Reinventing Private APN for IoT

By: Jonas Bjorklund

In our previous article, Hyperscaling IoT Services, we argued why mobile operators should take a hyperscaler approach to enable the agility and global reach needed to provide cellular IoT connectivity services to demanding enterprise customers. We suggested that mobile operators leave their core network untouched and use services built upon hyperscalers such as Amazon Web Services (AWS) to extend their IoT connectivity offering. Here they can add a programmable and flexible layer of policy control, IoT security, and automation on top of their mobile infrastructure.

The good news is that vendors already offer this type of value-added functionality as an OPEX-based IoT connectivity control service (IoT CCS).

Mobile operators offer private access point names (APNs) to their IoT enterprise customers, with the traffic terminated in an enterprise virtual private network (VPN). An enterprise VPN is a connection that is always on and where all traffic from all IoT devices flows, enabling devices to reach back-end applications and vice versa securely.

Figure 1: IoT connectivity control services
click to enlarge

With an IoT CCS service, mobile operators can reinvent the concept of a private APN, which has previously been the only (costly) option for enterprises in need of added security and a virtual private network to reach their devices. Now mobile operators can take things one step further by providing a multi-tenant private APN. Private, because an enterprise VPN is used between the IoT CCS service and the enterprise network. Multi-tenant because mobile operators only have to extend one APN to their instance of the IoT CCS service to serve all of their customers with a secure virtual network.

Benefits for both mobile operators and IoT customers

An IoT CCS service allows mobile operators to scale by automating frequent processes. For instance, they can use customer self-service with automatic setup, enabling customers to create the VPNs themselves in minutes compared with the weeks, or even months, it can take to do this manually.

Using only one joint APN is also beneficial for mobile operator customers. If the customer needs to change the APN, the IoT device logic may need updating. Updating thousands of devices is not a straightforward operation, especially if they are in remote locations. The IoT CCS service reduces the need for these critical updates because the one APN can point to multiple VPN connections.

Furthermore, what enterprise customers want for their IoT devices is connectivity that provides the same amount of control and security as if they live on their own corporate local area network (LAN). The only problem is that with traditional cellular IoT, devices live on the mobile network. Most customers also require the connectivity to be extended globally. Therefore, a private APN with one mobile operator is simply not


Latest Updates

Subscribe to our YouTube Channel