BLOG
Building Web3-ready Smart Cities:
Sustainable, Secure and Reliable
Sustainable, Secure and Reliable
regio iT and Staex paving the way into the future
Published: 29.03.2023
On the surface smart city solutions seem to be simple dashboards with tables and graphs, however, behind these visual engagement of information lies a complex communication infrastructure that makes implementing smart cities so challenging.
The infrastructure often consists of sensors, gateways, and servers located in different physical networks and managed by external third-parties entities with their own networks. All these systems have to be connected reliably and securely. This allows the connected machines to communicate with one another collecting data and presenting it timely and accurately on a city's dashboard. Especially in our tumultuous times, this dynamic system has to run seamlessly and securely while most cities have limited operational costs.
Moreover, connecting multiple networks in a city with its countless vendors and suppliers make things more complicated than in the usual cloud environment. How to enforce communication encryption? How to manage application containers in several local area networks? How to maintain firewall and network configuration? How to manage trust between parties? These are only a few questions you have to answer to implement a smart city solution.
Most of the aforementioned problems stem from the fact that there is no global connectivity in IPv4 networks and IPv6 is still not widely used. It is easy to manage network configuration, application containers, and trust within a single local area network: state-of-the-art IT automation tools (e.g. Ansible) work as usual within such a network. The good old way of providing global connectivity is VPN, but VPN configuration might be complicated for the large number of local area networks. The modern solution to this problem is overlay peer-to-peer networks. Staex is such a network. Let's find out how Staex solves the aforementioned problems.
Some application container orchestrators and some industrial systems' protocols (e.g. ModBus) that are used by sensors and other appliances were designed under the assumption that the local network is secure. To make their usage secure over several local area networks that are bridged together using global network Staex encrypts every piece of data that is sent over the network and also includes only those devices in the network that have valid public key certificates. In addition to that, each device's public key is also the address of the device which makes it impossible to duplicate the device's address without duplicating its private key.
When it comes to application container management there are two ways of doing this in Staex. First, you may assign a unique IP address to each device in Staex network and use it instead of real IP addresses of the devices in whatever container management tool you use. Second, you can use a built-in service orchestrator and batch job scheduler to run applications on any device in the Staex network. This orchestrator doesn't offer all the features that Kubernetes has but it is good enough for running services and running one-shot commands and periodic batch jobs and also it is lightweight enough to run on resource-constrained single-board computers.
Finally, Staex manages the trust between multiple parties using certificates. For each device in the network any number of certificates can be specified as trusted. Usually there is one certificate for each party. Trusting the certificate means that a device can access services that run on the devices with this certificate.
Staex in collaboration with regio iT built a smart city solution in the city of Aachen, Germany. Staex provided global connectivity between several sites. The data was collected from multiple sources, stored in a centralized database, and then presented on a public dashboard of the city of Aachen. Technology stack that was used before Staex included a VPN for each site and Kubernetes for application container management. Deploying Staex allowed the city to discard hard-to-maintain VPNs and replace Kubernetes with a simpler alternative with no coordinator nodes and control plane. The net effect was the radical simplification of the infrastructure and reduction of the installation and maintenance cost by roughly 70% mainly due to a smaller number of DevOps engineers needed to install, configure, and maintain the system.
On the surface smart city solutions seem to be simple dashboards with tables and graphs, however, behind these visual engagement of information lies a complex communication infrastructure that makes implementing smart cities so challenging.
The infrastructure often consists of sensors, gateways, and servers located in different physical networks and managed by external third-parties entities with their own networks. All these systems have to be connected reliably and securely. This allows the connected machines to communicate with one another collecting data and presenting it timely and accurately on a city's dashboard. Especially in our tumultuous times, this dynamic system has to run seamlessly and securely while most cities have limited operational costs.
Moreover, connecting multiple networks in a city with its countless vendors and suppliers make things more complicated than in the usual cloud environment. How to enforce communication encryption? How to manage application containers in several local area networks? How to maintain firewall and network configuration? How to manage trust between parties? These are only a few questions you have to answer to implement a smart city solution.
Most of the aforementioned problems stem from the fact that there is no global connectivity in IPv4 networks and IPv6 is still not widely used. It is easy to manage network configuration, application containers, and trust within a single local area network: state-of-the-art IT automation tools (e.g. Ansible) work as usual within such a network. The good old way of providing global connectivity is VPN, but VPN configuration might be complicated for the large number of local area networks. The modern solution to this problem is overlay peer-to-peer networks. Staex is such a network. Let's find out how Staex solves the aforementioned problems.
Some application container orchestrators and some industrial systems' protocols (e.g. ModBus) that are used by sensors and other appliances were designed under the assumption that the local network is secure. To make their usage secure over several local area networks that are bridged together using global network Staex encrypts every piece of data that is sent over the network and also includes only those devices in the network that have valid public key certificates. In addition to that, each device's public key is also the address of the device which makes it impossible to duplicate the device's address without duplicating its private key.
When it comes to application container management there are two ways of doing this in Staex. First, you may assign a unique IP address to each device in Staex network and use it instead of real IP addresses of the devices in whatever container management tool you use. Second, you can use a built-in service orchestrator and batch job scheduler to run applications on any device in the Staex network. This orchestrator doesn't offer all the features that Kubernetes has but it is good enough for running services and running one-shot commands and periodic batch jobs and also it is lightweight enough to run on resource-constrained single-board computers.
Finally, Staex manages the trust between multiple parties using certificates. For each device in the network any number of certificates can be specified as trusted. Usually there is one certificate for each party. Trusting the certificate means that a device can access services that run on the devices with this certificate.
Staex in collaboration with regio iT built a smart city solution in the city of Aachen, Germany. Staex provided global connectivity between several sites. The data was collected from multiple sources, stored in a centralized database, and then presented on a public dashboard of the city of Aachen. Technology stack that was used before Staex included a VPN for each site and Kubernetes for application container management. Deploying Staex allowed the city to discard hard-to-maintain VPNs and replace Kubernetes with a simpler alternative with no coordinator nodes and control plane. The net effect was the radical simplification of the infrastructure and reduction of the installation and maintenance cost by roughly 70% mainly due to a smaller number of DevOps engineers needed to install, configure, and maintain the system.
Staex proved to be a more reliable and safer solution that reduces the cost of maintaining complex communication infrastructure. Staex main use case is bridging several different local area networks to form a flat network which is ideal for IT automation tools and other infrastructure services.
Besides that Staex offers the following features:
Besides that Staex offers the following features:
- Remote service management. With Staex's decentralized provisioning agent staexD, organizations can cross-manage service installations within other consortium partners with one single responsible party, if required.
- Complex firewall and network configurations. Staex decentralized networking agent staexMCC results in less bureaucracy, risk and complexity, and simplifies connectivity to services, no matter if they are behind NAT or firewalls.
- Mutual admin access. With Staex's decentralized provisioning agent staexD, consortial partners can cross-manage installations within other organizations with no need to build up and train additional human resources.
- Multi-organisational deployments, updates, monitoring & etc. With Staex's decentralized provisioning agent staexD, share your service infrastructure with other partners in your consortia securely through synchronous state updates.
- Complex management of infrastructure responsibilities. With the Staex system, you can enjoy clear responsibility administration on the Staex infrastructure level.
Staex use cases are not limited to smart cities. Staex is also lowering operational risks in hybrid vendor environments for large enterprises. Such enterprises often use multiple clouds to run their services and prevent vendor lock-in. The usage of multiple clouds complexifies the management and maintenance of the system: servers are located in multiple networks that are not fully connected to each other, application container management needs to be done for multiple networks etc. With Staex it is possible to unite all the networks from multiple clouds into a single one and manage it using regular IT automation tools. This would be the topic of one of the future blog posts.
If you want to use Staex for your specific use case, please, contact us or subscribe for a free trial. If you want to be the first to know the latest news from us, please, subscribe to the blog at the bottom of this page.
If you want to use Staex for your specific use case, please, contact us or subscribe for a free trial. If you want to be the first to know the latest news from us, please, subscribe to the blog at the bottom of this page.
Press contact for regio iT gesellschaft für informationstechnologie mbh:
Mirja Niewerth-Halis
Lombardenstraße 24, 52070 Aachen
tel +49 (0)241 413 59 9698
mirja.niewerth-halis@regioit.de
Press contact for Staex GmbH:
Paksy Plackis-Cheng, CSO
c/o Unicorn
Am Neuen Markt 9 e-f
14467 Potsdam
paksy@staex.io
Mirja Niewerth-Halis
Lombardenstraße 24, 52070 Aachen
tel +49 (0)241 413 59 9698
mirja.niewerth-halis@regioit.de
Press contact for Staex GmbH:
Paksy Plackis-Cheng, CSO
c/o Unicorn
Am Neuen Markt 9 e-f
14467 Potsdam
paksy@staex.io
Interested to know more about Staex?
Get notified about our releases
Enter your email to stay up-to-date about Staex developments.
