Neeco M2M OOB Global Out Of Band Device Access over 2G/3G/4G mobile M2M networks
2 M2M OOB Neeco delivers a new generation of global Out of Band (OOB) management and access solutions to meet the growing demand for agile, scalable, secure, and cost-effective connectivity. With Neeco M2M OOB, businesses are able to monitor, access, and manage distributed devices remotely and securely by utilizing a unique combination of cellular M2M network capabilities, a rich feature set of on-site terminals and centralized administration possibilities. ADMIN NEECO M2M OOB Neeco M2M OOB offers three main use case scenarios: Remote Out of Band Device Management Primary Line Backup Rapid Deployment (extension of Primary Line Backup or OOB device management) M2M OOB MANAGEMENT CUSTOM APN/SSH BACKUP 2G/3G/4G LTE MACHINE BACKUP OOB MANAGEMENT REMOTE SITE ROUTERS EQUIPMENT IOT EQUIPMENT M2M OOB PRIMARY LINE BACKUP PRIMARY WAN MPLS/T1/CABLE PRIMARY FALURE M2M OOB features at a glance: Remote management and device access over 2G/3G/4G mobile networks. Dynamic utilization of mobile networks based on signal strength and other configurable parameters. M2M data plans allow sharing a single data pool between multiple connected sites, rather than managing many per-site data pools. Provides significant cost savings compared to utilization of legacy DSL lines. The ability to access and control one or more devices on a remote site using a single OOB connection. Supports most connection types - including USB, RS232, Ethernet, and WiFi connections. Customizable rules and policies to initiate actions as a response to pre-defined events. Zero-touch deployment at remote site. Easy access of device management console through a secure web browser-based user interface. Integration of Neeco M2M OOB services with Neeco global ICT solutions, offering a single point of contact for planning, execution, and maintenance project stages.
3 Out of Band Device Management In networks with critical components, securing device access through a dedicated channel for managing network devices is crucial. A console port, dedicated Ethernet management port, or other OOB access must be created to recover failed devices, or to ensure management connectivity for configuration and auditing purposes independent of in-band connectivity and its status. With Neeco M2M OOB, network administrators can securely access their devices at any time, without the need to go on site to handle the outages even when the network is down. Leveraging M2M technologies, Neeco can deploy rapid wireless connectivity anywhere Clients assets are located, with one SIM and choice of compatible wireless standards for international coverage. Using 2G/ 3G/ 4G mobile networks, all devices can easily be connected to central management systems to share information they are gathering, in real time. Management systems that are set up to look for anomalies can take automated actions, for example raising a trouble ticket with Field Engineers, or remotely initiating a failover to a backup system. Neeco M2M OOB allows network administrators to: Securely access the device management console during standard operations or network outages through the fully encrypted 2G, 3G, or LTE connection. Access the management console of a device through a web browser application. Administration runs in an HTML5 compatible web browser, without the need to install potentially insecure flash, java, or similar plugins. The alternative option is to access managed devices through the Client s 3rd party monitoring applications through secure VPN connections. Backup and restore configuration or system images, and set up automated work-flow to minimize administrative overheads while managing large numbers of sites and devices. Simultaneously operate and configure multiple devices on one site at one time. Access a management console through any common interface type, including RS232 and Ethernet connections, thus the solution can be easily deployed in multi-vendor and multi-technology environments. Set up preventive maintenance activities to minimize the probability of network down emergencies. Utilize Neeco spare management and on-site support to restore operations in case of network component failure detection. Web console Client Application: The Web console client application is the key to Neeco M2M OOB management. Through this application, a Client s administrator can access the device securely, with the same experience as when connecting to a management console locally. Key features of the web console: Runs in an HTML5 compatible web browser, without the need to install potentially insecure flash or java plugins Device session sharing: multiple users can open the same remote network device and see the same output Session resume Copy & paste support
4 Primary Line Backup Neeco M2M OOB leverages the latest mobile technology applications to provide network connectivity for SOHO, small and medium branch offices during primary line failures. The growing speed of mobile connectivity, together with a rich feature set and management possibilities, means backup connectivity based on mobile networks is a reasonable replacement solution of legacy backup links typically based on traditional analogue lines. With M2M OOB businesses can benefit from the following backup line features: M2M represents a fully independent standby network connection with automated failover when the primary line goes down. Advanced terminal equipment configuration, root level shell scripting, and firmware customization for process automation and connection state SMS control. Enterprise grade security of backup connection, inclusive of IPSec, GRE, OpenVPN, and other VPN technologies. Dynamic allocation of a single data pool between many sites means data are only consumed if required by a specific connection- delivering significant cost savings and minimizing administrative overhead. Rapid Deployment Terrestrial connections might take significant time to activate, from a couple of weeks to several months in remote locations. Rapid deployment M2M OOB solutions are designed to provide temporary data connectivity utilizing 3G/ 4G networks, prior to deployment and activation of long term connectivity solutions. Typically, once the primary line is delivered, the Neeco M2M OOB connection becomes a standby backup link or device management connection. The key benefit of the global M2M rapid deployment solution is the speed of delivery and activation. Utilizing Neeco s hardware distribution, logistics and on-site support services, data connectivity can be RFS as early as three days from the date of order, depending on location and the type of hardware used.
5 M2M OOB Components Neeco M2M OOB consists of the following main building blocks: On-Site Integrated Terminals Local Connectivity between Integrated Terminals and Customer s Equipment M2M Global Connectivity Platform CUSTOMER SITE B MOBILE (GSM/UMTS/LTE) CUSTOM APN/SSH BTS PUBLIC INTERNET OPERATORS CUSTOMER SITE A CUSTOM APN/SSH CUSTOM APN/SSH PUBLIC INTERNET HTTPS/VPN RS232/USB CONVERTERS HUB WEB SERVER RS232 USB LAN/HTTPS USB ETHERNET CONTROLLED ROUTERS TELNET/SSH CONTROLLED ROUTER ADMINISTRATORS
6 On-site Integrated Terminals Integrated Terminals connect the customer s equipment with mobile networks, delivering secure, reliable, and agile connectivity to support business critical applications. For Neeco WirelessOOB we use Vodafone MachineLink devices, specifically designed for IoT and M2M solutions. Vodafone MachineLink 4G and Vodafone MachineLink 3G Plus The Vodafone MachineLink 4G is an LTE router, the Vodafone MachineLink 3G Plus is a 3G pentaband router, and both ideal for enterprise M2M/ IoT applications. Featuring high speed WiFi, two Gigabit Ethernet ports, a USB port, built-in GPS, and extensive support for various communications protocols, the MachineLink 4G and MachineLink 3G Plus are the all-in-one wireless IoT solution. Connectivity 2 x 10/100/1000 Base-T Ethernet RJ45 ports with Auto MDIX Micro USB 2.0 (type AB) OTG interface with 0.5A supply Capability Embedded global SIM Secure soldered-down 2G/3G/4G (4G only for MachineLink 4G) SIM (ETSI MFF2 DFN-8 USIM) WAN failover/fall back Business continuity guarantee for wired networks via instantaneous failover/failback to/from 4G/3G/2G networks VPN PPTP client for VPN connectivity to remote PPTP VPN server IPSec tunnel termination (for up to 5 tunnels) GRE tunneling OpenVPN (client, server and P2P) Certifications CE (Europe) emark (Europe) RoHS (Europe) WEEE (Europe) REACH (Europe) IC (Canada) FCC (USA) RCM (Australia) ICASA (South Africa) GCF (Europe) Local connectivity between Integrated Terminals and Customer s equipment Connectivity between MachineLink Integrated Terminals and network devices can be established over any common type of interface, including Serial (RS232), Telnet, SSH and HTTP/ HHTPS connections. In case more physical connections of the same type are required to connect between MachineLink and managed networking device, the solution utilizes hubs to multiply the physical ports available (for both Serial and Ethernet connections). Neeco M2M OOB includes a database where customer s devices are assigned to respective ports, so there is no need to remember which specific port the network device is connected to; Clients can work simply with device names, IP addresses, etc.
7 M2M Global Connectivity Platform The M2M Global Connectivity Platform delivers internet connectivity across most countries, supporting packet data communication based on GPRS, EDGE, UMTS, HSPA, and LTE (4G). With this solution, an M2M SIM can be used in any country without the need to determine in advance in which specific location the SIM will be used. This simplifies deployment and SIM card management for a large, distributed connectivity requirement. The result is the ability to seamlessly provision connectivity over multiple operators with coverage delivered via the most reliable 2G, 3G, and 4G networks. APN to SIM Mapping Each configured M2M OOB customer implementation has a unique APN which controls access to the private virtual network delimited by the specific APN. Assignment of the APN to the SIM is performed centrally within the M2M OOB service; global M2M SIMs are restricted to access only its assigned APN(s). Only Global M2M SIMs specifically assigned to a Customer Service Profile (CSP) within the M2M OOB Service are able to access the APN associated with that CSP. When a device attaches to the M2M OOB network, the SIM profile, including the APN, is downloaded to the Serving GPRS Support Node (SGSN) from the Home Location register (HLR). When a device attempts to activate a PDP context, it is this single APN that is used. Hence, a CSP made up of only the Global M2M SIMs allocated to a single customer is created, and only customers with these Global M2M SIMs can access the network. IP Address Allocation IP addresses within the M2M OOB solution are assigned statically, i.e. the same IP address is assigned to all PDP sessions for a given SIM. The administrator can use a web portal for assigning IP addresses or batch files for bulk actions. Reporting Through the web management portal, Neeco M2M OOB offers access to a number of standard reports. This provides the ability to manage the installed base and view usage patterns for either an individual or group of global M2M OOB. The reports are provided in CSV, PDF, and XML file formats. It is also possible to use APIs to extract information to their own processing systems as required. Neeco M2M OOB Security M2M OOB delivers complex, enterprise-grade security featuring the following layers of protection: Security over the mobile network is provisioned by a custom private APN, totally isolated from public internet APN. The connection between MachineLink and Neeco management servers (situated directly in the Vodafone network) is provided by using an SSH connection. Authentication is conducted using the RSA keys. The connection between Neeco management servers and the Client s web application is primarily provided by HTTPS. Alternatively, a VPN connection between Neeco and the Client s servers can be established (IPSEC, OpenVPN) to deliver data connectivity directly to the Client s network. MachineLink shell/configuration is further secured by special system user credentials.