Press Release Security meets AI/ML Provisioning Tampa, FL, May 24, 2024. As a solid move in provisioning AI/ML models to the Edge, SpartanShield partnered with iUniq. Being a security solutions company, iUniq to augment own patented technology to get a competitive advantage for its identity and security product line on [...]
The SpartanShield AI/ML Router Platform for Devices is a multi-protocol IOT management ecosystem allowing to provide AI/ML orchestration and provisioning for all types of devices. Device fleet and connected users metadata is analyzed and projected with a wide range of AI/ML tools.
Thanks to its modular design based on micro-services architecture, various business domains are supported like Mobile Device Management, IOT Device Management, SmartHome gateway provisioning and others.
This is a physical protocol layer agnostic platform allowing for any type of edge devices to be managed via these access networks, such as:
Through the Dynamic-Domain-Definition (called “Triple D”) technology, invented by SpartanShield to enable remote management of any types of IoT/M2M devices including resource constrained, ultra-low-power and basic connectivity devices.
There is no need to develop scripts or device profiles to onboard devices. SpartanShield’s platform allows for Dynamic-Domain-Definition discovery, meaning any device that registers with our platform is automatically added to the unique SpartanShield Unified Device Model. Devices are managed in the same way regardless protocols they support i.e. MQTT, TR-369, WebSockets. SpartanShield supports Zero Touch Provisioning by automatic detection of the device protocol and add it to its Device Data Model.
The platform supports Multi-Tenancy and allows for an unlimited number of subtenants.
Device and Platform Security is guaranteed by transport security via TLS/X.509 certificates for a traffic between the Edge and the Platform. Identity & Security is accomplished by unique identification of each connected device.
SpartanShield platform offers a a variety of tools and an extensive API for integration to external platforms.
SpartanShield solution is designed for:
SpartanShield ADMP is flexible and extensible to be able to integrate with any of the IoT networks available today.
There are the following approaches for device integration :
Those are various IOT networks supported by the ADMP:
Network of target devices is connected to a gateway, for instance, LoRaWAN, Thread(Matter) and others. The gateway will allow a standards-based management protocol to be utilized such as USP(TR-369). The gateway has a containerized environment to deploy core components of Edge processing as a separate container. That allows to deploy self-sufficient and autonomous services in an isolated Execution Environment(EE). It leads to a boost of Edge as standalone Platform enabling more products and ecosystems around the Gateway. Also that might serve as Cloud off-loading approach when End-To-End Platforms like SpartanShield spreads its execution environments between Cloud and Edge(Fog) Tiers.
SpartanShield ADMP supports all those scenarios and serves as one-stop approach for rolling-out Enterprise Services with a good balance between Cloud and Edge(Fog) deployments.
Target devices are low powered and resource constrained SmartHome sensors, that require long life battery usage with minimal overheads for communication and management functions. For such scenarios an IPv6-based mesh networking technology introduced recently called Thread. On top of Thread PHY layer there is an application protocol Matter allowing full range of device lifecycle services including commissioning-decommissioning-data reporting-command execution.
The SpartanShield ADMP fully supports SmartHome(Matter) business cases by providing the following Execution Environments :
ADMP being deployed in Cloud(AWS, Azure, GCP) manages gateways via
USP(TR-369) protocol to provide device provisioning, data reporting, command execution.
ADMP provides for USP agent for managing Edge(Gateway). Also a separate Platform Agent is provided to communicate with the SpartanShield via MQTT(S). Both the USP Agent, Platform Agent are deployable via Docker containers in Gateway Execution Environment.
SpartanShield ADMP is designed in a way to be based on granular independent micro-services implemented via lously-couple messaging architecture. It allows to scale horyzontally and vertically exploiting high availability and geo-redundancy. The Platform is Cloud independent and is able to utilize all features presented by those. Also a mixed Cloud approach can be used to maximize the full potential of Cloud environments. For instance, SpartanShield can deploy some of its micro-services to Azure to exploit AI/ML features while some micro-services being deployed to AWS to utilize video stream recongnition and analysis features. So hybrid Cloud is a natural Execution Environment for the SpartanShield UDMP.
SpartanShield can deploy its platform in multiple setup modes such as Private or Public Cloud, On-Premises.
Deployment options include cloud based VMs, Docker Containers utilizing Kubernetes based orchestration, storage LVMs/LUNs (depending on deployment requirements), utilizing Cloud storage (e.g. RDS).
The diagram below represents the structure of the Unified Management Platform.
SpartanShield Platform is implemented as micro-services. The services allow the platform to be easily deployed in containerized environments AWS, Azure, GCP orchestrated by Kubernetes.
The UI & API services are standalone containers targeted for SpartanShield Business Applications, Enterprise Applications Enablement and 3rd party system integrations.
The following Business Applications are available:
The Device Management includes:
The Database service layer is a set of stand-alone containers for the various databases to be used like Cloud Storage or DB containers to be deployed in Cloud service fabrics. This layer includes:
The SpartanShield ADMP has a Fully Extensible Data Model. The model is built depending on a device type and management protocol used.
The flexibility of such Data Model is that a device vendor is able to extend it dynamically in run-time if required as well as develop its own one. During a device bootstrap process the model is discoverd by the Platform and stored in a persistent storage for futher reuse.
There are several types of data models:
Well-defined data model consit of pre-defined elements and attributes. Should be built by device manufacturer beforehand. Any changes in the data model lead to changes in bootstrapping process.
Loosly-defined data model which elements and attributes are set in JSON payload. Advantage of such are flexibility of run-time changes and possibility to change the model without changing the bootstrapping process.
SpartanShield supports both structured and un-structured Device Data Models.
Current supported protocols include USP(TR-369), MQTT, CoAP, XMPP, HTTPS among others.
The following device management protocols are supported in SpartanShield UDMP.
SpartanShield supports MQTTS for Device Management and Data Collection (Telemetry) via two independent integration APIs:
MQTT Payloads include JSON payload with dynamic Device Data Model declared along with parameter reporting and command execution.
The SpartanShield has an MQTT broker/server built in. The broker implementation is fully interchangeable and can be configured to use NATS, ActiveMQ, Kafka message streaming.
There are two MQTT authentication is implemented with the following options :
The Quality of Service (QoS) level is an agreement between a sender and a receiver of a message. There are 3 QoS levels in MQTT:
SpartanShield supports USP device protocol as a core micro-service for its Device Management Platform. The protocol is exploited on the Cloud side as well as on the Gateway. See more details for the Gateway containerization support and Orchestration in the SpartanShield Fog-Edge product.
CoAP (RFC7959) is supported on the Platform side.
SpartanShield supports the following scenarios:
Thanks to SpartanShield Dynamic-Domain-Definition technology and micro-services based Platform architecture, any on-demand protocol can be supported via End-To-End approach.
An appropriate service is integrated with the SpartanShield Platform along with Fog-Edge software communicates with a separate protocol container on the Gateway.
SpartanShield enables two types of APIs:
REST is an architectural style while SOAP is a protocol. RESTful implementations make use of standards such as HTTP, URI, JSON, and XML.
SpartanShield sends out push notifications as follows:
The SpartanShield ADMP can integrate with existing stream processing systems such as RabbitMQ, Kafka, Kinesis, NAT. Please contact us for more details.
SpartanShield can perform orchestration services for Cloud-to-Cloud deployments and integrations. With the help of its NothBound APIs hybrid Cloud deployment becomes a reality. Mixture of various services like video stream processing, analytics, BI, AI/ML from different Cloud are ingested, pre(post) processed and exposed to Enterprise and 3rd applications.
The following features are included in SpartanShield Platform:
The Console serves as administration GUI for device management and system integrations :
SpartanShield supports an unlimited number of tenants and an unlimited number of sub-tenants in a hierarchical structure.
Each tenant that is created is a unique customer entity. User credentials are defined per tenant/customer entity.
Each tenant can view the devices, settings, configurations, and operations of all the tenants below them. Tenants cannot view other tenants at the same level or above them.
The SpartanShield ADMP supports a device grouping that provides both dynamic and static groups creation.
The operator/administrator can create device groups based on the following criteria: ranges of a device/sensor S/N, vendor/model, MACs, IPs, FW&HW versions, User ID and other attributes.
A newly registered device is automatically placed in the group when its attributes match the group criteria. It is possible to assign and schedule a single task or flow of tasks to the devices of a group. Any task related to a device/sensor protocol being used can be assigned.
The platform supports an unlimited number of child/parent groups and relationships. Each group is protected by user credentials.
Each group can be considered as an independent domain with its own access accounts, assigned tasks, and available functionality.
The device treatment in a group is a configurable function and depends only on customer/user needs. Group tasks, events, and KPI monitoring are set on the group base.
Any task supported by the platform for a single device is available for a group also. Configuration changes, downlink/uplink commands, reporting, visualization, group upgrades, reports, files upload/download, diagnostics are supported.
SpartanShield enables fully automatic Zero-Touch Provisioning including configuring the devices with any parameters required for operations. The system allows service provisioning of the devices and appropriate APIs for 3rd party integrations. The provisioning process is configurables based on customer requirements.
The Platform allows creating a new data model to be supported by the SpartanShield™. New Device types or data models are automatically added by the system without any intervention via its Dynamic-Domain-Definition technology.
SpartanShield provides for multiple profiles creation for the same devices based on the user/service group.
The system requires that provisioning be automatically invoked if the customer replaces the device or resets the device to factory default. The process includes re-creation of the device settings based on the device and user’s group including:
The Platform supports retrieving all device data by minimal requests. Some devices which don’t support this funcation are managed individually.
SpartanShield allows setting of minimal device data to be retrieved from a device and persisted in the system.
The Platform allows parameter updates or firmware upgrades of a device groups. The updates can be sent to all devices or specific ones based on configurables criterias.
The update can be executed immediately, scheduled or executed during next device connection to SpartanShield.
The system allows rebooting or resetting a device to factory default.
SpartanShield supports notifications and polling based on a device protocol used (USP or MQTT).
SpartanShield allows for a blacklist of devices which are not permitted on the Platform.
SpartanShield allows for a white list of devices managed by the Platform.
Two types of alerts are supported – system and device level. At the system level, alerts are generated for a service failure. Such alerts can be sent via email, SMS or push notifications to mobile devices. At the device level, the system allows for device parameter monitoring and diagnostics.
The system allows management of permissions for Platform users. The user can be created with various level of permissions for system and device based operations.
The AppStore is used for the following business cases :
SpartanShield allows to provide firmware updates for a group or individual devices. The process is implemented using the USP(TR-369) protocol :
SpartanShield provides full logs of system activity for maintenance and support:
The Platform allows error, system, and device inventory logs. The logs can be viewed via the management console or accessible via API for integrations(3rd party and mobile applications).
SpartanShield allows for device CDRs that is used for verification, auditing and billing purposes. The CDRs include information on:
SpartanShield is pleased to share avision of Device AIOnization.
It solves the problem of shifting AI/ML computation from the Cloud to the Edge for all types of Devices :
• SpartanShield AI/ML Router Platform for Devices: Connecting devices with the perfect AI/ML model for unparalleled performance, efficiency and security.
• SpartanShield FogEdge – Tunes, pre-trains and deploys selected AI/ML models to devices.
• SpartanShield Video – Video streaming and AI/ML model management, orchestration and provisioning for Cameras.
The product line unifies AI/ML computing for all types of Devices – Edge, Sensors, Cameras, Automotive and many others.
Fog-Edge computing is supported via a separate product. See more details at SpartanShield Fog Edge.
The following Authentication and Authorization mechanisms are supported by SpartanShield :
RADIUS
LDAP
External applications can authenticate via REST JWT(JSON Web Tokens).
SAML 2.0, OAuth 2.0 are supported via integration existing SSO platforms( OKTA, PingIdentity).
Granular user security is implemented via Group based access control lists :
On top of transport layer security via TLS, the following authentication and authorization methods are supported according to the protocol specification :
1. Authentication
2. Role Based Access Control (RBAC)
3. Trusted Certificate Authorities
4. Trusted Brokers
5. Self-Signed Certificates
6. Agent Authentication
7. Challenge Strings and Images
8. Analysis of Controller Certificates
TLS certificate based transport layer security applied.
For USP TR-369, MQTT managed devices, data can be encrypted additionally by device feeds ingestion during pre-post processing pipeline phases.
Certificates are used to create TLS/DTLS sessions with edge devices.
SpartanShield supports X.509 in the authentication process of connected devices. They are logically grouped and within the certificate there is a CN attribute that should be mapped to the device endpoint.
SpartanShield performs certificate validation during device provisioning operations.
Pre-shared keys are supported also.
Certificate rotation, expired certificates, or certificate revocation management are optional security modules configurable on demand.
SpartanShield validates the endpoint name as certificate CN and the certificate expiration date.
External certificate validation operations by platforms like PingIdentity, Okta are integrated with SpartanShield on demand.
The SpartanShield REST APIs are secured via TLS transport layer security along with JWT generated on each new session.
Depending on a target deployment scenarios – On-Premises, Cloud – appropriate security measures are exploited.
Platform scaling is accomplished by dynamic allocation of instances by a Cloud provider accompanied by NGINX traffic and application load balancing.
SpartanShield includes an Application Enablement Platform (AEP). It allows to create a Web based business applications in a WYSIWYG environment without a line of code.
Supported are the following application types:
SpartanShield can be integrated with wide range of analytics cloud providers. Due to a Hybrid Cloud deployment support, the mix of best analytics tools and application can be utilized from Azure, AWS.
Device analytics filters large amount of device data, apply ML/AI pipelines to ingested data and further process fine tuned payloads by vast range of existing Azure, AWS tools.
Real-Time Stream processing refers to the data processing on the data stream collected from various devices in real-time.
Once device data went through various ingesting and processing pipelines, it can be fetched to various data visualization and analytics platforms. Then Dashboards are built using open source platforms like Thingsboard, Kibana, Grafana.
SpartanShield integrates external BI or Analytics applications including the following time-based data engine:
| Acronym | Description |
|---|---|
| 3GPP | 3rd Generation Partnership Project |
| AEP | Application Enablement Platform |
| BI | Business intelligence tools and products |
| CAT-M1 | Technology that functions on a 1.4 MHz (reduced from 20 MHz) spectrum, has a transmit power of 20 dBm, and provides upload and download speed |
| CDRs | Call Data Records |
| CoAP | Constrained Application Protocol |
| DDoS | Distributed Denial-of-Service attacks |
| Device | Various types of IOT and SmartHome devices including sensors, gateways and mobile computing units |
| DM | Device Management |
| DTLS | Datagram Transport Layer Security |
| Firmware | A piece of software executable as part as device operating system(OS) |
| FOTA | Firmware Over The Air |
| ADMP | AI/ML Device Management Platform – multiprotocol device management platform with AI/ML analysis for device fleet and connected users |
| SpartanShield | SpartanShield ADMP - multiprotocol device management platform with AI/ML analysis for device fleet and connected users |
| DDD | Dynamic-Domain-Definition technology invented by SpartanShield to detect a device management protocol in run-time and load approprate micro-service container to manage such device type |
| FTTx | Fiber-to-the-Home physical layer set of protocols |
| IaaS | Infrastructure-as-a-Service |
| IoT | Internet of Things |
| IoT Server | IoT Device Management Server. |
| JSON | JavaScript Object Notation |
| LAN | Local Area Network |
| LPWA | Low Power Wide Area Network |
| M2M | Machine to Machine |
| MQTT | Message Queuing Telemetry Transport is an ISO standard |
| MQTTS | MQTT Sensor Networks |
| NB-IoT | Narrowband Internet of Things is a Low Power Wide Area Network (LPWAN) radio technology standard developed by 3GPP to enable a wide range of cellular devices and services. The specification was frozen in 3GPP Release 13 (LTE Advanced Pro) in June 2016. NB-IoT provides average upload speeds between 20 Kpbs and 250 Kpbs and download speeds |
| NIDD | Non-Internet protocol Data Delivery |
| OTA | Over The Air |
| PaaS | Platform-as-a-Service |
| PAN | Personal Area Network such as used in Zigbee, Z-Wave, Bluetooth, RF Mesh, Thread, Matter and other IEEE 802.15.4 networks |
| QoS | SpartanShield’s Quality of Service Professional Solution |
| REST | representational state transfer API |
| RF | Radio Frequency, like RF based wireless networks |
| SaaS | Software-as-a-Service |
| SMS | Short Message Service |
| SNMP | Simple Network Management Protocol |
| SSL | Secure Sockets Layer (SSL) |
| TLS | Transport Layer Security |
| TR-069 | Broadband Forum technical specification which enables remote and safe configuration of Broadband devices |
| USP(TR-369) | User Services Platform (TR-369) – next generation of broadband device management protocol |
| WAN | Wide Area Network |
