Accelerating IoT Cloud Migration: Secure, Interoperable Strategies

By: Michael Tennefoss, VP of IoT and Strategic Partnerships, Aruba, a Hewlett Packard Enterprise company.

Moving IoT workloads to the cloud, and securely exchanging data between cloud IoT services and both legacy and new IoT devices, can entail months of custom engineering. Most IoT vendors send sensor and actuator data in non-interoperable or proprietary formats that must be reformatted to make them usable by cloud applications. Additionally, legacy IoT devices lack modern cybersecurity mechanisms and cloud-compatible software stacks. Replacing legacy devices with new ones is cost prohibitive, while the engineering work to make IoT data payloads usable can be significant. And these expenses may be recurring, e.g., when new IoT devices from different vendors are added over time, post-acquisition of a new company, or following a site refresh.

IoT vendors often supply gateways to address these issues, however, gateways introduce new issues of their own. Gateways are expensive to purchase, deploy, and maintain. They can be challenging to remotely manage and troubleshoot, often requiring dedicated management software that cannot integrate into existing IT management systems. Gateways can also introduce new security vulnerabilities in their operating systems, key and certificate management mechanisms, and by a lack of visibility into attacks on the IoT device side of the gateway. Finally, gateways that incorporate cellular or other wide area links can provide a backdoor into on-premises IoT and IT networks. For these reasons, many Chief Information Security Officers do not permit dedicated IoT gateways on corporate networks.

HPE Aruba Networking, Microsoft, and reelyActive set out to solve these issues with a solution that can be deployed in hours instead of months, requires no custom engineering, and uses existing Wi-Fi access points as trusted IoT gateways in lieu of dedicated hardware gateways. The solution is built on three pillars:

• Access points that incorporate both Wi-Fi IoT radios to simultaneously and securely serve IT mobility needs, connect to IoT devices, and function as embedded IT-to-IoT gateways;
• HPE Aruba Networking IoT Transport for Azure that encodes IoT device data streamed thru the access points into a format compatible with the Microsoft Azure IoT Hub; and
• reelyActive Pareto Anywhere for Microsoft Azure (reelyactive.com/pareto/anywhere/integrations/azure), a new free open-source converter that reformats IoT data and units of measurement (like temperature and power) into a universal format compatible with Power BI and other Azure applications. These Azure applications can directly consume data from a heterogeneous mix of BLE, 800 and 900MHz EnOcean, and specialized IoT devices that plug into the USB port on HPE Aruba Networking access points without a dedicated on-premises gateway.

The access points apply modern cybersecurity technology to protect both IT and IoT data, and their activity is visible to IT management tools and third-party security applications. Only authorized IoT devices can exchange data with the access points, and devices interfaced via the access point’s USB port have no access to the access point’s operating system or compute resources. IoT data are sent over secure tunnels directly to the Azure IoT Hub and segregated from all other traffic carried by the access point. Secure tunneling protects data from legacy IoT devices that lack encryption, certificate-based authentication, and other modern cybersecurity mechanisms.

The Microsoft Azure IoT Hub serves as the terminus for IoT data sent over secure tunnels from Aruba access points. Pareto Anywhere for Azure  abstracts the original data format so that the data seen by applications are intelligible, consistent streams of immediately consumable data in recognizable units of measurement. This enables application developers to write an Azure application once and then process IoT data without regard to its source of origin. As a result, Microsoft’s Azure Streaming Analytics, Power BI, and related applications can directly process the IoT data to create digital twins, if-this-then-that monitoring, data archiving, data analytics, and other high-value business services with minimal effort or expense.

Migrating IoT workloads to the cloud can be reduced to less than 60 minutes versus 3-6 months using conventional integration method. On-premises gateways can be eliminated, lowering life-cycle costs, enhancing visibility, and simplifying system management. Customers with existing supported access points can retrofit IoT services without ripping and replacing infrastructure.

Related Resources:

• Taking The Heat: Ruggedized Switches For IT, IoT, and OT Applications
• How to Advance Strategic Business Goals with IoT
• Securely integrating IoT devices into IT networks for back-to-work and infection control applications