Configuring IoT Operations

The Applications > IoT Operations page displays the IoT Internet of Things. IoT refers to the internetworking of devices that are embedded with electronics, software, sensors, and network connectivity features allowing data exchange over the Internet. Connectors, IoT devices, and apps. The page also allows to configure the IoT Connectors, IoT transport profiles, and install the apps.

Pre-requisites

Ensure that the following pre-requisites are met before configuring IoT Operations:

  • An x86-based ESXi server for VMs is available.
  • HPE Aruba Networking APs run AOS-10.

An HPE Aruba Networking Central user with read-only rights may make IoT Operations-related configuration changes.

Configuring IoT operations involves:

Opening Firewall Ports for IoT Connector Communication

Most of the communication between IoT Connector and HPE Aruba Networking Central server in the cloud is carried out through HTTPS Hypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. (TCP Transmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. 443). To allow IoT Connector to communicate over a network firewall Firewall is a network security system used for preventing unauthorized access to or from a private network., ensure that the following domain names and ports are open:

Network Requirements for IoT Connector

The network requirements for IoT connector include:

  • Static IP address
  • Outbound Internet Access on TCP port 443

Network Services (Internal or External) from IoT Connector

The network services (internal or external) requirements from the IoT Connector include:

Domain Names for HPE Aruba Networking Central

HPE Aruba Networking Central supports the following domain names:

Table 1: Domain Names for HPE Aruba Networking Central

Region

Domain Name

Protocol

US-1

app.central.arubanetworks.com

HTTPS

TCP port 443

US-2

app-prod2.central.arubanetworks.com

HTTPS

TCP port 443

US-WEST-4

app-uswest4.central.arubanetworks.com

HTTPS

TCP port 443

EU-1

app2-eu.central.arubanetworks.com

HTTPS

TCP port 443

EU-Central

app-eucentral3.central.arubanetworks.com

HTTPS

TCP port 443

CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.-Central

app-ca.central.arubanetworks.com

HTTPS

TCP port 443

CN Common Name. CN is the primary name used to identify a certificate. -North

app.central.arubanetworks.com.cn

HTTPS

TCP port 443

AP-South

app2-ap.central.arubanetworks.com

HTTPS

TCP port 443

AP-Northeast

app-apaceast.central.arubanetworks.com

HTTPS

TCP port 443

AP-Southeast

app-apacsouth.central.arubanetworks.com

HTTPS

TCP port 443

UAE-North

app-uaenorth1.central.arubanetworks.com

HTTPS

TCP port 443

Domain Names for Hybrid Endpoints

HPE Aruba Networking Central supports the following hybrid endpoints:

Table 2: Domain Names for Hybrid Endpoints

Region

Domain Name

Protocol

US-1

app1-hybrid.central.arubanetworks.com

HTTPS

TCP port 443

US-2

hc-prod2.central.arubanetworks.com

HTTPS

TCP port 443

US-WEST-4

uswest4-hc.central.arubanetworks.com

HTTPS

TCP port 443

EU-1

central-eu-hc.central.arubanetworks.com

HTTPS

TCP port 443

EU-3

eucentral3-hc.central.arubanetworks.com

HTTPS

TCP port 443

Canada-1

 

ca-hc.central.arubanetworks.com

HTTPS

TCP port 443

APAC-1

apac-hc.central.arubanetworks.com

HTTPS

TCP port 443

APAC-EAST1

apaceast-hc.central.arubanetworks.com

HTTPS

TCP port 443

APAC-SOUTH1

apacsouth-hc.central.arubanetworks.com

HTTPS

TCP port 443

UAENORTH1

uaenorth1-hc.central.arubanetworks.com

HTTPS

TCP port 443

Domain Names for RCS

HPE Aruba Networking Central supports the following domain names for RCS:

Table 3: Domain Names for RCS

Region

Domain Name

Protocol

US-1

rcs-ng-prod.central.arubanetworks.com

SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. port 443

rcs-ng-xp-prod.central.arubanetworks.com

US-2

rcs-ng-central-prod2.central.arubanetworks.com

SSH port 443

 

rcs-ng-xp-central-prod2.central.arubanetworks.com

US-WEST-4

rcs-ng-uswest4.central.arubanetworks.com

SSH port 443

 

rcs-ng-xp-uswest4.central.arubanetworks.com

EU-1

rcs-ng-eu.central.arubanetworks.com

SSH port 443

 

rcs-ng-xp-eu.central.arubanetworks.com

EU-3

rcs-ng-eucentral3.central.arubanetworks.com

SSH port 443

 

rcs-ng-xp-eucentral3.central.arubanetworks.com

Canada-1

 

rcs-ng-starman.central.arubanetworks.com

SSH port 443

 

rcs-ng-xp-starman.central.arubanetworks.com

China-1

rcs-ng-china-prod.central.arubanetworks.com.cn

SSH port 443

APAC-1

rcs-ng-apac.central.arubanetworks.com

SSH port 443

 

rcs-ng-xp-apac.central.arubanetworks.com

APAC-EAST1

rcs-ng-apaceast.central.arubanetworks.com

SSH port 443

 

rcs-ng-xp-apaceast.central.arubanetworks.com

APAC-SOUTH1

rcs-ng-apacsouth.central.arubanetworks.com

SSH port 443

 

rcs-ng-xp-apacsouth.central.arubanetworks.com

UAENORTH1

rcs-ng-uaenorth1.central.arubanetworks.com

SSH port 443

Downloading an IoT Connector

IoT Connectors are available as OVA Open Virtualization Archive. OVA contains a compressed installable version of a virtual machine. files. To download an OVA file, complete the following procedure:

This topic describes the installation of the mini, small, or medium VM Virtual Machine. A VM is an emulation of a computer system. VMs are based on computer architectures and provide functionality of a physical computer. on a VMWare server. Skip this topic if the IoT Connector is a DC-2000 appliance.

  1. In the WebUI, set the filter to global.
  2. Under Maintain, click Organization > Platform Integration.
  3. If an IoT Connector has not been deployed, the Data Collector card displays the number of deployed IoT connectors as 0. Click 0 and in the Get Started card, click the Virtual Appliance link.
  4. If IoT Connectors have been deployed, the Data Collector card displays the number of deployed IoT Connectors. Click the displayed number and in the Configure Appliance card, click the Download Virtual Appliance link.
  5. In the Download Virtual Appliance dialog, click Mini, Small, or Medium. For additional information, see Specifications.
  6. Click Close.

Deploying an IoT Connector

Before deploying an OVA file, download the OVA file. For additional information, see Downloading an IoT Connector.

To deploy an IoT connector on a VMWare server, complete the following procedure:

For detailed instructions on deploying an IoT Connector OVA appliance, see Setting Up Virtual Appliances.

This topic describes the installation of the mini, small, or medium VM on a VMWare server. Skip this topic if the IoT Connector is a DC-2000 appliance.

  1. Log in to the VMware server.
  2. Click File > Deploy OVF Template.
  3. Click Browse and select the OVA file.
  4. Click Next.
  5. After the OVA file is deployed, click Console.
  6. Log in to the console with the following credentials:
    • Username as aruba
    • Password as aruba
  7. Change the password. For additional information, see Performing Advanced Options.
  8. Configure the hostname. For additional information, see Configuring Hostname.
  9. Configure the network with static IP address, mask, gateway, and DNS server. For additional information, see Using Command Line Interface Options.
  10. Test the network connectivity. For additional information, see Using Command Line Interface Options.
  11. Configure the timezone. For additional information, see Using Command Line Interface Options.
  12. Register the IoT Connector to HPE Aruba Networking Central by using a registration token. For additional information, see Creating Registration Tokens.

Creating an IoT Connector

You can create a data collector-based or an AP-based IoT Connector.

Creating Data Collector-based IoT Connector

Before creating an IoT Connector, you should download and deploy an IoT Connector. For additional information, see Downloading an IoT Connector and Deploying an IoT Connector.

Wait at least 30 min between deploying an IoT Connector and creating an IoT Connector. After 30 min, if Create Collector is not available in HPE Aruba Networking Central, reboot the IoT Connector in the VMware server. The Create Collector is disabled till a new IoT Connector is available.

To create a data collector-based IoT Connector, complete the following procedure:

  1. In the WebUI, set the filter to global.
  2. Under Manage, click Applications > IoT Operations.
  3. The Connectors card displays a donut-chart of the configured IoT connectors. Click View.

    If an IoT Connector is not configured, the Connectors card displays Add Connector. Click Add Connector to create an IoT Connector.

  4. In the Connectors table, click the Add Connector icon.
  5. In the Add New Connector pop-up, select Data Collector, and click Add.
  6. In the Managed Collectors page, click Create Collector.
    The Create Collector pop-up is displayed.

    Ensure that an IoT Connector is deployed and registered in HPE Aruba Networking Central. For additional information, see Deploying an IoT Connector.

  7. In the Give collector a name section, enter an IoT Connector name.
  8. In the Select an application to install on collector section, select IoT Connector.
  9. Click Next.
  10. Select the required virtual machine from the table, and click Next.
  11. Select a group to be set for the data collector from the Groups table.

    A group can be set for multiple data collectors if required.

  12. Click Create.

    It takes at least 30 min for a newly created IoT Connector to come online.

Creating AP-based IoT Connector

To create an AP-based IoT Connector, complete the following procedure:

The AP-based IoT Connector does not support all IoT apps.

  1. In the HPE Aruba Networking Central app, set the filter to global.
  2. Under Manage, click Applications > IoT Operations.
  3. The Connectors card displays a graph of the configured IoT connectors. Click Show Connectors.

    If an IoT Connector is not configured, the Connectors card displays Add Connector. Click Add Connector to create an IoT Connector.

  4. In the Connectors table, click the Add Connector icon.
  5. In the Add New Connector pop-up, select Access Point, and click Add.
  6. In the Manage Access Points as Connectors pop-up, check the required AP group and click Save.

Creating IoT Radio Profile

An IoT radio profile allows an AP to collect IoT data from IoT devices. An IoT radio profile can be created for an AP group with APs running AOS-10.

To create an IoT radio profile, complete the following procedure:

  1. In the WebUI, set the filter to an AOS-10 group.
  2. Under Manage, click Devices.
  3. Click the Config icon.
  4. Click Show Advanced.
  5. Click IoT tab.
  6. In the IoT Radio Profiles table, click the Add icon.
  7. Configure the following parameters and click Save Settings.

Table 4: IoT Radio Profile

Parameter Description

Name

Name of the radio profile.

Radio

Type of radio. Select a radio type from the drop-down list: 

  • Internal—Use internal radio.
  • External—Use external radio.

Radio mode

Mode of radio. Select a radio mode from the drop-down list: 

NOTE: When the radio mode is set to BLE & Zigbee, BLE-Tx and Zigbee work together, but BLE-Rx and Zigbee do not work together.

BLE operation mode

Operation mode of BLE. Select a BLE operation mode from the drop-down list:

  • Beaconing—Use beaconing mode.
  • Scanning—Use scanning mode.
  • Both—Use both beaconing and scanning modes.

This parameter is available only when radio mode is BLE or BLE & Zigbee.

NOTE: When the radio mode is set to BLE & Zigbee, the BLE operation mode can only be set to Beaconing.

Console

Mode of BLE console. Select a BLE console from the drop-down list:

  • Auto—Use automatic BLE console.
  • On—Use BLE console.
  • Off—Do not use BLE console.

This parameter is available only when the radio mode is BLE or BLE & Zigbee.

Tx power

Transmission power. Enter a value from the range: -40, -20, -16, -12, -8, -4, 0, 2, 3, 4, 5, 6, 7, 8, 20.

APs with Gen-2 BLE/IoT radios adjust the calibrated RSSI Received Signal Strength Indicator. RSSI is a mechanism by which RF energy is measured by the circuitry on a wireless NIC (0-255). The RSSI is not standard across vendors. Each vendor determines its own RSSI scale/values. values for iBeacon advertisements when the BLE transmission power level is modified. The calibrated values can be verified using the show ap debug ble-advertisement-info command.

NOTE: This parameter is available only when the radio mode is BLE or BLE & Zigbee.

Zigbee operation mode

Operation mode of Zigbee coordinator. This parameter is available only when the radio mode is Zigbee or BLE & Zigbee.

Channel

Zigbee channel assignment. Select one of the following Zigbee channel assignments from the drop-down list:

  • Automatic—Automatically assign Zigbee channel.
  • Manual—Manually assign Zigbee channel.

This parameter is available only when the radio mode is Zigbee or BLE & Zigbee.

By default, a new IoT radio mode is in disabled state. To enable a new IoT radio profile, see Enabling IoT Radio Profile.

Enabling IoT Radio Profile

To enable an IoT radio profile, complete the following procedure:

  1. In the WebUI, set the filter to an AOS-10 group.
  2. Under Manage, click Devices.
  3. Click the Config icon.
  4. Click Show Advanced.
  5. Click IoT tab.
  6. In the IoT Radio Profiles table, hover over an IoT radio profile.
  7. Click the WiFi icon.

Configuring BLE Beacon Service Profile

The BLE Beacon Service (BBS) profile manages the BLE beacons as iBeacons or custom beacons. These beacons may be configured on HPE Aruba Networking Central or HPE Aruba Networking Central API Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software.. The BBS profile automatically assigns the beacons to the APs and allows HPE Aruba Networking Central to monitor them.

To create a BBS profile, complete the following procedure:

A BBS profile can be created for an AP group with APs running ArubaOS 10.4 version or higher.

A BBS profile supports 300 Series, 500 Series, and 600 Series access points. The 300 Series access points have only one programmable slot while the 500 Series and 600 Series access points have three programmable slots.

  1. In the WebUI, set the filter to an AOS-10 group.
  2. Under Manage, click Devices.
  3. Click the Config icon.
  4. Click Show Advanced.
  5. Click IoT tab.
  6. In the BLE Beacon Service Profile table, click the Add icon.
  7. Configure the following parameters and click Save Settings.

Table 5: BBS Profile

Parameter Description

Name

Name of the BLE beacon service profile.

Radio

Type of radio. Select a radio type from the drop-down list: 

  • Internal—Use internal radio.
  • External—Use external radio.
  • All—Use both internal and external radios.

Beacon Configuration Method

Method for beacon configuration. Select a method from the drop-down list:

  • Auto Generated—Use an automatically generated beacon configuration method.
  • Aruba Central API—Use a beacon configuration method generated by HPE Aruba Networking Central API.
  • IoT Operations App—Use a beacon configuration method generated by HPE Aruba Networking Central.

Profile Identifier

Identifier of the beacon profile.

Advertising Format

Format to use while advertising the BLE beacon. Select a BLE beacon advertising format from the drop-down list:

  • iBeacon—Use iBeacon advertising format.
  • Custom—Use custom advertising format.

If Beacon Configuration Method is set to Auto Generated, select iBeacon as the BLE beacon advertising format. If Beacon Configuration Method is set to Aruba Central API or IoT Operations App, configure the API gateway.

Advertising Interval

Time interval in milliseconds to advertise the beacon. This parameter has a fixed value of 500 ms.

If Beacon Configuration Method is set to Auto Generated, select iBeacon as the BLE beacon advertising format. If Beacon Configuration Method is set to Aruba Central API or IoT Operations App, configure the API gateway.

UUID

Ibeacon UUID in xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx format.

This parameter is available only when the Advertising Format is set to iBeacon.

Major Range

Ibeacon major range as either a single number or range from 0 to 65535.

This parameter is available only when the Advertising Format is set to iBeacon.

Minor Range

Ibeacon minor range as either a single number or range from 0 to 65535.

This parameter is available only when the Advertising Format is set to iBeacon.

Custom Value

Custom value with 3 to 31 bytes hexadecimal string and may include BTMAC or BTMACR macro.

This parameter is available only when the Advertising Format is set to Custom.

Assigning AP to IoT Connector

Assigning an AP to an IoT Connector allows an AP to send the collected data to an IoT Connector. One or more unassigned APs can be assigned to an IoT Connector. An unassigned AP is an AP that is not assigned to any IoT Connector.

IoT Operations works with HPE Aruba Networking APs running ArubaOS 10.

To assign an AP to an IoT Connector, complete the following procedure:

  1. In the WebUI, set the filter to global.
  2. Under Manage, click Applications > IoT Operations.
  3. In the Connectors graph, click Show Connectors.
  4. In the Connectors page, click the AP Collector Association icon.
  5. Click the Expand icon on the left side of the required Connector ID.
  6. In the Assigned Access Points table, click the Assign to Connector icon.
  7. In the <Connector-name> Assigned AP's (Unassigned) table, select one or more APs, and ensure that the firmware version of the APs is 10.

    Only unassigned APs can be assigned to an IoT Connector. The Connector > Assigned AP's table lists the ArubaOS version running on the AP in the Firmware Version column.

  8. Click Confirm.

Installing a Partner-Developed App

To install a partner-developed app from the App Store, complete the following procedure:

  1. In the WebUI, set the filter to global.
  2. Under Manage, click Applications > IoT Operations.
  3. Click on an IoT Connector listed in the IoT Applications graph.
  4. In the Available Apps card, click an available App.

    The Available Apps list displays all available IoT applications.

  5. In the App Details page, click Install.

Uninstalling a Partner-Developed App

To uninstall a partner-developed app, complete the following procedure:

  1. In the WebUI, set the filter to global.
  2. Under Manage, click Applications > IoT Operations.
  3. Click on an IoT Connector listed in the IoT Applications graph.
  4. Click on an installed IoT application.
  5. Click Uninstall.

Configuring an IoT Transport Profile

HPE Aruba Networking recommends to use partner-developed apps from the App Store. If you do not want to use a partner-developed app, configure an IoT transport profile. Configuring an IoT transport profile allows an IoT Connector to send the collected data to a partner server.

To configure an IoT transport profile, complete the following procedure:

  1. In the WebUI, set the filter to global.
  2. Under Manage, click Applications > IoT Operations.
  3. In the Connectors graph, click Show Connectors.
  4. In the Connectors table, click on the Name of an IoT Connector.
  5. In Transports card, click Manage.
  6. In the Transport Profiles on Connector <Connector-name> table, click the Add Transport Profile icon.
  7. Configure the following IoT transport profile parameters and click Create.

    If an IoT transport profile is not configured, the Transport Profile on Connector table displays Add. Click Add to configure an IoT transport profile.

Table 6: IoT Transport Profile

Parameter Description

Profile

Name

Name of the IoT transport profile.

Description

Description of the IoT transport profile.

Stream Type

Type of the data stream. Available options are:

  • Periodic Telemetry—Send the data stream periodically.
  • Data Frames—Send each data frame when the data is available.

Aggregation

Reporting Interval (seconds)

Period to aggregate the data stream. This parameter is available when Stream Type is set to Periodic telemetry. This parameter does not have a default value and takes any value in the range of 30 seconds to 3600 seconds.

RSSI Aggregation Type

Type of RSSI aggregation. This parameter is available when Stream Type is set to Periodic telemetry. Available options are:

  • Average—Use average value when aggregating the data stream.
  • Latest—Use the latest value when aggregating the data stream.
  • Max—Use the maximum value when aggregating the data stream.

Subscriptions

Type

Type of subscription. A subscription consists of a type and value. Device class is the supported type. Multiple subscriptions are allowed with an OR operator between subscriptions. Use the Add icon to add subscriptions.

Value

Available device classes. Multiple subscriptions are allowed with an OR operator between subscriptions. Use the Add icon to add subscriptions.

Filters

Filters

Type of filter. A filter consists of type and value. The supported type is Ibeacon UUID and the value is a UUID. Multiple filters are allowed with an OR operator between filters. Use the Add icon to add filters.

Destination

Protocol Type

WSS protocol is used when sending data. Custom CA certificates can be uploaded and synchronized when using WSS protocol. For more information on uploading CA certificate, see Certificates. For more information on synchronizing CA certificates, see Synchronizing CA Certificate.

URL

URL of the destination server.

Format Type

Format of the data. Available options are:

Authentication

Use Credentials

Use the configured credentials as authentication method. Credentials include:

  • Authentication URL—URL of the authentication server.
  • Client ID—Identify of the client.
  • Username—Username for authentication.
  • Password—Password for authentication.

Use Token

Use the configured token as the authentication method.

Deleting an IoT Transport Profile

To delete an IoT transport profile, complete the following procedure:

  1. In the WebUI, set the filter to global.
  2. Under Manage, click Applications > IoT Operations.
  3. In the Connectors graph, click Show Connectors.
  4. In the Connectors table, click on the Name of an IoT Connector.
  5. In the Transports card, click Manage.
  6. In the Transport Profiles on Connector <Connector-name> table, hover over an IoT transport profile.
  7. Click the Delete icon.
  8. In the Delete Transport Profile on Connector <Connector-name> dialog, click Delete.

Assigning CA Certificate

HPE Aruba Networking Central includes a default certificate that is not signed by a root Certificate Authority (CA). For devices to validate and authorize HPE Aruba Networking Central, upload a valid certificate that is signed by a root CA. For additional information, see Certificates.

To assign a certificate, complete the following procedure:

  1. In the WebUI, set the filter to an AOS-10 group.
  2. Under Manage, click Devices.
  3. Click the Config icon.
  4. Click Show Advanced.
  5. Click Security.
  6. Click Certificate Usage.
  7. Select a CA certificate from the WebCC CA Cert drop-down list. A CA certificate is automatically selected in the IOT CA Cert table.
  8. Click Save Settings.

Synchronizing CA Certificate

CA certificates are synchronized to collectors automatically when they are uploaded in HPE Aruba Networking Central.

Configuring IoT SES Imagotag

To configure SES Imagotag, complete the following procedure:

SES Imagotag configuration is available only for allowlisted accounts with APs running ArubaOS 10.5.0 version or higher.

  1. In the WebUI, set the filter to an AOS-10 group.
  2. Under Manage, click Devices.
  3. Click the Config icon.
  4. Click Show Advanced.
  5. Click IoT tab.
  6. Expand SES Imagotag.
  7. Configure the following parameters and click Save Settings.

Table 7: SES Imagotag Parameters

Parameter Description

SES Imagotag server name or IP

Name or IP address of SES Imagotag server.

NOTE: Name can have up to 127 characters.

SES Imagotag channel

Channel to use when communicating with SES Imagotag server.

SES Imagotag authentication

Enable authentication with SES Imagotag server.

SES Imagotag FQDN verify

Enable FQDN Fully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet. check of SES Imagotag server.