Brkiot 1520

BRKIOT-1520
Remote and Mobile Assets

IT designed. Field operated.
RJ Mahadev, Solution Lead

Mark Davidson, Architect
Business Overview
Typical Customer IoT Journey
Transportation
Intersections
Warehouses & Distribution Centers Kiosk/ATM Manufacturing Oil & Gas
Ports and
Container Transit
Utilities
Terminals
Public Safety
Pipeline
Monitoring
Airports
Roadways Fleet Data Driven Business Outcomes
• Predictive Maintenance
Connecting Remote Monitoring • Cross-Domain Correlation
“Things” and Control • Digital Twin
Secure connectivity is the foundation for every IoT deployment
BRKIO-1520 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Common networking and operational concerns
Cannot connect to Hard to access Need to manage Limited/no IT staff

enterprise network to update, operations to onboard,
by cable troubleshoot, fix at scale manage devices.
How do I make sure everything is secure?
Assets are Truck rolls and Support growing OT/LoB teams

remote or site visits number of need ability
in motion are costly distributed assets to manage
Remote and Mobile Asset Monitoring Made Easy
Cisco Remote and Mobile Assets
Value Proposition
Applications
• Distributed IoT gateways -
- Secure IoT connectivity
• GW management
• App management
with operational scale
• Data management Cisco Kinetic
• OT visibility of the remote
assets – GPS, cellular,
control
IR Gateway IR807 IR809 IR829
• Remote data gathering
with lightweight decision
• Secure data delivery with
Traffic Cabinets ATM & Kiosk Remote Sites Service Vehicles Public Safety Fleets
policy control to cloud
Remote Fixed Assets Mobile Asset applications
Cisco solution addresses key challenges
Cannot connect to Hard to access Need to manage Limited/no IT staff

enterprise network to update, operations to onboard,
by cable troubleshoot, fix at scale manage devices.
How do I make sure everything is secure?
Cisco end-to-end IoT security

Remote gateway OT/LoB friendly UI to
LTE connectivity
Secure remote onboarding and add, monitor &
with dual LTE option.
access to gateways management are manage assets,
Plus automated
and connected IP streamlined with UI update edge apps
Wi-Fi offload for
devices templates and bulk from a cloud-based
mobile assets
operations dashboard
The Cisco Validated Design (CVD) will provide best practices for
architecting a secure, enterprise-class platform with simplified
field operation
The CVD specifies requirements and test cases to validate, document and
automate the network access building blocks that are most important to
customers
Ensure suitability of gateway for harsh environments (temperature,
vibration, dust). Validate GPS functionality & automation script for
Industrial firewall/QoS configuration. Validate & document options for antenna &
power supply connections.
Validate and documents various radio/SIM card combinations for NA (ncl.

Multiple Backhaul single/dual radio, Public/Private APNs, different bands), automation script
Options for carrier selection based on connection metrics,
HotSpot options--autonomous & unified (using WLC) mode. Work Group

Station Wi-Fi Bridge to allow automatic connection to station WiFi network for bulk
Extension** data/video offload. Cellular-WGB & WGB to cellular auto switching.
More complex Head End integration architectures including Flex VPN

Enterprise Network connections to CSRs, High Availability guidance and automation script for
Integration
Head End Router configuration. IKEv2 best practices.
Device onboarding, manufacturing configuration, claiming the gateway,

Cloud Provisioning configuration best practices, IP addressing & VPN setup. Performance
& Management management, reporting & troubleshooting. Control Center integration.
Use Case
Public Safety Vehicles
Customer
Cisco Kinetic DC
GW & Data
Mgmt.
Intersection Police cars & Firetruck
WiFi
Key Benefits
Improved Operation | Improved Safety | Mission-critical Connectivity
1 Comprehensive security
Dual SIMs enables broad cellular coverage, better throughput for always-on
2 Simple to deploy and manage
connectivity
Secure, non-stop vehicle connectivity, in-vehicle WiFi hotspot 3 High reliability for mission-
critical operations
Simple cloud GW mgmt with operational visibility (GPS, cellular …) BRKIO-1520 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Use Case
Traffic Intersections
MPLS 4G LTE Cisco Kinetic
Operations
Center IR807 IR809
Field
Cabinet
IE 4000
Key Benefits
Improved Operations | Improved Safety for Motorists and Pedestrians
Secure, reliable, redundant and high bandwidth Gigabit Ethernet connectivity
and can be Din-rail mounted in a field cabinet Secure, non-stop vehicle
Real-time insights into traffic conditions 3 High availability and reliability
Ability to detect red-light/stop sign violations and enforce traffic laws with
sensors/cameras and number plate recognition BRKIO-1520 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Use Case
Mass Transit
Customer
Cisco Kinetic DC
GW &
Data
Mgmt.
Bus Stop Bus
WiFi
Key Benefits
Improved Service| Improved Operations | Improved Passenger Experience
Delivery of improved in-vehicle services (wi—fi, video on demand,
announcements, video cameras) 2 Simple to deploy and manage
Visibility of vehicle location, dispatch and time of arrival 3 Operational cost savings
Vehicle telemetry, performance tracking and driver safety
Use Case
Service Fleet
DC
Cisco Kinetic
FlexVPN
WiFi
IR829 Dual SIM
Key Benefits
Gateway
Simplified Management | Cost Reduction | Increased Visibility and Safety

Reliable, broad cellular coverage in all types of weather conditions
Visibility of vehicle location, dispatch and time of arrival
3 Operational cost savings
Vehicle telemetry, performance tracking and driver safety
Use Case
Equipment Monitoring
GW & Data
Mgmt. Applications
Equipment health
Cisco Kinetic monitoring
Event based alerts

IR829 Dual SIM
Gateway
Rapid onboarding
Key Benefits
Simplified Onboarding and Management | Cost Reduction | Increased Visibility
Remote, secure access to control and troubleshoot devices without a truck-roll 2 Simple to deploy and manage
Real-time visibility into status of gateways and connected IP devices
Data control to securely route sensor data to your choice of cloud(s)
Use Case
Point of Service Kiosk
Customer
Cisco Kinetic DC
FlexVPN
IR829 Dual SIM
Key Benefits
Gateway
Simplified Onboarding and Management | Connectivity OpEx Cost Reduction

Rapid, secure and reliable connectivity with redundant Ethernet/LTE WAN 2 Simple to deploy and manage
Real-time visibility into status of gateways and connected IP devices
Video surveillance and intelligent data processing for remote locations
Validate the specialized needs of key industry
segments
Specialized Requirements Unique Solution Capabilities
• Computer Aided Dispatch & Automatic Vehicle Location • Integrated edge compute & application management
Service
• Extend enterprise network to vehicles • Unified WIFI policies & enterprise VPN termination
Fleets
• Vehicle telemetry, performance tracking & driver safety • Scalable IT-designed network with simplified field operation
Buses &
• Growing range of in-vehicle services (Ticketing, WI-FI, Video, etc) • Simplified microservice development, deployment & management
Taxis
• Mission-critical connectivity that’s always on • Multiple connectivity including singe/dual radios & robust WI-FI
Public Safety
• Increase in vehicle devices (Computers, cameras, sensors, etc) • Enterprise networking with several security & control options
Vehicles
• Real-time visibility of equipment located in customer/partner sites • Ethernet, cellular & WIFI connectivity with flexible routing options
Connected • Secure access to control and troubleshoot without a truck roll • Real time dashboards and over the air firmware updates
Machines
• Secure, reliable & real-time SCADA connectivity • Edge compute options for customized protocol management
Outdoor • Ruggedized equipment to withstand temperature, humidity & dust • DIN-rail mounted, IP64 rated equipment with Class 1, Div 2 rating
Equipment
• Remote setup & operation by field workers • Simplified cloud management

Remote
• Reliable data access and options to add additional services • Management options to route data to public and private clouds
Sites
Target partners, integrators, edge-device
vendors and application software providers
Strong Market Position
Type of Partner Targeting Criteria
SP/Integrator • Specialization in OT
for target verticals
(Ex: VARs, SIs, • Significant vertical
IT/OT Channel) business/ revenues
Non-Gateway Gateway Edge Device

• Business critical use
Vendors case
Centric Centric • Significant share/
(Ex: Compute, revenues
Video camera, • Requires gateway
Vertical equipment)
Application
• Business critical use
Software case
• Significant share/
(Ex: CAD, AVL, revenues
Vehicle • Requires gateway
Maintenance)
Weak Market Position
Technical Overview
IoT Gateway Positioning
IR 807 IR 809 IR 829

Optimized for Low Power Compact Single/Dual LTE with WiFi,
Din Rail Mounting Feature Rich Optional PoE and mSATA
• Compact and rugged • Edge compute • Storage & Edge Compute

• Din Rail Mounting • Panel Mounting • Panel Mounting
• Ignition Power Management
Features • Low power consumption • Integrates with SCADA • Integrated PoE
• Integration with SCADA • GPS, Acc.,Gyro • GPS, Acc. & Gyro
• Utility Certifications • Utility Certifications • Industrial & Automotive Cert.
Positioning
Utilities Roadside Kiosk Utilities Oil & Gas ATM Public Mass Remote
Safety Transit Asset
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Product Availability Status (PAS) Tool:
https://www.cisco.com/c/en/us/products/product-approvals.html
IoT Gateway Portfolio
IR807 IR809 IR829 (Single LTE) IR829 (Dual LTE)
GPS
60º 60º 60º 60º

RUGGEDIZED OPERATIONS -40º -40º -40º -40º
LTE LTE
2x LTE
Wi-Fi
EDGE COMPUTE
GYROSCOPE & ACCELEROMETER
MANAGEMENT- GMM SUPPORT
North America North America

Availability Globally Globally
& Europe © 2019
& Europe
Cisco and/or its affiliates. All rights reserved. Cisco Public
One USB 2.0
Cisco IR 807 Type A port
Industrial Mini-USB
Console
GPS
Integrated Cellular
Services Routers MAIN
Dimensions:
1.84” x 5.07” x 4.37” (H x W x D)
(46.74 x 128.78 x 110.99 mm)
Temperature:
-40C to +60C
9.6-60 VDC Power Input Reset

Digital Alarm Port
Back Cellular DIV
One RJ-45 RS232 Serial Port
View One RJ-45 RS232/RS485 Serial Port
Two 10/100 Base-T
Cisco IR 809 Cellular MAIN
Cellular
AUX
Industrial GPS
Integrated
Services Routers Accelerometer
and Gyroscope
Dimensions:
5”x 6.25”x1.25” (DxWxH)
One RJ-45 RS232 Serial Port One USB Type B Port
Temperature: One RJ-45 RS232/RS485 Serial Port
-40C to +60C
Two 10/100/1000Base-T 9-60 VDC Power Input
Digital Alarm Port
One USB 2.0 Type A port
Cisco IR 829 Dual SIM Mini USB Console
Industrial WLAN 5 GHz

GPS
WLAN 2.4 GHz
Integrated WLAN 2.4 GHz Cellular MAIN
Services Routers
(Single LTE) Accelerometer
and Gyroscope
Dimensions:
7.7”x11”x1.73” (DxWxH) Cellular
10.55”x11”x1.73” (DxWxH) AUX
WLAN 5GHz
SFP WAN Port

Temperature:
-40C to +60C Four 10/100/1000Base-T 6-32 VDC Power Input
30W Shared PoE/PoE+ Ignition Sense
Available Worldwide One RJ-45 RS232 Serial Port

One RJ-45 RS232/RS485 Serial Port
USB Type A port
IR 829 Ignition Power Management
Fuse panel
GND IGN
Ignition switch Accessory
ACC/ON
(switched)
Battery Power Cable

(constant)
BAT
In Line
Fuse
Pin Name Description
number
Ground 1 DC In - DC Power Return (GND -)
(Chassis)
2 DC In + DC Power In (Bat +)
Ground
+ - (Chassis) 3 Ignition Ignition Input (IGN)
Battery
12V – 24V 4 N/A N/A
Cisco External Mount Antennas
Omnidirectional Multi element
5-in-1 Antenna 3-in-1 Antenna 2-in-1 Antenna

Wi-Fi Antenna
ANT-2-WLAN-D-O
Cisco transportation
omnidirectional 2-element
antenna dual-band Wi-Fi 2.4
GHz and 5GHz.
Cellular Antenna
ANT-2-4G2-O
ANT-5-4G2WL2G1-O ANT-3-4G2G1-O Cisco transportation
Cisco transportation omnidirectional Cisco transportation omnidirectional omnidirectional 3-element
5-element antenna for 2G, 3G, 4G 3-element antenna for 2G, 3G, 4G antenna for 2G, 3G, 4G
cellular, GPS, and dual-band Wi-Fi cellular and GPS. cellular, no GPS
2.4 GHz and 5GHz.
Note: There needs to be physical spacing between antennas for RF isolation between different radios.
http://www.cisco.com/c/en/us/td/docs/routers/connectedgrid/antennas/installing-combined/industrial-routers-and-industrial-wireless-antenna-guide.html
http://www.cisco.com/c/en/us/td/docs/routers/connectedgrid/antennas/installing-combined/industrial-routers-antenna-guide.html
What is Cisco Kinetic Cloud / GMM?
Provision, monitor, and manage Cisco

industrial IoT gateways at scale
• Bring new gateways online in minutes instead
of days with low-touch provisioning.
• View and control gateways remotely from a
secure cloud-based dashboard
• Reduce upfront deployment and ongoing
operational and maintenance cost
• Get real-time status view, so issues can be
IoT Data Management Platform identified and resolved in timely manner
Edge & Fog Data Gateway • Available as standalone product

Processing Control Management
Module Module Module • Exist in 2 Geos (US and EU)
• Supports IR809/IR829
What can GMM do?
Networking Management
Zero/Low Touch PAT for Subtended Real-time GPS WiFi Offload Cellular Monitor
Wi-Fi Hotspot Remote Debugging
Deployment Devices Tracking with WGB and Details
Full Routing of
Custom LAN Grouping and Remote
Cellular Monitoring Subtended Report Center Configuration Edits
Subnet Claim Commands
Network
Two Factor Application Menu Driven

VRF Site-to-Site VPN Remote Access Alert Center
Authentication Monitoring Diagnostics
Custom IOS Dual LTE Customized User Scheduled Customize Display 30 day GPS
LAN Port Control
Configuration Active/Active Persona Firmware Upgrade Columns History
Primary/Secondary Additional HW
Unified AP LTE Auto SIM Throughput Test Jasper Integration SMS Support
S2S VPN IR807/IR829M/B
Unique SSID 802.1x Auth Cellular APN Configurable IOS and Android
Org Level Audits Geo Fencing
per GW for WiFi Change Gateway Recovery Claiming App
Green boxes: recent feature additions (November 2018)

HER: Head End Router
Architecture: Public Cellular APN

CSR: Cloud Services Router
ASA: Adaptive Security Appliance
FW: Firewall
• All data path traverse Internet

• Site-to-site VPN is a must
• Customer firewall must allow
site-to-site VPN connection
- ESP 50 protocol
- UDP 500/4500
* For LAN deployment: Substitute based on the LAN architecture.

* If HER announces default route to gateway, Internet and DCM IoT data will route across the site-to-site VPN.
Make sure appropriate routing and permissions are configured in Corporate network and FW.
HER: Head End Router
Architecture: Private Cellular APN

CSR: Cloud Services Router
ASA: Adaptive Security Appliance
FW: Firewall
• All data traverse private network to

customer network
• Cellular customer must provision APN
• Site-to-site VPN is a recommended
• Customer controls all traffic at FW
• FW must allow Kinetic traffic
- UDP 500/4500
- TCP 9123
- UDP 123
- TCP 8883 (for DCM IoT data)
* For LAN deployment: Substitute based on the LAN architecture.

* If HER announces default route to gateway, Internet and DCM IoT data will route across the site-to-site VPN.
Make sure appropriate routing and permissions are configured in Corporate network and FW.
GMM – Access Control
The following roles exist per user:
Admin:
Full access to create users, claim
gateways, add assets, and modify all
configurations and settings.
Operator:
Limited access to view all devices
status and data.
Inheritance: Users / Rights are NOT inherited

from the parent Account / Service Provider.
GMM Site-to-Site VPN
Site-to-Site VPN requires:

• UDP port 4500
• Uses FlexVPN
• UPD port 500
• Protocol 50 (ESP)
• Secure/encrypted data path
• HER controls traffic from
subtended network via IKEv2
• Subtended network announces
Announce
routes
route to HER (ISR/ASR) using
IKEv2
Announce subtended
• By default traffic from subtended
network routes networks are NAT’ed to Tunnel 2
• Allows for full IP connectivity to
remote sites when combined with
No-NAT feature
GMM Template: Custom Subnet
• Customize IP address of subtended network (LAN and WiFi)
• Customize subtended network parameters (DHCP, ip-helper, DNS)
• If disabled a block of IP (10.7.x.x/28)

is assigned
Kinetic
• By default NAT is turned on the uplink
interface
• By default PAT is turned off
• “Advance” allows the use on one

configuration template with different
custom subnet configuration
GMM Template: Custom Subnet - VRF
• Avoids customer IP overlap with Kinetic

infrastructure
Kinetic • 10.0.0.0/16 and 10.7.0.0/16

• Complete separation of customer and
Kinetic networks
• Customer VRF traffic will traverse to
Head End Router (ISR/ASR)
• Default traffic will traverse WAN
interface unless default advertised from
customer (ISR/ASR)
GMM – Gateway Lifecycle
Term Description
Kinetic Startup Kinetic gateway that is received from manufacturing, or

Factory reset Kinetic gateway that has been factory reset or a standard
IR809/IR829 gateway that has been converted to a Kinetic
gateway using GPT tool.
1 st Claim First time the gateway is claimed from “Kinetic Startup”

state. Gateway hard code the WAN (uplink) from
configuration template to the boot up configuration as the
“Kinetic Base” state. Note: WAN configuration on
configuration template is only used in initialization.
Kinetic Base Base state with cloud default configuration. Calls home to
Claim cloud – waits to be claimed.
Claim Initiate Kinetic configuration process. Claim is executed

1st claim using “add gateway” function on the Kinetic gateway page.
Kinetic Startup Kinetic Base Operational Operational Gateway is operating as configured.
Unclaim Delete the gateway from the Kinetic. Unclaim is executed

by the “delete gateway” function on Cisco Kinetic gateway
page. Gateway returns to “Kinetic Base” configuration and
waits to be claimed.
Factory reset Unclaim/fallback Fallback An operational gateway will fall back to “Kinetic Base” state
when it misses 4 consecutive heart beats from Kinetic.
Gateway will automatically move to the ”Operational” state
again once connectivity is restored.
Factory Reset To hard factory reset the gateway to factory default.

Green Field vs Brown Field
Green Field
For green field, the gateway is ordered with Kinetic.
Brown Field
For brownfield, the gateway can be converted to Kinetic using GPT.
• https://developer.cisco.com/docs/kinetic/#provision-a-gateway
• Simple to use Graphical tool available for Linux,

MacOS, Windows, Raspberry Pi
• Customer can apply custom configuration
Advanced Template for IOS Configuration
What & Why:

• UI features is subset of IOS features
• “Advanced Template” allows direct IOS configuration - > Super Power
• Remember: “With great power comes great responsibility!”
Template Creation:
• Customer / Partner is responsible for template creation
• Cisco does NOT own or validate config
Upload:
• Customer / Partner uses “Kinetic Help” to upload template*
Application:
• Customer / Partner can apply template to gateways from Kinetic portal
* Self-managed Templates is on the roadmap

Advanced Template Details
Templates can include variables,

implemented via “liquid”
https://shopify.github.io/liquid/basi
cs/introduction/
Note: Template is snipped

Advanced Template Details
• Advanced Template is applied
after all other configurations
• Advanced Template is nested
in standard Template:
- “Default” Mode: all gateways get
the same variable value
- “Custom” Mode: variable values
are set per gateway
(Only visible once Kinetic team
uploaded a template)
After Gateway is claimed,

“Custom” mode variables
can be set per Gateway:
* Limitation: Must unclaim and reclaim gateway for configuration change.

Deploying Cisco Kinetic Gateway
Prepare Claim Start
Build or assign a Claim the Connect Cisco

configuration template gateway in Cisco gateway to the
in Cisco Kinetic Cloud Kinetic Cloud Internet
Gateway will automatically connect to Kinetic and gets configured.

Gateway will become operational in about 10-15 minutes.
Claiming a Gateways
App
Prerequisite: Serial # enabled in Kinetic Cloud
• Green-Field: Automatically during ordering
• Brown-Field: Open support ticket
Multiple claiming workflows: Web UI

1. Office worker: Via web UI
(us.ciscokinetic.io or eu.ciscokinetic.io).
2. Non-Office Worker: via mobile App
(Android & iPhone)
During claiming you need:

• Serial # (can be scanned via bar-code from
app)
• Choose or customize Configuration
Template
Kinetic GMM Claim Process for IOT Gateway
Gateway States
Gateway calls home over HTTPS
Claim
Initiated Kinetic Startup
Https response with WAN configuration

Kinetic Startup
Gateway saves WAN
Gateway connects to Kinetic using configured WAN
configuration into startup *
Kinetic Base
HTTPS response with IPSec configuration
IR829 IR809 IR807

Gateway establish IPSec Tunnel tunnel
Gateway
Final configurations over the IPSec Tunnel Management
Gateway saves final
configuration into startup Operational Module
Management traffic using https over IPSec Tunnel
* This only happens the first time the gateway is claimed
For your reference
Claim Kinetic Gateway: Setup

1. From Kinetic Console, select ‘Gateway’  ‘Gateways’
2. Enter a serial number or list of serial numbers
3. Select gateway model number (IR829 or IR 809)
Mobile iOS & Android App
1. Cluster Selection 2. Login (API or e-mail) 3. Org Selection 4. Home Page
Show Gateways -> Show Gateways ->

Gateway Overview List of Gateways Gateway Details Gateway Details Gateway Details
Mobile IOS & Android App
Claim or Modify -> Option for Quick or
Scan or type SN Barcode Scanner Scanner Enters SN Advanced Claim
Quick Claim -> Choose Quick Claim -> Advanced Claim ->
Custom Field (Claim Policy) Confirm, DONE! Enter all details
For your reference
Claim Kinetic Gateway: Status

1. Gateway status will migrate from ’Inactive’ to ’In Progress’
2. The gateway status will migrate from to ’Up’ after 10-15 min depending on connectivity speed (example
3G vs 4G)
3. Gateway will be send heartbeat to Kinetic on 15 minute intervals. If two heartbeats are missed, the
gateway status will migrate to ‘Inactive’.
4. Once powered back on and Kinetic receives a heartbeat from the gateway, the status will migrate to ’Up’
For your reference
Management: Dashboard View

Summary view of organization status
Click on ‘Dashboard’
1. Break down of connectivity type

and Cell provider
2. Summary of gateway health
3. Summary of application health
For your reference
Management: Networking
Change template
• Use to switch a gateway or group of gateways to a
different template
Custom subnet
• Use to configure advance custom subnet parameters
For your reference
Management: Unclaim/Delete
• Unclaims a gateway
• Sends command to revert gateway back to Kinetic Base
• Deletes backend configuration (VPN, reservation, etc)
* If gateway is not have connectivity to Kinetic (powered off or disconnected), it will

miss this command. Upon power up, will need to wait 2 hours before it fallsback
to Kinetic base.
For your reference
Management: Info Tabs
Summary: Shows gateway specific information

Monitor: Monitor gateway cellular signal strength and data usage.
Current Config: Show what is currently configured. Check here make sure changes are pushed.
Apps: Show IOX applications on gateway and status
Devices: Show devices configured for the IOX applications
Event Log: Shows gateway events
Diagnostics: Debugging/diagnostics tools
For your reference
Management: Alerts
Tools  Alerts
• Can configure for select group of

gateways based on custom field
settings
• Can trigger alerts on a list of Topics
• Alerts are logged and can also be
emailed
• Status changes on the gateway are
checked every 30 minutes
For your reference
Management: Reports
Tools  Reports
• Reports for cellular Usage and Inventory

• Can be one-time or recurring
For your reference
Management: GPS History

Dashboard -> Select gateway
Click “GPS History”
• Show gateway GPS history on

map
• Slide bar on the bottom for
tracking
• 24 hours of history is saved
• Can be viewed in hour blocks
Essential Elements for Fog Applications
Fog-Ready Network Infrastructure Application Framework
IOx
Application Application IOx
Framework Hosting Services
IOS
Linux Application Management
Fog Application Management Developer Tools
Fog-Ready Network Infrastructure
Broad Connectivity Proven Security Industrial Grade Policy-Based Management
• Ethernet • Hardware-accelerated • Ruggedized for • Centralized control

• Cellular 3G, 4G LTE encryption shock/vibration, • Network
• IPSec VPN humidity, temperature,
• Wi-Fi dust • Security
• 802.1x • Fog applications
• DC power supplies
• Firewall
• Identity services
Popular 3rd Party IOx use-cases
Dead Video
Reckoning Surveillance
Route Media
Displays Distribution
Running IoT Data Processing on top of IOx
• Kinetic includes “Edge & Fog Processing Module” (EFM).

• EFM can run on IOx – therefore on IR8x9s.
• GMM can be used to orchestrate IOx deployments, including EFM.
Additional resources
• Cisco Kinetic main page on CCO: https://www.cisco.com/go/kinetic
• Main Kinetic User Guide: https://developer.cisco.com/docs/kinetic
• DevNet Learning Labs: https://learninglabs.cisco.com/tracks/kinetic

• dCloud R&MA demo: https://dcloud2-sjc.cisco.com/content/demo/115786
• Cisco GPT Download Tool: https://software.cisco.com/download/home/286321160/type
• General enquiries:
- Email: ciscokinetic@cisco.com
- WebEx Teams (chat): https://eurl.io/#HyzhyYnyX
Cisco Webex Teams
Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session
How
1 Find this session in the Cisco Events Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
cs.co/ciscolivebot#BRKIOT-1520
Complete your online
session survey
• Please complete your Online Session
Survey after each session
• Complete 4 Session Surveys & the Overall
Conference Survey (available from
Thursday) to receive your Cisco Live T-shirt
• All surveys can be completed via the Cisco
Events Mobile App or the Communication
Stations
Don’t forget: Cisco Live sessions will be available for viewing

on demand after the event at ciscolive.cisco.com
Continue Your Education
Demos in Meet the Related

Walk-in
the Cisco engineer sessions
self-paced
Showcase labs 1:1
meetings
Thank You
Extra Slides
Kinetic Network requirements
The network where your gateways are installed must support:
• DHCP that provides DNS
• A connection to Internet
The following network ports must be opened when Ethernet or a Private APN is used to connect your Cisco gateways.
Recommend
Port DNS-based
Protocol ACL – IP address may change.
Destination Description
53 UDP DNS Server Domain Name System (DNS)
Customer DNS server
123 UDP NTP Server Network Time Protocol (NTP)
Public NTP server
500 UDP Kinetic CSR Bidirectional access is required for the Internet Security Association and Key
Management Protocol (ISAKMP) / Internet Key Exchange (IKE)
csr0-us.ciscokinetic.io or csr0-eu.ciscokinetic.io
4500 UDP Kinetic CSR Bidirectional access is required for IPSec NAT Traversal
us-csr.ciscokinetic.io or eu-csr.ciscokinetic.io
8883 TCP Kinetic Data Connector Secure MQTT (MQTT over TLS) for DCM
us.ciscokinetic.io or eu.ciscokinetic.io
9123 TCP Kinetic Call-home registration to Kinetic home cluster
us.ciscokinetic.io or eu.ciscokinetic.io
Detailed firewall requirements can be found here: https://developer.cisco.com/docs/kinetic/#!requirements

For your reference
Claim Kinetic Gateway: Setup

4. Enter an address (will be the default address on map if GPS is not configured)
5. Select ‘Next’
For your reference
Claim Kinetic Gateway: Configuration

1. Select a saved template that was created in previous section. Or use the default template or
create a new template.
2. Click ’Next’
For your reference
Claim Kinetic Gateway: Review

1. Review Entry and click ’Submit’ to initiate the claim process for the gateway
For your reference
Management: Remote Access (Expert)
• Provides VPN credentials for

remote access to the gateway and
subtended devices using
AnyConnect
* Access to subtended devices is only supported
when not using custom subnet
IOx: Enabling Fog Applications
Distributed Compute
Execute applications within the fog
Secure Communications
Use Cisco® IOS® Software networking
and security services
Rapid System Integration and

= IOx
Application Management
Connect with IOx services; manage simply at scale

Brkiot 1520

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Brkiot 1520

Uploaded by

Copyright:

Available Formats

BRKIOT-1520

Remote and Mobile Assets

RJ Mahadev, Solution Lead

Secure connectivity is the foundation for every IoT deployment

Cannot connect to Hard to access Need to manage Limited/no IT staff

How do I make sure everything is secure?

Assets are Truck rolls and Support growing OT/LoB teams

Cannot connect to Hard to access Need to manage Limited/no IT staff

How do I make sure everything is secure?

Cisco end-to-end IoT security

Validate and documents various radio/SIM card combinations for NA (ncl.

HotSpot options--autonomous & unified (using WLC) mode. Work Group

More complex Head End integration architectures including Flex VPN

Device onboarding, manufacturing configuration, claiming the gateway,

Intersection Police cars & Firetruck

MPLS 4G LTE Cisco Kinetic

Bus Stop Bus

IR829 Dual SIM

Simplified Management | Cost Reduction | Increased Visibility and Safety

Event based alerts

IR829 Dual SIM

Simplified Onboarding and Management | Connectivity OpEx Cost Reduction

• Remote setup & operation by field workers • Simplified cloud management

Type of Partner Targeting Criteria

Non-Gateway Gateway Edge Device

IR 807 IR 809 IR 829

• Compact and rugged • Edge compute • Storage & Edge Compute

IR807 IR809 IR829 (Single LTE) IR829 (Dual LTE)

60º 60º 60º 60º

GYROSCOPE & ACCELEROMETER

MANAGEMENT- GMM SUPPORT

North America North America

9.6-60 VDC Power Input Reset

One USB 2.0 Type A port

Industrial WLAN 5 GHz

Integrated WLAN 2.4 GHz Cellular MAIN

SFP WAN Port

Available Worldwide One RJ-45 RS232 Serial Port

Battery Power Cable

5-in-1 Antenna 3-in-1 Antenna 2-in-1 Antenna

Provision, monitor, and manage Cisco

Edge & Fog Data Gateway • Available as standalone product

Two Factor Application Menu Driven

Green boxes: recent feature additions (November 2018)

Architecture: Public Cellular APN

• All data path traverse Internet

* For LAN deployment: Substitute based on the LAN architecture.

Architecture: Private Cellular APN

• All data traverse private network to

* For LAN deployment: Substitute based on the LAN architecture.

The following roles exist per user:

Inheritance: Users / Rights are NOT inherited

Site-to-Site VPN requires:

• If disabled a block of IP (10.7.x.x/28)

• By default PAT is turned off

• “Advance” allows the use on one

• Avoids customer IP overlap with Kinetic

Kinetic • 10.0.0.0/16 and 10.7.0.0/16

Kinetic Startup Kinetic gateway that is received from manufacturing, or

1 st Claim First time the gateway is claimed from “Kinetic Startup”

Claim Initiate Kinetic configuration process. Claim is executed

Kinetic Startup Kinetic Base Operational Operational Gateway is operating as configured.

Unclaim Delete the gateway from the Kinetic. Unclaim is executed