Provisioning in IoT can be a tough job if the managing platform doesn’t provide the tools needed to do the job for two main players: manufacturer and platform users, specially organization managers and administrators.
Manufactures have to be able to present their devices provisioning as a plug and play solution so that their clients don’t suffer creation and configuration on device per device base of a considerable number of devices.
On the other hand, platform users like manager and administrators should be able to handle thousands or millions of devices creation, connection authentication, authorization and data telemetry collection in an automatic way.
Cervello makes it easy for manufacturers and for platform manager and administrators to get their devices onboard by providing all the tools needed in a highly secured manner.
Cervello gives to an organization administrator or manager the power to create and manage multiple VPN network to secure the connection and the communication of his/her device(s) and automate provision of VPN configuration using devices unique identifiers provided by the manufacturer. These unique identifiers can be IMEI, MAC address, Serial Numbers or any other identifier considered unique by the devices manufacturers. As soon as the VPN is ready and the device(s) assigned to it Cervello will user user defined command to send an update request to the device, the system will be responsable of the rest of getting these devices on board by providing automatically VPN client configuration.
On the other side, Cervello provide manufacturers with the tools to generate plug and play provisioning option to their clients. A manufacturer can use Cervello Manufacturer Portal user interface to generate a security X.509 standard certificate to attach it to a number of devices/sensors. Once a device with a valid certificate establishes a connection to Cervello, the platform will authenticate the manufacturer and handle all required action to add the device to its organization, as well as to receive the device telemetry.
An organization manager is a Cervello user with privilege to administer an organization.
In Cervello an organization is a tenant that represents an instance of the whole platform functionalities. These functionalities can be devices assignment to different applications and dashboards. To know more about organizations please see Cervello User Guide.
As mentioned before, device VPN provisioning is designed to allow large number of devices connected to an organization to download VPN client certificate.
Navigate to Network manager.
Next, Create new VPN.
Next, fill VPN main detail form.
Next, in order to add groups and clients to VPN network navigate to one of organization’s VPN(s)
VPN Group is a collection of devices that share the same update command that will be sent to devices to force update device VPN client certificate.
Add and remove clients can be done easily by selecting and moving devices across source and target.
VPN Client is device or user that will access a VPN network, clients can only be created within VPN Group page.
First, when creating a user client organization admin must provide user email from existing organization users in the search email field (support autocomplete).
Second, when creating a device client organization must provide existing device in the search field (support autocomplete)
VPN Group clients can be managed from Clients page or VPN Group page to preform the following actions:
Now everything is ready to make HTTPS POST request to Cervello to provision device vpn using “Cervello Certificate Access key” as URI param and encryption result from pervious step as a request JSON body.
Cervello will verify the encrypted token using the manufacturer Cervello certificate public key generated in the previous steps. Once this is done, Cervello will create the device in the owner organization devices repository if the device unique identifier exists.