Frequently Asked Questions

Getting Started:

What is the APN Configuration?

In order to use your devices, you must have the right configuration for the APN on the client device.

Please check with your account manager your specific APN configuration, including APN name, username and password, and authentication.

Tip: Check your device’s user guide for more information on how to configure your device.

What do I Need to get Started?

You will need:

  • To order a SIM card for every device/machine that you would like to communicate with your server.
  • If you want private connectivity to your private server (on-premise or cloud), you will need also a Windows computer to act as a server for receiving communications from your connected devices. This computer could be where your IoT project is controlled or could re-route to the control centre for your IoT project.

 

When can I Start Using my Account?

  • Once your order has been placed, processing is immediate, and your SIMs will be shipped as soon as possible
  • Once received, install the SIM cards into the devices you wish to connect to your network server and set up the APN
  • A confirmation email with a link to create a password is sent to the email address provided on the order form of the online shop
  • Log in to your account using your email address and newly created password.

Will the SIMs work with my Devices?

The table below lists the operating frequencies for the  Singapore Radio Network within Singtel (roaming networks may differ). Any device in use on the network must be equipped with a suitable radio module to utilise the technologies below. Devices must conform to 3GPP (release 11) standards.

Band Mode Frequency (DL/UL) [MHz] Bandwidth [MHz] Technology Deployed 3GPP Release Time between location updates [Hours]
 1  FDD  2125-2140/1935-1950  15MHz  UMTS  11  1 – 2
 3  FDD  1865-1880/1770-1785  15MHz  LTE   11
 8  FDD  925-935/880-890  10MHz GSM & UMTS   11  1 –  2
 20  FDD  791-801/832-842  10MHz   LTE   11

Please keep in mind that all the details above apply to the connectivity inside Singapore. We recommend testing your connectivity when roaming to check that everything works as expected.

General:

What is IoTConnect+?

An online software service (SaaS) allowing your devices/machines to connect securely to your server/computer using mobile M2M/IoT technology.

 

You will have visibility into the status of your connected devices/machines and the control to change regions and data limits for the devices to keep your costs under control.

 

How does it Work?

The service allows you to use a private APN and create your own secure network between your devices and any chosen destination host. Devices set up on a network can securely connect to an internet destination and/or have a static private IP address with bidirectional communication to the host/Local Area Network (LAN).

What is a Private APN?

An Access Point Name is the name of a gateway between your mobile device and the Internet. A mobile device requires an APN in order to access the Internet.
A private APN is a service that will connect mobile devices to one private network to enable secure communication and the ability to use company’s applications and data whenever needed.
It is private because it protects your data and identity from public networks such as the Internet and wireless hotspots.

What are the Advantages of a Private APN?

Traffic is secure as devices are authenticated before accessing the network. This provides a greater level of flexibility and control to organizations looking to access advanced data services. It also provides easier and convenient integration with different backend systems. 

Ordering SIMs:

When does my Billing Cycle date Start?

Billing will be as per your monthly billing cycle. Real-time data controls per device will reset at the beginning of each calendar month.

Where can I Order SIM Cards to Install in my Devices/Machines?

To order more SIM cards please visit here.

How much will I pay for my Account?

For pricing, please contact Singtel GSD (Global M2M Connect Service Desk) through its 24 hours service hotline:

  1. 24×7 service helpdesk: 1800-788 0022 (Press 1 for M2M)
  2. E-mail: gcsc@singtel.com

Where can I find my Account Login Details?

  • The login details are in the confirmation email received when your account was created.
    The email contains a link to create a password and you can then login to your account using your email and password
  • Check your email spam folder to see if the email was marked as spam by your mail server. If so, please add our domain to your whitelist so that you receive future emails from us.

Is my Connection Limited when Roaming?

If you have opt-in for roaming then only roaming will be enabled and will be charged as per your contract, for further details contact Singtel.

 

SIM Management:

Why MCC/MNC Displays “Unknown” in the Last Connected Field for a Device or Sessions Report?

The MCC and MNC values from the roaming mobile network are sent as part of the initial authentication request when a device wants to connect. However, they are optional parameters and are not always part of the connection request information. In these scenarios, the UI will show “Unknown” both for the MCC and MNC information.

What does the Device Life Cycle Status tell Me?

Device status is a method of managing the life cycle of a device.  State of a device indicates whether or not that device is capable of actively using data.

  • Activated: Devices that are up-and-running, sending and/or receiving data.
  • Deactivated: Devices will not send or receive data while in this state.

    You can use this to make sure your devices will not be able to connect.

 

How can I Change the Status of a Device or Multiple Devices?

  1. Log in to your account.
  2. Click:
    1. Devices
    2. Device or Multiple devices on the filter list
    3. The change status drop-down menu at the top right and select the new status
    4. Confirm to make the change or Cancel to retain the current status.

What do I do if a Device has used too much Data?

You can suspend a device card via your account if you need to check out an issue with it running up data costs. If you can resolve the issue, move the device back to Activated so that it can continue working.

What to do if a SIM is lost or Stolen?

For SIM Replacement, contact support.

What is ICCID?

ICCID (Integrated Circuit Card Identifier) identifies each SIM internationally. It is 19 or 20 characters, inscribed on the back of the SIM Card. It can be thought of as the serial number of the SIM Card and will help you physically identify the SIM cards you are managing.

What is the MCC/MNC?

Mobile Country Codes (MCC) in combination with Mobile Network Code (MNC) is used in wireless telephone networks (GSM, CDMA, UMTS, etc.) in order to uniquely identify a mobile operator (carrier) using GSM, UMTS, LTE and sometimes CDMA mobile networks.

This MCC/MNC tuple is used then to identify the provider of a SIM card and is also used to identify the mobile network a device is connecting to in roaming scenarios. In the user interface it is utilized to identify the mobile operator for the last connection of each SIM and for each connection in the session reports.

Can I Create my own Reports for Device Activity?

You can download the complete device list from the SIM list page in CSV (comma separated file) which can be opened in Excel or any reporting tool that supports CSV:

  1. Log in to your account
  2. Click:
    1. Devices
    2. The Download icon    located to the top right.

Note: This will initiate the download for all devices, we cannot download for individual devices.

 

 Network Setup and Management:

Will I be Alerted when my Devices use too much Data?

IoT CONNECT allows you to set up two types of data control alerts on your network:

  • When a device has used a set amount of data in a month
  • One that will cut off a device if it reaches a set amount of data usage in a month

These alerts will show up on your account and you have the option of receiving an email about them. We send alerts by email unless you specifically turn this off.

Both alerts are optional, but we encourage you to set them as a way of controlling your costs.  If you are concerned about cutting off devices in the field, you can set the cut-off point to a very high value or you have the option of never cutting off.

You will be prompted to set these when you first set up your network, but you can change these at any time by:

  1. Logging into your account
  2. Select Network Settings
  3. Click Edit Networks Setting icon 
  4. Make changes and click Save.

How do I set up my Network?

When you first log in to your account using the link provided in the confirmation email, you will be prompted to set up your network and download the Network Connector installer.

The following settings apply to all the SIMs ordered:

  • Name: For network identity to contain at least 5 characters
  • Data Usage Limits: When each SIM card reaches this limit, you will receive:
    • Warning Limit: An email notification
    • Cut-off limit: Another email notification and the SIM card will move to barred SIM state unable to connect.
      See more information about SIM states here.

 

I have set up my Network, what Should I do Next?

How do I Connect a Device to the Network?

You can connect a device to the network following these steps:

  1. From the devices list, go to the device details of the specific SIM you will use in your device.
  2. Activate your device if not already active from the status drop-down at the top of this page.
  3. Insert the SIM in the device.
  4. Set up the APN on the device referencing your device documentation on how to do this.
    You will find the APN configuration details (APN, user and password) for the SIM in the device details page.
  5. Connect the device to the cellular network.
  6. Verify that the device is connected by checking the Connected status in the device details page or in the devices list for each device.
    Note: If you hover over the Connected icon you can refresh the status.
  7. Once connected, if your device supports it and you can access the device, ping 10.192.0.0 to confirm that the device is properly set up.
  8. As an additional test, with your Network Connector already installed, ping the IP address of the device (you will find the device IP address in the devices details page and in the devices list) from the host of your Network Connector.

Congratulations you are done!

If you were not able to complete the steps please contact us for support.

How much data are my Devices Likely to Use?

Data usage is counted in KB (kilo-byte) and totaled across the entire account at the end of your billing cycle. The total data usage for all subscriptions is then charged at the appropriate price for that data volume band. MB (megabyte), GB (Giga-byte) and TB (Tera-byte) figures are based on a 1024 multiplier.

Because machines have different connectivity usage than mobile phones, and with the variety of projects that people are engaged in, it is difficult to say how much data you are likely to use.

IoT Connect+ calculates the percentage of data usage per device in relation to the cut-off point that you have set on your network. If you have no cut-off point set, you will still be able to see how much data your devices are using. You can check these levels at any time by logging into your account and viewing the devices list. The average numbers of the home page will help you with this.

Customers projects vary in size and complexity, so it is difficult to say how much data you are likely to use.  Please see the following examples to guide you in selecting your data usage limits:

  • Low
    If your project involves reading a sensor every hour on a one-way communication e.g. temperature reading from a refrigerated truck, you might use around 1MB a month.
    If you need a more frequent 2-way communication every 30 seconds e.g. the speed of a pump or motor, you could use 5 – 10 MB a month.
  • Medium
    If your project involves sending and/or receiving rich text files you will use much more data than the binary data used in the above examples.
    For instance, a word document with the word “hello” sent one direction 10 times a day would use around 16KB working out at around 5MB a month. An image, such as a photo of a car from a speed camera, is a much larger file size and would use up much more per month.
  • High
    Video or voice data will bring your usage into the top tier and you should allow between 100 and 500MB or more per month for this type of data.

Please keep in mind that these just reference estimations and your project might be vastly different from these scenarios.


Setting Monthly Data Control:
You may want to set your data control alert and cut off points to higher than you expect to use for the first few months until you know what your regular data usage will be.  This way, you will not run out too soon and you can adjust these limits later on to suit your actual usage.

Note: We only charge for the data you use.

 

Should I Always Define a Data Usage Limit for my Network?

You can choose not to set up data usage limits and everything will work fine. However, we strongly recommend that you do as it will help to control your costs and your business. For example, a device might be compromised and start using much more data than it should, which would increase your costs, reduce the performance of your back-end server or both.

 

Where can I use my Connected SIMs?

Your devices will be able to connect from any country where Singtel has a roaming agreement.
Please visit here for more details.

 

What is the Network IP Address and Subnet Mask?

The Network IP (Internet Protocol) is a unique address for the SIMs in your private network.

In general, our suggested settings should work fine with most common network configurations. However, if your devices and network connector have to communicate with your existing Local Area Network (LAN) there is a risk of another node in the network having an IP address within the suggested range. In this case, you will need to select a custom IP address range for your network, if you are unsure check with your IT administrator.

The Subnet Mask defines the IP address range for your client network so that your devices are each assigned a private IP address within that range. This is required by our system to identify a SIM communication.

For example,  An IP Address: 192.168.0.1 with a Subnet Mask: 255.255.255.0 will give you a range between 192.168.0.1 and 192.168.0.254.
That will give you up to 254 addresses which means you can have up to 254 SIMs running on the network.

When defining this range keep in mind the LAN (Local Area Network) IP addresses in use in order to avoid issues. Check this with the IT administrator of your LAN if you need more help.

Why Should I use the Suggested IP Settings?

In general, our suggested settings should work fine with most common network configurations. However, if your devices and network connector have to communicate with your existing Local Area Network (LAN) there is a risk of another node in the network having an IP address within the suggested range. In this case, you will need to select a custom IP address range for your network, if you are unsure check with your IT administrator.

Network Connector Installation:

What type of VPN Tunnel is the Network Connector Establishing?

The Network Connector initiates an IP over TLS connection, to specific service IP addresses on port 443 with the following spec:

    • Authentication: RSA 2048/SHA256 certificates
    • Cipher suites supported:
      • Initial enrollment and registration – Always TLS1.2 cipher suites
        • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
        • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
        • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
        • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
        • TLS_RSA_WITH_AES_256_GCM_SHA384
        • TLS_RSA_WITH_AES_128_GCM_SHA256
        • TLS_RSA_WITH_AES_256_CBC_SHA256
        • TLS_RSA_WITH_AES_128_CBC_SHA256
        • TLS_RSA_WITH_AES_256_CBC_SHA
        • TLS_RSA_WITH_AES_128_CBC_SHA
      • Data connectivity (tunnel)
        • TLS 1.2
          • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
          • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
          • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
          • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
          • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
          • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
        • TLS 1.3
          • TLS_AES_256_GCM_SHA384
          • TLS_CHACHA20_POLY1305_SHA256
          • TLS_AES_128_GCM_SHA256

Notes:

    • The service will choose the cipher suites based on what the Network Connector offers, which depends on the OS version. If there are multiple options the preferred one will be the one with highest priority for the Network Connector
    • For example, if a server is using Windows Server 2016 with TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 as the preferred cipher suite this is the one that would be utilized from the lists above. For other scenarios, the suite could be different depending on OS capabilities. See the Network Connector requirements for minimum OS versions.
    • The procedure to enable or disable specific cipher suites depends on the specific OS. For Windows OS you can check more details here

 

What are the Requirements for the Network Connector?

  • The Network Connector should be installed on a server that meets these criteria:
    • Is “always-on” (i.e. not a desktop or laptop)
    • Runs Windows  (see Minimum OS versions below)
    • Has Internet access (see Network requirements below))
    • Either hosts (or has network connectivity to) the services and applications your IoT devices need to connect to.
  • Minimum Windows OS versions
    • Windows Server 2012 R2
    • Windows 8.1
      Notes:

      • Recommendation is to use the latest Windows Server 2016 when available.
      • Network Connector should function normally on earlier versions of Windows (e.g. Server 2008, Windows 7 and even earlier), but no official support is offered for these now-obsolete Windows platform versions.
  • Network requirements
    • In order to be able to connect to the devices and establish a secure VPN, the server or computer must be able to reach the internet (outbound connections to both port 80 and 443)
    • If you need DNS in your private network, the server or computer must have access to your DNS server (usually on port 53 both TCP and UDP)
    • The network connector might conflict with other VPN applications installed on the same host, even if not enabled at the same time.
  • Physical requirements
    We recommend that the physical machine or VM the network connector is installed and has access to 4GB of RAM. The CPU and network requirements will vary depending on the customer. If a connector is running on a VM, the physical machine the VM is on needs to have enough resources to provide the connector with what it needs. If there are multiple VMs on a physical machine, the physical machine must have the processing power, RAM, and network capabilities to support the connector VM at peak usage.

As a reference, we recommend an AWS instance type of t2.medium as specified here: https://aws.amazon.com/ec2/instance-types/

Other notes
In general, it is recommended that a Windows Server instance (e.g. Server 2012) is used over a client OS (e.g. Windows 10).

What is the Network Connector?

  • The Network Connector is one end of the secure tunnel that will be established to connect your SIMs to your Private Network.
  • The Network Connector is NAT-friendly, fully integrated with Windows, providing a VPN Virtual Interface adapter, advanced automatic routing controls, and seamless DNS integration.
  • The Network Connector initiates an IP over TLS connection (TLS1.2) to a specific IP address on port 443.

How can Add/Modify Routes and Metrics for my Private Network?

  1. Log in to your account.
  2. Click:
    1.  Network Settings
    2. Advance Network Settings
  3. In the Routing Information menu, you can add/modify/remove routes, with the following information:
    • Subnet and mask of the destination
    • Metric, or link cost
    • Next hop: this is the next closest/most optimal router for the IP traffic. It must be the IP address of one of your Network Connectors.
  4. Click Confirm to make the change or Cancel to retain the current status.

How can I Connect to Multiple Private Clouds?

You can reach different private destinations by installing one Network Connector in each of them.

Once the Network Connectors are installed you will need to modify the routing rules for your network to route traffic appropriately to each cloud’s subnet IP range.

How can I Configure my Network for High Availability?

The service supports multiple Network Connectors and complex routing rules with link-cost/metrics that allow high availability scenarios to be supported. Below are some guidelines for the setup. For further details contact support.

You can achieve high availability in your VPN network by installing 2 or more network connectors in different hosts of your network.

Once you have installed them you can have either load-balanced or primary-secondary (failover) scenario. The only difference is the metric (i.e. link cost) associated with the corresponding routes:

  • For load balancing the metric for all routes, each network connector must have the same value
  • For failover, you’ll have to set up a lower value for your primary network connector and a higher value for the other(s).

You can modify the metric in the routing table available in the advance network settings menu.

Note: Please be aware that high availability requires an appropriate network topology and routing configuration also in your LAN. If you don’t know how to do this, please contact your IT administrator.

How is DNS Resolved for my Network?

Your client devices are always assigned a DNS server IP when they connect to the cellular network.

Which DNS server and how it behaves depends on the type of network you have:

  DNS Server
VPN Network Connector
Secure Internet IoT Connect DNS Resolver
Hybrid (VPN and Secure Internet) IoT Connect DNS Resolver or Network Connector (can be configured as part of Network Settings)

Default is IoT Connect DNS Resolver

Network Connector: when using the Network Connector, the DNS requests from your devices are forwarded to your Network Connector that acts as a DNS proxy for remote clients.

Your Network Connector will use the DNS server configured on the host/server where it is installed to resolve DNS requests from the client devices.

Network Connector will allow your devices to resolve any DNS lookup both for private or for public domain names (assuming the Network Connector host can resolve them).

IoT Connect DNS Resolver: the service provides a secure dedicated internet resolver for the devices inside your network that can resolve all public DNS lookups. IoT Connect DNS Resolver is highly available and secure, accessible only inside the network and allowing only responses from external authoritative DNS servers fully validated using DNSSEC.

IoT Connect DNS Resolver will allow your devices to resolve any DNS lookup for public domain names but not for private DNS queries. Therefore, if you use your own private DNS and need your devices to resolve private DNS queries you will have to configure the Network Connector.

Can I Install my Network Connector in AWS?

To deploy your Network Connector in your AWS account you need:

Pre-requisites

  • Your own VPC
  • Internet GW. The network connector will establish an outbound TLS connection where outbound traffic on ports 80 and 443 must be allowed
  • Host instance with the appropriate Windows OS. We recommend you:
  • We recommend you also to set up a Security Group restricting inbound access from source IP of your office or the environment from where you’ll be managing your VPC via e.g. Remote Desktop.

Once your environment is ready you will need to:

  1. Install the Network Connector
    1. Access to your Windows host through RDP
    2. Download the Network Connector Installer by copying the file through Remote Desktop or if you open your IoT Connect account from a browser in your Windows instance and download it form your account
    3. Run the installer and follow the steps (it will ask you for the activation code).
  2. Setup the routing table with an entry for the subnet of your SIMs, which is set to the Network Interface of the Network Connector. This can be completed with the following CLI command:
    aws ec2 create-route –route-table-id [route id] –destination-cidr-block [IP range of your SIMs] –gateway-id [id of the network interface created by the Network Connector].
    More info here: http://docs.aws.amazon.com/cli/latest/reference/ec2/create-route.html
  3. Disable Source and Destination checking which can be completed with the following CLI command:
    aws ec2 modify-instance-attribute –instance-id [id of your instance] –source-dest-check “{\”Value\”: false}.
    More info here: http://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-attribute.html

How to Setup and Install Your Network Connector?

To install your Network Connector first you will need to identify a suitable Host Server (see Network Connector Requirements).

Once identified, it is recommended that you start this process from a browser session on the server. If this is not possible, you will need to copy installer files to the server as part of the process.

Then there are 2 phases:

  • Setup: In this phase, the Network Connector is created with a friendly name and an IP address for the virtual adapter, that will become part of your private network
  • Installation: In this phase, the Network Connectors will be installed, authenticated and securely connected to your private network. These steps are specific to the OS of the server.
  • Network Connector Setup
  1. Log in to your account, go to Network Settings and click on the Add New button beside Network Connectors.
  2. Give a friendly name to your Network Connector. This is mainly for you to be able to easily identify each connector when you have more than one.
  3. Assign an IP address (or accept the suggested value).
    Note: The IP address must not conflict with any internal IP range on your server or with the private range used by your SIMs.
  4. Continue and select the appropriate Windows platform (32 or 64 bits)
  5. Download the installer (you will have to copy the installer to your server if you are browsing the portal from a different computer).
  6. Copy the activation code provided by the user interface
  7. Complete the installation (see below).
  • Windows Installation
    The installation on Windows is with a standard MSI Windows installer.
  1. Run the installer in your server.
  2. When prompted for the activation code, paste it and click next.
  3. Complete the installation.
    Your Network Connector will be started, and the tunnel will be connected.

My Download Failed, what Should I Do?

Make sure you have internet access available and the right permissions to download and run the installer (The name could vary depending on the date/version).

Note: If the issue persists and for further clarification, contact Singtel GSD (Global M2M Connect Service Desk) through its 24 hours service hotline:

  1. 24×7 service helpdesk: 1800-788 0022 (Press 1 for M2M)
  2. E-mail: gcsc@singtel.com

How can I Restart a Network Connector?

You might need to restart it if the network is down or after you enable a connector from the web interface.

For Windows, you can check the status and restart it by opening the network connector admin interface from the notification icon in Windows taskbar (usually the bottom right corner of the screen) and clicking on the restart button (or stop and then start if a restart is not available).

For Linux  [Approaching End of Life] you can check the status and restart from the command line:

  • Check the status:
    > sudo asavie-vpn status
  • To restart the process:
    > sudo systemctl start asavie-vpnagent

NOTE: Linux Network Connector is in the End of Life process. We recommend you to use the Windows version of the Network Connector.

Content is provided as a reference before the Linux Network Connector is fully retired.

Note: The connector must be enabled before you start it.

How do I know if my Windows Operating System is 32 or 64-bit?

To view the system type:

  1. Open a File Explorer window by pressing Windows Key + E.
  2. On the left, right-click This PC.
  3. In the context menu, select Properties.
    Note: The System Properties window opens.
  4. In the System Properties window, locate your System type, which lists your operating system and CPU type.

Why do I need a Separate IP address for my Network Connector?

This must be a unique address so that our system knows which address to send the communications from your devices. It cannot be within the range of your Network (i.e. the IP addresses assigned to each device.)

We suggest an IP address based on the range you have set up for your Network and this should work fine for any project as long as there is nothing else running on the system that is already using the same IP as we have suggested.

Can I have more than one Network Connector (VPN) on my Account?

You can set up multiple network connectors. For instance, you might want to set one up on a testing server before deploying it to the live server. In this case, you would need to disable the test one when you want to move to the live one.

If you want to use multiple connectors at the same time for High Availability or to connect to multiple clouds you will need to set up the appropriate routes in the advance network settings. Please read the following FAQs for more details.

 

 

Security:

Can I Restrict the Bit Rate per Device?

Yes, from the Advanced Network Settings page, you can define the maximum bit rate that is applied per device. Please note:

  • Bit rate limit is enforced per second
  • Bursts are allowed where the maximum burst size is always set to double the value of the bit rate limit (e.g. if the bit rate limit is 100 kbps the max burst size is 200 kb).

When this rate limit is configured, two parameters are set, the bit rate and burst (always double the value to the burst parameter). Short momentary bursts above bit rate will be allowed.

When a device is connected, every second, bit rate value is added to a token bucket up to a maximum of the burst value, as traffic is passing through tokens are used up from this bucket

Burst value is, therefore, the maximum amount of tokens that a device can accumulate when it is not sending any traffic. For example, if a device is not sending any traffic, it will accumulate up to burst amount of tokens and then when it starts sending data, it can use them all up, in a burst, but then if it keeps sending traffic, then it will settle at the bit rate limit.

Can I Allow my SIM to Connect from Only one Specific Device?

Yes, you can lock your SIM to the IMEI of a device. The IMEI (International Mobile Equipment Identity) is an identifier of the cellular modem of your device. You can enable the device lock from the user interface for each SIM.

Once the lock is enabled:

  1. The user interface device lock for that specific SIM will show as “Waiting”
  2. The IMEI will be captured in the next connection made by the device.
  3. The captured IMEI will be bound to the SIM, so any further connection using a different IMEI will be rejected
  4. The IMEI will be shown in the user interface.

Note:

  • The locking mechanism relies on the IMEI being sent when the device tries to connect to the cellular network. Sometimes it is not sent, and if the lock is enabled and the IMEI has already been captured the connection would also be rejected, even if the connection is from the right device
  • The IMEI identifies the cellular modem, not the device. A device can have more than one cellular modem. If a device has more than 1 SIM slot and all SIMs can be active at the same time then it has multiple cellular modems. In this scenario, the device won’t be able to connect when a SIM that is locked is moved to another SIM slot.

How can I Restrict Traffic on my Device?

You can restrict the traffic using any of these 2 mechanisms (or both):

  • Network IP ACLs (Access Control Lists), allowing you to restrict the destination IP and IP protocol your SIMs can reach
  • Internet rules or Domain Name filtering, i.e. a whitelist of Domain Names your devices will be able to resolve.

How can I Setup Network ACLs for my Network?

  1. Log in to your account.
  2. Click:
    1.  Network Settings
    2. Advance Network Settings.
  3. In the Network Access menu, you can add/modify/remove ACLs with the following information:
  • Order: Order in which the rules are applied where a lower value means a higher priority
  • Direction: Specify whether the rule is applied to traffic from the devices or to the devices
  • Type: Select from a list of predefined options. This includes a list of predefined services (e.g. HTTP) which involves a combination of specific protocol and port, or generic options that will let you customize the protocol and port or range of ports. If your service is not on the list, you can choose Custom protocol
  • Protocol: IP protocol to be applied. It includes TCP, UDP, and other IP networking protocols
  • Source:  Depending on the Direction selected previously, the Source can be the SIMs (if Direction is “From Devices”) or a custom network IP subnet specified in CIDR format (if Direction is “To Devices”) e.g. 192.168.0.0/24
  • Destination: As with the Source, depending on the Direction selected previously, the Destination can be the custom network IP in CIDR format (if Direction is “From Devices”) or the SIMs (if Direction is “To Devices”)
  • Port range: Port (e.g. 80 for HTTP) or range of ports to be applied
  • Access: Traffic that matches the ACL should be permitted or denied
  • Enabled: If the rule is not enabled it is not applied to the traffic.

Note:

  • If the list of ACLs is empty, then all traffic is allowed
  • If there is at least one Network ACL then all the traffic that is not explicitly allowed will be denied.

For example, to restrict the traffic in an internet & VPN network so that:

  • Devices can only talk HTTPs to the internet
  • There is remote access to the devices using ssh protocol for management purposes (we’ll assume that they will be accessed from agents in the 192.168.0.0/24 LAN)
  • All other traffic is not allowed.

The Network Access Rules list would look like:

Type Protocol Direction Source Port(s) Destination Port(s) Access Enabled
HTTPS TCP From Devices SIMs any 0.0.0.0 443 Permit Yes
SSH TCP To Devices 192.168.0.0/24 any SIMs any Permit Yes
All Traffic any any any any any any Deny  

I have Defined a Domain Name list and I am Browsing the Internet but I Cannot Access to sites in my Whitelist. What is the Problem?

You must be aware that certain websites could be doing redirections to different domains based on your location or loading resources from different subdomains. Your whitelist should include every URL that is required.

E.g. if the whitelist includes www.acme.com but the page requires resources from cdn.acme.com or it is forwarded to www.acme.ie then the web page won’t load properly.

This scenario is more unlikely to happen in IoT use cases where the destination is the URL of an API for e.g. MQTT traffic or device management platform.

Are Changes in the Domain Name Whitelist Applied in Real Time?

The new policy is applied in real time. However, the devices could be caching the IP addresses of the domain names for some time, usually until they expire. This might vary between domain names and between devices. The change in the policy won’t take effect until there is a new DNS request from the device.

In this situation we recommend you clear the DNS cache of your device. How to do that depends on the type of device but can usually be achieved by disconnecting and reconnecting to the network or by rebooting the device.

How does Domain Name Filtering Work?

If the list of Domain Names is empty, then the SIMs will be able to resolve any DNS. However, if there is at least one element in the list it will behave as a whitelist, allowing the client devices to resolve the IP address only for domain names that match any of the entries in the list.

For each entry in the list, you can define whether it includes subdomains or not.

  • If an entry does not include subdomains, then the devices will be able to resolve a domain name only if it matches exactly the content of the entry i.e. “domain1.acme.com” would not match “domain2.acme.com”, “subdomain.domain1.acme.com” or “acme.com”
  • If an entry includes subdomains, then the devices will be able to resolve that domain and any subdomain of that entry.

Some examples here:

Entry Includes Subdomains Allows Does Not Allow
acme.com NO acme.com

 

acme.ie

label1.acme.com

label2.acme.com

subdomain. label1.acme.com

acme.com YES acme.com

label1.acme.com

label2.acme.com

subdomain. label1.acme.com

acme.ie
label1.acme.com NO label1.acme.com

 

acme.ie

acme.com

label2.acme.com

subdomain. label1.acme.com

label1.acme.com YES label1.acme.com

subdomain. label1.acme.com

 

acme.ie

acme.com

label2.acme.com

 

 

 Troubleshooting:

Why can’t I Activate and Start my Network Connector?

Note: This issue affects Windows Server 2008 and Windows 7. Extended support by Microsoft for both versions ended in January 2020. Please upgrade to the latest OS version. Minimum OS versions for the Network Connector are Windows Server 2012 and Windows 8.1

To support the SHA256 code signing certificate on our driver, Server 2008 R2 and Windows 7 SP1 require Windows Security Update KB3033929. This update is installed automatically on any machine that has Windows Update switched on. However, where this update is not installed, the agent will not be able to establish a tunnel connection. If this is the case, a customer can install it by updating the computer to the latest version of Windows or by downloading the specific update here:
https://www.microsoft.com/en-us/download/details.aspx?id=46148

A machine that is not up to date with the latest Microsoft patches will display some or all of the following after an agent install:

  • There will be a yellow warning triangle beside Device Manager -> Network adapters -> Asavie Network Virtual Adapter.
  • The network adapter will install but there will be no adapter present under “Network Connections” in the control panel.
  • On installation, there will be a warning about an untrusted or unknown publisher.

Newer operating systems are not affected.

Why is my Device not able to Connect?

This could be for a number of reasons:

  • Incorrect device APN configuration, see more information here
  • Network is down, see more information here
  • Device reached the cut-off point for the network

If the issue persists or for further clarification please contact Singtel GSD (Global M2M Connect Service Desk) through its 24 hours service hotline

  1. 24×7 service helpdesk: 1800-788 0022 (Press 1 for M2M)
  2. E-mail: gcsc@singtel.com

How can I Change the IP Address for my Network?

Changing the IP address of a single device/machine is risky and can generate issues within the way the other devices communicate, so this is not possible from IoTConnect+. It is only recommended in extreme circumstances, but if you really need to you can contact support.

How will I know if my Network is down and what can I do to fix It?

You will see an error message when you log in to your dashboard if the network stops working.  Please complete the following steps to fix it:

  1. Check your server:
    1. Is switched on and not displaying errors.
    2. has internet access.
  2. Check and refresh the network settings and re-establish connectivity:
    1. Log in to your account
    2. Click Network Settings
    3. Click the Actions icon  for the enabled Network Connector
    4. Click Renew Settings.
  3. If problems persist restart the Network Connector from your Server:
    1. Click the Network Connector icon in Windows taskbar (usually the bottom right corner of the screen).
  4. If the problem still exists, you may need to reboot your server.

If none of these steps solve the issue, contact support.

Glossary:

DNS

DNS, which stands for domain name system. It translates Internet domain and host names to IP addresses and vice versa.

On the Internet, DNS automatically converts between the names we type in our Web browser address bar to the IP addresses of Web servers hosting those sites. Larger corporations also use DNS to manage their own company intranet.

MTU

Maximum Transmission Unit (MTU) of a communications protocol of a layer is the size (in bytes or octets) of the largest protocol data unit that the layer can pass onwards.

APN

An Access Point Name is the name of a gateway between your mobile device and the Internet. A mobile device requires an APN in order to access the Internet.

Private APN

A private APN is a service that will connect mobile devices into one private network to enable secure communication and the ability to use company’s applications and data whenever needed.
It is private because it protects your data and identity from public networks such as the Internet and wireless hotspots.

 

If you need more help, please contact support.