Managing IoT Deployments: Using Network Orchestration to Enable Enterprise IoT

Nick Earle

CEO & Chairman


The introduction of eUICC enabled eSIM Remote SIM Provisioning (RSP) is driving momentous change in the IoT landscape and the Mergers and Acquisition (M&A) strategies of the larger industry players. These changes require network orchestration for Enterprises to define and extend IT policy to the edge.

Network Orchestration, otherwise referred to as Software-defined networking (SDN) orchestration, allows automatic programming of the network’s behaviour using automated rules.  In this blog we discuss why network orchestration is necessary for IoT solutions, and how several large industry players are making multi-billion-dollar bets on it.

Enterprises take control

For the first time since the introduction of the mobile operator SIM card in the early 90s, eSIMs have broken the embedded link between the Mobile Network Operator (MNO) card and the MNO IMSI (International Mobile Subscriber Identifier). An IoT device containing an eSIM (and in the future an iSIM embedded inside the device module or modem) which is connected to an MNO can now be remotely provisioned to run on another operator’s network by an over the air push/pull of the new IMSI into the step 2 profile of the eSIM.

Critically, this IMSI switch will be initiated by the Enterprise and not the MNO as the control of the key switching function, the SM-SR (Subscription Management Secure Routing), is increasingly passing to the Enterprise, either as an in-house solution or in an agnostic connectivity management cloud platform, such as Eseye’s.

For the Enterprise this enables a further benefit in that network choice will not be limited to a fixed list of roaming partners provided by each MNO as each eUICC enabled switch will localise the connection onto the new network rather than roam from the original network to the new one. This will reduce the risk of in-country permanent roaming restrictions which have historically inhibited single SKU global rollouts as they necessitated a physical SIM switch to ensure local compliance.

IoT device security concerns

All of this sounds like great news for Enterprises, which have held back mass IoT adoption due to fears around proprietary lock-in and coverage gaps, but it will also add a new layer of complexity. Take IoT device security as a case in point.

When IoT devices all use a single MNO SIM, then the edge IoT device security policy has to be implemented via that MNO. They know the location of every device and can see key data such as which DNS addresses it is accessing, what data it is transmitting, how often etc. However, this model breaks down in an eSIM implementation as devices move between MNOs.

When this happens, the Enterprise can no longer go via a single MNO to find the devices and to use that MNO’s security solution to secure them nor can they rely on their previous device IP address to communicate with the devices as each IMSI switch triggers a new IP address. Enterprises are then faced with the challenge of having to interconnect with every MNO who could handle the connection to find devices, and then to implement their security policies via multiple MNOs. As the number of eUICC enabled eSIM IMSI transfers increases this becomes a very complex and expensive solution, which in many cases will cause the IoT project to be put on hold until a practical alternative solution is possible.

The need for Network Orchestration in IoT arises

In Eseye’s case we have implemented our Enterprise Connectivity Management Platform and MNO interconnect architecture on an encrypted single ring MPLS (Multiprotocol Label Switching) network.

Using a single MPLS network means that data for every IoT device and all data to and from each MNO traverses this network no matter what MNO IMSI switching takes place. Switching simply alters the path by which device data takes to this single network, so in effect, the network is the ‘eye of the needle’ making it the single source for all global IoT data – regardless of the mobile network the device is ultimately connected to.

Implementation of security policy to all devices can then be enabled via a single API link which can transmit packet-level NetFlow data from and pass this to a security ISV or the Enterprise itself. This is an example of Network Orchestration and is the basis of the solution we have announced with Armis, the world’s leading agentless security company.

Three IoT security requirements Enterprises should consider

Security is one example of an Enterprise requirement that requires network orchestration. At Eseye we see three broad requirements for more transport layer capabilities. In each case, major industry players are building and often buying network focussed solutions to enable the management of large IoT deployments. They are:

1. Edge IoT application management

As the number of devices at the edge grows so will the local processing. By some estimates, 80% of all future applications and data will reside at the edge with cellular backhaul via public and private operators to the Enterprise. This is the logical extension to the first phase of Application distribution we have seen as 80% of applications moved from in house to the cloud over the last 15 years.

Managing those IoT applications will require network capabilities in an eSIM world. IBM’s $34bn acquisition of Red Hat has given them the lead in the Enterprise Open-Source market and enables a future extension of Red Hat’s capabilities for application development, management, and control via the network to the IT/OT edge. Additionally, IBM’s recent formation of a new Software Defined Networking group is a further indication of their intent to extend their portfolio to the edge via Network Orchestration.

2. Enterprise IoT application management

As 5G gradually replaces local wired ethernet or Wi-Fi behind the Corporate firewall, many new IoT applications will be created which use network API data from the explosion of public and private 5G networks that will be implemented.

We have already seen two multi billion-dollar companies making noticeably big bets on this new model; AWS (Amazon Web Services) with their announcement at RE:Invent of the future availability of AWS Private 5G which will be able to leverage their significant application ecosystem; and Ericsson who recently purchased Vonage for $6.2bn to create a Twilio-like 5G application development ecosystem for corporate communications applications such as Unified Communications and Contact Centre. In both cases, orchestration of application capabilities will be API enabled directly from the network layer.

3. MNO Network Functions Virtualization (NFV)

The move to private 5G represents a huge opportunity for MNOs to create and deploy new Managed Services for their partners and their customers. This is not just an incremental revenue opportunity; it will be an essential part of their strategy to counter the dual effect of consistent reductions in market data pricing and the new competitive pressure from the interoperability capabilities of eSIMs.

NFV (Network Functions Virtualization) is an innovative way to virtualize network functions and services. For MNOs, this means NFV and more granular techniques such as Container Function Virtualisation (CFV). This new software overlay managed services must be tightly integrated with the network layer to create smart analytics and insight at the network packet level and to extend their reach to the IoT edge.

MNOs have full control over the traffic from their own SIMs onto their network, but in the eSIM world, they need to extend this to all network data including IoT devices connected to their competitors. This is what Gartner refer to as Composable CSP Services and is already being adopted by leading MNOs / Communication Service Providers.

For example, TELUS recently announced the launch of TELUS Global Connect which is a fully global solution based on a single network model using a white label of Eseye’s eSIM connectivity management platform, allowing them to combine TELUS connectivity with their roaming partners, plus federate the connections via localisation to multiple other MNOs by geography.

Realising IoT adoption at scale with Network Orchestration

In summary, there is compelling market evidence that Network Orchestration will be a key enabler across many parts of the IoT stack. We should not be surprised. Cisco built a $50bn business by understanding that the IP network is the single common denominator for IT in a world, where the architecture model increasingly fragments, and applications move from the centre to the edge.

But that disruption defined the new edge as the cloud and what we are now looking at is a much bigger definition of the edge – billions of things. Since 2011 we have as an industry confidently predicted 50bn things will be connected by 2020 but have only seen about 13bn so far.

Our State of IoT Adoption research surveying 500 major enterprises in the UK and USA identified CxO concerns over security, policy extension and application management as the key reasons that are holding back IoT adoption at scale. We believe that 2022 will be the year when we finally see the long-predicted inflexion point of IoT adoption enabled by solving many of these issues via Network Orchestration.

The State of IoT Adoption

We surveyed 500 senior decision-makers and implementers of IoT from the UK and the US to explore the opportunities, challenges, and trends facing UK and US businesses when it comes to implementing IoT, and in particular the impact of COVID-19 on IoT adoption. Find out what organisations are grappling with as they prioritise and accelerate their IoT plans.

Nick Earle

CEO & Chairman


Nick spearheads Eseye and believes in connectivity that ‘just works’; that makes people’s lives and jobs easier; connectivity that’s invisible. He’s a visionary business leader with a distinguished career in technology spanning more than 30 years, spanning large corporations and dynamic start-ups and oscillating between start-ups and global IT, tech and transportation companies.

Previously, Nick led organisations and cross-company transformation programs for two $50B global corporations; Cisco where he ran the Cloud and Managed Services business as well as their Worldwide Field Services function, and Hewlett Packard where he ran the global Enterprise Marketing function and the internet transformation strategy.