Building web3-ready smart cities: Sustainable, secure and reliable
2023-03-29
regio iT and Staex paving the way into the future of smart cities.
On the surface smart city solutions seem to be simple dashboards with tables and graphs, however, behind these visual engagement of information lies a complex communication infrastructure that makes implementing smart cities so challenging.
The infrastructure often consists of sensors, gateways, and servers located in different physical networks and managed by external third-parties entities with their own networks. All these systems have to be connected reliably and securely. This allows the connected machines to communicate with one another collecting data and presenting it timely and accurately on a city's dashboard. Especially in our tumultuous times, this dynamic system has to run seamlessly and securely while most cities have limited operational costs.
Moreover, connecting multiple networks in a city with its countless vendors and suppliers make things more complicated than in the usual cloud environment. How to enforce communication encryption? How to manage application containers in several local area networks? How to maintain firewall and network configuration? How to manage trust between parties? These are only a few questions you have to answer to implement a smart city solution.
Most of the aforementioned problems stem from the fact that there is no global connectivity in IPv4 networks and IPv6 is still not widely used. It is easy to manage network configuration, application containers, and trust within a single local area network: state-of-the-art IT automation tools (e.g. Ansible) work as usual within such a network. The good old way of providing global connectivity is VPN, but VPN configuration might be complicated for the large number of local area networks. The modern solution to this problem is overlay peer-to-peer networks. Staex is such a network. Let's find out how Staex solves the aforementioned problems.
Some application container orchestrators and some industrial systems' protocols (e.g. ModBus) that are used by sensors and other appliances were designed under the assumption that the local network is secure. To make their usage secure over several local area networks that are bridged together using global network Staex encrypts every piece of data that is sent over the network and also includes only those devices in the network that have valid public key certificates. In addition to that, each device's public key is also the address of the device which makes it impossible to duplicate the device's address without duplicating its private key.
When it comes to application container management there are two ways of doing this in Staex. First, you may assign a unique IP address to each device in Staex network and use it instead of real IP addresses of the devices in whatever container management tool you use. Second, you can use a built-in service orchestrator and batch job scheduler to run applications on any device in the Staex network. This orchestrator does not offer all the features that Kubernetes has but it is good enough for running services and running one-shot commands and periodic batch jobs and also it is lightweight enough to run on resource-constrained single-board computers.
Finally, Staex manages the trust between multiple parties using certificates. For each device in the network any number of certificates can be specified as trusted. Usually there is one certificate for each party. Trusting the certificate means that a device can access services that run on the devices with this certificate.
Staex in collaboration with regio iT built a smart city solution in the city of Aachen, Germany. Staex provided global connectivity between several sites. The data was collected from multiple sources, stored in a centralized database, and then presented on a public dashboard of the city of Aachen. Technology stack that was used before Staex included a VPN for each site and Kubernetes for application container management. Deploying Staex allowed the city to discard hard-to-maintain VPNs and replace Kubernetes with a simpler alternative with no coordinator nodes and control plane. The net effect was the radical simplification of the infrastructure and reduction of the installation and maintenance cost by roughly 70% mainly due to a smaller number of DevOps engineers needed to install, configure, and maintain the system.
Staex proved to be a more reliable and safer solution that reduces the cost of maintaining complex communication infrastructure. Staex main use case is bridging several different local area networks to form a flat network which is ideal for IT automation tools and other infrastructure services.
Besides that Staex offers the following features.
- Remote service management. With Staex's decentralized provisioning agent staexD, organizations can cross-manage service installations within other consortium partners with one single responsible party, if required.
- Complex firewall and network configurations. Staex decentralized networking agent staexMCC results in less bureaucracy, risk and complexity, and simplifies connectivity to services, no matter if they are behind NAT or firewalls.
- Mutual admin access. With Staex's decentralized provisioning agent staexD, consortial partners can cross-manage installations within other organizations with no need to build up and train additional human resources.
- Multi-organizational deployments, updates, monitoring & etc. With Staex's decentralized provisioning agent staexD, share your service infrastructure with other partners in your consortia securely through synchronous state updates.
- Complex management of infrastructure responsibilities. With the Staex system, you can enjoy clear responsibility administration on the Staex infrastructure level.
Staex use cases are not limited to smart cities. Staex is also lowering operational risks in hybrid vendor environments for large enterprises. Such enterprises often use multiple clouds to run their services and prevent vendor lock-in. The usage of multiple clouds complexifies the management and maintenance of the system: servers are located in multiple networks that are not fully connected to each other, application container management needs to be done for multiple networks etc. With Staex it is possible to unite all the networks from multiple clouds into a single one and manage it using regular IT automation tools. This would be the topic of one of the future blog posts.
If you want to use Staex for your specific use case, please, contact us or subscribe for a free trial. If you want to be the first to know the latest news from us, please, subscribe to the blog at the bottom of this page.
Contact
- regio iT gesellschaft für informationstechnologie mbh
Mirja Niewerth-Halis
Lombardenstraße 24, 52070 Aachen
tel +49 (0)241 413 59 9698
@regioit.de - Staex GmbH
Paksy Plackis-Cheng, CSO
c/o Unicorn
Am Neuen Markt 9 e-f
14467 Potsdam
@staex.io
Staex is a secure public network for IoT devices that can not run a VPN such as smart meters, IP cameras, and EV chargers. Staex encrypts legacy protocols, reduces mobile data usage, and simplifies building networks with complex topologies through its unique multi-hop architecture. Staex is fully zero-trust meaning that no traffic is allowed unless specified by the device owner which makes it more secure than even some private networks. With this, Staex creates an additional separation layer to provide more security for IoT devices on the Internet, also protecting other Internet services from DDoS attacks that are usually executed on millions of IoT machines.
To stay up to date subscribe to our newsletter, follow us on LinkedIn and Twitter for updates and subscribe to our YouTube channel.
See also
Staex latest release features tunnels as the ultimate network isolation tool
2024-06-04
The tunnels force network traffic to go through them. Any network packets that try to bypass tunnels are dropped. If no tunnels are defined, no network traffic is allowed.
Geeny by Telefónica and Staex to build secure public network for remote machines and devices
2024-05-06
Geeny by Telefónica and Staex will provide building blocks for secure IoT connectivity in the field.
Public network for IoT devices
2024-02-23
Staex public network is a zero trust network that is the backbone for the today's’ demand of the Internet of Things. In this article we discuss why we are creating such a network and how it can be useful to anyone dealing with IoT devices.