Communication networks and the services that run on them have evolved a lot since the use of the Internet became popular.
IoT device management is a crucial factor in any project. Both from monitoring to control, software update and problem solving.
Not having remote management of IoT devices can lead to periods of unavailability and high maintenance costs (since you will have to go to the site to see what happens).
NAT and PAT
A few years ago, when someone wanted to have some kind of control over a device, they had to “open ports” on the edge router to expose the device's access to the Internet.
The technique used is called NAT (Network Address Translation) and consists of translating IP addresses from one network to IP addresses from another network that is not directly accessible.
In the case where the IP addresses of the internal network are more numerous than the public IPs, port mapping is used. This case is known as PAT (Port Address Translation) and a specific external port must be pointed to in order to access a certain internal host.
This technique is obviously still used in many environments and applications, but in general it is not the most suitable for accessing a device on a private network from the Internet.
Problems with access via NAT/PAT
The problem is mainly related to security issues, since by exposing the device to the Internet, its vulnerabilities are also exposed. This can pave the way for attacks of all kinds, from bot installation to device crash to data theft.
There are innumerable examples of this type of attack and the disastrous consequences they have had on the companies, institutions and people who have suffered from them.
Just to give an example, let's consider access to video surveillance systems. This is something very common. It is common for many people to install very cheap and poor quality systems, which are easily accessible just by doing an internet search. The access can allow the attacker to spy on his victim, steal images, publish them, or use that access to disable the system and plan a theft.
All of this is not to say that you can't still use NAT to access remote devices. However, even taking various safety precautions is not highly recommended.
Fortunately, with time and the rise of IoT solutions, other ways of managing IoT devices have appeared.
Instead of directly accessing the device, the device connects to an IoT platform, where it can post and retrieve information.
The two most commonly used protocols to do this are HTTP and MQTT.
In this type of solution, the IoT platform acts as an intermediary between us and the device to be managed. In this way, there is never a direct access to the device and all the risks associated with a connection via NAT are avoided.
Suppose we have a Raspberry Pi that is publishing information from sensors and also from its internal processes such as CPU usage, memory, disk, logs, etc. In this way we can check that everything is working correctly and detect anomalies in the processes or applications.
On the other hand, also through the IoT platform we can give orders to the Raspberry Pi, so that it updates its software packages, restarts, etc. We can even connect to a virtual console and execute commands as if we were accessing the computer directly.
All of these actions can be done with any device, not just a Raspberry Pi.
Through an IoT platform, for example, automatic updates can be scheduled centrally, avoiding having to do it on each of the devices separately.
Undoubtedly, IoT platforms not only came to offer a way to manage the information generated by the devices. They also offer us a safe and reliable way to manage these devices.
Now tell me. What is your experience with IoT platforms? Have you used NAT/PAT in your projects? Do you have any questions about the use of IoT platforms?
I invite you to write your experience or your doubts in the comments.