This guide describes three ways to access your Hologram cellular IoT devices across the cellular internet firewall using a private APN, Hologram’s Spacebridge, and Hologram’s Cloud-to-Device Messaging.
Imagine you are a global micro-mobility company whose bicycles send GPS location data to your server — the setup was straightforward: enter the ‘hologram’ APN for cellular IoT internet access, configure your application server and security credentials, and start logging location to your server. But how can you access your devices inbound from your server to request location information or unlock a bike when each device IP is behind a cellular network firewall?
By default in cellular IoT applications, each Hologram IoT SIM is assigned a private, static IP as publicly addressable IPs open your fleet to attack from unauthorized network traffic. Traditionally, setting up a private APNs with direct VPN access to your organization’s network would enable this but requires upfront cost, additional infrastructure to support, and coordination with each individual network carrier.
At Hologram, we’ve built out software-defined networking infrastructure in our connectivity platform that makes securely accessing your IoT devices as easy to do as any API integration:
- Spacebridge to establish on-demand, secure remote tunnels to deployed devices.
- A cloud messaging system to send asynchronous, real-time, and small data transfers to IoT devices.
- Custom private APNs to support devices and applications built on legacy cellular IoT networking architectures.
Below, we’ll detail how each of these features work, how a developer or product manager might choose between them, and trade-offs of each.
Spacebridge is an on-demand, secure remote tunneling service that can be enabled on any Hologram SIM. This service allows users to securely tunnel to a port on their Hologram device to send and receive data. In addition, tunnels can also be opened using standard SSH protocol for command-line or programmatic access.
Typical use cases are:
- A digital signage company periodically sends a remote update for new advertising content to appear on their in-store displays.
- A firmware engineer developing an IoT application deploys firmware or code updates over-the-air to add new features, fix bugs, and keep devices secure.
Hologram Cloud Messaging
Hologram Cloud Messaging service allows small messages to be sent from application servers directly to an IoT device via the Hologram REST API. Additionally, Hologram supports sending these messages directly from the Hologram dashboard, which can be useful for prototyping or individual device troubleshooting. Messages can be sent using TCP or UDP depending on how your device is configured, and similar to Spacebridge messages are fully secure.
Typical use cases for Hologram cloud messaging are:
- A micro-mobility company sends a real-time ‘unlock’ message to a bicycle when a customer is ready to ride.
- A GPS tracking company is troubleshooting a GPS tracker that missed its last check-in and sends a ping to the device.
Hologram Cloud Messaging can be configured using API or webhook to your devices.
Like legacy carriers, Hologram also offers custom, private APN setups. With a private APN, an organization’s network has direct inbound access to a device’s static IP address for communication without the need for a device-initiated protocol, such as MQTT. Private APN customers can also assign and manage devices’ static IP addresses that can be used for direct inbound access and device network activity monitoring.
Private APNs can support all inbound data use cases, however they’re often slower to setup and more complex to manage because they require the expertise and operational controls to manage network routing and security policy.
The best way to get started on Hologram with a private APN is to contact a Hologram IoT expert.
Hologram has built self-service tools to give IoT developers inbound data access to devices. Spacebridge and Hologram Cloud Messaging offer additional security, flexibility, and reliability over traditional industry methods of inbound device access. Additionally Hologram supports private APNs for teams who prefer fine-grained control of their entire device fleet.