Situation
A major German manufacturer of onshore and offshore wind turbines required a secure and scalable solution to manage remote thin-client devices used for data acquisition across its fleet. These devices collect and transmit critical turbine data, such as sensor values, operational events, and performance metrics, to a central IoT platform powered by Cumulocity.
Given the highly distributed nature of their infrastructure, the company needed to ensure secure onboarding, identity provisioning, and certificate lifecycle management for each device. In addition, the solution had to support EST (Enrollment over Secure Transport) for secure firewall onboarding and VPN client authentication, ensuring end-to-end protection across both data and device layers.
Solution
Device Authority KeyScaler was used to provide:
- Dynamic Device Key Generation (DDKG) for establishing a root of trust at the device level.
- PKI Services for IoT, using X.509 certificates integrated with enterprise security infrastructure.
- Automated Device Provisioning and Zero-Touch Registration to the Cumulocity IoT Platform.
- Automated Identity Lifecycle Management, including certificate renewal and revocation for thin-client devices.
- Support for EST protocol to enable secure firewall and VPN authentication.
