A Disruptor in IoT Connectivity Management
Most mobile operators (MNOs) and Virtual Mobile Operators (MVNOs) offer basic IoT connectivity management where customers can manage their own SIM cards. The next step up, where MNOs and MVNOs become IoT Connectivity Service Providers (IoT CSP), often requires a completely customized IoT connectivity service. Each customer deployment becomes a costly project with extensive manual configuration efforts. IoT CSPs are missing out on a mass-market with customers prepared to pay for value-added services but not bespoke development.
We suggest that IoT CSPs leave their core networks untouched and use hyperscalers to add a programmable, flexible layer of IoT security and policy control on top of their mobile infrastructure. Here they can automate most of the customization efforts. Through self-management portals, they can allow customers to tailor connectivity policies and manage IoT security settings.
Welcome to Enea Aptilo IoT Connectivity Control Service™ (IoT CCS), an award-winning service in partnership with Fortinet and hosted on Amazon AWS. IoT CSPs can go beyond traditional IoT connectivity services by providing a programmable, automated, secure, flexible, and scalable global IoT connectivity.
With the unique Multitenancy Private APN, described in detail below, operators can allow IoT customers to create as many Enterprise Virtual Private Networks (VPN) they need in a matter of minutes compared to the weeks it can take with manual setup. The FortiGate next-gen firewalls included in IoT CCS protect the IoT traffic.
Continue read below to find out how an average enterprise can save the equivalent of nearly 28 percent of their cost of global IoT connectivity, if they choose an IoT CSP that have taken a hyperscale approach.
The industry has recognized the benefits of IoT CCS, our hyperscale IoT connectivity management solution. So far, we have been finalists for 11 awards and selected winner for 7 of them. Enea Aptilo IoT CCS is genuinely an award-winning IoT connectivity management service.
The key in this category was to bring real innovation in the market, and this is what Enea does. One jury member liked the fact that Aptilo IoT CCS addresses a real problem for mobile operators, enabling them to profitably launch IoT services while meeting the needs of enterprise customers, and another member said it had hyperscale potential.
Matt Hatton – Transforma Insights
Presenting the Jury’s motivation at the 2021 WCA IoT Innovation Award
Hyperscale Cellular IoT Connectivity Management Platform
IoT CCS has the following integration interfaces towards operator core and OSS/BSS:
- Traffic plane: Operators only have to extend one standard APN via IPsec to Aptilo IoT CCS in the cloud.
- Control plane: We use a standard 3GPP Gi/SGi/N6 interface for signaling.
- Integration: IoT CCS integrates through REST API towards the operator’s customer self-service application and other OSS/BSS systems, e.g., to provide analytics data, create secure private connections (Private APN) and assign the device’s IP address.
- Global Connectivity: Partner MNOs and global connectivity services such as those included in Ericsson IoT Accelerator can be easily connected to IoT CCS.
Add Agility to Your IoT Connectivity Management
Usually, an IoT CSP’s mobile core and OSS/BSS teams prioritize stability before being fast on their feet, implementing every change requested by demanding customers. With IoT CCS, IoT CSPs can free themselves from these limitations. It gives them the freedom to innovate IoT services that were impossible to achieve in a strict 3GPP environment. IoT CSPs can easily tailor IoT connectivity services to the specific needs of different customer types.
IoT CSPs typically offer Private APNs to their IoT enterprise customers, with the traffic terminated in an Enterprise VPN. With IoT CCS, they can take things one step further by providing a Multitenancy Private APN.
- Private, because Enea uses one or several Enterprise VPNs between IoT CCS and the enterprise network.
- Multitenancy, because IoT CSPs only need to extend one APN to IoT CCS to serve all customers with a Private APN.
The operator sends the IoT traffic to IoT CCS through one secure IPsec tunnel, and then IoT CCS route the traffic to multiple customers through individual secure Enterprise VPNs. The IoT CSP must only provide a standard Gi/SGi/N6 signaling interface to enable IoT CCS to act as the “mobile core” for IoT.
Add Automation to Your IoT Connectivity Management
The IoT CSP’s self-management portals, enabled by IoT CCS’s extensive APIs, allow their customers to control IP assignment, authentication, security, policies, and global connectivity from a single user interface.
Through their customer self-management portals, IoT CSPs can automate the setup of VPNs and do not have to deal with the work of creating a unique APN for each customer. The first deployments have shown that IoT CSPs can dramatically reduce their manual Enterprise VPN setup process from many weeks to just a few minutes. Instead of the manual setup working with the IoT CSP’s engineers, customers can easily create as many Enterprise VPNs as they need using the self-management portal.
Deliver a Global Secure SD-WAN Rather Than a Private APN
With IoT CCS, the IoT CSP can offer a private, secure global SD-WAN to each enterprise customer rather than a Private APN. Enterprise IoT customers can also include trusted partner companies in this secure SD-WAN. This would be impossible to achieve with the standard 3GPP mobile core.
The bottom line, IoT CSPs can create “sticky” services and differentiate themselves from the competition.
IoT devices that are roaming through partner networks are, of course, also included in this SD-WAN. IoT CSPs can add international MNO partners or the global connectivity hub functionality offered by, e.g., Ericsson IoT Accelerator, to their IoT CCS instance.
Localization of eSIMs is necessary for global IoT connectivity since some countries prohibit permanent roaming, and, in some markets, it is impossible for commercial reasons. IoT CSPs can localize eSIM over the air to provide global connectivity with local subscriptions. But, a localized eSIM may trigger customer churn as the control is moved to the local operator. Here IoT CCS comes to the rescue; since the IoT CSP routes all IoT traffic back to IoT CCS, the IoT CSP stays in control even when an eSIM is localized.
The IoT CSP can provide policy-based local breakout by spinning up an IoT CCS instance wherever AWS is available. Their enterprise customers can maintain settings such as IP addresses, policies, and security over partner networks. IoT CCS enables IoT CSPs to offer a unified IoT service across these global cellular networks.
Offer Managed Security
With IoT CCS, operators will provide managed IoT security to their business customers. Each enterprise IoT customer will get FortiGate, a next-generation firewall from Fortinet, to protect their devices with the settings and policies they need. It protects the IoT traffic both in the Enterprise VPNs and through the open Internet, which is crucial for the vast SME market that may not be able to configure VPNs. Explore more.
Cater to a Wide Variety of Enterprise IoT Use Cases
The concept of IoT connectivity management has changed. Providing a standard SIM card with roaming capabilities will not cut it anymore. IoT enterprise customers are much more diverse and demanding than you might imagine. Let us examine some example enterprise use cases that are very different in characteristics. These are anonymized cases from enterprise customers and customer discussions that our IoT CSP clients have had.
The use cases show how IoT CSPs can deliver the required functionality with a hyperscale connectivity control solution such as the Enea Aptilo IoT CCS. The granular policy control delivered as a service makes it possible to create more advanced and innovative IoT services. The IoT CSP can also put the enterprise in the driver’s seat by implementing a self-service.
Automotive – Multiple VPN Connections and Advanced Routing
A modern car is a hub of multiple IoT devices. These devices come from subcontractors of suspension, batteries, brakes, security systems, entertainment systems, and more. They need private connectivity for firmware upgrades, sensitive data, and predictive maintenance.
There’s a wide variety of different needs and use cases:
Car-2-car communication requires low latency. Upload of extensive real-time analytics requires high upstream data capacity. The download of software or passenger entertainment needs high downstream data capacity. They may also need geographical routing rules determined by device profile settings. Furthermore, there may be a need to have localized Internet. The service must be able to route the Internet traffic to the home country’s Internet breakout to enable users to, e.g., watch their local streaming content while abroad.
There’s a need to secure the transport of sensitive data, such as analytics, software upgrades, and data for predictive maintenance. The best way to secure this data is to establish connectivity through Enterprise VPN tunnels. The service provider must support a one-to-many VPN connectivity controlled by the car manufacturer so they can include their sub-contractors in their own secure SD-WAN.
Car manufacturers also have high-security requirements, end-to-end security, DDoS protection, anomaly detection, etc.
Utilities – Huge volumes of simple devices
In the utilities market, a customer may need to connect hundreds of thousands, maybe millions, of “dumb” IoT devices such as electrical meters. They are dumb in the sense that they are simple and cheap, so they often lack security features such as VPN connectivity.
These devices have a vulnerable position in people’s homes. Thus, they need to be protected by firewalls. Some traffic may also need to be delivered through Enterprise VPN from the Enea Aptilo IoT CCS.
Anomalies in the traffic patterns may also need to be analyzed.
Small Medium Enterprise – Limited IT Skills
A small local taxi and transport company is part of the small and medium-sized enterprise (SME) customer segment. The SME segment is the direct opposite of a car manufacturer because they have limited IT resources and only have a handful of devices.
They may run a few legacy systems that must have contact with the cars at all times. These systems have minimal security functions, as they were established before the Internet’s birth. So, they need operator-managed security. VPN tunnels are not an option for this customer because they can’t set up and manage VPN connections.
From the operator’s perspective, they need this type of customer to handle their settings. In this mass market, it is just not profitable if the customer needs too much assistance from the operator. There’s an enormous volume of potential customers in the SME segment, but each customer does not contribute much revenue. The SME market is a volume game. For self-management to work, an easy-to-use web GUI or app with basic settings is a must.
Rental of e-scooters – Location and Private IP
Companies offering app-based short-time rental of e-scooters are popping up like mushrooms in larger cities globally.
They have tens of thousands of relatively low-end devices in the form of e-scooters. This industry needs to secure the traffic from their e-scooters to the receiving servers. They may also need automatic detection of usage anomalies, e.g., unexpected data patterns.
The scooters are exposed to potential user manipulations, so they need to be protected by firewalls. Furthermore, e-scooter rental companies commission and decommission e-scooters regularly, and an average lifespan of a scooter is just a few months.
Scooters must only be mobile within a pre-defined area in the city, so they need to:
- Limit usage outside of defined localities.
- Enable direct connectivity to each unique device. Hence they need to have a private IP address.
- Allow for easy and instant blocking of lost devices or those taken out of service.
Forestry Industry – VPNs and Open Internet
The forestry Industry needs complex domestic IoT connectivity. They need secure connectivity over a Private APN to their headquarters for services such as:
- Location tracking of vehicles.
- Report quantity of cut timber.
- Report machinery operation hours.
Moreover, they need secure connections (VPN) to other destinations:
- Upgrade of vehicle firmware with the truck vendor.
- Data exchange with the forestry machinery vendor to enable predictive maintenance.
They may also want to enable Internet connection for the integrated tablet device available in many forestry machines. A firewall must protect this traffic, and they need to control this connection according to corporate policies.
Transportation – Unified Experience Internationally
Let’s explore how IoT CSPs can combine a connectivity control service such as IoT CCS with their ability to do dynamic eSIM localization. They can provision and upgrade settings in the eSIM, using their over-the-air (OTA) systems and the latest eUICC technology, and change the profile to the local operator on the fly.
This is excellent news for a transport company operating all over North- and Central America. They can turn to one mobile operator in Canada to solve all their connectivity needs both domestically and abroad under one contract.
By connecting all partner MNOs to the Aptilo IoT CCS, the mobile operator can offer a unified global APN+VPN connectivity without roaming. The truck will, for instance, maintain its IP address, security, and policies across borders.
Let’s see what happens as the truck passes different countries. We start in Canada. When the vehicle enters the United States, this enables the profile for the US partner MNO over the air. The truck continues to Mexico, and the OTA system ensures that the eSIM switches to the local MNO partner in Mexico.
If needed, the Aptilo IoT CCS service can offer policy-based breakout for all or parts of the traffic to the nearest AWS point-of-presence.
Global Logistics – Unified Experience and Less Tied-Up Capital
The need for global connectivity can also just be a matter of logistics. Take a manufacturer of coffee machines rented out to coffee shops worldwide.
Just imagine the benefits of less tied-up capital in stock by storing only one version of the machine instead of individual versions for each country. Doing this under one operator contract and still applying the same security and policies through IoT CCS while allowing some traffic to break out in the local region and some routed home in secure Enterprise VPNs.
Just as in the case of international transportation, the mobile IoT CSP must go beyond roaming and instead localize eSIMs over-the-air (OTA) to local subscriptions. This will eliminate the issue of blocking IoT devices due to breaches of regulations and commercial agreements prohibiting permanent roaming.
Benefits of Hyperscale IoT Connectivity Management
Cellular IoT Connectivity Service Providers and their enterprise customers will hugely benefit from a Hyperscale IoT connectivity management solution such as the Enea Aptilo IoT CCS. As you will find under the Enterprise benefits tab an average enterprise will save the equivalent of 27.8 percent of the cost of their global IoT connectivity.
Let’s start with stating the obvious. Using hyperscalers such as Amazon AWS makes an IoT connectivity management solution inherently scalable and global.
Now we will dig into how Enea Aptilo IoT CCS helps IoT CSPs scale their value-added IoT services with profit.
The matrix above shows two perspectives IoT CSPs need to consider when creating IoT connectivity management services. On the X-axis, we have the business value the IoT connectivity service brings to the enterprise IoT customer. On the Y-axis, you find the profit the IoT connectivity service brings to the operator.
Mobile operators will end up in the bottom left corner If they just re-package an existing consumer service for IoT.
Most operators also add SIM-management and offer private connections on top of this. The keyword here is ‘most.’ They will deliver a commodity with little value-add. They will only compete on price, and the lowest bidder will replace them. These mobile operators are in the “churn zone” colored red in the matrix.
In the left half of the matrix, operators will only be able to create a profitable IoT business if they become the price and volume leader in their market.
The further you move towards the right, adding value-added services, the stickier customers become. Higher revenues come with value-added services such as Analytics, Managed Security, Global Connectivity, and Granular policies.
But, for most operators, the profit will not follow. Every new customer that needs value-added services becomes an expensive development project.
There’s only one way to scale value-added IoT services with high profit: to automate the customization as much as possible. Mobile operators should also add a web interface for customer self-management. Automation and self-management serve two purposes. First, they will get a lower cost of operation. Second, customers will be less price-sensitive, as the service feels like their own when integrated with their business processes.
So, the green zone, which we call the high-profit zone, is where you want to be as an IoT CSP. The question is if even a dedicated mobile core for IoT and your current organizational processes will take you there? One of Enea’s mobile operator customers answered no to that question. And so, the Enea Aptilo IoT CCS was born.
Automation is Key for a Profitable IoT Service
As discussed initially, most IoT CSPs offer basic IoT connectivity management. The next step up is a customized IoT connectivity service. With each customer deployment carried out as a costly project, operators are missing out on a mass market with customers prepared to pay for value-added services but not for bespoke development.
What’s more, many bespoke deployments are very similar, which shows the potential to deliver those projects more cost-effectively.
This is where Enea Aptilo IoT CCS comes in.
We believe there is enormous potential in stopping making customizations as soon as a customer wants something beyond a standard service.
With a hyperscale IoT connectivity management solution, such as IoT CCS, it is easy to be agile and create new value-added services that fit multiple customers. As a result, it will be possible to move the bulk of customization projects to a scalable IoT service instantly deployed to any customer. This is an auto-customization approach where the customer can make the last few customization steps themselves and maintain the service through self-management.
Just the automation of Enterprise VPNs and only having to handle one APN to serve all customers is reasons enough to go with a hyperscale IoT connectivity management solution.
A hyperscale IoT connectivity management solution with automation features will free up resources to do bespoke developments for the very few who need it. But IoT CCS is also relevant for custom development. The logic and security part of a bespoke project can also benefit from being handled in the cloud. It is faster to deploy new server or firewall nodes, and operations can isolate and tailor specific nodes for the customer if needed.
Operational Enterprise Benefits
There are four significant benefits of a hyperscale IoT connectivity management solution from the enterprise customers’ point of view:
- They can demand more advanced IoT connectivity services that fit their use case.
- They can include partner companies in their global SD-WAN.
- They can control their global connectivity, security, and policy settings.
- They can get a unified global IoT connectivity maintaining IP address, security and policies for each device.
Using only one common APN, as we do in our Multitenancy Private APN concept, is also beneficial for enterprise customers. If the customer needs to change the APN, the IoT device logic may need updating. Updating thousands of devices is not a straightforward operation, especially if they are in remote locations. The IoT CCS service reduces the need for these critical updates because the one APN can point to multiple VPN connections.
Cost-Saving When Choosing an Operator That Has Gone Hyperscale
Analyst firm Transforma Insights estimates that customers using a hyperscale IoT connectivity service can save the equivalent of 27.8 percent of the cost of global IoT connectivity.
That equates to an astonishing 117 billion USD globally between 2020 and 2030.
Source: Transforma Insights’ White Paper
As you can see the domain of Enea Aptilo IoT CCS, architecture and integration stands for the vast majority of the cost-savings.
The largest cost-saving is in Device-to-Cloud Integration (7.5%), closely followed by faster Time-to-Market (6.4%) and lower costs of providing the equivalent levels of security (5.3%).
Enterprises can also save a lot (5.9%) by using eSIM/eUICC and localizing the connectivity onto a domestic network, avoiding regulatory or commercial compliance issues.
The Bottom Line
Enterprise IoT customers’ needs are diverse and demanding. It is not just a matter of adding IoT SIM-management capabilities to an existing mobile core.
Mobile operators must deliver a programmable and secure global IoT connectivity management solution that they can deploy instantly. To achieve this, they need to think outside the limitations of their current mobile core and organizational processes.
Mobile operators must add a hyperscale programmable layer for cellular IoT connectivity management. This is what Enea Aptilo IoT Connectivity Control Service™ (IoT CCS) offers as an OPEX-based pay-as-you-grow service, hosted on AWS.
We have collected all our insights in one place. Here you will find articles, blog posts, videos, white papers, and more. If you want to explore all Enea-related insights, you can just reset the filter.