Deployment Guide - IoT Gateway

The following document provides information on how an IT security company deployed Netify-enabled IoT gateways. Please keep in mind that there are other workflows and subscriptions options available, this is just an example.

To keep the focus on just deployment, we are going to skip over authentication and other API concepts described in the Netify Informatics API. Please take a quick look at the Getting Started Guide if you are not already familiar with it.

Scenario

TheBestSecurity is an IT company that specializes in security and access control of industrial devices. The company integrated Netify into their IoT Gateway product.

TheBestSecurity deployed new IoT Gateways for AcmeCo - a manufacturing company with 20 global factories. Each facility had 3 to 5 IoT gateways to manage the different assembly zones. As part of the workflow, each of the Netify-enabled IoT gateways was enabled after installation and testing.

Concepts

  • Provisioning in the field
  • Multiple agents per site

Note: this workflow is very similar to the self-serve Netify solution available through our online portal.

Workflow

Fundamentally, there were 3 Netify assets that needed to be managed by TheBestSecurity: Organizations, Sites and Agents. TheBestSecurity does not use that terminology, so these Netify concepts were translated using the guidelines in the following table:

Netify Asset TheBestSecurity Equivalent Database Example
Organization User Account user.organization_uuid
Site Site site.site_uuid
Agent IoT Gateway Device device.agent_uuid

The workflow for deploying the IoT gateways to the AcmeCo factories was the following:

TheBestSecurity Deployment Netify Deployment
AcmeCo created a user account IT@AcmeCo. The Netify Organization was created and mapped to the IT@AcmeCo user.
AcmeCo created a profile for each factory site. A Netify Site for each facility was created.
TheBestSecurity installed the IoT gateways in the field. The Netify Agent automatically called home. No action was required for this step.
IT@AcmeCo provisioned Netify on the IoT gateway. The Netify Agent was provisioned.

Netify Asset API

Let's take a look at each step from the perspective of the Netify Asset API. Please reference the Assets section in the API Reference Guide for details.

Creating the Organization

TheBestSecurity created a Netify Organization after the user account was created. The only required field for creating an organization was the label (AcmeCo).

[POST] https://manager.netify.ai/api/v1/assets/organizations
    ?label=AcmeCo

In the API response, you can find the Organization UUID that was created.

"data": {
    "uuid": "6c9e38fe_1232_4795_8f73_0979a6eaf93a",
    "label": "AcmeCo",
    ...
}

This UUID was saved inside the TheBestSecurity account system.


Creating Sites

As part of the TheBestSecurity user interface workflow, each manufacturing facility was defined with some basic information:

  • Primary IT contact
  • Address
  • Ship date
  • ... and other useful information

From the perspective of the Netify side of the deployment, each factory was mapped to a Netify site. In order to create the site under the AcmeCo organization, the Organization UUID in the previous step was used. In addition, a site label and plan_id was also specified. The SD-WAN example has more information on the plan_id.

[POST] https://manager.netify.ai/api/v1/assets/sites
    ?label=Kelowna
    &organization_uuid=6c9e38fe_1232_4795_8f73_0979a6eaf93a
    &plan_id=1000000

In the API response, you can find the Site UUID that was created.

"data": {
    "uuid": "19375ca8_0000_4a7c_8795_819d75802772",
    "label": "Kelowna",
    ...

This UUID was saved inside the TheBestSecurity account system for each factory site.

Provisioning Agents

In our TheBestSecurity workflow, the Netify agents on the IoT gateways were configured to start on boot. Once the IoT gateway made a connection to the Internet, the Netify agents automatically called home. At this stage, the agents were just calling home - the Netify service had not yet been provisioned.

When ready, the IT Manager at the factory location logged into each IoT gateway to obtain the Netify agent UUID (provision code). This agent UUID was then used to provision Netify inside the TheBestSecurity online account system.

Like sites and organizations, a label was required to provision an agent. In addition, the Site UUID for the factory was also required. Finally, the provision mode was set to "in-site". You can find an example of "standalone" provision mode in the SD-WAN example.

[POST] https://manager.netify.ai/api/v1/assets/agents/AA-BB-CC-DD/provision
    ?label=Zone1
    &site_uuid=19375ca8_0000_4a7c_8795_819d75802772
    &mode=in-site

Here is a sample of the API response:

"data": {
    "uuid": "1E-1T-4Q-J0",
    "label": "Zone1",
    "activated": true,
    "provisioned": true,
    ...

At this point, the IoT gateway was provisioned and Netify network data start to flow.

Conclusion

This is just one example on how a company integrated Netify into their product workflow. We can certainly help with integrating your workflows, so please do not hesitate to contact us for more information.

Integration and Custom Solutions

Do you have any questions about integration, APIs or custom development?

Contact Us