Top Categories

Spotlight

todayFebruary 13, 2024

Cyber security + AI/ML + Products + Matter + Exhibitions + Cloud + IOT + SmartHome + Device Management admin

Connected America 2024

Connected America is the place where technologies meet businesses thriving to make a connected life better. When:     12 – 13 March, 2024 Where:   Irving Convention Center, Dallas. SpartanShield Booth #S23 What:      SpartanShield to exhibit AI/ML at the Edge at Connected America 2024 For:          Media and Industry Analysts, Professionals interested in Connected [...]


1. Overview

The SpartanShield AI/ML Router Platform for Devices is a multi-protocol IOT management ecosystem allowing to provide AI/ML orchestration and provisioning for all types of devices. Device fleet and connected users metadata is analyzed and projected with a wide range of AI/ML tools.

Thanks to its modular design based on micro-services architecture, various business domains are supported like Mobile Device Management, IOT Device Management, SmartHome gateway provisioning and others.

This is a physical protocol layer agnostic platform allowing for any type of edge devices to be managed via these access networks, such as:

    • Cellular LPWANs NB-IoT (CAT-NB1), and CAT-M1;
    • RF LPWANs LoRaWAN;
    • Cellular networks (4G, 5G);
    • Fixed line networks (LAN, WAN);
    • Fixed line broadband like FTTx;
    • Wireless networks WiFi, BLE, Thread ( and other IEEE 802.15.4 networks)

     

  • SpartanShield offers Multi-Protocol Southbound Support:
    • MQTT(S)
    • USP (TR-369)
    • CoAP
    • WebSockets

Through the  Dynamic-Domain-Definition (called “Triple D”)   technology, invented by SpartanShield to enable remote management of any types of IoT/M2M devices including resource constrained, ultra-low-power and basic connectivity devices.

There is no need to develop scripts or device profiles to onboard devices. SpartanShield’s  platform allows for Dynamic-Domain-Definition discovery, meaning any device that registers with our platform is automatically added to the unique SpartanShield Unified Device Model. Devices are managed in the same way regardless protocols they support i.e. MQTT, TR-369, WebSockets. SpartanShield supports Zero Touch Provisioning by automatic detection of the device protocol and add it to its Device Data Model.

The platform supports Multi-Tenancy and allows for an unlimited number of subtenants.

Device and Platform Security is guaranteed by transport security via TLS/X.509 certificates for a traffic between the Edge and the Platform. Identity & Security is accomplished by unique identification of each connected device.

SpartanShield platform offers a a variety of tools and an extensive API for integration to external platforms.

SpartanShield solution is designed for:

  • Mobile Operators or Telco Carriers.
  • IoT Service Providers.
  • Device OEM/ODM Manufacturers.
  • System Integrators.
  • Enterprise Customers.

2. IoT Networks

SpartanShield ADMP is flexible and extensible to be able to integrate with any of the IoT networks available today.

There are the following approaches for device integration :

  1. Target device is provisioned via a management client in order to communicated with the Platform directly provided with assigned IP address.
  2. Target device or sensor communicates via LPWAN network (LoRaWAN) with a Gateway that in turn connects with Lora Server which integrates SemTech packet-forwarder UPD protocol into JSON over MQTT.
  3. Target device connects to an IoT(SmartHome) Gateway using a proprietary/custom/non-IP protocol (e.g. Zigbee, IEEE 802.15.4, Matter, Thread). The Gateway handles RF interactions and lifecycle operations and hands over data and accepts commands to(from) the Platform.

IoT Networks

Those are various IOT networks supported by the ADMP:

  1. Wired: xDSL, FTTx, LAN, WAN.
  2. Mobile Wireless (4G, 5G).
  3. Cellular LPWAN:
    1. NB-IoT(IP vs non-IP) – both IP and non-IP devices are supported.
    2. CAT-M1 – both IP and non-IP devices are supported.
  4. RF LPWAN:
    1. LoRaWAN
  5. IEEE 802.15.4:  Zigbee, Thread(Matter).

Network of target devices is connected to a gateway, for instance, LoRaWAN, Thread(Matter) and others. The gateway will allow a standards-based management protocol to be utilized such as USP(TR-369). The gateway has a containerized environment to deploy core components of Edge processing as a separate container. That allows to deploy self-sufficient and autonomous services in an isolated Execution Environment(EE). It leads to a boost of Edge as standalone Platform enabling more products and ecosystems around the Gateway. Also that might serve as Cloud off-loading approach when End-To-End Platforms like SpartanShield spreads its execution environments between Cloud and Edge(Fog) Tiers.

SpartanShield ADMP supports all those scenarios and serves as one-stop approach for rolling-out Enterprise Services  with a good balance between Cloud and Edge(Fog) deployments.

Low Power and Resource Constrained IoT

Target devices are low powered and resource constrained SmartHome sensors, that require long life battery usage with minimal overheads for communication and management functions. For such scenarios an IPv6-based mesh networking technology introduced recently called Thread. On top of Thread PHY layer there is an application protocol Matter allowing full range of device lifecycle services including commissioning-decommissioning-data reporting-command execution.

The SpartanShield  ADMP fully supports SmartHome(Matter) business cases by providing the following Execution Environments :

  1. Cloud

ADMP being deployed in Cloud(AWS, Azure, GCP) manages gateways  via

USP(TR-369) protocol to provide device provisioning, data reporting, command execution.

2. Fog-Edge computing

ADMP provides for USP agent for managing Edge(Gateway). Also a separate Platform Agent is provided to communicate with the SpartanShield via MQTT(S). Both the USP Agent, Platform Agent are deployable via Docker containers in Gateway Execution Environment.

3. System Architecture

SpartanShield ADMP is designed in a way to be based on granular independent micro-services implemented via lously-couple messaging architecture. It allows to scale horyzontally and vertically exploiting high availability and geo-redundancy. The Platform is Cloud independent and is able to utilize all features presented by those. Also a mixed Cloud approach can be used to maximize the full potential of Cloud environments. For instance, SpartanShield can deploy some of its micro-services to Azure to exploit AI/ML features while some micro-services being deployed to AWS to utilize video stream recongnition and analysis features. So hybrid Cloud is a natural Execution Environment for the SpartanShield UDMP.

High-Level System Architecture(AWS)

High-Level System Architecture(Azure)

SpartanShield can deploy its platform in multiple setup modes such as Private or Public Cloud, On-Premises.

Deployment options include cloud based VMs, Docker Containers utilizing Kubernetes based orchestration, storage LVMs/LUNs (depending on deployment requirements), utilizing Cloud storage (e.g. RDS).

Technology Stack

The diagram below displays the leading-edge technology stack that SpartanShield exploits.

Device Management Platform structure

The diagram below represents the structure of the  Unified Management Platform.

Service Layers

SpartanShield Platform is implemented as micro-services. The services allow the platform to be easily deployed in containerized environments AWS, Azure, GCP orchestrated by Kubernetes.

UI & API Service Layer

The UI & API services are standalone containers targeted for SpartanShield Business Applications, Enterprise Applications Enablement and 3rd party system integrations.

The following Business Applications are available:

  • Device Management GUI Console
  • BI/Analytics integration platforms
  • SmartHome Mobile Applications
  • REST API
Unified Device Management micro-services

The  Device Management includes:

  • Real-time Device Management Engine – mix of containerized micro-services for processing and managing devices at high scale.
  • Device registry – micro-service to provision devices
  • Connectivity – Message Broker container to manage ingested data from devices.
  • Firmware Server – Manages the FOTA updates of edge devices.
  • Data management – data management to store device data.
Database micro-services

The  Database service layer is a set of stand-alone containers for the various databases to be used like Cloud Storage or DB containers to be deployed in Cloud service fabrics. This layer includes:

  • Memory Cache Realtime Database container
  • Device management SQL Database container
  • Device management NoSQL Database container
  • DM Real-time and Historical Database container InFlux
  • Caching real-time Database container Redis

Extendable Device Data Models

The SpartanShield  ADMP has a Fully Extensible Data Model. The model is built depending on a device type and management protocol used.

The flexibility of such Data Model is that a device vendor is able to extend it dynamically in run-time if required as well as develop its own one. During a device bootstrap process the model is discoverd by the Platform and stored in a persistent storage for futher reuse.

There are several types of data models:

  1. Structured

Well-defined data model consit of pre-defined elements and attributes. Should be built by device manufacturer beforehand. Any changes in the data model lead to changes in bootstrapping process.

  1. Non-structured

Loosly-defined data model which elements and attributes are set in JSON payload. Advantage of such are flexibility of run-time changes and possibility to change the model without changing the bootstrapping process.

SpartanShield  supports both structured and un-structured Device Data Models.

Current supported protocols include USP(TR-369), MQTT, CoAP, XMPP, HTTPS among others.

Multi-Protocol Support

The following device management protocols are supported in SpartanShield  UDMP.

MQTT

SpartanShield supports MQTTS for Device Management and Data Collection (Telemetry) via two independent integration APIs:

  1. Topic-based API.
  2. REST API.

MQTT Payloads include JSON payload with dynamic Device Data Model declared along with parameter reporting and command execution.

The SpartanShield  has an MQTT broker/server built in. The broker implementation is fully interchangeable and can be configured to use NATS, ActiveMQ, Kafka message streaming.

  • MQTT Security

There are two MQTT authentication is implemented with the following options :

  1. MQTT username and password in the CONNECT message
  2. TLS X.509 certificates
  • MQTT QoS

The Quality of Service (QoS) level is an agreement between a sender and a receiver of a message. There are 3 QoS levels in MQTT:

  1. At most once (0) – The lowest QoS level is zero.
  2. At least once (1) – QoS level 1 guarantees that a message is delivered at least one time to the receiver.
  3. Exactly once (2) – QoS 2 is the highest level of service in MQTT. This level guarantees that each message is received only once by the intended recipients.
TR-369 USP

SpartanShield  supports USP device protocol as a core micro-service for its Device Management Platform. The protocol is exploited on the Cloud side as well as on the Gateway. See more details for the Gateway containerization support and Orchestration in the SpartanShield Fog-Edge product.

CoAP

CoAP (RFC7959) is supported on the Platform side.

LPWAN

SpartanShield supports the following scenarios:

  1. NB-IoT – IP based and Non-IP based. IP-based is implemented via Spartan Agent running on the Edge or target device. Non-IP device support is implemented via SCEF support.
  2. LoRaWAN – the integration is accomplished via LoRa server.
  3. IEEE 802.15.4 – Thread(Matter), Zigbee. SpartanShield Fog Edge runs on an Open Thread Border Router gateway as separate Docker containers orchestrated by the Platform. See the diagram above.
On-Demand Protocols

Thanks to SpartanShield Dynamic-Domain-Definition technology and micro-services based Platform architecture, any on-demand protocol can be supported via End-To-End approach.

An appropriate service is integrated with the SpartanShield Platform along with Fog-Edge software communicates with a separate protocol container on the Gateway.

Unified API

SpartanShield  enables two types of APIs:

  1. REST API
  2. WSDL or SOAP API

REST is an architectural style while SOAP is a protocol. RESTful implementations make use of standards such as HTTP, URI, JSON, and XML.

SpartanShield  sends out push notifications as follows:

  1. Device related events
    1. Device state changes
    2. Device content changes
    3. KPI threshold breaches
  2. Platform events
Stream Processing Integration

The SpartanShield  ADMP can integrate with existing stream processing systems such as RabbitMQ, Kafka, Kinesis, NAT. Please contact us for more details.

Cloud-to-Cloud Integration

SpartanShield can perform orchestration services for Cloud-to-Cloud deployments and integrations. With the help of its NothBound APIs hybrid Cloud deployment becomes a reality. Mixture of various services like video stream processing, analytics, BI, AI/ML from different Cloud are ingested, pre(post) processed and exposed to Enterprise and 3rd applications.

SpartanShield UDMP Features

General Features

The following features are included in SpartanShield  Platform:

  • Dashboard and system information
  • Profiles & Events
  • Real-time & time-series device data
  • Smartphone Apps for Ios, Android for SmartHome integrations based on Thread(Matter)
  • Enterprise Enablement Application integration
  • Fog-Edge gateway integration
  • TR-369 USP device management
  • SpartanShield Video P2P streaming
Platform GUI Console

The Console serves as administration GUI for device management and system integrations :

  • System StatusDevice Profile
  • Device Update
  • Group Update
  • Monitoring
  • Events
  • Reports
  • File Management
  • Settings

Multitenancy

SpartanShield  supports an unlimited number of tenants and an unlimited number of sub-tenants in a hierarchical structure.

Each tenant that is created is a unique customer entity. User credentials are defined per tenant/customer entity.

Each tenant can view the devices, settings, configurations, and operations of all the tenants below them. Tenants cannot view other tenants at the same level or above them.

  • Device Mapping

The SpartanShield  ADMP supports a device grouping that provides both dynamic and static groups creation.

The operator/administrator can create device groups based on the following criteria: ranges of a device/sensor S/N, vendor/model, MACs, IPs, FW&HW versions, User ID and other attributes.

A newly registered device is automatically placed in the group when its attributes match the group criteria. It is possible to assign and schedule a single task or flow of tasks to the devices of a group. Any task related to a device/sensor protocol being used can be assigned.

The platform supports an unlimited number of child/parent groups and relationships. Each group is protected by user credentials.

Each group can be considered as an independent domain with its own access accounts, assigned tasks, and available functionality.

The device treatment in a group is a configurable function and depends only on customer/user needs. Group tasks, events, and KPI monitoring are set on the group base.

Any task supported by the platform for a single device is available for a group also. Configuration changes, downlink/uplink commands, reporting, visualization, group upgrades, reports, files upload/download, diagnostics are supported.

Zero-Touch Configuration and Dynamic Service Provisioning

SpartanShield  enables fully automatic Zero-Touch Provisioning including configuring the devices with any parameters required for operations. The system allows service provisioning of the devices and appropriate APIs for 3rd party integrations. The provisioning process is configurables based on customer requirements.

Managing Multiple Device Types

The Platform allows creating a new data model to be supported by the SpartanShield™. New Device types or data models are automatically added by the system without any intervention via its Dynamic-Domain-Definition technology.

Managing Multiple Configuration Profiles

SpartanShield provides for multiple profiles creation for the same devices based on the user/service group.

Re-provisioning

The system requires that provisioning be automatically invoked if the customer replaces the device or resets the device to factory default. The process includes re-creation of the device settings based on the device and user’s group including:

  • Device profile settings for different IP services
  • User’s specific provisioning data
  • Any additional settings configured

Retrieve Device data in Bulk or Individually

The Platform supports retrieving all device data by minimal requests. Some devices which don’t support this funcation are managed individually.

Partial Device Data Retrieval

SpartanShield allows setting of minimal device data to be retrieved from a device and persisted in the system.

Remote Group Updates

The Platform allows parameter updates or firmware upgrades of a device groups. The updates can be sent to all devices or specific ones based on configurables criterias.

The update can be executed immediately, scheduled or executed during next device connection to SpartanShield.

Reset/Reboot Device

The system allows rebooting or resetting a device to factory default.

Notification, Polling

SpartanShield supports notifications and polling based on a device protocol used (USP or MQTT).

Blacklisted Devices

SpartanShield allows for a blacklist of devices which are not permitted on the Platform.

Whitelisted Devices

SpartanShield allows for a white list of devices managed by the Platform.

System Monitoring and Alerts

Two types of alerts are supported – system and device level. At the system level, alerts are generated for a service failure. Such alerts can be sent via email, SMS or push notifications to mobile devices. At the device level, the system allows for device parameter monitoring and diagnostics.

User Management

The system allows management of permissions for Platform users. The user can be created with various level of permissions for system and device based operations.

SpartanShield AppStore

The AppStore is used for the following business cases :

  • Firmware updates for various devices
  • Device Configuration files
  • Various apps and services to be deployed in a Gateway containerized enviroments( applications for Broadband and Connected Home Services, USP Agent, Gateway management Agent, any configurable list of Apps deployable to the Gateway etc ). See more details in SpartanShield Fog-Edge product.

Firmware Management

SpartanShield allows to provide firmware updates for a group or individual devices. The process is implemented using the USP(TR-369) protocol :

  • Firmware lifecycle management
  • Over the Air (OTA) capabilities for all supported devices
  • Notification process for device updates
  • Group updates
  • Progress tracking for the updates
  • Update result reporting
  • Rollback Options

Device Logging

SpartanShield  provides full logs of system activity for maintenance and support:

  • Device Activity Log
  • User’s Activity Log
  • Error log
  • QoS logging of the Platform
  • Device Trace log

Event Logs

The Platform allows error, system, and device inventory logs. The logs can be viewed via the management console or accessible via API for integrations(3rd party and mobile applications).

API for Call Data Records(CDR)

The Platform provides for CDR APIs as follows :

  • Tenant/User Account
  • Time of request
  • Detail of request
  • Other system/device information

Device CDRs

SpartanShield allows for device CDRs that is used for verification, auditing and billing purposes. The CDRs include information on:

  • IP Address
  • Serial Number
  • Timestamps
  • Other related information

6. AI/ML

SpartanShield is pleased to share avision of Device AIOnization.

It solves the problem of shifting AI/ML computation from the Cloud to the Edge for all types of Devices :

SpartanShield AI/ML Router Platform for Devices: Connecting devices with the perfect AI/ML model for unparalleled performance, efficiency and security.

SpartanShield FogEdge – Tunes, pre-trains and deploys selected AI/ML models to devices.

SpartanShield Video – Video streaming and AI/ML model management, orchestration and provisioning for Cameras.

The product line unifies AI/ML computing for all types of Devices – Edge, Sensors, Cameras, Automotive and many others.

4. SCEF Support

SpartanShield supports Non-IP Data Delivery of managed devices as specified in 3GPP Release 13 for Service Capability Exposure (SCEF).

The Platform is integrated with a 4G-5G provider’s SCEF interfaces with a carrier which operates the access networks.

FOG-Edge Computing

Fog-Edge computing is supported via a separate product. See more details at SpartanShield Fog Edge.

Authentication/Authorization

The following Authentication and Authorization mechanisms are supported by SpartanShield :

RADIUS

LDAP

External applications can authenticate via REST JWT(JSON Web Tokens).

SAML 2.0, OAuth 2.0 are supported via integration existing SSO platforms( OKTA, PingIdentity).

User Access Security

Granular user security is implemented via Group based access control lists :

  • Administrator – Full control rights.
  • User – Permissions are configured by Administrator.
  • View only – Read only access rights.
Device Management Protocol Security

TR-369 USP Protocol

On top of transport layer security via TLS, the following authentication and authorization methods are supported according to the protocol specification :

1. Authentication
2. Role Based Access Control (RBAC)
3. Trusted Certificate Authorities
4. Trusted Brokers
5. Self-Signed Certificates
6. Agent Authentication
7. Challenge Strings and Images
8. Analysis of Controller Certificates

MQTTS Protocol

TLS certificate based transport layer security applied.

Device Data Security

For USP TR-369, MQTT managed devices, data can be encrypted additionally by device feeds ingestion during pre-post processing pipeline phases.

Platform Security

Certificates are used to create TLS/DTLS sessions with edge devices.

SpartanShield supports X.509 in the authentication process of connected devices. They are logically grouped and within the certificate there is a CN attribute that should be mapped to the device endpoint.

SpartanShield performs certificate validation during device provisioning operations.

Pre-shared keys are supported also.

Certificate rotation, expired certificates, or certificate revocation management are optional security modules configurable on demand.

SpartanShield validates the endpoint name as certificate CN and the certificate expiration date.

External certificate validation operations by platforms like PingIdentity, Okta are integrated with SpartanShield on demand.

User Interface Security
SpartanShield administrative consoles and GUIs are secured via HTTPS & TLS transport layer mechanisms.
API Security

The SpartanShield  REST APIs are secured via TLS transport layer security along with JWT generated on each new session.

Network/Cloud Security

Depending on a target deployment scenarios – On-Premises, Cloud – appropriate security measures are exploited.

Platform scaling/load balancing

Platform scaling is accomplished by dynamic allocation of instances by a Cloud provider accompanied by NGINX traffic and application load balancing.

Application Enablement Platform

Business Applications Generator

SpartanShield  includes an Application Enablement Platform (AEP). It allows to create a Web based business applications in a WYSIWYG environment without a line of code.

Supported are the following application types:

  • Assets – a view of physical or logical devices or groups of devices.
  • Devices – a visual representation of device fleet.
  • Users and groups – logical view of platform users and groups.
  • Widgets – gauges to represent data from devices.
  • Dashboards– analytical view of critical components of the platform.
  • Rules – visual editor for creation a workflow for device data processing.

Analytics

SpartanShield can be integrated with wide range of analytics cloud providers. Due to a Hybrid Cloud deployment support, the mix of best analytics tools and application can be utilized from Azure, AWS.

Device analytics filters large amount of device data, apply ML/AI pipelines to ingested data and further process fine tuned payloads by vast range of existing Azure, AWS tools.

Real-Time Device Stream Processing

Real-Time Stream processing refers to the data processing on the data stream collected from various devices in real-time.

  • Transformation – conversion of device data and piping in for further processing.
  • Enrichment – device data is combined with other datasets to get required information.
  • Persistence – device data is stored in Cloud or local databases(SQL, NoSQL).
Analytics UI

Once device data went through various ingesting and processing pipelines, it can be fetched to various data visualization and analytics platforms. Then Dashboards are built using open source platforms like Thingsboard, Kibana, Grafana.

Historical Data Integration

SpartanShield integrates external BI or Analytics applications including  the following time-based data engine:

  • InfluxDB

Terms and Acronyms

Acronym Description
3GPP3rd Generation Partnership Project
AEPApplication Enablement Platform
BIBusiness intelligence tools and products
CAT-M1Technology that functions on a 1.4 MHz (reduced from 20 MHz) spectrum,
has a transmit power of 20 dBm, and provides upload and download speed
CDRsCall Data Records
CoAPConstrained Application Protocol
DDoSDistributed Denial-of-Service attacks
DeviceVarious types of IOT and SmartHome devices including sensors,
gateways and mobile computing units
DMDevice Management
DTLSDatagram Transport Layer Security
FirmwareA piece of software executable as part as device operating system(OS)
FOTAFirmware Over The Air
ADMPAI/ML Device Management Platform – multiprotocol device management platform with AI/ML analysis for device fleet and connected users
SpartanShieldSpartanShield ADMP - multiprotocol device management platform with AI/ML analysis for device fleet and connected users
DDDDynamic-Domain-Definition technology invented by SpartanShield to detect a device management protocol in run-time and load approprate micro-service container to manage such device type
FTTxFiber-to-the-Home physical layer set of protocols
IaaSInfrastructure-as-a-Service
IoTInternet of Things
IoT ServerIoT Device Management Server.
JSONJavaScript Object Notation
LANLocal Area Network
LPWALow Power Wide Area Network
M2MMachine to Machine
MQTTMessage Queuing Telemetry Transport is an ISO standard
MQTTSMQTT Sensor Networks
NB-IoTNarrowband Internet of Things is a Low Power Wide Area Network
(LPWAN) radio technology standard developed by 3GPP to enable a
wide range of cellular devices and services. The specification was
frozen in 3GPP Release 13 (LTE Advanced Pro) in June 2016. NB-IoT
provides average upload speeds between 20 Kpbs and
250 Kpbs and download speeds
NIDDNon-Internet protocol Data Delivery
OTAOver The Air
PaaSPlatform-as-a-Service
PANPersonal Area Network such as used in Zigbee, Z-Wave,
Bluetooth, RF Mesh, Thread, Matter and other IEEE 802.15.4 networks
QoSSpartanShield’s Quality of Service Professional Solution
RESTrepresentational state transfer API
RFRadio Frequency, like RF based wireless networks
SaaSSoftware-as-a-Service
SMSShort Message Service
SNMPSimple Network Management Protocol
SSLSecure Sockets Layer (SSL)
TLSTransport Layer Security
TR-069Broadband Forum technical specification which enables remote and
safe configuration of Broadband devices
USP(TR-369)User Services Platform (TR-369) – next generation of broadband device
management protocol
WANWide Area Network