IoT Operations

Fundamentals for the IoT offerings in areas of BLE, Zigbee and USB based IoT devices.

Aruba Central supports transporting of IoT data over enterprise WLAN. APs receive data from the IoT devices and send the metadata for these devices to Aruba Central and the IoT data to external servers through IoT Connectors. The IoT Connector aggregates the device data, performs edge-compute, and runs business logic on the raw data before sending the metadata and IoT data. The metadata for all IoT devices is displayed in IoT Operations dashboard in Aruba Central. Partner-developed applications, running on the IoT Connector, can be used to send the IoT data to external servers.

While enabling new capabilities to address real business needs, this proliferation of IoT devices at the edge creates a new set of challenges for IT. IoT devices use a variety of different physical layer connectivity types and communication protocols. Vendor-specific IoT gateways are often required to manage those devices and collect their data. IoT gateways obscure IoT devices on the network, making it difficult—if not impossible—to understand at a granular level what is connected to the network and where device data is going. Security is always front-and-center when it comes to IoT because many IoT devices are fundamentally untrustworthy, and the lack of visibility creates greater risk. IoT Operations within Aruba Central provides a solution to all of these problems.

Aruba’s IoT ecosystem mainly relies on its partner integrations. Aruba provides a transport medium in the form of its APs and a IoT Connector at the edge, for the data sensed by the IoT devices from different vendors and send that securely and efficiently to their backend.

Additionally, Aruba offers BLE based tags and beacons for Meridian based location services. Tags are mainly used for asset tracking and beacons are used for indoor wayfinding and identifying device location. To learn more about Meridian, check out the Meridian Platform documentation.

Solution Components

The IoT Operations consists of the following three solution components:

IoT Dashboard

The IoT dashboard provides a unified view of all your IoT Connectors, Access Points sending IoT data to these connectors, Apps that are currently installed and a comprehensive list of all the IoT devices/sensors that are being heard by your Access Points.

It gives a detailed overview of how your IoT network is performing. The IoT dashboard provides a view of non-Wi-Fi IoT devices that would otherwise be obscured by vendor or device-specific hardware. IT can monitor these devices from the first moment they connect to APs anywhere in the environment and see exactly which AP each device is connected to. Once an appropriate App is installed on the IoT connector, previously unknown devices of that type can be automatically and accurately classified, so network administrators know exactly what the IoT devices are, and where the IoT devices are, with confidence. To learn more about monitoring IoT operations, refer to Monitoring HPE Aruba Networking IoT Operations.

Representation of IoT Ops Home Page

IoT App Store

The IoT app store takes the complexity out of deploying new IoT use cases within the organization. Simply visit the IoT app store—located within Central—and use the store’s intuitive interface to browse ArubaEdge IoT applications certified to integrate seamlessly with our networks. Unlike directory-style marketplaces that simply provide pointers to compatible applications, the IoT app store provides certified applications for immediate download and activation with just a few clicks of the mouse. To install a Partner-Developed App refer to Installing a Partner-Developed App

Using the IoT app store also simplifies the complex and often confusing task of IoT device- application configuration. After the application is installed on the IoT connector, the AP can be easily configured to securely transport the device’s telemetry data to the appropriate destination, whether that’s an on-premises server or the cloud. From BLE location tags, beacons, and sensors to Zigbee door locks, IoT deployment is simple—so you no longer need to rely on third-party integrators for custom development. To know what IoT Apps are supported today, refer to IoT Operations App Matrix

IoT Operations App Store

IoT Connector

Intelligent Edge applications which require edge computing of IoT data have historically been some of the most difficult for IT to implement and manage. The challenges are particularly acute when it comes to processing IoT data. In some cases, IoT Connector at the edge is needed to parse/decode IoT telemetry data from Central-managed APs and make the data available to IoT applications, whether hosted on premises or in the cloud (e.g., Microsoft Azure IoT Hub). In other instances, the AP itself can be used as a connector to securely transport the data.

The IoT Connector aggregates the device data, performs edge-compute, and runs business logic on the raw data before sending the dashboard metadata and IoT data. The IoT connector puts Intelligent Edge applications within reach—allowing IT to accommodate whatever technology transition comes next with the speed and ease of deploying a virtual machine or AP in the existing infrastructure. With the Aruba IoT connector component, it’s easy to provision multiple ArubaEdge IoT applications within the environment—it only takes a few clicks. The IoT connector virtual appliance is added as a new data collector within Central and then installed on the VM instance or AP. The administrator can then enable new IoT connectors through the IoT Operations guided user interface and see connectors in use—all within Central.

Each customer deployment can have different IoT Connector in their environment based on the scale of their deployment. IoT Operations supports the following specifications:

Parameter Mini VM Small VM Medium VM DC-2000
APs 50 250 1000 1000
BLE Devices 2000 5000 20000 20000
Zigbee Devices 200 500 2000 2000

The IoT Connector support the following specifications:

Parameter Mini VM Small VM Medium VM DC-2000
CPU(Cores) 4 8 24 24
Memory(GB) 4 16 64 64
Storage(GB) 256 256 480 512

Deployment Models

IoT Connector is an integral part of the IoT Operations solution, providing connectivity and edge processing for IoT use cases. These Connectors are used to parse or decode IoT telemetry data from Central-managed APs and make the data available to partner IoT applications that are either hosted on premises or in the cloud. There are two deployment types available: virtual machine (VM)-based using VMWare ESXi or Aruba AP-based. For downloading and deploying an IoT Connector refer to Downloading IoT connector

VM based IoT Connector

A VM-based IoT Connector leverages Aruba’s Data Collector architecture and is provisioned within Central. Configuration of the IoT Connector is provided within IoT Operations, using the guided user interface.

IoT Operations Architectural Diagram

AP as IoT Connector

For customers who find it difficult to deploy and manage a separate machine outside of their wireless deployment, Aruba provides an option of using the existing AOS 10 APs as IoT Connectors. In this type, as compared to the previous model, the function of the IoT connector is collapsed into the AP.

However, the scale and the capacity of the IoT Connector would be less if it is running on an AP. In this model, only classifier apps like iBeacon, Eddystone, Blyott etc could be used, as the installation of heavy containerized apps like Dormakaba is not supported. Support for container-based Apps inside APs to come in future releases on Aruba Central. For creating AP-based IoT connector refer to Creating AP-based IoT Connector

IoT Operations Architectural Diagram with AP acting as IoT Connector

Types of IoT Solutions

BLE based

BLE or Bluetooth Low Energy based IoT solutions are the most common amongst all the types of IoT solutions. This is mainly because BLE as a technology is very common, easily available, could be implemented with relatively low effort and rather easy to connect. BLE which is basically Bluetooth version 4.0, was introduced for over a decade ago now and found its way to a variety of different applications and solutions. Today, most of BLE based IoT devices that Aruba supports are based on BLE 5.0.

How it works with IoT Operations

The way most of the BLE devices are designed is that they broadcast their BLE beacons at pre-defined regular intervals which consists of raw data along with their payloads. Once a radio profile is configured and enabled on Aruba APs, they will start listening to these beacons and transport them over to the IoT Connector. Now within the IoT Connector, apps are installed to classify these devices and various filters could be applied to only forward that data which is relevant to the partner backend. In case of simple classifier apps like Aruba Devices, iBeacons, Eddystone, Blyott or Minew to name a few, there is no need for container-based workflow in the backend. This makes such apps very easy and quick to build and deploy. More complex solutions like on the BLE based door lock solution that utilize southbound API options necessitates the use of a container.

Use Cases

High value asset tracking, location tracking, indoor navigation and wayfinding are the current most common use cases for this type of BLE-based solution in IoT Operations in AOS 10.

Zigbee based

AP’s built-in IoT radio, which supports 802.15.4 use case like Zigbee is used for providing gateway services to relay the Zigbee-based sensor data to a management server. As of today, Aruba mainly supports two smart door lock vendors as far as Zigbee based solution is concerned.

This allows an administrator to avoid deploying a network of ZigBee routers and gateways to provide connectivity to each door lock. A single network can handle both Wi-Fi and ZigBee devices. An AP from Aruba provides ZigBee gateway functionality that offers a global standard to connect many types of ZigBee networks to the Internet or with service providers.

ZigBee devices are of three kinds:

ZigBee Coordinator (ZC)—The ZC is the most capable device. It forms the root of the network tree and may bridge to other networks. There is only one ZC in each ZigBee network.

ZigBee Router (ZR)—A ZR runs an application function and may act as an intermediate router that transmits data from other devices.

ZigBee End Device (ZED)—A ZED contains enough functionality to communicate with the parent node (either a ZC or ZR). A ZED cannot relay data from other devices. This relationship allows the ZED to be asleep for a significant amount of time thereby using less battery.

An AP acts as a ZC and forms the ZigBee network. It selects the channel, PAN ID, security policy, and stack profile for a network. A ZC is the only device type that can start a ZigBee network and each ZigBee network has only one ZC. After the ZC has started a network, it may allow new devices to join the network. It may also route data packets and communicate with other devices in the network. Aruba solution does not utilize a ZR.

How it works with IoT Operations

Compared to BLE, Zigbee based solutions differs in the fact that they need to directly connect to a coordinator. The configuration is generally more time and labour intensive given the nature of deploying such a solution given the one-by-one nature of putting the APs in permit-joining mode and connecting a given lock.

Zigbee use cases almost always require the use of container based IoT apps given the edge processing is needed to transform data in the payload. The two Zigbee based door lock vendors that are supported today with IoT Operations, require the transport detailed to be configured while installing the apps as opposed to configuring a separate transport stream.

Use Cases

Smart Zigbee-based door locks mainly comprise of the current supported use cases as far as Zigbee is concerned. These are mainly seen in the hospitality industry and enterprises that use smart buildings and facilities. These solutions provide immense ease of use with simple NFC-based key cards or even mobile phones entry, along with providing appropriate security and very detailed analytics. Features like remote locking and unlocking of doors, key blocking, how many times was the door locked/unlocked, was the latch enabled or not are some of the basic smart features that are offered by these solutions.

USB based

All Aruba APs have a dedicated USB-A slot where external supported devices could be plugged and powered. One major benefit this provides is that it opens the spectrum of use cases that are not natively available from the IoT chipset in the APs. Essentially, the AP can run any proprietary protocols other than Wi-Fi, BLE or Zigbee making use of the USB slot.

One thing to note while using this is that the USB slot is strictly governed by ACLs, so unless a supported vendor’s dongle is plugged, the slot will not function or allow for connectivity.

How it works with IoT Operations

The vendors that are supported today can be divided into 2 categories: Ethernet-over-USB and Serial-over-USB. Hanshow and SoluM fall under the 1st Ethernet-over-USB category and EnOcean falls under Serial-over-USB category.

Now apart from installing the vendor app itself, a transport stream or ‘AOS8’ app needs to be configured to specify its endpoint details.

Use Cases

Hanshow and SoluM make the electronic shelf labels(ESL). These are widely used in the retail industries and warehouses. They are replacing the traditional price tags that had be managed manually, were cumbersome and required a lot of time, effort and cost. With these ESLs, all of the above problems could be managed digitally through a central management server.

EnOcean’ USB dongle is used in conjunction with a variety of sensors. The EnOcean Alliance is a federation of nearly 400 product vendors, manufacturing more than 5,000 different lighting, temperature, humidity, air quality, security, safety, and power monitoring sensors and actuators.

The table below shows a summary of the available transport services and the corresponding supported server connection types and device class filters:

IoT Transport Service IoT Radio Connectivity IoT Server Connectivity Device Class Filter
BLE Telemetry Aruba IoT radio Telemetry-WebSocket, Telemetry-HTTPS All BLE device classes
BLE Data Aruba IoT radio Telemetry-WebSocket, Azure-IoT-Hub All BLE device classes
Serial Data USB-to-Serial Telemetry-WebSocket, Azure-IoT-Hub serial-data
Zigbee Data Aruba IoT radio Gen 2 Telemetry-WebSocket zsd

SD-Radio

SD-Radio or SDR is a new feature that allows our IoT partners to load their proprietary firmware onto the built-in IoT radio of the APs and then communicate with their backend server. This SDR can be enabled on both of our internal and external radios. Having support for this feature on external radios, enables the use of older AP models that did not have built-in IoT radio.

When a radio is software defined, it can accept new firmware from IoT App supported in Aruba Central. Once radio switches to the SDR, the App can communicate with the radio and run their logic and protocols which are transparent to Aruba.

Firmware images are stored in Openchanel’s file server. Central pushes the URL and APIKEY to the Connector and the Connector pushes them to the AP. AP downloads the image and then starts upgrading. If file servers need an SSL certificate for downloading image, AP images should embed it in advance. If current APs don’t have such certificate, Central needs to support upload Certificates to APs by customer.

Licensing

IoT Operations is available to Aruba Central customers using AOS 10 based APs, with Foundation and/or Advanced AP licenses. Separate licenses are not required for IoT Operations.

IoT Operations utilizes an IoT Connector to receive IoT data from APs and sends IoT device metadata to Aruba Central and IoT data to partner applications. The APs that are assigned to an IoT Connector utilize their IoT radios to act as IoT gateways for myriad IoT devices in the physical environment.

Aruba uses the license tier of APs assigned to your IoT Connector to determine the user experience. Currently, that user experience is differentiated in the IoT Operations Application Store. You will either have access to all apps in the IoT Operations Application Store or some of the apps in the IoT Operations Application Store. Regardless of license tier, the supported scale and base functionality of IoT Operations are the same. In the future, Aruba may add new capabilities to IoT Operations which may extend across apps or even be offered independently of the apps themselves. The user experience is currently determined in IoT Operations as:

  • When all APs assigned to an IoT Connector have an Advanced AP license, you have access to all apps in the IoT Operations Application Store.

  • When at least one AP assigned to an IoT Connector has a Foundation AP license, you have access to a subset of apps in the IoT Operations Application Store. The apps that are available are shown in full color, while the apps that are unavailable are shaded grey.

Filters can be used in the IoT Operations App Store user interface to further refine your app search. For more information on HPE Aruba Networking Central Licenses, refer to About HPE Aruba Networking Central Licensing

Key Considerations and Setup

This section describes some of the key considerations and brief steps involved for successful implementation of IoT Operations

  • APs need to run ArubaOS 10 code version

  • Configure IoT Radio Profiles and/or Zigbee Service Profiles

    This configuration is required to enable AP’s IoT radio to listen to nearby BLE or Zigbee sensors. This piece of config is done outside of the IoT Operations home page, under AP config>IoT section.

  • Deploy an IoT Connector

    IoT Connector can be deployed and managed under Organization>Platform Integrations>Data Collectors. From here an OVA file could be downloaded, the collector could be deployed and eventually registered to your Central account. Once everything is in place, you can start configuring the IoT Connector under IoT Operations home page.

  • Assign APs to IoT Connector

    APs need to be assigned to a connector for them to transport the IoT data that is sensed by the APs to the connector. Multiple APs could be assigned to one connector. Conversely, one AP can only be assigned to one connector. This could be achieved under Applications>Connectors>Gear Icon.

  • Install Apps

    Once inside your IoT Connector context, navigate to Installed Applications>Manage. This presents a list of all the available apps in the IoT Ops app store. To install any of them, simply open the app card and click Install. Most of the apps are classifier apps that don’t require any additional configuration. Some apps might require additional transport related configuration.

  • Create a Transport Stream

    For the apps which are just classifier apps and don’t require any additional configuration, we need to configure a separate transport stream to send the IoT data to an endpoint. This could be done either using ‘AOS8’ app or creating a transport stream under connector >Transports.


Last modified: November 7, 2024 (98de8e4)