Fleet management
Fleet management overview
One of IoT platforms main goal is to gather data coming from devices on the field and turn it into valuable insights. If this technical challenge can look quite moderate at first, when only a handful of devices are monitored, real challenges arise as soon as both the fleet and the number of people in the organization are getting bigger. Let’s browse which are these difficulties and several ways to tackle them.
The main challenges of fleet management
Provisioning
To connect to cloud services, devices must be recognized by the system, requiring an early-designed provisioning strategy involving multiple stakeholders:
- Security experts select protocols based on hardware and data requirements.
- Hardware engineers ensure secure key storage and hashing capabilities.
- Manufacturing teams manage certificate request access.
- Back-end engineers set up load balancers and data brokers to recognize device certificates; devices may switch to regional endpoints for optimal latency.
Fleet organization
Passing a few dozens devices, serious questions about how to organize them in manageable buckets must be answered. To help isolate each members of a fleet into subsets, a few criteria come to mind.
- If a strong need of partitioning is dictated by business constraints, where each end-customer require confidentiality of its data, separation of devices into tenants is the way to go.
- Then, inside a single hermetic tenant, the way devices are sorted can follow various school of thoughts. Folders are a well-known way to structure a hierarchy, imitating the tree on a filesystem so it’s familiar for most users. Each directory level clearly indicates a parent-child relationship.
Nested dashboards
Each hierarchical depth of the fleet organization can be associated with a dedicated dashboard which offers the right level of information.
For the full fleet view, broad tendencies about the overall health of devices can help administrator to predict global behaviors and trends. Common metrics can be the number of currently connected devices, how much transfer data has been consumed, their geolocation on a world planisphere…
For the full fleet view, broad tendencies about the overall health of devices can help administrator to predict global behaviors and trends. Common metrics can be the number of currently connected devices, how much transfer data has been consumed, their geolocation on a world planisphere…
Mass actions
Managing devices on a wide scale is critical when the fleet is thousands of devices strong. By combining meaningful dashboards and the right level of authorization for people using them, bulk operations can be tailored.
- The first step is usually to target part of the fleet on which on intervention should be performed. This can reuse the natural hierarchical organizations we described (i.e. “all devices deployed in Europe”) or gather devices dynamically (i.e “all devices not yet updated to latest version”).
- These groups can answer several business constraints, such as maybe a country legislation changed and devices of a specific geographic area needs to be updated or maybe we want to target the ones that are still on an old versions with known vulnerabilities.
Access control
In order for the device-management back-office applications to provide this granularity of views, a robust access control strategy has to be integrated. After the initial authentication steps granting access to the platform, usually through some kind of corporate Single-Sign-On scheme, more fine-grained decisions are needed to affect responsibilities to various people. Here the modeling of the solution follow methods found in a lot of management systems.
- Access Control List (ACL), can be effective on small fleet, when one-to-one association between a custom and its unique device make sense. In a sense the notion of ownership is key here.
- For more involved scenarii, Role-Based Access Control (RBAC) let the designers of the system affect granular permissions on various group of people. Often, roles and user groups form a tree themselves, with inherited capabilities flowing through the leaves. It may or may not reflect the hierarchical way the devices are themselves organized.
- Finally, for even more specific needs, Attributes-Based Access Control (ABAC) can help handling temporary affectation between a user and a sub-fleet depending of the context, like device metadata. For example, a global admin would like to assign limited access to a few devices to operators on the field during a few hours where they need to perform a maintenance task.
SUCCESS STORY
Managing Velan's IoT valves
Our connectivity and app developments enabled up-to-date, accurate telemetry, for Velan’s connected IoT valves. Indeed, Velan selected Witekio to provide:
- System architecture consulting to lay out a detailed roadmap for the project.
- A custom-built, IoT platform to migrate data from the sensors to a data lake.
- Security advice for data transfers, cloud connectivity and more.
Witekio can support the management of your fleet
Our IoT and cloud experts can help you gather data coming from your IoT devices on the field and turn it into valuable insights for your business.