4. AZURE SERVICES INSIDE RCMS
Before we dive into the details of each puzzle, we would like to provide an overview of all the Microsoft Azure services integrated within RCMS. This session aims to assure you that our platform is built on a secure and reliable infrastructure.
Figure 1 - Azure Services Inside RCMS
Azure Service | Function | Deployment Regions |
Azure IoT Hub | Azure-hosted MQTT broker manages connections from Robustel Gateways using TLS encryption. | West Europe / East Asia / North Central US / South Central US |
Azure Defender | An Azure-hosted safeguard against various cyber threats and vulnerabilities. | West Europe / East Asia / North Central US / South Central US |
Azure Service Bus | Azure Service Bus is a fully managed enterprise message broker with message queues and publish-subscribe topics. | West Europe |
Azure Load Balancer | Load balancing refers to efficiently distributing incoming network traffic across a group of backend servers or resources. | West Europe |
Azure Network Security Guard | Describes networking services in Azure that protects and monitor your network resources - Firewall Manager, Firewall, Web Application Firewall, and DDoS Protection. | West Europe |
Azure Virtual Machines | Azure Virtual Machines is an on-demand, scalable cloud computing Azure service. | West Europe / East Asia / North Central US / Australia Central |
Azure Redis | Azure Cache for Redis provides an in-memory data store based on the Redis software. | West Europe |
Azure MySQL | Azure Database for MySQL is a relational database service powered by the MySQL community edition. | West Europe |
Azure Active Directory | Azure Active Directory (Azure AD) is a cloud-based identity and access management service from Microsoft. | West Europe |
5. INFRASTRUCTURE SECURITY
In this section, we will explore the robust measures we have implemented to protect both the physical and virtual components that power RCMS, which guarantee the platform's stability and resilience. Customers can rely on a secure and dependable base for their IoT operations, minimizing the risk of downtime and data loss due to infrastructure-related issues.
5.1.Server Networks
The RCMS data center is located in Western Europe, with VPN servers distributed globally throughout the Azure network. This setup accelerates communication between server nodes and the data center by utilizing a dedicated backbone network within the Azure infrastructure.
Additionally, RCMS servers leverage Azure security features, which strictly adhere to a Zero-Trust approach. Exceptions are carefully evaluated using methods such as source IP or protocol whitelisting. This configuration ensures that communication is restricted to the internal network and does not extend to the public network.
Figure 2 - Server Networks
5.2.Real-Time Azure Monitor
All servers will be monitored in real-time by Azure Monitor Services. If any alerts are generated that exceed our defined thresholds, a notification will be automatically sent to the operator's cell phone.
Below is a list of the key monitored fields:
Resources | Fields |
Virtual Machines | Server Workload |
CPU Usage |
Disk Usage |
Memory Usage |
IoT-Hub | Device Messages Monitor |
Concurrency Monitor |
Database | Database Health |
Backup Result |
Storage Usage |
Application | Application Health |
API | API service Health |
5.3.High Availability
Each component of RCMS deployed within virtual machines is designed with a high-availability architecture for redundancy. This approach ensures that a single hardware or software failure will not compromise the availability of RCMS. Below is a list for your reference:
Resource Type | Resource Name | Architecture |
Virtual Machine | Virtual Machine | Redundant storage |
Database | MongoDB | Master-Slave |
Registry Center | Nacos | Cluster |
Configuration Center | Nacos | Cluster |
Storage | Blob Storage | Redundant storage |
Networking | Nginx | Multi Node |
Microservices | Backend Service | Distributed Cluster |
5.4.Server Access
RCMS follows the ISO 27001 framework, implementing separate permission controls for different roles. This approach enhances the security of our infrastructure by preventing malicious actions from internal users. Access is managed through unique usernames and private SSH keys, and all server-related activities are logged and audited.
Account Type | Permissions | Target Users |
Admin | Admin control | Cloud Director |
Roles Control | Create and delete accounts and allocate different roles only | Cloud Manager |
Operation | Maintain separate controls for creating and managing different instances and services | Operators |
Audit | Audit user activities | Cloud Architect
Technical Manager |
Read Only | Check basic information about the infrastructure only | Project Manager, developers |
6. DATA SECURITY
This section outlines our comprehensive data security approach, which includes encryption both in transit and at rest, ensuring that your data remains confidential and tamper-proof. We also detail our identity control measures from both user and device perspectives. By understanding these safeguards, customers can have full confidence that their sensitive information, device data, and user configurations are securely managed within RCMS, effectively preventing data breaches and unauthorized disclosures.
6.1.User Identity Security
RCMS implements comprehensive user identity security measures to ensure the protection of user information on a large scale. Key components of this security framework include Single Sign-On (SSO), Multi-Factor Authentication (MFA), Role-based Access Control (RBAC), and Policy-based Access Control (PBAC). Together, these strategies form a robust framework that effectively safeguards against unauthorized access and data breaches.
6.1.1.Single Sign-On (SSO) and Multi-Factor Authentication (MFA)
RCMS utilizes Azure Active Directory as its Single Sign-On (SSO) authentication solution. This means that RCMS does not store account information, including passwords, in our database. Instead, we solely request and verify the identity token generated by Azure, where the password is securely stored.
To enhance account security and prevent password cracking and unauthorized access, RCMS also implements Multi-Factor Authentication (MFA) through Azure Active Directory. Users can enable MFA directly within RCMS, which will then synchronize their MFA settings with Azure. Once MFA is enabled, users can select an identity verification method that incorporates multiple factors, such as email verification codes, SMS verification codes, and dynamic verification codes generated by mobile applications.
Figure 3 - Single Sign-On (SSO) and Multi-Factor Authentication (MFA)
6.1.2.Role-based Access Control (RBAC)
RCMS employs a Role-Based Access Control (RBAC) mechanism, which allows users to be assigned different permissions based on their specific roles. This ensures that users can only access the resources and features necessary for their tasks.
Access Level | Permissions Scope |
Owner | Creator of a tenant account with permission to define Admin. Full management access to all data resources and functionalities. |
Administrator | Full read and write permissions for all modules and functions in the RCMS. |
Operator | Full read and write permissions for all modules and functions in the RCMS. The permissions is editable within all scale. |
Limited User | Read and write permissions are restricted to specific modules and functions, with access only to assigned devices. |
Installer | Read and write permissions limited to Operations Console modules and functions, with view access only to registered device information. |
Provisioner | Read and write permissions limited to RobustLink Add/Remove Device functions. |
RVPN Client Only | No access to the RCMS platform; users can only connect to remote devices using the RVPN Desktop Client. |
Read Only | Read-only permissions for all modules and functions. |
6.1.3.Policy-based Access Control (PBAC)
RCMS also supports a Policy-Based Access Control (PBAC) mechanism. Users can be assigned to roles such as owner, administrator, restricted user, or read-only user. Each role has access only to the resources and functions necessary for their responsibilities. Additionally, RCMS can control access to cloud platforms based on policies that consider factors such as time periods, days of the week, and holidays.
Policy | Description |
Read Only | Grants users the ability to view data and access resources, but restricts them from making any changes or modifications in RCMS. |
Read/Write | Allows users to access and modify data and resources in RCMS. |
Session Timeout Policy | If no user activity (e.g., mouse movements, keystrokes) is detected for 30 minutes in RCMS, the login session will expire. |
Time-Based Access Control Policy | Controls access to the cloud platform during specified time periods based on policies such as time scales, days of the week, holidays, etc. |
6.2.Device Identity Security
6.2.1.Legal Verification of Provisioning
When a new device is added to the RCMS platform, it undergoes a secure registration and provisioning process to verify its legitimate identity.
First, RCMS verifies whether the MAC address and IMEI of the device are consistent with the internal MES system. Once the basic information of the device is legally validated, RCMS proceeds to verify the provisioning request package from the device, which includes its private secret key. This key is uniquely generated for each device using the Robustel algorithm.
Upon successful activation, the platform returns the unique connection information for the device, allowing it to connect to the Azure IoT Hub using the MQTT over TLS/SSL based on this information. This connection method ensures the uniqueness and security of each device.
Figure 4 - Legal Verification of Provisioning
6.2.2.Firmware and App OTA
RCMS offers a secure mechanism for delivering firmware and app updates to connected devices. RCMS cryptographically signs all updates to ensure their authenticity and integrity. Devices verify these signatures before installing the updates, preventing the installation of unauthorized or tampered firmware and software.
RCMS enables administrators and authorized personnel to manage and schedule firmware and software updates for devices. Updates can be rolled out in a controlled manner, ensuring that devices consistently run the latest and most secure versions of their software while minimizing the risk of update-related disruptions.
Figure 5 - Firmware and App OTA
6.3.In-Transit Data Security
All data transmitted between your devices, applications, and the RCMS platform is encrypted using industry-standard TLS (Transport Layer Security) protocols. This encryption ensures that data is protected from eavesdropping and tampering during transit over the network.
Figure 6 - In-Transit Data Security
6.4.Database Data Security
6.4.1.Encryption of Data
RCMS Database encompasses device data, RCMS account information, configuration settings, and logs. RCMS employs AES-256 encryption algorithms to secure sensitive data and stores the encrypted information along with salts in the database. This approach ensures that all sensitive information remains protected and is not directly exposed, even in the event of unauthorized access to or leakage of the database.
6.4.2.Data with Tenants Isolation
RCMS enforces tenant isolation through segregated data spaces. This architecture prevents cross-tenant data access, with each tenant's information of different tenants remains separate and secure. Each tenant has an independent data space within the system, preventing access to or visibility of data by other tenants.
Within the same tenant, the RCMS platform employs a restricted role group isolation strategy. Different roles are assigned distinct permissions and access levels, allowing for controlled user access to data and functionality.
Figure 7 - Data with Tenants Isolation
6.4.3.Database Backups
RCMS servers are backed up daily using Azure Virtual's snapshot and backup services. In addition, we implement an extra strategy for the database, performing a hot backup every day within the production environment and a cold backup to Azure Blob every month. All backup actions are monitored in real-time by our scripts, which immediately alert the operations team via cell phone in the event of any errors.
Figure 8 - Database Backups
7. NETWORK SECURITY
In this discussion, we explore the network isolation techniques we employ, such as network isolation and subnet segmentation, in alignment with Azure best practices to prevent unauthorized access and mitigate potential data leakage between different customers or device groups.
Additionally, we highlight our firewall rules, intrusion detection systems, and other network security features that actively monitor and protect against malicious network activities. Customers will gain insights into how we ensure secure and uninterrupted communication for their IoT devices, safeguarding them from network-based threats.
7.1.Network Isolation
RCMS has adopted Azure's network isolation strategy to enhance network security, which includes measures for network isolation and segmentation. By utilizing Azure's virtual machine and network isolation strategies, different network regions and deployment environments are effectively separated, reducing the risk of lateral movement by attackers and enhancing overall system security and stability.
Additionally, when external users or devices access the RCMS platform through Azure's load balancer (LB), only specific ports are opened. This approach minimizes unnecessary exposure and reduces the risk of potential attacks.
Figure 9 - Network Isolation
7.2.Secure Network Transmission Protocol
The RCMS platform utilizes secure network transmission protocols, such as HTTPS and MQTTS, to ensure data security during transmission. By encrypting the transmission channels, we effectively mitigate the risks of data theft or tampering, thereby protecting the privacy and integrity of user and device data.
Figure 10 - Secure Network Transmission Protocol
7.3.Azure Firewall
The RCMS platform is equipped with firewalls and intrusion detection systems to ensure robust network security. These security devices monitor and filter network traffic, preventing malicious attacks and intrusions. They also detect and respond to network security events in a timely manner, thereby enhancing the system's resilience against attacks and bolstering overall security.
Figure 11 - Azure Firewall
7.4.Azure DDoS Protection
RCMS integrates with Azure DDoS Protection service to provide an enhanced DDoS mitigation solution to defend against DDoS attacks. It helps to protect the virtual network and resources from being attacked by malicious scripts.
Figure 12 - Azure DDoS Protection
7.5.Azure Defender for Device Tracking
RCMS has implemented a device tracking and countermeasure approach with Azure Defender Service. Upon detection of an abnormal device, the platform can disable it in Azure IoT Hub, preventing further access and communication. This tracking and countermeasure mechanism allows for a rapid response to abnormal device situations, ensuring the security and stability of the system.
Figure 13 - Azure Defender for Device Tracking
8. APPLICATION SECURITY
The RCMS platform is powered by applications designed for the management, monitoring, and interaction with your IoT devices. This section highlights the secure development practices we adhere to, such as code reviews and third-party library management, to minimize the risk of vulnerabilities in our application code. We also detail the security features of our APIs, including authentication, authorization, and rate limiting, which ensure that only legitimate and authorized actions can be performed through these interfaces. By understanding our application security measures, customers can trust that our platform’s applications are designed and maintained with a focus on security, providing a safe and reliable environment for managing their IoT ecosystem.
8.1.Secure Development
RCMS implements the CMMI Maturity Level 3 practices to ensure a security-by-design approach. All code is scanned using automated tools and undergoes cross-review by senior technical managers.
Figure 14 - Secure Development
We also implement a staged deployment approach to segregate unverified code before it reaches production. Each deployment to a higher-level environment requires sign-off by the product owner, accompanied by qualified test reports.
Figure 15 - Secure Development
8.2.Session Handling
RCMS requires a valid session token to log in and access the website and its features. This session will automatically terminate after 30 minutes of inactivity, helping to block malicious actors from accessing RCMS.
Additionally, we conduct annual penetration tests to ensure that our security measures are effective in defending against tampering and other vulnerabilities.
Figure 16 - Session Handling
8.3.API Security
RCMS APIs strictly adhere to the RESTful standard, which is widely recognized in the industry. Before making any API requests, users must create and verify an account, followed by authorization to generate API keys for each tenant. Each API key is generated randomly and uniquely, meeting high complexity standards for every API endpoint. During each API request, these API keys must be included as a valid verification factor. All API requests from external parties are established over HTTPS and filtered by Azure Defender to ensure the security and integrity of all request calls.
Additionally, API requests are authorized based on RCMS permission controls, ensuring that only authorized actions can be performed through the APIs.
To prevent abuse and potential denial-of-service attacks, RCMS implements rate limiting and quota management for API usage. This approach restricts the number of API requests that can be made within a specified time period, ensuring fair usage of the platform's resources and maintaining the stability of the API services.
Figure 17 - API Security
9. COMPLIANCE
9.1.GDPR Compliance
RCMS acts as the Data Controller for your personal data. Your personal data will be handled, shared, and protected in compliance with the General Data Protection Regulation (GDPR). To ensure GDPR compliance, RCMS has implemented several key measures aligned with its requirements:
Key Requirements | Measures |
Data Protection Officer Appointment (DPO) | RCMS has appointed a dedicated Data Protection Officer (DPO) in Europe to handle all data privacy issues. You can reach the DPO at: dpo@robustel.com. |
Privacy Policy Updates | RCMS is committed to ensuring that its privacy policies are clear, concise, and compliant with GDPR. These policies inform users about the types of data collected, the purposes of processing, and their rights under GDPR. For more information, please refer to our privacy policy: https://rcms-cloud.robustel.net/static/EN-RCMSCloud-PrivacyAndCookiePolicy.html |
Consent Management | RCMS obtains explicit, informed consent from data subjects when required. This consent is freely given and can be easily withdrawn at any time by contacting the Data Protection Officer at dpo@robustel.com. |
Data Security Measures | RCMS implements robust technical and organizational security measures, including data encryption, granular access controls, and scheduled security audits, to protect personal data from unauthorized access and breaches. For further details, please refer to Section 7: Data Security. |
Data Processing Records | RCMS maintains detailed records of all data processing activities, including the purposes, data categories, storage durations, and security measures in place. This practice ensures transparency and accountability. For access to these records, please contact the Data Protection Officer at dpo@robustel.com. |
Data Subject Rights | RCMS has established systems to handle data subject requests, including access, correction, deletion, and data portability. To exercise any of your rights, please contact the Data Protection Officer at dpo@robustel.com. |
Data Breach Notification | RCMS has established a well-defined process to detect, report, and investigate data breaches. In the event of a breach involving personal data, RCMS will notify the relevant data protection authorities within 72 hours. |
Data Minimization and Retention | RCMS adheres to data minimization principles, collecting only the data necessary for legitimate processing purposes. It also establishes clear data retention policies, ensuring the secure deletion of data that is no longer needed. For more detailed information, please refer to our privacy policy: https://rcms-cloud.robustel.net/static/EN-RCMSCloud-PrivacyAndCookiePolicy.html |
9.2.Logging and Audit
RCMS undergoes regular internal and external audits to assess compliance with security policies and industry standards. These audits help identify potential gaps or areas for improvement in our security practices, enabling us to continuously enhance the security of RCMS.
RCMS maintains comprehensive audit logs that record all user activities, device interactions, and system events.
These logs include information such as timestamps, user identities, device identifiers, and the nature of the actions performed. The audit logs are securely stored and presented clearly on the RCMS webpage for each functionality module. They can be utilized for forensic analysis in the event of security incidents or for compliance auditing purposes.
10. TECHNICAL SUPPORT & INCIDENT RESPONSE
RCMS offers the following four classifications for support and will make a "best effort" to achieve the outlined response times. If customers encounter issues or service disruptions while using RCMS, they can submit a ticket through the following channels:
- Online Support: https://www.robustel.com/contact-us
- Email Support: Send an email to support@robustel.com, including a description of the issue, impact scope, and relevant logs.
- Phone Support: Contact your local distributor (available on working days only). Urgent issues will be prioritized.
RCMS offers the following four classifications for support and will make a "best effort" to achieve the outlined response times. All items listed below that are not marked as Critical conform to Robustel Limited's business hours, which are 09:00 – 18:00 Beijing Time, Monday to Friday.
Level | Issue Description | Response Time | Estimated Resolution Time |
Critical (Level A) | Server outage, system completely unavailable | 1 hour | Within 4 hours (depending on third-party services) |
High (Level B) | Intermittent service outages affecting business operations | 4 hours | Within 8 hours |
Medium (Level C) | Network latency, connectivity issues, or performance degradation | 24 hours | Within 48 hours |
Low (Level D) | Technical inquiries, bug reports, feature requests | 24 hours | Scheduled based on request |
Incident Response Flow diagram:
Figure 18 - Technical Support & Incident Response
ANNEX A - ORGANIZATIONAL CERTIFICATIONS
- CMMI Maturity Level 3 Certificate
- ISO/IEC 27001:2022 Certificate
- IEC62443-4-1 Certificate
ANNEX B - PENETRATION TEST
RCMS employs a proactive penetration testing strategy to continuously enhance its security posture. We conduct annual penetration tests in collaboration with Bulletproof, a leading UK-based security firm. These tests follow the OWASP (Open Web Application Security Project) model, ensuring a comprehensive evaluation of potential vulnerabilities across our platform. By adhering to this industry-standard framework, we identify and address security weaknesses before they can be exploited, thereby maintaining the integrity and reliability of RCMS for our customers.
Here are the key items included in our penetration tests:
- Perform application mapping to identify dynamic functionality in use according to the intended design/purpose and any hidden content.
- Assess the application(s) and any associated components/dependencies for their patch levels.
- Tamper with available functionalities and parameters to manipulate or bypass authentication, identify a lack of input sanitization, exploit injection-based vulnerabilities, leverage improper session management, etc.
- Evaluate the implemented access control enforcement based on the agreed roles in both vertical and horizontal contexts, including any data exposure from unintended functionalities.
- Assess the cryptographic protocols and ciphers used by the application(s) and their dependencies to ensure secure communications.
- Evaluate the deployment of the application(s) to their respective services.
Regarding the RCMS Penetration Test Report, it is available upon request and subject to a Non-Disclosure Agreement (NDA).
ANNEX C - ON-PREMISE RCMS STACK
This Document has primarily discussed the details of the publically hosted version of RCMS available to all Robustel customers as a service. In this section, we describe the details of “RCMS Stack” – which is the software, supplied standalone, to customers that want to host it themselves.
The RCMS stack can be hosted in either a virtual environment or a physical data center, providing you with the optimal combination of flexibility and security for your growing IoT fleet. You can refer to below table for differentiation between Cloud and Stack.
| RCMS Cloud | RCMS Stack |
Infrastructure | Cloud Hosted | Private Hosted |
Elasticity | High | Medium |
Data Privacy | Medium | High |
Security | Hosted Secure Services | Private Hosted and Maintenance |
Customization | No | Yes |
Price Model | OPEX | CAPEX |
Recommendation | Customer with small fleet of devices and wants a balance between costs and security | Customer with big fleet of devices and wants a high level data privacy control |
ANNEX D - LIST OF THIRD PARTIES
Service Name | Purpose |
Google Map | Location and Map services |
Stripe | Online Payment |
NetEase Email Service | Send email invitations and related system notification |
Please click the button below to download the pdf.