Remote and Mobile Assets Design and Implementation Guide
- Updated:
- September 2, 2020
Chapter: Field Deployment
Remote and Mobile Assets—Field Deployment
This module is part of the larger Remote and Mobile Assets (RaMA) Cisco Validated Design (CVD). Refer to the other modules for additional details about certain aspects of the architecture that are touched on in this module. All of the RaMA CVD modules are available at: www.cisco.com/go/rama ■ ■ ■ ■ ■ ■ ■ ■ ■ |
This module includes the following sections:
Overview
The RaMA solution takes advantage of the flexibility, security, and power of industry-leading Cisco routers while simplifying deployment so that IT personnel are not needed to deploy hundreds to thousands of gateways. This module guides field operations staff on how to use simple tools—rather than complex IT tools—to deploy these gateways.
The RaMA solution leverages powerful management tools such as the Cisco Kinetic Gateway Management Module (GMM) to apply IT and security policies to the gateway, yet provides a simple and easy-to-use tool to deploy gateways in the field.
Requirements
Field deployment requirements for RaMA include:
■
Support for all Cisco Industrialized gateways such as the IR807, IR809, IR829, and the IR1101
■Simple web-based tools to provision and deploy gateways
■Mobile app (Android, IOS) based
■Support the ability to download complex routing and applications
■Support the ability to manage SIM cards including the abilities to:
■Support for public and private Access Point Network (APN)
■Ability to monitor the health, status, and location of gateways
■Ability to track LTE/3G cellular usage
■Ability to do remote diagnostics on gateways to determine root cause of problems
■Ability to de-provision gateways so they can be used in future projects
■Ability to complete the provisioning process using a mobile phone without the need for a computer
Architecture
Figure 1 illustrates key aspect of the RaMA Field Deployment architecture.
Figure 1 RaMA Field Deployment Architecture
The Field Deployment architecture includes the following components:
■Cisco IR gateways such as IR807, IR809, IR829, and IR1101
■Kinetic Cloud Gateway Management
■Apple IOS- or Android-based mobile application
The architecture leverages two cloud-based tools from Cisco, Control Center and Kinetic Gateway Management. All SIM and gateway management traffic is encrypted between the managed devices and the cloud-based tools.
Design
A key benefit of the RaMA solution is the simplicity of onboarding gateways, which allows non-IT users in the field to deploy the gateway with little to no IT support. This also significantly speeds up bulk gateway deployments across geographically-dispersed locations. This section describes the process from a field operator perspective, without delving too deeply into technical details.
Deploying Gateways in the Field
By following the steps below, field users can deploy a new Cisco Industrial Router into production in a few minutes.
Figure 2 Onboarding a New Gateway
1. Install the gateway and accessories.
The Technology Guidance module provides an overview of the Cisco Industrial Router portfolio and available accessories including power supply and antennas.
Refer to the following links for installation best practices for gateways and accessories:
–IR807:
https://www.cisco.com/c/en/us/td/docs/routers/access/800/807/hardware/install/guide/b_IR807hwinst.html?dtid=osscdc000283
–IR809: https://www.cisco.com/c/en/us/td/docs/routers/access/800/809/hardware/install/guide/b_809hwinst.html
–IR829:
https://www.cisco.com/c/en/us/td/docs/routers/access/800/829/hardware/install/guide/b_IR829-HIG.html
–IR1101:
https://www.cisco.com/c/en/us/td/docs/routers/access/1101/hardware/installation/guide/1101hwinst.html
The Zero Touch Provisioning module provides an overview of the available SIM card options including setting up the APN required for the initial gateway claiming process.
Inserting a working SIM with the correct APN is critical for zero touch deployment (ZTD). |
Claiming a gateway will complete the process to provision it based on the configured template and make it available for monitoring. Gateways can be claimed by using the Cisco Kinetic mobile app for Android and Apple iOS or through the web interface on any computer with an internet connection.
The APN information is important for gateways using their cellular connection:
–Gateways using public APN should be able to automatically connect to the internet and perform the claiming process.
–Gateways using private APN will be required to follow the private APN process outlined below.
Using the Kinetic GMM Mobile App to Claim the Gateway
Follow these steps to claim a gateway with the Kinetic GMM Mobile Application:
1. Download the Kinetic GMM mobile app to your smartphone or tablet.
3. Select the gateway model on the app.
4. Select the appropriate configuration template that has been pre-loaded.
Download the Kinetic GMM mobile app from the app store by searching for Cisco Kinetic:
■Apple App Store: https://www.apple.com/ios/app-store/
■Google Play App Store: https://play.google.com/store/apps
For additional information on the Cisco Mobile App, refer to the following URL:
■ https://developer.cisco.com/docs/kinetic/#!using-the-mobile-app
The screenshots below depict the claiming and verification process using the mobile app.
1. Use the Mobile app to scan the barcode on the router, which starts the claiming process.
For information on locating your serial # barcode, refer to:
https://developer.cisco.com/docs/kinetic/#!gateway-serial-location
Figure 3 Scanning the Barcode on the Router
Once successfully scanned, the drop-down menu will provide a choice of gateway models (IR807, IR809, or IR829).
2. Select the Type of Gateway, then click Next.
3. Select from a list of Available Templates.
Your IT Staff has created templates to be used. You will see these listed under saved templates. Select the appropriate template and click Next.
Detailed information about the gateway and template will be visible once a template is selected. Users are encouraged to verify this information before clicking Finish. The gateway will reboot several times during the claiming process before it appears as a gateway in the web UI.
Using the Kinetic GMM Web App to Claim the Gateway
The same four steps are used to claim a gateway with the Kinetic GMM Web Application:
1. Log into the Kinetic GMM account using the username and password provided by the administrator and navigate to the Claim Gateway Screen.
2. Enter the gateway serial number.
4. Select the appropriate pre-loaded configuration template.
5. Log into to the following URL using your Kinetic GMM credentials:
–US: https://us.ciscokinetic.io
–EU: https://eu.ciscokinetic.io
For additional information on the Cisco Web App, refer to:
■ https://developer.cisco.com/docs/kinetic/#!claim-gateways
The screenshots below depict the claiming and verification process using the web app.
1. Navigate to the Claim Gateway screen.
Once successfully logged into the Kinetic GMM web portal, click Gateway on the left and then select Gateways.
2. Next, select Claim Gateway.
3. Enter the Gateway information.
For more information on locating your serial number barcode, see:
https://developer.cisco.com/docs/kinetic/#!gateway-serial-location
The claim gateway screen will provide a choice of gateway models (IR807, IR809, or IR829). The address information is optional. Once selected, click Next.
4. Select from the list of Available Templates.
Your IT Staff has created templates to be used. You will see these listed under Saved Templates. Select the appropriate template. The fog and device information is optional. Click Next.
Detailed information about the gateway and template will be visible once a template is selected. Users are encouraged to verify this information before clicking Finish. The gateway will reboot several times during the claiming process before it appears as a gateway in the web UI.
Provisioning a Gateway with a Private APN
Provisioning a gateway with a SIM that has a Private APN will require one additional step. The initial claiming process must be completed with the gateway connected to an Ethernet port that has Internet access since the cellular modem will not work until after the gateway has been claimed. During the gateway claiming process, Kinetic GMM will automatically push down a Private APN configuration. Once the gateway has been claimed and shows up, it will run on its cellular connection.
Use the following ports on the gateway for your Ethernet connection:
Ensure the use of the special Private APN template during configuration.
Offboarding/Removing a Gateway
Offboarding or deactivating gateways require a few simple steps that can be completed by non-IT users in the field without IT support. This significantly speeds up the deactivation of gateways in geographically dispersed locations. By following the steps below, field users can uninstall a Cisco 8x9 gateway in a few minutes.
Refer to the following links for deactivation best practices for gateways and accessories:
■IR807:
https://www.cisco.com/c/en/us/td/docs/routers/access/800/807/hardware/install/guide/b_IR807hwinst.html?dtid=osscdc000283
■IR809: https://www.cisco.com/c/en/us/td/docs/routers/access/800/809/hardware/install/guide/b_809hwinst.html
■IR829:
https://www.cisco.com/c/en/us/td/docs/routers/access/800/829/hardware/install/guide/b_IR829-HIG.html
■IR1101:
https://www.cisco.com/c/en/us/td/docs/routers/access/1101/hardware/installation/guide/1101hwinst.html
Figure 12 Offboarding/Removing a Gateway
1. Deactivate the Gateway in Kinetic GMM.
Select the gateway to be removed or replaced and click Delete. If the SIM card associated with the gateway is managed through Control Center, you will be asked if you want to deactivate the SIM upon deletion from Kinetic GMM. The SIM can be reactivated later through Control Center.
2. Uninstall the Gateway and SIM.
Remove the gateway and ship it back to the IT department. Either deactivate the SIM or return it to the SIM pool for reuse.
Field Monitoring and Troubleshooting
The RaMA solution offers a number of tools for non-IT users in the field to use during monitoring and troubleshooting, which greatly reduces IT support requirements
Monitoring the Gateway
Kinetic GMM provides several tools for monitoring key aspects of field operations including:
Gateway Status
Figure 14 provides an overall view of the key information available through the Kinetic GMM console, including location and status of the gateways. This screen is available when users click Dashboard on the Kinetic GMM console.
GPS Location and Geofencing
Users can track the GPS location of any gateway that has GPS enabled by logging into the GMM Dashboard. Using the +/- in the map, the gateway in question can be identified and detailed GPS information displayed. Users can also specify a geofence for the gateway. The gateway will generate an alarm if it enters or leaves this area. More information on the GPS and geofence capabilities is available in the GMM guide:
https://developer.cisco.com/docs/kinetic/#!overview/overview
Figure 15 GPS Location and Geofencing
| For more information on GPS tracking and Geofencing, refer to: ■ |
Reports
Kinetic GMM provides a simple reporting tool to track cellular and gateway inventory. To access these reports, users log into the Kinetic GMM portal and click Tools -> Reports.
Users can then select the type of report required (Inventory or Cellular Usage) and specify required information, recurrence, and the report name.
A CSV file of the report can be downloaded by clicking the red CSV button.
Figure 18 Download CSV File of Report
Kinetic GMM Alerts
Kinetic GMM can provide alerts for a variety of events, including:
Setting up an alert is simple. Users click Tools -> Alerts on their Kinetic GMM Dashboard.
When Add Alerts is clicked, Kinetic GMM prompts for a name for the alert and the gateways that should be monitored. Users can provide an email address for the alerts and types of alerts to receive.
Figure 20 Kinetic GMM Prompt for Alert
Gateway Logs
Gateway logs can be accessed through the screen in Figure 21.
Figure 21 Accessing Gateway Logs
For additional information on gateway logs, refer to:
https://developer.cisco.com/docs/kinetic/#!gateway-status-and-logs-gateway-status-and-logs
Best Practices
Troubleshooting the Gateway
Common Gateway Issues
■Stuck in Registering for more than 10 minutes—This usually indicates that the gateway is not able to contact Cisco Kinetic.
–For cellular gateways, ensure that a SIM card was inserted and has valid data plan.
–If using Ethernet gateways, verify that the required network ports are open and that there are no firewalls blocking the gateway from reaching the internet.
■Stuck in the In Progress state for more than 10 minutes:
–Ensure that the gateway did not go offline and internet connectivity is still present.
–Check the Gateway Event logs under the gateway details page to see if the gateway registered successfully and was configured.
–Verify that the WAN interface configuration is correct in the template used to claim the gateway.
–Ensure that the gateway did not go offline and internet connectivity is still present.
–Check that the gateway model and model for the associated template are the same.
–Verify that the WAN interface configuration is correct in the template used to claim the gateway.
■GPS troubleshooting—If the gateway location is not being updated correctly on the map view:
–Wait for the update to occur. The gateway location is updated every 30 seconds.
–Verify that GPS is enabled in the Gateway Details -> Current Config page.
–If GPS is not in enabled state, check if the gateway was claimed using a configuration that enabled GPS. This can be checked in the gateway event logs. There will be entry such as “Gateway was configured using configuration xyz”.
–Delete and reclaim the gateway with the correct configuration, if required.
–Ensure that the correct GPS antennas are attached to the gateway.
–Ensure that you or your user has a valid account in the portal.
–Click Forgot Password to reset a password.
■Private subnet troubleshooting—If the devices connected to the gateway are not getting assigned the right DHCP IP addresses:
–If private subnet is not enabled, the devices will be assigned IP addresses from Cisco Kinetic.
–Verify that the private subnet is enabled in the Gateway Details -> Current Config page.
–If private subnet is not enabled, check if the gateway was claimed using a configuration that enabled private subnet. This can be checked in the gateway event logs. There will be entry like “Gateway was configured using configuration xyz”.
–Verify that the configuration details entered for configuration are correct.
–Delete and reclaim the gateway with the correct configuration, if required.
■Customer VPN troubleshooting—If the gateway is not able to establish a tunnel with the head end router:
–Verify that VPN is enabled in the gateway Current Config page.
–If the VPN is not enabled, check if the device was claimed using a configuration that enabled the Customer VPN. This can be checked in the gateway event logs. There will be entry like “Gateway was configured using configuration xyz”.
–Verify that the details entered for the VPN configuration are correct.
–Delete and reclaim the gateway with the correct configuration, if required.
–Verify that the configuration on your head end router is correct and that it allows the gateways to establish tunnels with the provided configuration.
Note: There is a known issue where site-to-site VPN tunnels and the site-to-site VPN tunnel IP address in the gateway details page can take up to 30 minutes to update after it is successfully enabled.
■Work Group Bridge (WGB) troubleshooting—If the gateway is not able to connect to the root access point:
–Verify that WGB is enabled in the Gateway Details -> Current Config page.
–If it is not enabled, check if the gateway was claimed using a configuration that enabled WGB. This can be checked in the gateway event logs. There will be entry such as “Gateway was configured using configuration xyz”.
–Confirm that the details entered for the WGB configuration are correct.
–Delete and reclaim the gateway with the correct configuration, if required.
–Ensure that the correct antennas are attached to the gateway.
–WGB is supported only on the 5GHz radio. Verify that the root access point is compatible with this.
–Make sure the radio frequencies between AP and the WGB device are in the same domain and have a common frequency.
Use the command show controller Dot11 1 frequency to display the frequency channels.
Ideally, there will be many overlapping non-DFS channel between the IR829 gateway’s AP and the root AP.
Note: WGB is supported only on IR829 gateways that use cellular as the uplink (not supported on IR809 gateways and Ethernet-enabled IR829 gateways).
■Wi-Fi troubleshooting—If you are not able to connect any devices to the Wi-Fi hotspot configured on the gateway:
–Ensure that the correct SSID and preshared key are entered into the device.
–Ensure that the correct antenna is attached to the gateway and that the device is within range.
–Verify that Wi-Fi is enabled in the Gateway Details -> Current Config page.
–If Wi-Fi is not enabled, check if the gateway was claimed using a configuration that enabled Wi-Fi. This can be checked in the gateway event logs. There will be entry such as “Gateway was configured using configuration xyz”.
–Delete and reclaim the gateway with the correct configuration, if required.
–If Work Group Bridge (WGB) is also enabled on the gateway, then Wi-Fi works only on the 2.4 GHz radio.
Note: Wi-Fi is supported only on the IR829 gateways (not supported on IR809 devices).
For additional information on troubleshooting:
■ https://developer.cisco.com/docs/kinetic/#!gateway-configuration-troubleshooting
■ https://developer.cisco.com/docs/kinetic/#!deploy-your-gateways/troubleshooting
Gateway Diagnostics
For additional information on gateway logs, refer to:
https://developer.cisco.com/docs/kinetic/#!gateway-status-and-logs-gateway-status-and-logs
Kinetic GMM offers a rich set of field-accessible gateway diagnostics tools.
Click Export to download a text file with the diagnostic results. |
4. Click a button to run the predefined diagnostics:
a. Connectivity with Kinetic—Click Gateway or App Infra to verify that the gateway and apps can communicate with Cisco Kinetic.
–Click Ping or Trace Route to verify connectivity from the gateway to a different IP address. See below for more information.
–Click Test Throughput and enter an iPerf Server address to retrieve cellular throughput information. Use this to find out where the connectivity is bad, such as signal strength or uplink bandwidth issues. You can host your own iPerf server (recommended) or use a public iPerf server.
5. Show Commands—Click Run to run a set of pre-defined show commands in the gateway that display information about the device.
6. Debug Commands—Retrieve the syslogs, clear the syslogs, and enable/disable additional debugging on the gateways.
7. Refresh-Click Refresh App Management to reboot the gateway, reboot the access point (AP) for IR 829 gateways, and refresh the App Management state (this forces Kinetic to resync with the IOx apps running the gateway).
Installation Best Practices
General Considerations
Before starting, plan the installation carefully so it will meet the following requirements:
■The installation must be safe for the operator and passengers within the vehicle.
■The installation allows for convenient access by the operator, as applicable (i.e., the Ethernet ports, console cable, sim cards, ability to view LEDs).
■The mobile radio is mounted in a location assuring the vehicle occupants' safety and out of the way of passengers and auto mechanics.
■The equipment is installed away from the airbag deployment areas.
■The equipment is protected from water damage.
■The installation is neat and allows easy service access.
Before the starting the installation, it is imperative to discuss with the customer the exact location in the vehicle where equipment is going to be installed. This will prevent hours of rework and reinstallation.
The test vehicle has the router and Raspberry Pi installed so it is behind the rear seat of the GMC Canyon truck. It is accessible as the rear seat folds down to allow full access to ports and antenna connections.
Figure 23 Test Vehicle Installation—1
Figure 24 Test Vehicle Installation—2
Specific Considerations
Power Source Location and Considerations
■Some vehicles operate on 24 VDC, so it is important that the location chosen is a 12 VDC source. If a 12 VDC source is not available, a converter will need to be installed.
■Ensure that the location chosen is a main power source and will allow the addition of added terminals.
■If an auxiliary fuse block is going to be used, ensure that the location chosen for the block will guard against possible short circuits (see Figure 25).
Figure 25 Test Vehicle Power Distribution
Some vehicles, trucks in particular, will have studs on the firewall that may be used to pass power without the need for a through hole. These can be used only if verified that they are not used to connect data cables or wires.
Ignition Sense Location and Considerations
■Chose an ignition sense that will not interfere with the safety-related systems of the vehicle.
■The ignition sense wire (white or blue wire) connection determines how or when power is applied to the mobile router. The white wire is sometimes referred to as the “white ignition switch wire”" or the “ignition sense input wire”. Regardless of the configuration, the router's main DC power input (red A+ wire) must be connected through an in-line fuse to unswitched vehicle DC power. The red wire must be connected to raw battery power (positive battery terminal) via the supplied fuse.
■It is important to use the proper crimp tool for crimping any terminals or fuse holder
Power On/Off Using Vehicle Ignition
■For the mobile router to be powered on and off with the vehicle's ignition, the ignition sense wire needs to be connected to one of switched power sources, typically known as accessory power.
■In this configuration, the white or blue wire connects to a switched power source, typically identified as “Accessory” power, that switches on and off with the vehicle's ignition switch/key. The accessory source is normally found in the vehicle's interior fuse block.
■The source chosen should have nothing to do with the vehicle's safety systems. Refer to the vehicle's owner's manual when choosing an appropriate accessory source.
Ground and Return Location and Considerations
■Care should be taken to ensure the location chosen is truly to vehicle ground.
■The location chosen should not be in an area that is prone to moisture retention.
■Ensure that the location will protect the terminal from being bumped and allow the connection to loosen.
■The location must allow a through bolt with a nut and lock washer or be at a factory ground.
■Chose a location that will allow the ground lead to be as short as possible.
Antenna Mounting Considerations
■Antenna location must be chosen based on the installation instructions and in consideration of other items installed on the vehicle's roof.
■There must be at least a 24” separation between the antenna and any other roof mounted equipment (see Figure 26).
■If the antenna being used requires a ground plane, the location chosen must provide an acceptable ground.
Figure 26 Test Vehicle Antenna Placement
Data, Antenna, and Power Cable Routing Considerations
■Cables should not be routed under vehicle carpeting where the feet of occupants' rest.
■Plan the cable runs so as to protect the cables from chafing, crushing, moisture, or overheating.
■Routing under the dash should not interfere with, or pass through, the steering column, brake pedal, clutch pedal, or the accelerator mechanisms.
■Carefully chose the location where the wiring will exit the passenger compartment and enter the engine compartment.
Splicing Requirements
Splicing the 12 VDC (A+) wire is not allowed. For other wires, if a splice must be installed such as to extend the wire, the following requirements must be followed:
■When wire is routed through hidden locations such as door jams, under the dash or, otherwise hidden from view use a solid run.
■Any splice installed must be visible to future service technicians. The best way to accomplish this is to cut off the wire back near the equipment connector and splice on a new wire.
■The splice wire used must have insulation rated for use in an engine compartment.
■Estimate the length of the run and determine required wire gauge.
■The gauge of the wire used must be based on the length of cable run for a load of approximately 5 Amps and maximum allowable voltage drop of 200 mV at peak load. If larger gauge wire is not required the same gauge shall be used, but never a smaller gauge.
■When splicing a wire that could be exposed to moisture use a butt splice encased within heat shrink tubing to seal the connection.
Battery Connection Requirements
■The 12 VDC power source should be the battery if possible. Other sources may be used if a battery connection is not available or feasible. Acceptable sources are the input to the main relay/fuse panel in the engine compartment, other main 12 VDC terminal, or installation of an auxiliary fuse block.
■An inline fuse holder is used for the mobile router to protect the equipment and the vehicle from a possible short circuit or excessive current draw. The fuse amperage must be according to the manufacturer's specifications. The fuse holder is water resistant to protect the fuse from the elements and avoid the possibility of corrosion. For optimum safety, the fuse should be placed as close to the battery as possible.
■If an auxiliary fuse block is being installed, the conductor used to connect it to 12 VDC should be gauged large enough to support the current flow of all the equipment that is fed by the block. The gauge of the cable to be used must be based on the length of cable run for a load of approximately 40 Amps and maximum allowable voltage drop of 200mV at peak load. In most cases this conductor consists of #6 AWG or #8 AWG wire. The insulation of this conductor must be properly rated for engine compartments. An inline fuse holder must be installed on this wire near the battery. The fuse holder must be water resistant and the amperage of the fuse installed should be rated large enough to handle the total current flow of the block. In most cases the fuse rating is 40 or 50 amps.
■The test vehicle utilized by AMK Services for this testing used a 60-amp fuse for the load which included a power inverter, a Raspberry Pi (Linux device), and multiple laptop at times. All needed equipment would need to be load rated and the fuse and wiring would need to be matched correctly to safely handle the load.
Figure 27 Test Vehicle Battery Connections
Glossary
Term |
Definition |
|---|---|
Feedback