TL;DR Skip to the end, questions 3 and 4.
Let's suppose you owned a fleet of vehicles and a rack of nix servers (and other misc. networked gear) was in the trunk of all of them and let's suppose you sold this mini-computer-in-a-trunk to a handful of customers that are, for maximum PITA, distributed all over the globe. For the sake of the argument, let's pretend one of the vehicles has a bad-attitude and likes to drive off and hide in obscure parking spaces (say behind dumpsters in the back of the building). Let's suppose the local police department will not assist you in locating your angsty, run-away teenaged car and besides, every vehicle has a GPS unit accurate to the width of a dime in it so if you could talk to it you would know *exactly where and when it is.
The obvious solution would seem to be to add a 3G/4G modem uplink via an in-vehicle Cradlepoint or Sierra Wireless unit.
These devices fail-over, say, from direct-wired-Ethernet-uplink, to wifi-as-wan, to 4G provider 1, to 4G provider 2, to 3G provider 1, et. al.
I anticipate configuring them to favor 4G so they don't bounce to a crappy wifi if they drive by a McDonald's they stored the wifi config for or wifi corpnet from the parking-lot because one bar. (You think you got AP problems now indoors ... look out that window and imagine each car is a wifi node and maybe mesh. It's coming. Is your company all about the green-economy? Well that means a car-charger in every parking spot and at that scale the company isn't footing the bill for all that electricity so the charger needs a way to figure out who to charge for which spot. This is not a flippant joke; Mary Barra, CEO of GM, just fired a few thousand ICE engineers.)
Maybe there will be corporate-owned private 5G nets.
Reading about various 4G providers many of them NAT access to the Internet. If they don't I'm not even certain how this part works - do they use mobile IP or something else to keep the connection alive as you travel? Or do most of them drop connections and hand you off to a new IP if you drive ~1000 miles? We require support for multiple vendors, multiple customers across the globe so deciding on something like "Thou shalt use Verizon static IP's" isn't a solution. The solution needs to work for NAT'd, double-NAT'd, possibly triple-NAT'd 4G nodes or for a 3G node (which I am lead to believe tends to be an Internet-addressable IP not NAT'd.)
Would mobile-IP be a possible solution or part of the solution? (I know of it but have never used it.)
Any other routing or transport-level tech to look into?
It seems like we need a "phone home" solution. Custom solutions, customized daemons, are not out-of-the-question. If we only wanted GPS/telemetric data then this is what we would do but we also want remote-access for customer-assistance and to push updates (quarterly software updates or emergency fixes or recovery service-calls). Complex configurations are acceptable though simpler is better where simpler means "fewer things can go wrong because I do not want to fly to China." That part starts sounding like mobile-reliability-engineering but the part I am concerned with first is how to get secured, remote-access in the first place. I could hack together a set of openvpn's, one per customer, that only routed to the VPN for one small subnet then we'd have keys to all of them from the homebase and open portals to them as-needed and we would use SSH from there for remote-access to get started.
So my one two three four questions for the wider community are ...
1) What sort of solution/s would you prefer to see used for the eventual wide-scale deployment at which point-and-time company cars will become a robotic IT asset?
(You could start practicing now with Roombas!)
Would you want them integrated into existing tracking and management systems? Kept separate?
Would you rather deal with open-source software and interfaces, e.g. OpenWRT, or something proprietary?
Do you want to be able to replace the uplink with your own spec'd device?
2) For any milspec lurkers, are there any lessons-learned that can be shared from the tactical-Internet (or defunct future-combat-systems project)?
3) For my immediate remote-access needs are there any particular tools or methods I should be aware of and look into? Maybe services beyond "simple" 4G?
e.g. We could have a custom daemon in-vehicle that monitors a website, or logs into a private IRC server, and awaits further instructions.
Maybe using a Salt minion would work. Some devices would be updated over local serial connections. I don't have enough experience with the devops tools to have an architectural perspective to know if pushing them to the edge-devices in-vehicle is a Good Idea or Bad Idea (maybe that's a question for /r/devops not /r/networking)
An example alternative would be use dynamic-DNS and then direct-access SSH but that seems like, as my sister would say, Mickey Mouse engineering. Besides being gross we probably would not able to port-forward on the second NAT and definitely not the third if it comes into play (over a corporate wifi-as-wan uplink).
4) Presuming 'you get a vpn, and you get a vpn, everyone gets a vpn!' is the most bestest solution evar; are there any existing tools, professional or open-source, that are designed with multi-site, multi-customer isolation in mind? Maybe there's some MSP software that manages this? My inclination is server software I can install on a cloud VPS but an appliance we setup at the home-base and put in the DMZ is on the table.
It's at least one hundred customers, could grow to hundreds and hundreds maybe a thousand.
No comments:
Post a Comment