The Challenges with
Global IoT and eSIM Localization
Enterprises are increasingly global in operation. They need a centralized solution from a single IoT Communications Service Provider (IoT CSP) that solves their connectivity needs with one bill regardless of location.
According to the analyst Transforma Insights, at least 70 percent of cellular connections remain active in just one country for the device’s lifetime. In many countries, permanent roaming for these devices will not be possible. Global IoT connectivity with permanent roaming will create issues in complying with regulations or commercial agreements with partner MNOs.
Therefore, IoT CSPs with international ambitions must be able to localize eSIMs to MNO partners in selected countries. The use of eSIMs is also essential for many enterprises. Just think about the enormous logistical savings for an IoT customer that can use the same eSIM for all IoT devices they distribute globally.
But, the devil is always in the details. When the IoT CSP has localized a device for a customer, the control is generally lost to the local mobile operator. The enterprise customer can no longer achieve a truly unified global connectivity. They will no longer be able to keep a specific IP address or apply their security policies uniformly across all international cellular networks.
The remedy
eSIM Localization and Enea IoT CCS
Localization of eSIM / eUICC
So, if localization of eSIMs is the answer to permanent roaming restrictions for global IoT connectivity, how does it work in practice?
The mobile industry has developed the Embedded Universal Integrated Circuit Card (eUICC). The eUICC performs the same function as a traditional SIM card. What’s new with the eUICC is that it is embedded in the device from the factory and that operators can change the SIM profile over the air (OTA). Mobile operators can then elegantly solve the issue with permanent roaming by instantly localizing the device to be a native device in the partner MNOs network.
With a sufficient network of partners, mobile operators can offer customers truly global IoT connectivity without roaming and compliance issues.
We should also note that people often use the terms embedded SIM (eSIM) and eUICC as synonyms. However, there’s a difference between the two. The eSIM is the hardware component that is integrated into the device. The eUICC software component allows over-the-air provisioning of multiple network profiles, a prerequisite for localization.
Enea IoT Connectivity Control Service (IoT CCS)
Localization of eSIMs using a Connectivity Management Platform (CMP) and OTA capabilities is only half of the solution for a compliant and unified global IoT connectivity.
The other half is to add a hyperscale layer of IoT connectivity control, such as Enea IoT Connectivity Control Service (IoT CCS), that is overarching both the IoT CSP’s network and their international partner MNO networks.
The Enea IoT CCS offers a layer of connectivity control and security delivered as a service on AWS (dedicated IoT CCS instance per IoT CSP). The IoT CSP can connect their network, partner networks, and connectivity hubs to provide a unified global IoT connectivity service. The service will be inherently unified as IoT CCS performs the same policy-based IP allocation, applies the same security policies, and secures the traffic through the same Enterprise VPNs and next-generation firewalls, irrespectively, from where the traffic comes. It does not matter if the traffic comes from,e.g., a partner cellular network in Japan or from the IoT CSPs own home network.
You are welcom to contact us if you want to discuss how Enea IoT CCS can help you.
The importance of
Compliance With Rules and Regulations
Compliance is another good reason enterprises should rely on only one service provider for all their global connectivity needs. The cost of acquiring and maintaining contracts with service providers in different countries is significant. Add to this the need to stay updated and comply with local rules and regulations. So, let’s drill into the value an IoT CSP can bring when it comes to compliance.
Prohibition on permanent roaming
As discussed, during the last decade, mobile operators have struggled to offer global IoT connectivity based on permanent roaming. Regulators in countries such as Brazil, China, India, and Turkey prohibit devices managed by overseas operators from roaming permanently. Some prohibit permanent roaming directly, while others indirectly based on local registration requirements or tax obligations.
We have also seen commercial-driven equivalents, e.g., in the US and Canada, where the operators themselves prohibit their roaming partners from permanent roaming.
Compliance with these rules and regulations can be an effective show-stopper for global IoT connectivity based on permanent roaming. In the worst-case scenario, it can mean that customers lose connectivity because someone has blocked their devices. And, if new regulations comes in place, customers may need to switch SIM cards in all devices already deployed.
Data protection regulations
It is not only permanent roaming rules that have become stricter. Regulations about data protection, how personal data is used, and where it is stored are now in place in most developed countries. One example is the European General Data Protection Regulation (GDPR), which prevents personal data from being stored overseas. This is another reason for us to use hyperscalers such as AWS for IoT CCS. Compliance with data protection rules will mandate a new IT architecture where storing data in a certain region or country is possible.
Have Your Cake and Eat It
IoT Without Risk of Roaming Restrictions
Jonas Lagerquist, Enea’s Director Product Management for IoT CCS, have writtten a blog post on the important subject of avoiding roaming restrictions.
Providing customers with a
Secure Global IoT SD-WAN
What enterprise customers want for their IoT devices is connectivity that provides the same amount of control and security as if they live on their corporate local area network (LAN). The only problem is that for cellular IoT, the devices live on the mobile network, and most customers also require this network to be extended globally. Enterprise customers may also want to add partner companies to their network.
So, the IoT CSP must be able to deliver a secure and global software-defined wide area network (SD-WAN) for IoT to each customer rather than a Private APN. The delivery must also be under one contract and with one customer support to turn to.
This global IoT connectivity service must be unified across country borders, and one enterprise VPN may not be sufficient. Many customers need to split the IoT traffic from a device into different Enterprise VPN connections.
The service delivery and control must also be the same, whether through roaming or localization of eSIMs. Again, when a mobile operator localizes a device, they lose control of the device to the local operator. So, it will be impossible for an IoT CSP to offer such a global IoT SD-WAN, with a unified connectivity service, through a standard mobile core.
Fulfilling the vision of a Unified Global IoT Connectivity
Mobile operators offer Private APNs to their IoT enterprise customers, with the traffic terminated in an Enterprise VPN. This is not to be confused with client VPN. An Enterprise VPN is a connection toward the enterprise network that is always on. A client VPN could well run through the enterprise VPN as well as out to a destination on the Internet. With Enea IoT CCS, IoT CSPs can take things one step further by providing a Multitenancy Private APN. Private, because we use Enterprise VPN between us and the enterprise network. Multitenancy, because mobile operators only have to extend one APN to IoT CCS to serve all their customers with a Private APN-like connection. The setup of the Enterprise VPNs are also automated from the IoT CSP’s perspective through customer self-management portals.
Creating a global IoT SD-WAN
IoT CSPs’ traditional Private APN offerings terminate through only one Enterprise VPN connection. With IoT CCS, mobile operators can do away with this limitation. IoT enterprise customers can create as many VPN connections as they need. These VPN connections can also include trusted partner networks. For instance, an automotive manufacturer may want to send data to a manufacturer of batteries, suspensions, etc. The mobile operator’s IoT customer gets a software-defined wide area network (SD-WAN) rather than a Private APN.
IoT devices that are roaming through partner networks or localized are, of course, also included in this SD-WAN. To provide global connectivity with local subscriptions, mobile operators can add international MNO partners or the global connectivity hub functionality offered by, e.g., IoT Accelerator, to their instance of the IoT CCS service. As discussed, thanks to the policy-based IP assignment and central security and policy control, IoT CSPs can deliver a unified IoT service across all these international cellular networks.
Achieving
Policy-Based Local Data Breakout
One benefit of using hyperscalers such as AWS is that the IoT connectivity control and breakout can be located wherever the public cloud is available, which in practice means in any region or large country.
This will enable policy-based local breakout for localized devices. Selected IoT traffic, such as firmware upgrades or sensitive analytics, will go through Enterprise VPN tunnels while the rest of the traffic will go the closest route to the internet protected by firewalls.
The Enea IoT CCS can be deployed to create a unique and unified global IoT connectivity service with policy-based local break-out. This is something that IoT CSPs cannot make in any other traditional way.