthefilesareprotectedusinguniqueperSIMKeys.Thestorage as well as distribution processes for these keys is also mandated to ensure the integrityoftheGSMnetwork.Also,duringtheprovisioning,theAmazonResourceName(ARN)isdeployed.Thisallowstheexactsamedevicetobedeployedindifferentregionsandstilloptimizetrafficflowwhilealsocomplyingwithanylocalizeddatacollectionrestraints(i.e.GDPR).Eseye’sconnectiontoAWSIoTCorealsoenablesyoutobenefitfromtheEseyeIntelligentNetworkSwitchingplatformthatenablesautomaticnetworkswitching to provide near 100% connectivity worldwide.
TheEseyeAPNisacustom-builtgatewaythatsitsbetweenthecellularnetworkandtheinternet.Itprovidesauthenticationoftheconnections,allocatingIPaddressesand
Enhanced IoT Security: Eseye AnyNet Cellular Connectivity, Eseye APN Gateway and AWS IoT
Typical Security and Identity Management Challenges
Potential security breaches due to key security material being consolidated in a single spreadsheet
Errors occur when programming information line by line from a spreadsheet
Security information could be lost or stolen if emailing it to your manufacturer
Bootstrapping security information, but not if the original information is compromised
Downloading security material onsite through a USB is costly and creates endpoint security issues
9.8. ©2020 Eseye Limited
routesthedatafromthedevicetothecloud.OurAPN’shavebuilt-inmanagementand monitoring capability to ensure all connections get the best possible service. This capability can reveal a rich seam of information about your data sessions, as well as device activity and network usage. We can use this information, to provide enriched device information. For example, we could send its approximate location into the Thing Shadow(Adevice’sshadowisaJSONdocumentthatisusedtostoreandretrievecurrentstate information for a device. The Device Shadow service maintains a shadow for each deviceyouconnecttoAWSIoT)whichcouldthenprovideusefulinsights,suchasthespreadofyourIoTestate.AndallwithoutthepowerandcostrequiredifyouweretodesignaGPSreceiverintoyourdevice.
Eseye supports metadata to other AWS IoT Core applications and services that are criticalforanalysingandmanagingtheperformanceandsecurityofyourdevice.UsinginformationgatheredfromourAPNswecanstoremanageandfeeddataintosomeofthe AI engines, such as Sagemaker, which you can use to create models that can help
you to identify anomalies in behaviour. So, if you have a large estate of devices, you can look for devices which don’t match the normal pattern of behaviour, or identify where the pattern of behaviour has changed over time.
Eseye’s connection to the IoT Core also empowers AWS IoT Device Defender which is a fully managed service that helps you secure your IoT devices. It lets you continuously monitor security metrics from devices and AWS IoT Core, which is an important feature enablingyoutoidentifydeviationsonyourdefineddatausageforeachdevice.Ifsomething doesn’t look right, AWS IoT Device Defender sends out an alert so you can take action to remediate the issue.
Asanexample,trafficspikesinoutboundtrafficmightindicatethatadeviceisparticipatinginaDDoSattack.Eseye’suniqueAPNenablesustoextractinformationincludingtrafficvolumes,IPaddressesandportsinuse,andpushtheinformationto AWSIoTDevicedefenderinrealtime.Meaningyoucannotonlytrackandidentifyanomalies in how much data is being used – but also where that data is being sent. This is important for mitigating advanced security threats where an attacker may mimic device behaviour to hide their intrusion.
Your AWS account
Aws IoT Analytics
Aws IoT Device Defender
Aws IoT Device Manager
APPLICATION
MO
DEM
Device or ‘Thing’
SIM + MODEM + APPLICATION
MICROPROCESSOR
InternetMobile Network
3G / LTE
APN
CONNECTION METRICS: USASE / LOCATION ETC
APPLICATION DATA PATH
(MQTTS)
ESEYE BILLING
Thing Shadow
Aws IoT Core
S E C U R I T Y + I D E N T I T Y O T A
THE BENEFITS OF COMBINING ESEYE AND AWS DEVICE DEFENDER. With Eseye connectivity, you benefit from the data flowing through our private APN.
The Cellular network is connected into Eseye’s Global, private APN
Our APN increases visibility of device behaviour, countering advanced
security threats
Reduced data costs for monitoring by 80%
11.10. ©2020 Eseye Limited
As organisations race to connect ‘things’, Eseye’s connection to the IoT Core allows you to securely and automatically activate and manage devices over cellular connections into the AWSIoTmanagedcloudservice,offeringzerotouchprovisioningandmaximumsecurity.And gives you a single pane of glass view of your global management and billing through your AWS account.
Atthesametime,EseyeintelligentConnectivityManagementPlatformoffersnear100%connectivityworldwideandfacilitatesthecreationofasingleglobaldeviceSKU.Thisremovestherequirementforcomplexprocurement,IoTdesignanddevicesetupprocesses, but likewise with ongoing management and maintenance. It also removes theneedformultiplecontracts,complexSIMmanagementandrelyingonsupportfrommultiple suppliers.
Ultimately,withIoTsecurityatthetopoftheagendaforallorganisations,Eseye’spowerfulconnectiontoIoTCoresignificantlyreducestheriskofsecurityfailure;byactivatingandsharingsecurityandidentityinformationOTA,automatically,atthepointof‘thing’ deployment anywhere in the world.
Eseye-enabledIoTmeansyoucanfocusonyourbusinessoutcomes;creatingcompetitiveadvantage, reducing operational costs and reducing business risk.
Simplifying large scale IoT deployments
SUMMARY:
10.
AnyNet IRIS® from Eseye enables you to easily and securely deploy required Identity and Access Management (IAM) roles and policies to selected AWS regions for the AnyNet Cellular Connectivity integration with AWS Marketplace. AnyNet IRIS brings a new range of features to AWS customers that are accessed directly from their AWS Marketplace account, including a vastly simplified device registration process, enhanced visibility of IoT device estate performance and customer update notifications.
Streamlines the set up and configuration in AWS IoT of devices installed with Eseye’s AnyNet Cellular Connectivity solution
Preview of the Cloud Foundation Stack to highlight any potential anomalies and security risks in the code
Quick and easy selection and management of AWS IoT Regions, including setup confirmation
Event log provides access to AWS thing activation status
Automatic feed of device metrics into AWS IoT Device Defender to improve security monitoring
Access to an audit log of actions against each AnyNet connected device enhancing customer visibility of device behaviour
Notifications and alerts to ensure customers stay updated of critical actions
Streamline the set up and configuration of your AWS IoT Account – AnyNet IRIS®
12. ©2020 Eseye Limited
+1 512 813 0599+44 1483 802501
@eseyem2m Eseye eseyeM2M
FOR MORE INFORMATION PLEASE CONTACT
CONTACT US