APN for IoT Devices
Securing Your IoT Devices with APN
Through IoT Connect, Telenor IoT´s Managed Connectivity service, we offer several features and policies that can help you connect and monitor your IoT devices.
IoT Connect provides secure connectivity for IoT devices, including remote monitoring and management. We use VPN for IoT and APNs to establish secure connections between your data center and the Telenor IoT platform.
Telenor IoT´s APN Offering
The Access Point Name (APN) establishes a connection between a device on a mobile network and the internet or a customer network. Telenor IoT provides three APN types that include different security and customization options: standard, customized, and private.
1. Standard APN
The Standard APN is suitable when only internet access is required. A standard APN is a generic public APN which is shared among multiple customers and allows internet access with no restrictions.
2. Customized APN
A customized APN is a unique APN with a customized customer name instead of the generic public access Telenor name. Restrictions can be added to a customized APN.
3. Private APN
A private APN provides a point-to-point private connectivity to a customer network and is used together with a Virtual Private Network (VPN) to provide secure access. A private APN will have a customized customer name.
APN is a mandatory component of a managed connectivity solution and multiple subscriptions can use the same APN. By default, devices on an APN are prohibited from communicating directly with each other, to prevent a malicious device from disturbing or infecting other devices on the same APN.
Benefits of our APN offering
- Possibility to use a company name for the APN
- Multiple SIM cards can attach to the same APN
- Possibility to access the Internet directly from the private APN
Technical Data
The APN is the address used in the gateway between a mobile network and the internet. The APN options support a variety of IP addressing options.
Add-on Service Internet Breakout
Internet Breakout is an add-on service to the Telenor IoT APN product and enables you to access the Internet directly from the private APN. It is a firewall configuration that can divide data traffic where part of the data is being sent towards customers datacentre via VPN and part via Internet. Whitelist or blacklist functionality can be applied to allow only specific destinations being reached through Internet. If no restrictions are chosen for the breakout, the traffic will be sent through open Internet.
The platform handles NAT of IP addresses, firewall and redundancy functions. Two sites are used, one in Stockholm and one in Amsterdam for redundancy reasons. Dynamic routing protocol is used to select active Firewall, leaving the other site firewall as backup.
APN Use Cases and Examples
Explore how to use different types of APNs to meet specific technical requirements. We go through some concrete use cases to discover what differs between the types of APN and when they are to be used.
This video, produced in September 2022, showcases the product features that were available at that time.
Use Case for a Standard Internet APN Solution
A manufacturer has a product that will be deployed all over Europe. The product is a device that measures changes in air pressure in the centre of cities and it consumes low amounts of data twice a day. The data is not seen as sensitive and the device itself supports encryption to the cloud service it transmits to.
Solution
In this case, Telenor IoT´s standard Internet APN with a small data bundle is a good choice. There is no need for firewall rules or additional services, and this will be a straightforward solution. The data will enter the mobile network and when reaching Telenor IoT´s core sites in either Stockholm or Amsterdam it gets unrestricted access to the Internet on its way to the destination.
Use Case for a Customized APN Solution
A company has deployed EV charging stations in Europe and North America. Payment traffic will of course be sent from the charging station, but it also has a screen that will display advertisement to the charging customer. The device handles encryption, but the EV charging operator wants to restrict the number of IP addresses the terminal can communicate with. The company also wants to limit all traffic to certain ports.
Solution
Telenor IoT´s Customized APN provides the EV charging operator with a unique APN name and the possibility to whitelist traffic, meaning we only allow communication with specified IP addresses and ports. The customized APN would be a good solution with one disclaimer, it only supports blocking of IP addresses and not domains.
Use Case for a Private APN with either VPN and/or Internet Breakout
This use case has a more complex setup. The company provides security cameras, and the footage has to be sent to the company’s own data centre. A high level of security is required. However, the camera’s firmware is updated from a cloud service and the company wants Telenor IoT to handle the direction of traffic instead of sending it to them. Only the cloud service domain should be available to reach from the camera.
Solution
For the first part, a Private APN with a VPN will be the solution. A unique APN is created and in our core network, the APN is connected through a VPN to the company´s data centre. This is the path of the camera’s footage. The second part demands that Telenor IoT break out the traffic for the firmware update to the cloud service. Internet Breakout is used for this so that the cameras´ request for new firmware gets access to the cloud service through the Internet. The requirement to only allow access to the cloud service domain is also covered by whitelisting only the cloud service domain in the firewall.
More Security Features within IoT Connect
Security in IoT: How We Protect Your Connected Devices and Data
IoT Data Analytics: Unlock the Full Potential of Your IoT Project
Product Description for IoT Connect Including Details for APN
IoT Connect Product Description (PDF)
Get a Free Consultation
Customers
We’re proud to work with enterprises across the globe, transforming businesses and enabling new opportunities.