[Case Study] IIOT: A secure remote access platform for IoT devices
Director of Marketing
Table of Contents
- Building IIOT
- Why did High Peak see the need to create IIOT?
- IIOT: High Peak Software’s solution for remote access
- Technologies leveraged by IIOT
- Planning to build an impactful product and quickly take it to market? Let’s talk!
IIOT is High Peak Software’s advanced solution for remote access. The software helps you access, control, and monitor remote systems virtually anywhere in the world. It’s beneficial for working with any remote system, including IoT assets.
Most organizations use systems remotely, given the nature of their operations, but providing secure access has always been a concern. We built the software intending to help enterprises take back control of their remote systems. Considering that activities related to accessing and securing these systems lead to too many overhead costs, we’ve designed software to make the process smoother and more efficient.
IIOT consists of three user roles: Global admin, Site admin, and Technician. Based on the role, users are provided varying access levels to the remote systems—a much-needed utility. The privilege role-based access feature is an excellent addition for organizations that have to deal with too many stakeholders for one operation.
IIOT was built keeping a remote user in mind, which means that any industry that employs such devices for operational purposes would stand to benefit from it. Some of them include Oil and Gas, Manufacturing, Energy, Information Technology (IT), Smart cities & countries, etc.
Why did High Peak see the need to create IIOT?
In highly technical industries such as Oil & Gas, Manufacturing, Robotics, etc., it’s prevalent to use remote devices to monitor systems. The problem with that is that most of these plants are based in remote or distant areas, which means that the presence of an on-site technician is not mandatory. Even when remote devices are deployed, having an individual present to monitor its activities negates the very purpose of using a remote device in the first place.
If such devices need to be repaired or routinely maintained, technician teams will have to travel to where these devices are deployed and get the job done. Examples of such scenarios would be extreme weather changes, limited access to plants, hard to access areas (oceans, rural towns, etc.). With the help of remote access software, they can circumvent this issue by using it to address the problem at hand.
Another challenge is that there are a lot of costs involved in terms of travel, equipment, personnel labor costs, and more in such situations. By having the option to remotely access devices present in such locations, technicians and organizational stakeholders can assess the damage before mobilizing their repair and maintenance teams. It would save them time and effort in the assessment stage, which would help them spend more time fixing the problem.
The goal is to help operators access their remote devices in a secure, safe, and efficient manner—which is why we created IIOT.
Given the needs of the ideal user in mind, High Peak Software’s engineering team identified three key issues to resolve: Remote access to devices, Enabling real-time communication, and Maintaining security standards. Let’s dive into what that means for you.
Poor device accessibility
We know that access is an issue, but it could mean a lot more than that for field engineers. More often than not, they need to travel to relatively inaccessible places to repair the organization’s devices and network. Even when remote monitoring is enabled, they are unable to access specific parts of the network or cannot collaborate with other users—making it tedious to complete the job.
Real-time communication has always been a concern in this domain because of the lack of connectivity. When you’re monitoring devices, it’s crucial to have a continuous feedback process coupled with an open line of communication as it helps in dealing with issues as and when they happen. It leaves no room for downtime, but that’s not always the case.
Any system present on a virtual network is prone to vulnerabilities, and remote devices are no different. When it comes to accessing these devices, three issues need to be considered:
- Providing privileged based access
- Preventing security breach
- Preventing malware attacks
Only when these aspects are accounted for can the entire organization access their remote devices securely.
Now that we understand what challenges High Peak Software was looking to solve let’s dive into how we’ve done it.
IIOT: High Peak Software’s solution for remote access
IIOT makes it possible for organizations to consolidate all their remote devices and manage them on one dashboard. On this dashboard, the stakeholders within the organization can provide access and monitor usage and potential breaches whenever they need to.
The users can set up their systems and access relevant data while being able to assign time-sensitive roles for different projects on an as-needed basis. They can perform all these activities right from the comfort of their home or workplace without any hassles.
Below, we’ve detailed the core features of the IIOT platform and how it can benefit you.
Privilege role-based access
On the IIOT platform, there are three kinds of user roles:
- Global admin
- Site admin
Considering that not every user needs to have access to all the platform assets, these roles can be assigned depending on what they need for the job. For example, if a repair job is pending for an oil rig, the admin responsible for the maintenance team would be the ‘Global admin,’ the on-site manager would be the ‘Site admin,’ and the technician assigned for the maintenance job would be the ‘Technician.’
Global admin role
The Global admin has access to everything on the platform. They are responsible for setting up the organization because they are offered complete capabilities. They can add and remove users, provide and revoke access as needed and are also responsible for approving the storage/ delivery of any files deposited in the database. They are the user admin, asset admin, and configurations admin, too, and any issues arising concerning IIOT’s usage will have to be raised with them.
They can either create it on the platform or import a Microsoft Excel sheet with all the user information to add users. Once all the details are added, users receive their login link via email, and they’re good to go.
Site admin role
Site admin can also help create and onboard users but do not have the complete capabilities offered by the platform. They also have functionalities such as adding or importing assets, setting up specifics such as session duration, number of sessions, protocols, asset classifications, etc. and accepting or denying file upload and storage requests.
Technicians, on the other hand, have minimal capabilities. Only when they are permitted by Site or Global admin to access these devices can they do so. They can also upload and send files that need to be approved by the admins. They can only access one session at a time, and they need to specify how long they need to do it. All in all, admins can control access at a very minute level which ensures that unauthorized personnel can’t access the platform and linked devices.
When it comes to asset management, any assets that need to be logged onto the platform will fall under two categories: Asset classes and Asset groups. Asset classes are based on the vendor or device, whereas Asset groups are based on where these devices are located. For example, if your organization has two branches—Branch X and Branch Y—these form a part of asset groups. But, if your organization is using two devices—Device A and Device B—they form a part of asset classes.
The assets are classified to ensure that users receive access to a particular set of assets only, thereby enabling control over them. Depending on how the assets intersect, access is provided to Site admins or Technicians.
Repository: Storage & archives
Devices can only be linked once they can be detected by the platform, which is why having a file database is useful. For example, suppose the Technician is trying to fix an internal issue in a remote device. They can send the necessary files through IIOT, which can then be downloaded for various purposes.
Uploaded files need to be malware-free, so the platform scans them for viruses before uploading them. Once it’s uploaded, the admins can accept or deny its storage on the software—maintaining the integrity of the database. If accepted, it enters the public repository and can be viewed by those who access these files. These files can be sent during the session or uploaded before it.
The platform also gives users the option to store, access, and archive the files—like any other database. If a particular folder exceeds the storage limit, automation can be set up to archive them when they do.
At any given point in time, the admins can monitor how many users are active on the platform, which users have access to specific assets, and how many sessions are ongoing. It gives them complete control of how the devices are accessed, and in the case of any breach, they can immediately identify them—kill those sessions—and revoke access.
This feature is handy for organizations where it’s common to have multiple stakeholders on the platform, including third-party vendors. Using privileged role-based access, they can protect assets while enabling technicians to do their job with what they need.
Also, the platform allows integrations as well. If the user has logged in previously and the admins want to create a role for them, their details are pulled automatically. At any given point in time, admins can also generate reports based on usage, role, and audit logs, which help continuously monitor all the assets and users.
A huge part of enabling secure remote access is that every potential vulnerability has to be accounted for—which is what IIOT does. For example, when new users are uploaded or created on the platform, they are sent a link via email to log in (single sign-on) securely. After that, they can create passwords for their accounts, but the major distinction is that the Global admin can control the types of passwords created. It means that they can specify how many numbers, letters, or other characters are required to create one. Also, if the user wants the option for SSO authentication every time they log in, they can enable that too, increasing security.
Users can also participate in real-time chats with other users, which helps keep the line of communication open. They can not only chat but transfer necessary files relevant to the purpose of the task and raise alarms if they run into any problem or any suspicious activity is noticed. When alarms are raised, they are directly sent to the admins, who manually review the issue and rectify it. All these actions are recorded with timestamps on the audit logs—ready to be accessed anytime.
Technologies leveraged by IIOT
- Backend: Java, Spring Boot, Hibernate, Mysql, Guacamole server, Clam AV, Redis, Elastic Search
- Frontend: React, Redux, Redux Sagas, React Router, Graylog, Cloudwatch
- DevOps: Docker, Docker Swarm, Kubernetes, Prometheus, Grafana, Nginx, Jenkins, Ec2, S3, ELB, EFS, RDS