Itron Mobile to FCS Communication Path

Customers have been curious as to how Itron accomplished the ability to allow handheld devices to securely communicate with a customer’s FCS installation. Itron was able to achieve this while still maintaining a strict adherence to customer feedback regarding not wanting to rely upon the customer punching holes in their firewall, etc.

Below is an overview of how FCS and Itron’s Azure cloud (used to authenticate and secure Itron Mobile) are able to communicate with each other over nearly every existing possible firewall configuration our customer’s may have.

– When the FCS mobile service starts, it opens a websocket on TCP port 443 to Itron’s Azure cloud and holds it open.
– User(s) initiate a connection to FCS with their Itron Mobile device. This device connects using any available (and allowed) internet connection to reach Itron’s Azure Instance.- Mobile device authenticates with Itron’s Azure Instance. Assuming a successful authentication occurs, a communication path is established between the Itron Mobile device and the customer’s FCS via the aforementioned websocket.
– FCS sends any available updates, routes, etc. to the device as well as receives any completed routes, etc. back from the device.
– Device and server finish their communication session. Upon communication completion FCS closes this now “used” websocket connection and establishes a brand new one and waits for the next communication session.
– All communications are encrypted via SSL using industry standard encryption methods/keys.

For those who restrict servers or certain nodes from accessing anything but approved external services/locations, a rule allowing communication with Itron’s azure instance will need to be made. The Itron Mobile Service on the FCS machine will need to be allowed access to the following URL’s:

https://idenserver.itrontotal.com/
https://idenapi.itrontotal.com/
https://imafcs.itrontotal.com/