Dynamic VPN - VPN on demand

To VPN or not to VPN...

In our qbee blog we discuss the advantages and disadvantages of allowing VPN connections in an industrial IoT context. Some companies want more VPN capabilities while others might want to limit this. The interesting thing is that qbee can create a VPN on demand. This means that the VPN will only be created for a specific device or group of devices when maintenance or access is needed. The qbee agent controls the VPN part and can securely enable or disable it as controlled through settings.

In certain industrial IoT settings there are limitations with regards to the use of VPNs. Having many different device vendors opening virtual private networks could be considered a security risk. On the other hand, VPNs can be highly valuable to debug device misbehavior or to troubleshoot as well as potentially accessing applications on the remote edge devices.

For these cases qbee.io has created the dynamic VPN or "VPN on demand". In our solution the VPN is already integrated and it works out of the box independent of network infrastructure or if you have a fixed IP or not. But the qbee embedded edge device configuration management solution is not relying on the VPN. Thus it works independently and can be used to enable or disable the VPN dynamically.

What is a VPN on demand?

qbee.io allows you to enable or disable the VPN functionality on a device or group level dynamically. Turn it on when needed and switch it off again afterwards for additional security.

In the "Configuration -> settings" menu there is a toggle called "enable remote console". Set this for the correct device or group level. Then save and commit and wait for 2 agent runs to activate this.

How to toggle the VPN:

In "Configuration -> settings" toggle "enable remote console" for the device or group level that you want to set this. Then save and commit. After 2 agent interval runs (also defined here) the VPN should be available. Please be patient. This can take 10 minutes. This will be improved in the future.