Is your network ready for the Internet of Things?
Source: Bob Violino
Buying into IoT comes with a wealth of benefits, but adopting heavy use of the internet of things means more than plugging in devices and waiting for the data to pour in; it means modifying network infrastructure to accommodate them.
This is not a trivial consideration. If the network doesn’t adequately support all aspects of IoT, a company may be unable to take advantage of all that data and will fail to realize the return on investment it was hoping for.
Early adopters of IoT can provide valuable lessons to other companies looking to roll out similar projects. Here are three examples of how companies are addressing various IoT networking issues.
Industrial strength IoT
For some companies, IoT is nothing new. Rockwell Automation, a provider of industrial automation technology, launched its first IoT effort in 2011, says Scott Sandler, technology manager, cloud computing.
The IoT initiative is intended to provide the appropriate technology to enable Rockwell’s customers to connect the industrial equipment and systems they use to the cloud, in order to better analyze their operational data and improve decision support for both operational technology and IT users.
The company hired Microsoft to ensure that it has a secure industrial IoT platform that scales to meet its customers’ needs, whether they are scaling up or down, and to facilitate the movement of data through the enterprise to enable a range of analytics and business processes.
“Rockwell’s vision around IoT is really targeted towards [our] customers—how we can better enable their success and achieve specific outcomes,” Sandler says.
Rockwell’s IoT solutions have allowed its customers to monitor unmanned remote assets, predict equipment failure, avoid the cost of deploying traditional on-premises servers, and boost performance through reduced downtime and optimized processes.
One early consideration in terms of network infrastructure was data security, he adds. Rockwell’s early adopters were worried attackers would be able to reach into their manufacturing plants. To address these concerns, Rockwell made sure its IoT service used a gateway device that only connected to the cloud using outbound port 443 (https/TLS); the gateway is architected so that it only makes outbound calls and only receives updates from the cloud in a response to calls it has initiated.
Rockwell also adopted other security measures, such as a policy server that issues shared access tokens and certificates to gateway devices for authentication purposes, so its customers don’t need to make changes to their network or firewall settings, since \port 443 is typically set by default to allow secure browser-based communications.
Other than taking steps to ensure secure data and configuring proxies, the network changes the company has had to make to accommodate its IoT initiative have been “minimal,” Sandler says.
“However, I would point out that Rockwell approached the concept of an IoT gateway from the perspective of being as low impact as possible.”
The company’s experience with industrial automation, and the fact that Rockwell makes many of the devices its gateways connect to, help ensure a seamless connection between its industrial equipment and the cloud, says Sandler. That’s not a claim every industrial manufacturer can make.
“This is actually an area that deserves some critical attention,” he says. “Most of the industrial automation equipment in factories today has been in operation longer than the concept of IoT and the cloud. As a result, making additional connections to those devices and asking for data at arbitrary rates runs the risk of impacting the actual ability for those automation devices to perform their job of controlling the process.”
One suggestion Sandler has for preparing networks for IoT is to choose a solution partner that understands the company’s data sources.
“Failure to do this could significantly impact the network between your gateway and control systems, and even impact the automation itself,” he says.
In addition, “make sure the security strategy of your gateway aligns with your company guidelines,” Sandler said. “Our strategy around the gateway only making outbound calls and only to specific secured endpoints is designed to limit the risk of an outside threat reaching into the plant. There are certainly other security considerations as well as other ways to handle them, [but] make sure the gateway is consistent with your overall network security strategy.”
Putting IoT to the test
Thoroughly testing IoT devices before they’re deployed is also a good idea, but this too makes unique demands on network infrastructure.
Marist College is engaged in advanced research with a company that’s an incubator in the late stages of IoT product and service development (the college cannot identify the company due to a non-disclosure agreement). The technology collects bio-digital health information through wireless access directly from sensors worn by people at some level of health risk.
The sensors gather data such as body temperature, heart rate and other indicators of a person’s general health. Predictive algorithms compare any changes in these vital signs over time, and if any single vital sign or combination of signs change, that could indicate a decline in the person’s health.
The monitoring devices must persistently stream data using secure wireless protocols to remain constantly connected to monitoring systems and medical services.
“Our data science researchers have the opportunity to use big data—billions of events—to develop and prove advanced predictive processes, utilize machine learning, track interventions, and watch the effect of different variables in real time,” says Bill Thirsk, vice president of IT and CIO at Marist. “It is a perfect environment to develop cognitive computing with impact.”
The diversity and manufacturing specifications of devices play a huge role in how Marist handles IoT devices from a networking standpoint.
“Since they often have varying chip sets, use particular protocols or specific wireless bands, and even ignore security best practices at times, some leg work and testing is needed in order to properly develop the network for their support,” Thirsk says.
Marist is working with devices using a Broadcom chip transmitting over Wi-Fi. The devices connect wirelessly using both EnGenious and Cisco broadcast nodes. Maris is using an on-premise server connected via a Netgear switch to collect, pre-process and encrypt the data.
A Netgear router transmits the SSL-secured data over the Internet, which is then received through Marist’s Juniper SRX 3600 series firewall and A10 load balancer. Once the device data is received by the predictive analytics server, it’s modeled for use by analysts.
“We have not had to modify our network physically, but we have had to re-engineer network configurations [to] ensure persistent and secure transmission on the client side,” Thirsk says. “We’ve found different devices using alternate protocols and channels, [and] devices that could only ‘open stream’ with no security.”
He also recommends testing and creating small pilots of various devices.
“You will invariably be faced with supporting a plethora of devices that users and clients may try to connect to the network,” he warns. “You must have an idea of the bandwidth requirements created by smart devices, what sort of encryption they can or cannot support, and whether or not they are secure and can be updated as needed.”
For example, Maris has experimented with small groups of inexpensive devices, such as Raspberry Pi’s, to see how they would work on its systems with various USB-based network interface cards, wireless adapters, and Bluetooth adapters. The goal is to collect information on the amount of bandwidth the devices would need and how much interference they might generate.
Device registration is also important. “Our network team wrote their own portal page that integrates with identity services,” Thirsk says. Users “register” devices and only then are they placed into a control group that allows access. Devices can then be set to connect to the SSID Marist created. Separate VLANs might be required to segment classes of devices away from the protected networks that have different security requirements.
Due to the lack of standardization on many devices, it might be difficult to identify them on the network if they do not have the ability to identify themselves, Thirsk says.
Remember that once you achieve some level of success with IoT, prepare for an influx of connected devices, Thirsk says. “Build in device and group visibility so you can understand the status of things, maintain security, and continue to expand your device presence and value,” he says.
Rolling out an IoT initiative at a single site is challenging enough; doing it across multiple locations at the same time requires even more testing and preparation.
Schlegel Villages, an operator of 16 long-term care and retirement communities across Ontario, Canada, recently overhauled its entire network, using Aruba Gigabit wireless access points and IoT devices to provide point-of-care services and automated food services to residents.
The company is preparing its network to support the connection of objects such as security cameras, nurse call systems and HVAC systems. As part of the transition, Schlegel is migrating from a Novell eDirectory multi-location server setup to a Microsoft Active Directory environment in a single data center.
“In the future we anticipate taking advantage of the Aruba access points’ GPS locating technology, whether to locate lost equipment or get a notification on a resident who has left the building,” says Chris Carde, director of information technologies for Schlegel. “That will assist in saving lives.”
As part of its network update, Schlegel is upgrading all its switches and Wi-Fi access points, replacing the old equipment with HPE 5130 switches and Aruba 300 series access points, mostly Aruba AP 315s.
“By the end of the project we will have around 1,500 APs, 16 controllers, and 50 switches installed,” Carde says. “Internal speed means nothing if accessing the Internet is a bottleneck, so we are undergoing a large ISP upgrade from a basic business line to dedicated fiber of 150mbps up and down across all of our 16 sites, and 1000 mbps at our data center. The new infrastructure will allow us to support IoT with better care and services to our residents and administration staff.”
During the transition, the company is also implementing new iPad-based clinical software, which requires reliable Wi-Fi connectivity and performance, Carde says. By the end of the project, the company will have deployed about 600 iPads.
In addition, the company is rolling out a multimedia product called Scala, which will display menus, news and weather on monitors throughout all of Schlegel’s locations.
Organizations looking to create an IoT strategy need to think long term in terms of what types of devices will need to be connected, Carde says.
“Ensure your infrastructure is capable of growing with ease to accommodate your future needs,” he says. “There is nothing more frustrating than bottlenecking yourself with a new network infrastructure. Having a plan in place will speak volumes on your ability to design a robust and expandable network.”