Developing cloud service solutions – Part 2

service cloudLast week, we analyzed different business platform solutions and their features. Today, we will delve into the trends that are forcing applications architecture to evolve, such as the emergence of MVC frontend architectures and microservices (both based on the modularization of components). These design proposals help make the technology in which they are implemented more flexible and scalable, as well as to reuse the development processes employed.

Factoring an application into different components is not a novel idea. It is at the very core of object design, software abstraction and componentization. Currently, this factoring tends to adopt the form of classes and interfaces between shared libraries and technology levels. What has changed in the past few years is that developers, driven by companies, now create cloud distributed applications.

MVC architecture and frontend framework

MVC architecture separates data and the business logic of an application, offering elasticity, portability and interoperability between components (which proves really useful for content management collaboration in cloud services). This software architectural pattern is based on code-recycling ideas and concept separation, features that aim to facilitate the development of applications and their future maintenance.

The emergence and great success of MVC architecture in frontend development is an example of implementation in developments that reflects stack maintenance. In the past few years, we have experienced a rise of new MVC frameworks mostly aimed towards frontend development. This boom is the answer to the implementation of a logic and a design organization that, before, was only featured in the backend. That is to say:

a) We download part of the logic that used to be stored in the client’s server and favor the integration of other applications that consume said services.

b) Implementation is planned around component modulation. This allows for completely scalable solutions and improves their maintenance.

Two of the biggest companies according to the NASDAQ technological index (Google and Facebook) are letting their proposals for MVC frontend methodologies battle it out: Angular.js and React. This clearly shows the how important these types of web service implementations are nowadays.

Microservice architecture and backend framework

Microservices allow to build systems for short-scale services, each one in its own process, communicating through light protocols. Normally, a minimum number of services manages common things for all others (like database access). Each microservice corresponds to an app business area.

In addition, each of them is independent from the rest (meaning their codes can be unfolded without affecting the others). They can even be written in a different programming language.

When compared to monolithic approaches, an advantage of microservices is that they can be deployed independently. In other words, a change in the inventory module will not affect the others, business logic is well separated, it is simple and improves scalability. It also helps manage multifunctional and autonomous teams. In addition, we can form multifunctional teams that handle several microservices (escalating the development process in a simpler way).

This architecture poses a series of challenges (such as its automatic deployment) since it introduces a series of complex factors that need to be managed in distributed systems: errors, data consistency, test strategies, etc.

In Teldat, we are developing scalable solutions for our clouds management and administration platform (based on the MVC frontend model), as well as planning the implementation of microservices.

Developing cloud service solutions: Part 1

cloud administrationAs of today, the solutions offered in business platforms are based on the development and exploitation of scalability features and cost-saving actions by means of platform virtualization using effective technologies designed to modularize their components.

It may sound ironic, but the cloud concept is dominated by the desire to centralize services that are part of the decentralized worldwide network (i.e., the Internet). This notion covers a wide range of services often described as a stack, given the number of implementations built on top of one another. As a result, certain development scenarios emerge where scalability, flexibility and a continued technical implementation are key aspects for the future development of such services.

Depending on their layer of implementation, we can sort cloud services into three different categories:

a) Software as a service (SaaS): found in the top layer, these are comprehensive applications offered as a service over the Internet. Their greatest benefit relies on the fact that they are universally accessible through the Internet.

b) Platform as a service (PaaS): the idea behind these applications is the same applied to SaaS but the provider offers the “middleware” to the customer (i.e., it is the encapsulation of a development environment and the packaging of a series of modules and plug-ins that provide a horizontal functionality).

c) Infrastructure as a service (IaaS): any infrastructure that is provisioned and managed through the Internet, granting access to virtualized components. They allow for the vertical reduction and scaling of resources.

Chrome OS, a Google-developed operating system widely used in micro-laptops (especially in the US) that universalizes access to services, is a good SaaS case study example. It is designed to work in the cloud and uses the browser as main interface.

In the SaaS and PaaS layers, the supplier provides scalability as part of the service pack. The evolution in the implementation of MVC architectures is closely linked to the solutions proposed for these scenarios, which have to do with virtualization possibilities at the IaaS level.

The virtualization of platforms linked to domestic consoles is being used to monitor technical developments and stretch their marketable service lives through the pre-processing of certain effects that would otherwise require a vast allocation of resources. Another example would be that of Folding@home, a distributed computing project where resources belonging to PlayStation3 devices are used to carry out simulations on molecular dynamics for the medical field.

The scientific world is making the most of universal services implemented without the need of a physical infrastructure. The IBM Quantum Experience project, which gives all devices universal access to a quantum computer, is a worthy example. It works with a five-quantum-bits processor (the latest development in quantum architecture) and may escalate to bigger systems.

In next week’s post, we shall cover development solutions for the implementation of software architecture modules based on the modularization of components to exploit scalability.

Improving Efficiencies Through PLC PRIME Communications Gateway

prime technologyTraditional PLC-based smart metering solutions require the installation of PLC data concentrators in remote and unattended second tier substations. PLC Data concentrators handle communications with the different smart meters installed at consumer premises, consolidate the metering data and send it to the AMI management systems.

This option involves storing confidential metering data belonging to consumers at remote and unattended locations, forcing communication devices to optimize data transmission to centralized management systems. Thus, interoperability between management systems and data concentrators in the field is a must.

Private cloud for smart metering would reduce on-field infrastructure complexity, minimizing data storage at remote locations while optimizing the operation of centralized management systems relaying on a reliable communication infrastructure.

On-field infrastructure is minimized by using a unique device per substation, which acts as a gateway between the PRIME PLC network and the IP networks. Therefore, considering that most current deployments involve the combination of PLC concentrators and a communication gateway, the number of on-field devices decreases considerably. Moreover, this new architecture has a very positive side-effect as it results on a significant security improvement due to the disappearance of sensitive data stored at the secondary substations. Sensitive data stored in the concentrators is not stored in the gateway.

Cloud-based and virtual systems are becoming more and more popular thanks to their maintenance efficiencies and scalability advantages. PLC network virtualization leverages the following advantages:

Improving maintenance and operation tasks: Current smart metering deployments involve multiple meter manufacturers and multiple concentrator vendors. Although interoperability among them should be taken for granted due to DLMS/COSEM standardization, different vendors may implement the standards in different ways (having an impact on deployments and troubleshooting operations). Current deployments require coordination of multiple actions from many different vendors. Having a unique concentration point that adapts to every meter in the network simplifies interoperability certification, troubleshooting and corrections at the DLMS layer.

  • Improving Reliability: Cloud-based software solutions allow replication of servers in the power utilities core network to provide redundancy and high-availability of service.
  • Improving Security: Core metering infrastructure can be strictly secured by different DMZs, advanced firewalls and secure databases.
  • Reducing upgrading cost: Multiple AMI management systems can obtain information from this central software unit. If newer standard versions or data modelling are required by newer management systems, modifications are to be made in a unique central system instead of in multiple field devices (which might have memory or throughput limitations for those new features).

Considering the above-mentioned advantages, electric utilities are considering the use of PRIME gateways as a metering solution for deployment in rural areas. There, secondary substations are typically pole-mounted and concentrate a reduced number of meters.

Traditional data concentrators can only be installed in the Secondary substations connected to the MV grid with all the installation constraints related to this requirement.

It is, therefore, important to mention the added versatility and ease of installation the PLC PRIME Communications Gateway brings, as it can be installed not only at the MV grid but also at any point of the LV grid.

Teldat is bringing its more than 30 years of experience in complex communication networks to this new concept. For that reason, Teldat has recently launched a new REGESTA COMPACT PLC family of devices to cover the specific needs of Smart Metering deployments.

 

 

How much has business communications changed?

SD-WANAmazingly enough it’s only been ten years since the first iPhone was released. To look back on that first version is a fascinating experience and makes you realize just how far smartphones have come.

Ten years ago, the Apple store did not even exist! The only applications around were those the manufacturer installed. The cameras were nothing special either (all of 2 megapixels) and were limited to taking photos. As for communications, the limitations were greater. Network connectivity was based on poor 2G/Edge technology (speed wasn’t as essential then) for the application, which wasn’t even able to attach a photo to a message. Today we complain about the short battery life of a smartphone, however this was nothing compared to the technology of a decade ago when Apple suggested their customers should disable GPS or WiFi when unessential, as these features drained batteries leaving just a few short hours of actual use. The iPhone was however, an enormous step forward, almost killing off the then market leaders (Blackberry, Palm and Nokia) and Android was yet to make its appearance.

The technological turmoil we are living today sometimes leads us to trivialize the incredible changes going on around us, but it’s clear that over this past decade, personal communications have radically changed. Now what? Has the same thing happened to business communications?  Logic tells us that company communications would evolve at a similar rate, however this is not the case. Ten years ago, enterprise communications were mainly based on MPLS networks, technology developed at the end of the last century and still in use today.  Obviously, the transport mechanism has changed, ASDL to ADSL2, ADSL2+, VDSL and VDSL2 and more recently optic fiber (incrementing speed), however the underlying network is still unchanged, the processes for provision, management and operations practically unaltered. So given the incredible evolution in information technology, this is really quite baffling.

Present day technology means business communications can use internet lines, which are reasonably secure and reliable, make routing decisions based on applications that generate traffic (rather than technology based on IP addresses) and align network operations with business demands. Current technology allows full automation of office installations (without the presence of minimally qualified technicians) sidestepping the need to know exactly how each application uses the network at every point. Today, network behavior can be fully and easily modified in minutes (without involving a management center that, given its enormous inertia, typically needs weeks to implement significant changes).  The scope for growth is enormous and the winds of change bringing “SD-WAN” to the fore are beginning to blow. Teldat is fully behind these changes with a goal to offer a solution capable of gradually transitioning, in order to help enterprises minimize the risks and impacts a radical change may bring to a business asset as necessary as their communication networks.

 

Low Power Wide Area (LPWA) networks – a huge impulse for IoT

LPWAThe Internet of Things (IoT) is a concept which has been with us now for many years and it is slowly gaining terrain during the last few years, but what will for sure be a huge impulse for IoT are the networks classified as Low Power Wide Area networks (LPWA).

Why is this so? Mainly because IoT applications and devices, to be economically viable need to have low costs and long battery lives, and LPWA can offer this. Indeed, initial research suggests that there will be between 5 to 7 billion LPWA connections by 2022!

Apart from low costs and long battery lives, LPWA will increase the parts of the IoT industry that require low data rates, low mobility, hard to reach locations, low level of power consumption, a long range and also security. This is something which no matter which way you look at it, existing mobile technology is not ideal for the above scenarios. Hence this makes LPWA more feasible.

However, what is true, is that existing cellular operators are prime candidates to be the ones to offer LPWA, because they don’t need to make large changes in their existing infrastructure. Initially the cellular operators would just need make enhancements to their current networks. Moreover, coverage of these cellular networks to date, virtually cover the whole globe and roaming permit country frontiers to be crossed without any problems. Also, there tends to be various cellular operators in each country which means there is competition, and in turn this helps to keep pricing down.   

Industries that have requirements mentioned at the beginning of this article are many. To name but a few; agriculture, utilities, health, automotive, transport, manufacturing, wearables and more.

Utilities: all utility companies need to meter and monitor low levels of data on a periodic basis. Whether to measure client consumption or as a backup system to detect faults, leaks, etc. LPWA could also be used at the energy production plants.

Smart Cities: Smart cities are not only about the utilities industry, but much more when we consider LPWA. This technology can be implemented into many public services. From important services which need to have a tight control, such as street lighting, local police, sewers, etc. to public services from which city councils can obtain revenues from. Parking, bicycle hiring, central city areas with levy tolls, etc., to name but a few.

Manufacturing: In the same way, backup systems can be used with LPWA for the manufacturing industry, to detect faults along any parts of an assembly line or any in warehouses and in other places. Even to monitor procedures to maintain everything at optimum levels.

Buildings: LPWA  can be integrated into both private and business buildings. For example, controlling heat and light disorders or controlling machines themselves. Within a home that could be the temperature of a fridge and within a business that could be controlling the ink level of printers.

Health: Health can initially use LPWA for two basic areas. For patients and secondly for all hospital infrastructure. Having patients at home is becoming increasingly popular because on the one hand it reduces costs drastically and secondly because patients tend to improve faster at home. Using LPWA on patients to monitor blood pressures, oxygen levels, etc. is vital to be able to send patients home early. As far as controlling infrastructure, Hospital buildings would be prime candidates for everything related to smart buildings.  

Agriculture: LPWA networks will enable to keep track of live animals. Whether it’s livestock or even wild animals to detect their whereabouts. Also, soil can be monitored to always have optimum humidity levels.

Transport: Independently of tracking the vehicles, tracking of transported goods is not currently online. It is mostly done with barcodes as they pass through the different phases of their travel. However, LPWA could have packages monitored at whatever time desired.

Wearables: With LPWA, children and old aged people could wear simple devices to keep them tracked down and under control so that they don’t stray away from desired areas.

Overall it is clear that LPWA is going to boost IoT and that’s the sensation one gets from all those involved in this industry. Mobile operators, infrastructure companies, device/module/chipset manufacturers and integrators. Within Teldat we have been manufacturing mobile routers and devices for nearly twenty years, and we are keeping close control of LPWA, as we have with other mobile technology in the past.

 

 

1st Advent…when the routers turn off

routersAt the end of November, the pre-Christmas season usually starts in Germany. The famous Christmas Markets, such as the Christkindle market in Nuremberg, open in every city and people celebrate the first Advent by lighting the first of four candles of the Advent wreath. Usually, the first Advent is the day when the contemplative time starts. The 27th of November, the first Advent in 2016 was for many people in Germany in a particular way very calm. Round about one million DSL routers, mainly devices from Germany’s biggest telecommunications carrier, fell victim to hacker attacks.

No Internet, no IP telephony and no TV via IP for about one million customers. It was the biggest cyber attack in Germany so far. But not only people in Germany were offline, about 100 000 DLS routers in the UK broke down as well.

Apparently, a strain of the Mirai botnet family was responsible for the outage. Mirai (Japanese for “the future”) is malware that attacks computer systems based on Linux. The target is to turn the systems into remotely controlled “bots” (robots) and use them in botnets for large-scale network attacks. The word botnet combines the words robot and network. The source code for Mirai is published in hacker forums as open-source and can therefore be used in many malware projects.

A world-wide wave of cyber attacks by the communication protocol TR-069 has been registered. TR-064 commands tried to compromise the routers by installing malware and integrating them in an IoT botnet. Infected devices within the botnet should attack further devices. At least, this was the plan of the attackers.

As it turns out, the attack did not really succeed and it could have been worse because only the first step of the attack was successful. The connection via port 7547 of the TR-069 protocol has been accepted and opened. The second step, compromising the devices did not work because the routers were not based on Linux and the attack assumed a Linux operating system. The attack ended up in a denial of service but did not compromise devices. However, flooding the routers with TR-069 requests, the devices opened up a vast number of connections and did not terminate them as scheduled which resulted in an outage. Updates for the DSL routers have solved the problem promptly within one to two days.

Compared to what could have happened, the carrier’s customers got off lightly. Nevertheless, the damage for online shops was remarkable – especially at pre-Christmas season. As we have mentioned in previous blog posts, Teldat with its very long tradition in the telecommunication and IT market is also partner and supplier for top German carriers. The cyber attack did not really succeed. Nevertheless, the outage happened because of security vulnerability in remote management protocols.

The system architecture of Teldat’s devices does not have this vulnerability and are therefore not affected.

WiFi Cloud-based applications to empower your mobility business

mobilityThe onboard communication devices are currently undergoing rapid migration to external applications residing in the cloud while leaving behind traditional business models (based on in-house applications). These new services promise a cost effective and far simpler deployment with almost instant availability and a real possibility of monetary benefits.

The higher connection speeds provided by LTE and LTE advanced, combined with cloud services becoming more economically viable plus more sophisticated encryption for communications (vital to prevent hacking) have overcome the original disadvantages of cloud models.

The unquestionable advantages and improvements grow apace: the speed and simplicity to install any kind of hard or software in vehicles (without the need for individual and physical presence); scalability to remotely provide upgrades; security and reliability with automatic backup protecting data; and full, uninterrupted interaction between vehicles and the central node through 3G/LTE technology.

Moving on from this, we have analyzed some of the most relevant tools and applications already available in the cloud and, consequently, to the mobility sector:

1)      Captive portal solutions. Captive portals offer two fundamental features.

  • Authentication, which helps collect, identify and recognize the passengers that enter the system.
  • And the Big Data associated to data exploitation, which sets a new paradigm in personalized marketing (i.e. monetizable and targeted marketing).

Combining these two elements allows for publicity tools to be used to increase profitability and, through the classification of passenger profiles, boost social media.

All this can only be achieved through a communications platform that is fully compatible with captive portal solutions.

2)      Content filtering, to control user access to visible contents.

This includes the creation of blacklists (configurable by group or nature), geolocation access options (via web), temporary access policies, blocking of traffic from certain applications (streaming, social networks, messaging services, etc.), and extra configuration options for one click access, complemented with periodic reports on network traffic.

3)      Remote management & Monitoring. A management suite that remotely configures all devices should have two essential characteristics:

-          Zero-Touch Provisioning (ZPT), the generation of automatic device-to-device configurations (without manual intervention).  The savings in costs and time for the carrier (when deploying) is obvious and simplifies configuration tasks such as modifications or upgrades.

-          Real-time device inventory, to view the state of each device in the network: a key element for rapid response capability for any eventuality. 

-          Additionally, having a tracking tool that provides real-time information on routes taken by vehicles and coverage values at strategic points may prove advantageous. The information collected should include data consumption or instant bandwidth, the generation of ad hoc alarms and key information to identify problem areas on a route (such as bottlenecks, zones lacking coverage from a specific carrier, a geographical incident blocking signals, etc.).

The combined use of this set of tools is already a reality and will, in the near future, become standard in transport and mobility sectors. Thanks to its firm commitment to R&D and to strategic alliances within the mobility industry, Teldat is at the very crest of cloud technology, the sector’s new paradigm.

Internet of Things (IoT) Security

iotSince September, several cyber-attacks have targeted a series of entities present in the network (including DNS Internet service providers, numerous webs residing in Liberia and the personal page of an expert in online security).

They were all victims of distributed denial-of-service attacks (DDoS), where concentrated flows of traffic are sent every second from thousands of different addresses to flood victims’ networks. As these attacks are based on sheer size and force rather than specific vulnerable spots or software errors, they are difficult to overcome.

For an attack of this sort to be successful, a multitude of network connected elements are used to send a constant flow of requests. To control such an elevated number of devices, access is needed, either legitimately or otherwise.

Specifically, these attacks use a group of elements on a network infected by malware and controlled by a single person (or group) to launch a DDoS attack.This has promoted greater awareness of security and the vital role it plays as it was this very lack of security that left devices open to an attack in the first place.  

A malware, Mirai, was responsible for these outages. It primarily attacks computer systems based on Linux and turns them into remotely controlled bots for the attacker to use in any way he sees fit. Mirai’s greatest success has come from infecting IoT elements such as webcams, printers or video recorders and even routers. These devices are designed to be remotely accessed and often use unmodifiable default passwords, a security flaw that leaves them vulnerable to attack. Mirai used a well-known set of default usernames and passwords to try and access these devices through trial and error.

Once control is gained over a group of devices, DDoS attacks can be launched and target any element connected to Internet.

These events have highlighted a difficult problem to solve. Many IoT items are cheaply made and little or no attention is given to the security aspect. They do not receive customer support or updating services (and may not be able to update in the first place), so their default passwords are indefinite and, should new vulnerabilities come to light, impossible to fix.

In Teldat, our devices operate on a higher layer than IoT devices and one of our main goals is to provide the best security possible at all times by being fully aware of present and future events and innovations in Internet security.

 

Styling IT products: Bringing added value through design

IT productsA carefully honed brand image is an inescapable premise for anyone who wants their product to standout in the market, particularly given the importance of design. The IT field is no exception to this. So how can we bring added value through styling?

Every brand is well-aware of how important it is to provide services and solutions for existing needs, reduce manufacturing costs, advertise products efficiently and be competitive in price for the item to be successful. This all must be added to a distinctive yet practical product, which is attractive, striking, effective, innovative, elegant, sophisticated, imaginative etc., depending on what each manufacturer considers necessary to achieve their marketing goals.

Often, a beautifully packaged image and an attractive design proves to be more effective, in terms of sales, than the product itself (whatever it was designed for).

Design, in IT products, matters

Telecommunication products are not exempt to this need. Devices for corporate communications (advanced connectivity, access and management of private and public networks, transmission of data/voice/video are currently on the table) are endowed with the most advanced hardware and software technology, whose design, development and manufacture greatly rely on (given the competition) the following:

  • Cost adjustment.
  • User-friendly assembly of components.
  • Simplicity in installation in the work place.

The vast resources devoted to addressing the technical requirements can prevent us from giving the necessary attention to product image and housing design. More often than not, this is reduced to a simple “problem” that needs to be resolved as successfully as possible.

Styling in IT Products

Bear in mind that these products are frequently housed in unobtrusive areas in a building, office or vehicle where they carry out their function: in a false ceiling or floor, installation rooms, anywhere in fact where they are out of the way.

This can easily lead us into the trap of thinking that product styling is less important than it really is.   

However, we must certainly consider the needs and destination of each product, giving them their due importance while making the effort to cultivate the product image and design and use the best manufacturing materials for each setting. This can only benefit the user and bring added value to any telecommunications device.

At Teldat, we know that design and function are fully compatible in telecommunications. We believe that taking care of the design is not a waste of time and resources, but helps make our devices better. By paying attention to our designs, we are able to bring added value to our IT products.

 

ALL IP by the short hairs – Part 2

all ipThe following example will probably clarify the issue we had last week regarding the alternative approaches to ALL IP solution. A system which is automatically provisioned with basic functions such as Internet access, registering SIP/VoIP accounts, and a setup for basic telephony should also provide Wi-Fi for guests and business partners.

Guests can use Wi-Fi by entering a preshared key. It is advisable to logically separate the network for guests from the internal network and probably apply a special set of security rules. Furthermore, it must be ensured that the whole bandwidth is not completely used up. Another solution could be to use a dedicated, separate Internet access for the guest network. In this context, issues such as VLAN, firewall rules and Wi-Fi management arise, thus, no trivial task to solve, but all necessary functions are usually available via a graphical user interface or similar configuration tools. Nevertheless, in the course of installing such scenarios, some conceptual considerations are necessary ensuring that no undesired side effects occur, such as faulty firewall configurations.

The aim is therefore that all necessary functions for the setup of various scenarios are available in such a manner that even users with less experience have the possibility to cope with this task. This leads to the aggregation, abstraction, and serialization of configuration steps towards a guided configuration. It is especially important that this kind of configuration is reentrant. This means that in any configuration step modifications can be made without destroying the whole configuration in order to have in any case an executable configuration.

Moreover, the strength and professionalism of a system is recognized besides the installation of functionalities by the creation of diagnostic information. ALL IP means in fact anything with IP, thus, all applications with their different properties and characteristics use IP. Consequently, in case of failures or unexpected system behavior, it is necessary to generate qualified data analysis. Optimally this should be done, in a generally processible format directly from the system and if it is possible, already filtered, which means not to monitor the whole network traffic but only that at a certain interface where the problem has been localized.

Anyhow, the reduced configuration complexity has its limits, due to the need of keeping the balance between configuration’s simplicity and preserving the context. In other words, a simplified configuration which only turns a firewall on and off and thus applies a hardly comprehensible set of rules is highly questionable. IT security cannot be achieved at the touch of a button. The other extreme is a sheer endless chain of configuration steps which try to cover all possible (or even impossible) and de facto hardly relevant applications. Thereby, as many case distinctions as possible are taken into account.

However, in any case, additional consulting and service is mandatory for special developments, adjustments or even more complex scenarios. Network infrastructures using wired and wireless technologies have to meet the dynamic requirements of its users. They need a thorough care and a high competence during the phase of conception and design.

Teldat as a qualified manufacturer for SMEs, large corporations, integrators and carriers provides user-friendly as well as advanced IT and telecommunication solutions.