On the surface smart city solutions seem to be simple dashboards with tables and graphs, however, behind these visual engagement of information lies a complex communication infrastructure that makes implementing smart cities so challenging.
The infrastructure often consists of sensors, gateways, and servers located in different physical networks and managed by external third-parties entities with their own networks. All these systems have to be connected reliably and securely. This allows the connected machines to communicate with one another collecting data and presenting it timely and accurately on a city's dashboard. Especially in our tumultuous times, this dynamic system has to run seamlessly and securely while most cities have limited operational costs.
Moreover, connecting multiple networks in a city with its countless vendors and suppliers make things more complicated than in the usual cloud environment. How to enforce communication encryption? How to manage application containers in several local area networks? How to maintain firewall and network configuration? How to manage trust between parties? These are only a few questions you have to answer to implement a smart city solution.
Most of the aforementioned problems stem from the fact that there is no global connectivity in IPv4 networks and IPv6 is still not widely used. It is easy to manage network configuration, application containers, and trust within a single local area network: state-of-the-art IT automation tools (e.g. Ansible) work as usual within such a network. The good old way of providing global connectivity is VPN, but VPN configuration might be complicated for the large number of local area networks. The modern solution to this problem is overlay peer-to-peer networks. Staex is such a network. Let's find out how Staex solves the aforementioned problems.
Some application container orchestrators and some industrial systems' protocols (e.g. ModBus) that are used by sensors and other appliances were designed under the assumption that the local network is secure. To make their usage secure over several local area networks that are bridged together using global network Staex encrypts every piece of data that is sent over the network and also includes only those devices in the network that have valid public key certificates. In addition to that, each device's public key is also the address of the device which makes it impossible to duplicate the device's address without duplicating its private key.
When it comes to application container management there are two ways of doing this in Staex. First, you may assign a unique IP address to each device
in Staex network and use it instead of real IP addresses of the devices in whatever container management tool you use. Second, you can use a built-in service orchestrator and batch job scheduler to run applications on any device in the Staex network. This orchestrator doesn't offer all the features that Kubernetes has but it is good enough for running services and running one-shot commands and periodic batch jobs and also it is lightweight enough to run on resource-constrained single-board computers.
Finally, Staex manages the trust between multiple parties using certificates. For each device in the network any number of certificates can be specified as trusted. Usually there is one certificate for each party. Trusting the certificate means that a device can access services that run on the devices with this certificate.
Staex in collaboration with regio iT built a smart city solution in the city of Aachen, Germany. Staex provided global connectivity between several sites. The data was collected from multiple sources, stored in a centralized database, and then presented on a public dashboard of the city of Aachen
. Technology stack that was used before Staex included a VPN for each site and Kubernetes for application container management. Deploying Staex allowed the city to discard hard-to-maintain VPNs and replace Kubernetes with a simpler alternative with no coordinator nodes and control plane. The net effect was the radical simplification of the infrastructure and reduction of the installation and maintenance cost by roughly 70% mainly due to a smaller number of DevOps engineers needed to install, configure, and maintain the system.