fbpx

Communication networks and the services that run on them have evolved a lot since the use of the Internet became popular.

IoT device management is a crucial factor in any project. Both from monitoring to control, software update and problem solving.

Not having remote management of IoT devices can lead to periods of unavailability and high maintenance costs (since you will have to go to the site to see what happens).

NAT and PAT

A few years ago, when someone wanted to have some kind of control over a device, they had to “open ports” on the edge router to expose the device's access to the Internet.

The technique used is called NAT (Network Address Translation) and consists of translating IP addresses from one network to IP addresses from another network that is not directly accessible.

nat network address translationpat port address translation
Source: cisco.com

In the case where the IP addresses of the internal network are more numerous than the public IPs, port mapping is used. This case is known as PAT (Port Address Translation) and a specific external port must be pointed to in order to access a certain internal host.

This technique is obviously still used in many environments and applications, but in general it is not the most suitable for accessing a device on a private network from the Internet.

Problems with access via NAT/PAT

The problem is mainly related to security issues, since by exposing the device to the Internet, its vulnerabilities are also exposed. This can pave the way for attacks of all kinds, from bot installation to device crash to data theft.

There are innumerable examples of this type of attack and the disastrous consequences they have had on the companies, institutions and people who have suffered from them.

Just to give an example, let's consider access to video surveillance systems. This is something very common. It is common for many people to install very cheap and poor quality systems, which are easily accessible just by doing an internet search. The access can allow the attacker to spy on his victim, steal images, publish them, or use that access to disable the system and plan a theft.

All of this is not to say that you can't still use NAT to access remote devices. However, even taking various safety precautions is not highly recommended.

IoT Platforms

Fortunately, with time and the rise of IoT solutions, other ways of managing IoT devices have appeared. 

Instead of directly accessing the device, the device connects to an IoT platform, where it can post and retrieve information. 

The two most commonly used protocols to do this are HTTP and MQTT.

MQTT vs HTTP – What to choose for your IoT project

In this type of solution, the IoT platform acts as an intermediary between us and the device to be managed. In this way, there is never a direct access to the device and all the risks associated with a connection via NAT are avoided.

Suppose we have a Raspberry Pi that is publishing information from sensors and also from its internal processes such as CPU usage, memory, disk, logs, etc. In this way we can check that everything is working correctly and detect anomalies in the processes or applications.

On the other hand, also through the IoT platform we can give orders to the Raspberry Pi, so that it updates its software packages, restarts, etc. We can even connect to a virtual console and execute commands as if we were accessing the computer directly.

All of these actions can be done with any device, not just a Raspberry Pi.

Through an IoT platform, for example, automatic updates can be scheduled centrally, avoiding having to do it on each of the devices separately.

smart home sonoff

conclusion

Undoubtedly, IoT platforms not only came to offer a way to manage the information generated by the devices. They also offer us a safe and reliable way to manage these devices.

Now tell me. What is your experience with IoT platforms? Have you used NAT/PAT in your projects? Do you have any questions about the use of IoT platforms?

I invite you to write your experience or your doubts in the comments.


4 Comments

Luis Carlos · 9 February, 2021 at 5:55 PM

Hi Rodrigo, I have a raspi with a camera, motion sensor, temperature and humidity sensor, an ldr for brightness and relay control. I can see it and work remotely with VNC CONNECT. I didn't connect it to the internet using port forwarding on the router for security reasons. Until now I have not used any IOT platform from a third party, but the questions that arise are how I know that this platform is not going to make use of my data by selling it, for example, since apparently it is a good business, and on the other hand , the IOT platform, connects to the internet through a server, how do you connect? Do you use another method than port forwarding? Can I make my own IOT platform?

    IoT Consulting · 14 February, 2021 at 6:20 PM

    Hello Luis:
    Thanks for commenting, there are several questions. I start at the beginning.
    VNC connect is a cloud system that allows you to connect to your computer through its cloud system. This is something typical of all cloud systems and is very similar to what IoT platforms do. Through a client you connect to cloud services, which act as intermediaries between the client and your device.
    As for IoT platforms, there is a huge number and with many of them you could manage your Raspberry Pi.
    One of them is whale , which in addition to giving your rasp connectivity, will allow you to manage different types of applications through containers.
    Regarding data handling, in general IoT platforms are not interested in the data you generate. However, you can always read the terms and conditions that you accept when you use their system. This also happens with applications like VNC connect.
    I hope the answer helps you and if you ask anything again.
    Cheers!
    Rodrigo.

ICTindustry · 18 March, 2021 at 9:46 AM

Very good article, thanks for sharing the ideas.

    IoT Consulting · 18 March, 2021 at 10:28 AM

    Thanks for comment.
    Greetings.

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

en_USEnglish
%d bloggers like this: