How and Why Enterprises Should Use SDN & SD-WAN to Connect the Growing Internet of Things
With the seemingly never-ending influx of M2M and Internet of Things devices in the network environment, determining how to best connect and secure those “things” as they rapidly scale up is one of the most pressing challenges for any network admin. Businesses and organizations across the globe need to collect information as varied as daily sales numbers, customer analytics, water levels, temperatures, vehicle locations, security video and audio feeds, power and fuel consumption, voltages, air quality, and more.
Connecting these kinds of devices with traditional IPSec VPNs — dependent on hardware and complex, laborious configurations — is insufficient for an enterprise’s agility and deployment requirements. Moreover, VPN protocols used over IPSec/IKEv2 are not entirely consistent when handling connection failures, roaming, or reconnect. Devices used in mobile environments where connections can be interrupted suffer because of having to re-establish the tunnel.
By enabling a software-defined overlay network, all of these issues are resolved — the connection is persistent and failures are reconnected by the cloud automatically, no advanced configuration is necessary, and encryption and PKI are deployed as a service. Let’s take a closer look at one solution: secure, global M2M-IoT connectivity through software-defined Virtual Cloud Networks.
Traditional M2M-IoT Network Architecture
To fully understand the benefits of virtual cloud networks, we need to discuss what legacy architecture often looks like. Consider a typical M2M-IoT network: A company with thousands of distributed kiosks, IP cameras, and Point-of-Sale (POS) stations uses a clouddata center to process the big data generated by all of these devices. At the same time, these IoT devices use and send information to applications (such as a management and configuration applications) stored at an in-house data center.
The network may utilize multiple WAN interfaces — perhaps the enterprise headquarters is on an MPLS network, while the IoT devices utilize a combination of LTE connectivity and third-party networks. The company’s IT team largely works from headquarters. The enterprise's M2M/IoT — or “things” — network likely is managed separately from everything else, with the IoT devices residing behind APN gateways.
This type of legacy architecture presents several challenges, including:
Cumbersome APN Management
APNs are expensive and difficult to manage in multi-carrier environments. As an enterprise network continues to expand, so does this management challenge.
Security Concerns on Third-Party Networks
Each IoT device is a potential network on-ramp for hackers. Security policies must be carefully and meticulously applied via expensive APN gateways at the Network's Edge. Traffic headed to the clouddata center must first be backhauled to headquarters over the VPN for security and management.
In-band management for remote network monitoring and maintenance is complex and laborious. It’s especially challenging with IoT devices, which usually are limited in their memory, OS, and processor. Alternatively, remote devices may have a very slow in-band link because they’re so remote.
Solution: Virtual Cloud Networks for Software-Defined M2M-IoT Architecture
Software-defined networking can simplify your M2M-IoT network infrastructure, allowing a more efficient traffic flow between the IoT devices, in-house data center, and cloud data center, while still maintaining security. In this use case, the enterprise could easily set up a cloud-based IoT network with Cradlepoint routers and NetCloud Engine, Cradlepoint’s cloud-based Network-as-a-Service that provides a private virtual overlay fabric across the public Internet.
In the diagram above, an enterprise is utilizing the Cradlepoint NetCloud platform in a number of ways. First, a virtual cloud network (VCN) replaces a traditional VPN. The VCN functions over the public Internet but operates in a private address space that can be fully integrated with your existing DNS infrastructure. This setup, combined with end-to-end AES 256-bit encryption and full PKI, makes the VCN extremely secure; essentially, hackers can't hack what they can't see.
NetCloud Engine securely connects, monitors, and manages devices deployed anywhere in the world. You can create a virtual overlay network to connect devices using any form of public or private Internet access and segment them by customer, site, or function.
NetCloud Engine is designed to support the unique security requirements of M2M and connected device applications, including:
- Strong end-to-end encryption
- Auto-PKI and machine authentication
- Fully cloaked private address space
- Outbound-only connections
- Virtual network isolation and micro-segmentation
Benefits of Virtual Cloud Networks for M2M-IoT
This software-defined IoT network architecture addresses an enterprise’s pain points by providing:
- The security benefits of APNs without the cost and complexity
- Reduced need for network hardware
- A routable network that enables in-band management and reduced truck rolls, due to the separation between the control plane and data plane
- Support for real-time applications such as remote monitoring, analysis, and CEP
- Simplification of third-party deployments, because of the ability to produce an overlay network across several WAN sources in agnostic fashion
- Self-healing cloud service ensures maximum uptime
- Private IP address space and outbound connections, eliminating the need for expensive public IP addresses and on-premises firewall changes
SDN lets enterprises simplify the work of connecting thousands of "things" in dozens or even hundreds of different places. LTE provides the fast provisioning of connectivity, flexibility, and mobility needed for M2M-IoT applications. SDN pairs with LTE to bring the same benefits to the network infrastructure, by allowing companies to use the cloud to offload and automate the processes of building, securing, and deploying networks.
Essentially, the WAN can been abstracted into the cloud to function as a LAN — greatly reducing an enterprise’s network hardware, expenses, complexity, and man-hours.