ALMS Hybrid Cloud

Introducing ALMS Hybrid Cloud

ALMS Hybrid Cloud is an optional account feature for ALMS that provides an extra layer of security for your router management system. Hybrid Cloud gives you full control of the management system, ensuring that other parties, including Semtech, cannot affect your customer environment.

Table of Contents

This documentation will walk you through how to set up and manage your environment, how to manage the deployment to your devices, and provide an overview of the new features in ALMS that support Hybrid Cloud.

• Getting Started
• Creating User Profiles
• Configuring the Hardware Key
• Configuring the AirLink Router for Hybrid Cloud
• Using Hybrid Cloud

End-to-End Security with the Same Management Features

Hybrid Cloud is an alternative to an on-premises management system for routers that combines the best of the cloud and on-premises management systems. It lets you leverage the power and flexibility of the cloud with the security of on-premises in a complete hybrid environment.

Delivered as a security add-on for ALMS, the on-premises component to the management system is tightly integrated with your PKI environment. This integration ensures that you retain complete control of your environment, provides separation of duties and robust auditing of all activities on the management system.

Hybrid Cloud is scalable, capable of managing thousands of AirLink routers; and cost-effective, requiring just a single instance of the management system rather than multiple instances and subscriptions. It is secure by design, using Semtech’s device-to-cloud security model to provide end-to-end security. Deep integration with the AirLink router’s embedded software ensures the solution cannot be compromised on the device and further strengthens Semtech’s unique device-to-cloud security strategy.

Please note that Hybrid Cloud requires that AirLink XR80 and XR90 routers have a cellular network connection through your service provider. Although those routers have an LPWA (low power wide area) radio module that provides an initial connection to ALMS, Hybrid Cloud operation requires a connection to your provider’s full cellular network.

Hybrid Cloud Overview

New User Roles

As an optional add-on to ALMS, not a lot changes with your ALMS deployment. To improve the overall security of the solution we’ve enforced separation of duties. As such, your Hybrid Cloud solution requires two distinct types of users, each with a vital role.

ALMS Users: The first role is that of a standard ALMS “user”, who configures, monitors and manages your fleet. ALMS allows for as many users as you want. Users can do all the day-to-day management of the system, which creates operations (examples might be software upgrade, configuration changes, dataset creation, or reboot) to keep the fleet operating at maximum efficiency.

Authorizers: The second role is that of an “authorizer”, an individual who reviews each operation that ALMS wants to send to the router, and approves or rejects it. The operation is then applied to the routers that the user was configuring. The authorizer uses a customer-held hardware private key to sign operations. The Hybrid Cloud private key will be integrated with your organization’s existing public key infrastructure (PKI). This process ensures that only your organization can make changes to your routers in the field.

Operations that require approval include:

• Reboot
• Reset
• Synchronize
• Configure Communication
• Apply Template
• Apply Settings CSV
• Retrieve Data
• Custom Command
• Firmware Update

See also Using Hybrid Cloud.