Enea IoT CCS

Frequently Asked Questions

Here we have collected the most frequently asked questions about Enea IoT Connectivity Control Service (IoT CCS). If you have other questions or want to discuss what IoT CCS can do for you as an IoT Communication Service Provider (IoT CCS) don’t hesitate to contact us.

Contact Us
Can an IoT CSP provide private connections (Enterprise VPNs) to all customers over a shared APN?

Yes! Enea IoT Connectivity Control Service (IoT CCS) challenges the traditional deployment model, in which a customer-unique APN is mapped to an Enterprise VPN to create a Private APN. With IoT CCS, the IoT CSPs only use one APN that is routed to IoT CCS through an IPSec tunnel. Because IoT CCS handles the IP allocation coupled to each enterprise customer, we can route the traffic to the correct Enterprise VPN. Learn more about our award-winning Multitenancy Private APN functionality.
An IoT CSP may still want to have customer-unique APNs for some customers, but it is a huge benefit to have as many enterprise customers as possible on a shared APN. This will save significant time and money both for the IoT CSP and its customers.

How can onboarding a new IoT customer to an Enterprise VPN only take minutes instead of weeks?

The setup of Enterprise VPNs is just a click away compared with the traditional approach, which is manual setup utilizing scheduled IoT CSP engineers. The Multitenancy Private APN functionality in Enea IoT Connectivity Control Service (IoT CCS) allows enterprise customers to set up Enterprise VPNs through a self-service portal without interacting with you as an IoT CSP.

The portal is not included in our service. We have found that most IoT CSP customers want to integrate everything, including the SIM management enabled by a Connectivity Management Platform (CMP), into the same customer self-management portal. Instead, IoT CCS offers extensive APIs that you can use for the customer self-service portal. When the customer enters settings for the VPN on their side and pushes the apply button, IoT CCS will automatically set up the VPN on the firewall on the IoT CCS side. The stateful firewall also serves to protect the traffic going through the VPN or directly out to the internet.

In fact, the automated deployment of an Enterprise VPN is quicker than reading this text.

Can an IoT customer have multiple private connections (Enterprise VPN) without additional cost?

Yes, with the Multitenancy Private APN functionality in Enea IoT Connectivity Control Service (IoT CCS), enterprise customers can create as many Enterprise VPN connections as they need without any additional cost for you as an IoT CSP.

Can my IoT enterprise customers define their own firewall rules?

Yes, each enterprise customer of the IoT CSP has its own firewall and routing definitions. They can decide to block traffic, send traffic to their Enterprise VPNs, or send traffic directly to the Internet. A stateful firewall protects all traffic.

Can my customers’ IoT devices keep a consistent IP address across global cellular networks?

Yes, because Enea IoT Connectivity Control Service (IoT CCS) handles the IP allocation, that is no problem. Furthermore, the device is protected behind NAT, and the public IP address will always be the same, no matter where the device is located.

As an IoT CSP, you must ensure that your global mobile operator customers connect to IoT CCS in the same way you connect your own network. That is, route all traffic on the APN configured in the device to IoT CCS, which is normally the same APN name you use for your own network. Learn more about how IoT CCS eneaables you to provide a unified global IoT connectivity service.

How can IoT CCS help me to provide advanced cellular IoT connectivity to a broader customer base?

IoT CSPs mostly deliver either very simple IoT services, with SIM management as the most advanced feature, or large IoT projects with bespoke development. Advanced features such as Private APNs, firewall protection with customer-unique settings, advanced policies, and routing cannot be delivered cost-effectively to the long tail of small and medium-sized enterprises (SMEs).

Enea IoT Connectivity Control Service (IoT CCS) enables IoT CSPs to disrupt the IoT connectivity market by delivering these advanced features at scale. It is primarily the automation of Enterprise VPNs in our Multitenancy Private APN functionality that enables you to chase the long tail of SME customers with advanced services. Learn more about how Swisscom has put this approach into practice. The stateful firewall included in the IoT CCS service will also allow you to protect all these SME IoT customers who cannot set up VPNs.

In addition, you can even deliver more advanced services to customers who need unified global connectivity and help them avoid issues with permanent roaming restrictions.

How can IoT CCS help me to avoid issues with permanent roaming?

IoT CSPs with international ambitions can only partially rely on IoT roaming to serve their customers with compliant and unified global IoT connectivity. In many countries, permanent roaming is not permitted. Global IoT connectivity with permanent roaming will create issues in complying with regulations or commercial agreements with partner MNOs.

The only option in countries with permanent roaming restrictions is to localize eSIMs to the MNO partner in these countries. However, the moment the device becomes a local device on the MNO partner’s network, you will lose control over it as an IoT CSP. You will no longer be able to deliver a unified global IoT service where your customers can keep IP addresses and security policies.

Learn more about how Enea IoT Connectivity Control Service (IoT CCS) helps you to deliver a unified global connectivity experience and enables your customers to avoid issues with permanent roaming restrictions. Spoiler alert: It is simply a matter of asking your international MNO partners to route the IoT traffic to your instance of IoT CCS.

Why do customers not have to re-configure devices when moving them to another Private APN?

Although the Multitenancy Private APN functionality of Enea IoT Connectivity Control Service (IoT CCS) delivers the same function as a Private APN, it is not a Private APN. The separation of the traffic to different enterprises is not happening in the mobile core but instead in IoT CCS.

Traditional, IoT CSPs create a customer-unique APN and map it to an Enterprise VPN to create a Private APN. With IoT CCS, the IoT CSPs only use one APN that is routed to IoT CCS through an IPSec tunnel. IoT CCS then routes the traffic to the correct Enterprise VPN. So, if the customer wants the traffic to go to another Enterprise VPN, all they have to do is change the routing in the customer self-care portal you provide as an IoT CSP. The device will keep the same APN name. This will save significant time and cost for customers having thousands of devices that do not need to be re-configured.

What do you mean by ‘IoT CSPs can deliver a secure SD-WAN rather than a Private APN’?

The Multitenancy Private APN functionality of Enea IoT Connectivity Control Service (IoT CCS) allows the customer to set up as many Enterprise VPNs as they like. Some of these Enterprise VPNs could go to subcontractors. This is more like having a secure SD-WAN than a Private APN, which is generally mapped to only one Enterprise VPN.

This SD-WAN can even be extended globally. Learn more about how you, as an IoT CSP, can deliver unified global IoT connectivity to your customers.