Coraledge Ltd

Private LPWAN / LoRaWAN network for Internet of Things and Smart City

A fully managed robust, reliable and secure wireless data network for Smart Cities and Internet of Things projects.
Low Powered Wide Area Network (LPWAN) - using LoRaWAN network technology.
Hosted in the UK, running your own private instance of The Things Network - proven in 400+ cities around the world.

Features

  • Robust, reliable wireless data network - proven in 400 cities
  • Scalable - the same technology supports a global network
  • Hosted in Tier 4 UK data centres
  • Device transmits data with AES 128-bit encryption
  • Secure data access - you control who has access
  • Powerful API
  • Management console
  • Gateway range typically 1km to 10km
  • Bi-directional communication between devices and network server
  • Low power devices last several years between changing batteries

Benefits

  • Ideal for developing your Smart City initiatives
  • Works inside buildings and outside - roads, parks, waterways
  • Engage with local business / hack spaces on IoT projects
  • Develop projects with other local authorities, organisations
  • Fast implementation - cover your area in 6 weeks
  • All your data remains in the UK
  • You control who has access to your LoRaWAN network
  • You control who can have access to your data
  • 24x7 active support community, plus office hours helpdesk
  • Full training and hands on workshops to get you started

Pricing

£3700 per instance per quarter

  • Education pricing available

Service documents

G-Cloud 9

851833519729823

Coraledge Ltd

Mark Stanley

07771870731

mark.stanley@coraledge.co.uk

Service scope

Service scope
Service constraints LoRaWAN is designed for large numbers of devices sending very small amounts of data - ideal for sensors that for example measure air quality, warn of rising water levels or stress fractures, protect expensive equipment, or send alerts.
It is NOT suitable for sending images, sound recordings or continuous data streams.
Each gateway specced to support maximum 3000 devices
System requirements
  • You provide the sites for LoRaWAN gateways
  • Each gateway needs power and an internet connection
  • Power Over Ethernet (POE) is also supported
  • The gateway itself is physically small (approx 26x26x10cm)
  • The gateway antenna works best outdoors and high up

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times Response (a meaningful response) within 4 hours, Mon-Fri 9am-5pm

A very active 24x7 support community is available at no charge, but no service level is offered.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Basic level: Access to 24x7 online support community. No service level, but a very active and helpful group.
Standard level: Online helpdesk, staffed Mon-Fri 9am-5pm. Meaningful response guaranteed within 4 hours. Support contract comes with 25 hours of support time. You can buy additional packs of 10 or 25 hours.
Enhanced level: You can buy live support for specific times at £150/hour normal working hours, or £225/hour outside of normal working hours.

Standard and Enhanced levels provide access to third line support from The Things Industries staff - the development team who provide the network server software.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide onsite training for network administrators
We provide hands-on workshops to de-mystify the Internet of Things - within a few hours they will have built a device with simple sensors and be sending data to an application on the internet,
We provide executive briefings, and workshops to develop a strategy for introducing the Internet of Things and Smart City initiatives
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction We can export all application and device details to a JSON or CSV file.

We will destroy the client's network server once the contract has ended. Nevertheless we would encourage the client to change encryption keys once they have left.

All sensor data passes through our gateways and servers, and onto the clients' database and application servers, so there is none to extract.
End-of-contract process You will grant us access to collect our LoRaWAN gateways, or we will agree a reasonable fee to transfer gateway ownership to yourselves.
We will provide you datafiles from your instance of the network server containing your application and device data.
If you want us to liaise with a new service provider you may buy consultant days from us.
Once the contract has ended we will destroy your instance of the network server.

Using the service

Using the service
Web browser interface Yes
Using the web interface The management console allows the network administrator to:
Register gateways as part of the network
Update gateway details (e.g. location)
Remove gateways from the network
Register applications (for example "flood early warning system")
Update application details (including encryption keys)
Register devices (the "things") allowed to send/receive data for a specific application
Update device details (name, location, encryption keys, etc)
Unregister devices from an application
Delete applications
View data being sent/received by device or application or gateway
Web interface accessibility standard WCAG 2.0 A
Web interface accessibility testing Navigation and usage testing through keyboard only.
Identified some issues (lack of visual cues in some areas) which have been reported to the dev team to be scheduled into the product roadmap.
API Yes
What users can and can't do using the API Sensor data is available through MQTT - full documentation is provided.

Pre-built integrations are also available for:
Microsoft Azure
Amazon AWS
IBM Watson IoT
Salesforce
SAP
IFTTT
API automation tools OpenStack
API documentation Yes
API documentation formats
  • HTML
  • PDF
Command line interface Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface The CLI does everything the web console does, but from the command line.

Scaling

Scaling
Scaling available No
Independence of resources We offer an entry level package for experimentation, development and small trials which runs on a shared server.

Clients are required to take a dedicated instance of the network server for live implementations.
Usage notifications Yes
Usage reporting Email

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types Network
Reporting types Regular reports

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold The Things Industries

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Your configuration on the network server
  • I.e. details of the gateways, your applications and devices
Backup controls Not applicable. The network server is automatically backed up
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • Other
Other protection between networks Standard - data is encrypted using AES 128 bit encryption - you control the keys.
Enhanced - if required we can set up a virtual private cloud for you in our data centre at additional cost.
Data protection within supplier network Other
Other protection within supplier network A data packet uses 3 encryption keys:
One to access to the network itself (AES 128-bit)
One to access a specific application (AES 128-bit)
One to encrypt your data (AES 128-bit by default, but you can change this)

Availability and resilience

Availability and resilience
Guaranteed availability Network server availability: 99.9%
Individual gateway availability 99.5% (excludes failure in client's provision of power and internet connection)
Refund for service failure is deducted from the following year's invoice (or refunded at the end of contract if it is the last year).
Amount is a proportion of the fee, equivalent to 5x the gap in service delivered to service level, up to a maximum of one twelfth (ie a month's) fee. For example if the outage is 1 hour below the service level then the refund is equivalent to 5 hours.
Approach to resilience Available on request. We use a Tier 4 datacentre based in the UK, or if you prefer we can use AWS, Azure, or your own datacentre.
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Management interfaces - we are responsible for allocating user accounts to the management console. Users are required to enter a password (8+ chars, mixed case, numbers and special chars)
Enhanced - if required we can restrict access by creating a VPN for the client
Access to support is either client servicedesk to our servicedesk, or named personnel.
Access restriction testing frequency At least once a year
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for Between 6 months and 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 6 months and 12 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations The data centre is ISO27001 and ISO9001 accredited

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation No
Security governance approach 1. All servers to be hosted in ISO27001 accredited datacentres
2. All datacentres to be based in the UK
3. Datacentres contracted to carry out security updates, patching, and proactive monitoring of threats
4. All breaches to be notified to director
5. Director to notify customers in the event of a breach
Information security policies and processes All sensor data is encrypted as previously described
If a potential breach is discovered, the person discovering it (data centre staff, client, our staff) log a call on the service desk, which notifies the director.
The director controls the investigation and informs all potentially affected clients of the issue.
Clients are kept advised of progress and action they may need to take (e.g. refresh encryption keys) until the issue is resolved.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach The components of our service are LoRaWAN gateways, network server, helpdesk.
We maintain an asset register and maintenance log for each client. The gateways are asset tagged and installed at client sites. Should one become faulty, it is recorded through the helpdesk, and either repaired or replaced. The asset register and maintenance log is updated to reflect the change.
The network server is a Virtual Machine in a datacentre, maintained by the datacentre. We record reports of all changes (eg patches, OS updates)
We conduct penetration tests annually or prior to releasing a new version of the network server.
Vulnerability management type Undisclosed
Vulnerability management approach Data is transmitted via LoRaWAN gateways, through the network server to the clients application. The network server doesn't keep data.
The network server is hosted by a Tier 4 UK datacentre, which is contracted to provide patches, updates and proactively monitor threats.
The gateways are installed at client sites. They check daily for updates from a central hub, and we have the option to push an update to a gateway.
Unlike wifi enabled IoT devices, LPWAN devices make unsuitable hosts of DDOS attacks. Clients should nevertheless consider the implications of someone tampering with them to create misleading data.
Protective monitoring type Undisclosed
Protective monitoring approach We run protective monitoring software (SIEM) to protect our network servers. Details are available on request.
Incident management type Undisclosed
Incident management approach If an incident occurs we follow a process to identify, contain, eradicate, recover, and learn lessons to prevent future incidents.
Incidents may be spotted by datacentre staff who monitor our network servers, client staff, or our own people. In all cases incidents are logged and tracked through our servicedesk. A director is notified and takes responsibility for resolving the incident and advising potentially affected clients, through to resolution and subsequent action plan.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used Hyper-V
How shared infrastructure is kept separate Each client has their own instance of the network server in a VM. There is an option to create a private virtual private cloud if required.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes

Pricing

Pricing
Price £3700 per instance per quarter
Discount for educational organisations Yes
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑