Particle in the Enterprise


#1

We’re looking for like-minded enterprise product developers, managers, analysts etc. to share their experiences working with Particle.

Our Story

As a group of IT professionals working for a global mid-size manufacturing firm, we’ve been tinkering with Particle since the Kickstarter campaign.
Of course there are existing enterprise ready platforms, but as an open source project we’ve been able to “move fast and break things” in our normally staid environment.

The Good

The Particle platform has been useful internally for rapid prototyping and IoT evangelism within the organization.

Areas for Improvement (Hint: Security)

Let’s take Particle to the next level in regards to security! WAP2?? PEAP??
What else is needed for Particle to thrive in the enterprise?


#2

Hi @satendra4u,

Good question! We’re working with Broadcom to bring enterprise WPA support to the photon, and we’ve built the platform to be transparent with an eye towards security. If there are any security issues you have concerns about please feel free to share them! We always take any comments regarding security very seriously.

Thanks,
David


#3

Excuse me if this sounds dumb, and it very well could be, but does the spark need to be on the WAN? I would think enterprise depending on use case could use local (Spark_Server) and keep it offline. If needed remote in/VPN to control. I know enterprise well, just dipping into Particle but my understanding is there is a local version you can run. @dave can shed more light if this is even possible, if so, I would think you could secure it on an alt network. Again, no expert, but that is how I come to understand it with all be it little research just remember something from the blogs about it.


#4

@valleyapps, even if you want to connect to a local server, you’d need to connect to the WiFi network which might be secured via WPA2 Enterprise (or such), which is not supported by the Photon (yet).
And pulling up a non Enterprise WiFi network with direct contact to the Enterprise network would pose a risk that should not be taken.


#5

Hi All,

Good question, and @ScruffR makes a good point. Until we have better WPA2 Enterprise support, I usually recommend asking your company’s network engineers to setup a Guest DMZ Wi-Fi network that isn’t on the main office LAN. A Core / Photon / etc only needs to be able to reach out to the internet, and doesn’t necessarily need to be able to hit other things at the office. This way you can dev and debug safely without compromising your work network.

Thanks!
David


#6

@Dave thanks for that, I did omit the DMZ part and that was what I was going after as well, isolate it. Was just thinking you can also set up a local network without it touching the outside internet as well and restrict IP ranges to internal this could help secure it. As we know everything is hackable but if you did not have it touching you main network and kept it local, turned SSID broadcast off, and set a local network that does not touch the WAN it could help. Again, just plugging in for discussion I am no expert here and appreciate the input and discussions :). Great forum!


#7

Hi @valleyapps,

Totally! That’s a great point as well, running the local cloud can help if they were open to hosting a wi-fi network that was internal-only. :smile:

Thanks,
David


#8

@Dave thanks, we do this for some of our enterprise clients and it works out well, not with the Spark but for other use cases :). Off site control is a bit tricky but can still be done if they need to make adjustments while away from facilities. Internally we have used a method like this for some raspi clusters and did some cool things with ESP’s and UART/AT but obviously not with Spark. I have been also been thinking about the use of mesh networks as well, but that’s for another thread, and a security nightmare :smile:


#9

i can’t see them being used in the enterprise until they can be given a static ip (not static dynamic)


#10

Hi Dave,

Do we have any time line when the WPA2 Enterprise will be implemented in PHOTON/CORE? We know it is definitely in the product road map of PHOTON but it will be great if we will have some sort of time line.

Thanks,
Satyen


#11

WPA Enterprise is not available on the Core and unless TI add this to the firmware for the CC3000, I doubt it will ever be available.

On the Photon, we are waiting for Broadcom to add Enterprise support to their WiFi stack.


#12

Is there a good way to keep track of BCM’s status? We are eagerly waiting for Enterprise support as it’s holding us back in a lot of potential partnerships with office-based clients!


#13

Hi Kayla,

I am 100% agree with you. My 2 projects are on hold because of this since 3 months. We even talked to BCM guys and they said last time it is going to be release by oct time line but I am not sure what they are doing.

We are planning to talk to them this week and I will update here but I am pretty sure that there is not enough push from Particle’s team

Thanks,
Satyen


#14

Captive portals!! I can’t tell you how many times a (typically corporate) environment has rendered Photons totally worthless by the addition of a captive portal. Draconian though they be, it is a reality.


#15

Hi Satyen - Just checking in to see if you had any luck with your conversation with BCM!


#16

Hi, not yet . We are planning to meet them again next week or after thanks giving holidays. I will update you once I will have relevant information.

Thanks,
Satyen


#17

Just wanted to put another word in for support of WPA2 Enterprise. My university is very heavily pushing users to it, but I would like to build devices on the network with Photon. Thanks!


#18

I also need to access to networks with username / password… WPA2 Enterprise connection seem to be the norm on campus. What is a work around for this?


#19

@satendra4u

Any progress or update on the WPA2Enterprise support please? Like all the other posts on this thread we really need this support to take the photon from being a hobbyist toy to a device that can be used in quantity.

Thanks


#20

We are in the process of getting the latest SDK from Broadcom, which I believe has Enterprise support. When that is delivered, we will have to figure out how to integrate Enterprise into our existing platform to make that available in a simple way.

Things are moving forward, at Enterprise speed. :smile: