The diversity and manufacturing specifications of devices play a huge role in how Marist handles IoT devices from a networking standpoint.
“Since they often have varying chip sets, use particular protocols or specific wireless bands, and even ignore security best practices at times, some leg work and testing is needed in order to properly develop the network for their support,” Thirsk says.
Marist is working with devices using a Broadcom chip transmitting over Wi-Fi. The devices connect wirelessly using both EnGenious and Cisco broadcast nodes. Marist is using an on-premise server connected via a Netgear switch to collect, pre-process and encrypt the data.
A Netgear router transmits the SSL-secured data over the Internet, which is then received through Marist’s Juniper SRX 3600 series firewall and A10 load balancer. Once the device data is received by the predictive analytics server, it’s modeled for use by analysts.
“We have not had to modify our network physically, but we have had to re-engineer network configurations [to] ensure persistent and secure transmission on the client side,” Thirsk says. “We’ve found different devices using alternate protocols and channels, [and] devices that could only ‘open stream’ with no security.”
He also recommends testing and creating small pilots of various devices.
“You will invariably be faced with supporting a plethora of devices that users and clients may try to connect to the network,” he warns. “You must have an idea of the bandwidth requirements created by smart devices, what sort of encryption they can or cannot support, and whether or not they are secure and can be updated as needed.”
For example, Marist has experimented with small groups of inexpensive devices, such as Raspberry Pi’s, to see how they would work on its systems with various USB-based network interface cards, wireless adapters, and Bluetooth adapters. The goal is to collect information on the amount of bandwidth the devices would need and how much interference they might generate.
Device registration is also important. “Our network team wrote their own portal page that integrates with identity services,” Thirsk says. Users “register” devices and only then are they placed into a control group that allows access. Devices can then be set to connect to the SSID Marist created. Separate VLANs might be required to segment classes of devices away from the protected networks that have different security requirements.
Due to the lack of standardization on many devices, it might be difficult to identify them on the network if they do not have the ability to identify themselves, Thirsk says.
Remember that once you achieve some level of success with IoT, prepare for an influx of connected devices, Thirsk says. “Build in device and group visibility so you can understand the status of things, maintain security, and continue to expand your device presence and value,” he says.
Sign up for CIO Asia eNewsletters.