The COVID-19 pandemic has thrust the world into an era of massive digital business transformation across industries like manufacturing, utilities, smart cities, oil and gas, and transportation. To meet these new challenges and keep business operations running smoothly, we need cost-effective solutions. Traditionally, IoT solutions were typically used to reduce operational expenses and increase operational equipment efficiency (OEE). With the onset of the pandemic however, the need for managing business operations remotely across these IoT verticals has increased rapidly. This has led to a sudden, unprecedented shift towards an increased adoption of cloud native IoT management applications hosted by public cloud providers in partnership with IoT SaaS vendors. An example for such a use case is remotely managing operations of IOT gateways and edge compute applications deployed on a manufacturing floor. This migration from having personnel onsite managing and accessing devices, IoT gateways, and edge compute applications to remote cloud based management brings a new set of IoT security challenges that are primarily seen in a cloud native application. While cloud native applications are considered reasonably secure in general, there is still room for improvement. Containers, orchestrators, and APIs present in an application’s surrounding infrastructure represent new attack surfaces. In addition to the cloud service itself, each of these layers has an array of user-defined configuration settings intended to help users apply their security policies. This manual configuration is often fraught with opportunities for user error and misconfiguration, opening the IoT applications to potential security attacks.
In addition, new technology and architectural trends are emerging within the functionality of IoT management applications. These new trends change the way gateway management, security, and network management is done for IOT networks. They also alter how edge compute applications run on IoT gateways and integrate with public cloud-based platforms like Amazon Web Services, Microsoft Azure, and Google Cloud. In this technical blog we will discuss some of the emerging architectural trends in the IoT industry. They are classified as the six critical pillars of cloud native IoT management application in a hybrid cloud and multi cloud environment:
We will discuss these six critical pillars further in detail, but first let’s look at the challenges they are solving.
Challenges of distributed edge IoT data infrastructure
Distributed edge computing makes sense for a variety of use cases in IoT applications. Consider the following challenges with a cloud native integration for the distributed IoT edge:
5G enabled IoT applications require a highly dynamic response from the end to end IoT system, which creates the need for a distributed event driven edge compute service. To meet these demands, IoT application developers need a flexible and agile development environment like the cloud native approach to quickly create event driven edge compute applications running on IoT gateways. However, introducing such a cloud native approach can come with its own challenges. Take for example fleet management use cases. IoT gateways are deployed on vehicles for continuous monitoring of GPS location, collecting telemetry, and other diagnostic health information. Adding an additional distributed event processing component at the edge for communicating to a cloud native IoT application to manage these gateways could lead to an increased latency, which may eventually create OT operational issues for the end customer. Therefore, it is very important to design the edge application in a resilient and robust manner. Cisco Edge Device Management offers such capability to seamlessly integrate with Cisco IoT Operations Dashboard.
Real-world cloud native IoT illustration of transportation use case
Cisco IR829 Industrial Integrated Services Routers, Cisco Catalyst IR1100 Rugged Series Routers, and Cisco Catalyst IR1835 Rugged Series Router
Further technical challenges that can arise in a distributed IoT Edge compute scenario as follows:
Implementing IoT cloud-based management application itself should minimize the risks that could otherwise arise from integrating edge and cloud. Enterprises can also take additional steps to ensure that their entire ecosystem is secure-from the cloud to the IoT endpoints running at the edge. We need to consider the following security specific challenges for cloud native IoT application.
End to End Cloud native IoT architectural Illustration
Embedded code is typically static and tailored to a specific platform. It is tested meticulously to ensure safe, secure, reliable, and deterministic operation. However, Cloud native IoT applications typically run on non-deterministic Linux and have many hidden library and Kubernetes clusters or other infrastructure dependencies.
They often can’t be certified to IoT standards such as IEC 61508, ISO 26262, or DO-178C. Even if they could be certified, the cost of certification is prohibitive as it is proportional to the number of effective source lines of code (eLOC) used in the system. For reference, the Linux kernel alone consists of more than 25 million lines of code. The growing number of security threats and attacks happening in the entire stack of IoT systems increase the need for end to end visibility in a cloud native application architecture. We have built a cloud native IoT Security application to mitigate these threats.
The challenges and emerging architectural trends as discussed above for different IoT use cases in a distributed edge compute environment drive the need for a scalable cloud native IoT management application architecture.
Learn more about the Cisco Catalyst IR1100 Rugged Series Routers and other IoT routing platforms, and get hands on experience for IoT transportation fleet management use cases.
In some IoT use cases, the IoT product architectures across industries would require CEP (complex event processing) or processing high volumes of data in a 3V (volume, velocity, variety) model. This drives the need for the following IoT application capabilities classified as the six pillars of cloud native IoT management application in a hybrid cloud or multi cloud world.
It is easier to build IoT applications or an IoT platform using cloud native principles for both a hybrid cloud and multi cloud journey for our customers and partners. Traditionally, ICS, cyber-physical systems and other operational technology systems were dependent on embedded compute platforms. But the convergence of OT and IT in Industry 4.0 has created a need for building cloud native IoT applications and AEP’s (Application Enablement Platforms). This need is at odds with legacy embedded code running in traditional OT systems. Cisco has built a cloud native IoT management application, which can manage both, the life cycle of edge compute applications and the IoT gateways in a scalable manner.
Cisco IoT architectural solution
We developed Cisco IoT Operations Dashboard to solve these issues along with the technical debt incurred with Cisco’s legacy IoT management applications and based on the global macro trends seen in IoT. The Operations Dashboard comprises of the following main modules: Cisco Edge Device Management, Cisco Edge Intelligence, Secure Equipment Access, and Cisco Industrial Asset Vision. Cisco Edge Intelligence securely handles traffic routed in a hybrid cloud environment from different I/O devices PLC’s devices/OT systems to IoT applications hosted in the public cloud environment. Secure Equipment Access provides capability to remotely manage access and interact with both the gateways and connected devices. This can be used to directly troubleshoot or monitor the IoT devices in your deployment. Operations Dashboard is a cloud native application for deployment, management monitoring, troubleshooting, and gaining insights into IoT network edge connectivity, which is agnostic to different connectivity technologies.
Operations Dashboard provides the following three key services:
From a security perspective we offer a full stack observability platform with Cisco Cyber Vision, Cisco Telemetry Broker, and Cisco SecureX to complement the end-to-end security stack for a diverse set of IoT use cases. With this new cloud native paradigm, you can define each network edge as a small cloudlet for doing security analytics at the edge locally
Based on these emerging market trends in the cloud native IoT application management, IoT security, and the IoT gateway management, it’s important for you to take action. Cisco IOT Operations Dashboard is based on cloud native primitives and addresses the above discussed scenarios. It leverages the available cloud native infrastructure and tools for enabling your successful journey to a hybrid and multi cloud architecture, and future-proofs your investment.
I would like to thank my colleague, Rajiv Asati for his support in writing this blog.
Cisco Systems Inc. published this content on 13 October 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 13 October 2021 16:31:11 UTC.