ITH Consulting
Independent Advisory
IoT & Cloud Architecture
From SME pilots to enterprise-scale systems — vendor-neutral, security-minded, built for long-term operations.
Built and scaled IoT systems from ~10,000 sensors to ~500,000 connected vehicles.
Device → Connectivity → Cloud → Operations
What you get
Outcomes, Not Slide Decks
Clear architecture decisions with documented trade-offs — not open-ended recommendations.
Reduced technical and operational risk before you commit to vendors or platforms.
Correct connectivity and protocol choices based on your constraints — not a vendor's roadmap.
Production-ready security, fleet operations, and monitoring from day one.
Vendor-neutral guidance so you retain control and avoid lock-in.
Services
Productized Engagements
Defined scope, clear deliverables, fixed structure. No hourly treadmill.
Architecture Review
For teams with an existing IoT system or a detailed design — who need an independent second opinion.
- Protocol selection assessment (MQTT vs CoAP)
- Security model review including OSCORE
- Fleet operations readiness (OTA, monitoring, alerting)
- Written report with prioritized recommendations
IoT & Connectivity Strategy
For organizations evaluating connectivity options before committing to hardware or network investments.
- LoRaWAN (public, private, and AWS IoT Core for LoRaWAN)
- BLE at scale — provisioning, gateways, mobile flows
- NB-IoT in real-world environments
- Trade-offs, constraints, and long-term cost analysis
Cloud & Security Architecture
For teams designing or migrating IoT backends — who need a secure, scalable foundation.
- AWS IoT Core architecture and AWS IoT Core for LoRaWAN
- Device identity and provisioning model
- Multi-tenant and multi-region considerations
- Security architecture documentation
Operations & Observability Concept
For teams operating fleets in production — who need structured monitoring, alerting, and incident workflows.
- Monitoring strategy and fleet health KPIs
- Alerting with hysteresis and severity models
- Notification channel design (push, email, SMS, voice, WhatsApp)
- Incident readiness and escalation playbooks
Pilot / PoC Advisory
For teams moving from idea to first deployment — who want to avoid expensive detours.
- Success criteria and scope definition
- Technology and vendor shortlist
- Production-readiness checklist
- Rollout and operations planning
Vendor & Platform Evaluation
For procurement and engineering teams evaluating IoT platforms — who need structured, vendor-neutral comparison.
- Requirements mapping and weighting
- Platform scoring and gap analysis
- RfP support and vendor Q&A
- Decision documentation for stakeholders
Technical Depth
Under the Hood
Written for engineers and technical leaders. This is what we actually work on.
Connectivity & Protocols
LoRaWAN
Public network deployments using shared infrastructure, and private LoRaWAN networks for campus, industrial, and rural environments where coverage or data sovereignty matters. Deep experience with AWS IoT Core for LoRaWAN — device onboarding, gateway qualification, and integration with the broader AWS IoT ecosystem. Gateway planning, network server selection, and ADR tuning for real-world conditions.
Bluetooth Low Energy
BLE at scale means dealing with provisioning flows, gateway density, mobile app handoffs, and firmware update distribution. Not just pairing two devices — managing thousands with consistent behavior across hardware revisions.
NB-IoT
Narrowband IoT in real-world deployments: coverage gaps in basements, carrier selection trade-offs, PSM and eDRX configuration for battery life, and fallback strategies when network conditions are inconsistent.
MQTT vs CoAP
MQTT for persistent connections and pub/sub patterns. CoAP for constrained devices with limited resources and UDP-based transport. The choice depends on power budget, payload size, network reliability, and whether you need request/response semantics or event streams.
Fleet Operations & Security
Device Identity & Provisioning
Unique identity per device from manufacturing through decommissioning. Certificate-based authentication, just-in-time provisioning via AWS IoT Core, and credential rotation without manual intervention. Multi-tenant isolation where required.
Secure CoAP with OSCORE
Where TLS/DTLS is not feasible — constrained memory, NAT traversal issues, or proxy-based architectures — OSCORE provides end-to-end security at the application layer over CoAP, independent of the transport.
OTA Update Strategies
Canary rollouts to a small device group first. Staged rollout campaigns with health checks between stages. Automatic rollback on failure thresholds. Delta updates to minimize bandwidth. Full audit trail of what firmware runs where.
Mass Configuration
Campaign-based configuration changes across thousands of devices with version tracking, dry-run validation, and rollback capability. Every change auditable — who pushed what, when, to which group.
Monitoring & Alerting
Production-grade observability for IoT fleets. Not dashboards — operational confidence.
Metric-Based Alerting with Hysteresis
Threshold-based alerts that require a value to exceed the trigger point and stay there before firing, and drop below a separate recovery threshold before clearing. This eliminates alert flapping when values oscillate near boundaries — one of the most common sources of noise in IoT monitoring.
Severity Models
Three-tier severity (info, warning, critical) with distinct behavior per level. Info events get logged. Warnings trigger notifications during business hours. Critical alerts escalate immediately and page on-call staff. Severity determines both the notification channel and the response expectation.
Device-Level vs Fleet-Level Alerts
A single sensor reporting high temperature is a device alert. Twenty percent of sensors in a zone reporting high temperature is a fleet alert — and requires a different response. Alert deduplication prevents hundreds of individual notifications from drowning out the systemic signal.
Escalation & Notification Channels
Time-based escalation when alerts are not acknowledged: push notification first, then email, then SMS, then voice call. Severity-based channel selection — critical issues skip email and go straight to phone. WhatsApp integration for teams that operate in the field. Every notification trackable.
Who We Work With
Two Entry Points — Same Engineering Mindset
SMEs & Mid-Market
You have an IoT idea, a sensor concept, or a pilot that needs to become a product. The risk is spending six months and significant budget on the wrong connectivity, the wrong platform, or an architecture that cannot scale past the PoC.
- Clarity before you commit to vendors or hardware
- A realistic path from idea to pilot to production
- Connectivity and protocol decisions that hold up at scale
- Avoiding costly re-architecture after the first 500 devices
Enterprise & Corporates
You have an existing IoT system, an architecture under review, or a procurement decision ahead. You need an independent perspective — someone who does not sell hardware, does not resell cloud platforms, and has no vendor incentives.
- Independent architecture reviews with written deliverables
- Governance, security, and scalability assessment
- Procurement and RfP support with structured vendor evaluation
- Fleet operations readiness for large-scale rollouts
Selected Work
Project Snapshots
Anonymized due to NDA. Representative of the type and scale of engagements.
Sensor Monitoring
- Problem
- Growing sensor fleet (~10,000 devices) with inconsistent connectivity, no structured monitoring, and manual firmware updates slowing down rollouts.
- Approach
- Connectivity audit across LoRaWAN and NB-IoT. Defined fleet operations model with staged OTA updates, campaign-based configuration, and structured alerting.
- Outcome
- Unified connectivity strategy. Firmware update cycle reduced from weeks to days. Alert noise reduced by over 80% through hysteresis and deduplication.
Connected Vehicle Platform
- Problem
- Vehicle fleet approaching ~500,000 connected units. Existing architecture showed scaling limits in device provisioning, telemetry ingestion, and operational visibility.
- Approach
- Architecture review covering cloud ingestion layer, device identity model, and monitoring stack. Defined severity-based alerting with escalation workflows and fleet-level health KPIs.
- Outcome
- Provisioning redesign supporting zero-touch onboarding. Monitoring rearchitected with fleet-level anomaly detection and severity-driven notification channels including voice escalation.
Monitoring & Alerting Overhaul
- Problem
- Operations team overwhelmed by alert volume. Hundreds of notifications per day with no prioritization, no deduplication, and no escalation path.
- Approach
- Implemented three-tier severity model with hysteresis-based thresholds. Added alert deduplication, fleet-level aggregation, and time-based escalation across push, email, SMS, and voice.
- Outcome
- Actionable alerts reduced to under 20 per day. Mean time to acknowledge critical issues dropped significantly. On-call burden reduced measurably.
LoRaWAN Pilot — Environmental Sensing
- Problem
- SME planning first IoT deployment for environmental monitoring across distributed sites. No in-house IoT expertise. Unclear which connectivity and cloud approach to take.
- Approach
- Defined pilot scope and success criteria. Evaluated public LoRaWAN vs private deployment. Selected cloud platform based on operational requirements, not feature lists.
- Outcome
- Pilot deployed on schedule with clear production-readiness criteria. Client avoided premature private network investment, saving significant upfront cost.
Cloud & Security Architecture
- Problem
- Enterprise migrating from on-premise IoT backend to AWS. Existing system lacked proper device identity, had no multi-tenant isolation, and used shared credentials across device groups.
- Approach
- Designed AWS IoT architecture with per-device certificates, just-in-time provisioning, and tenant-isolated data paths. Documented security model including OSCORE for constrained field devices.
- Outcome
- Migration executed without production downtime. Security posture moved from shared credentials to individual device identity with automated rotation.
Vendor Evaluation & RfP
- Problem
- Corporate evaluating three IoT platforms for a multi-year commitment. Internal team lacked structured comparison methodology and vendor-neutral perspective.
- Approach
- Built weighted evaluation framework covering fleet operations, security, extensibility, and total cost of ownership. Ran structured vendor Q&A and proof-of-concept scenarios.
- Outcome
- Board-ready decision document with clear scoring and gap analysis. Selected platform aligned with long-term operational requirements, not initial feature impressions.
Details available on request due to NDA.
About
ITH Consulting GmbH
ITH Consulting is an independent IoT and cloud architecture advisory. Our work focuses on helping organizations make sound technical decisions about connectivity, fleet operations, security, and scalability — before committing to platforms, vendors, or long-term contracts.
Our approach is architecture-first: understand the constraints, evaluate the options, document the trade-offs, and deliver a clear recommendation. We do not resell hardware, we do not have cloud platform partnerships, and we have no vendor incentives. The advice is the product.
Over the past two decades we have worked across industrial IoT, automotive telematics, and connected product platforms. Our experience spans systems from a few hundred sensors to fleets of hundreds of thousands of connected vehicles — across LoRaWAN, BLE, NB-IoT, MQTT, CoAP, AWS IoT, and ThingsBoard.
We operate from Salzburg, Austria, and work with clients across Europe, the United States, and the Middle East — remotely and on-site as needed.
Contact
Let's Talk
Get in Touch
Address
ITH Consulting GmbH
Fachmarktstrasse 3A
5071 Wals-Siezenheim
Austria
Book a Call
Whether you are scoping a pilot, reviewing an existing architecture, or evaluating vendors — a 30-minute call is the fastest way to find out if we can help.
Book a CallPrefer a paid 1:1 architecture review via Upwork? Book here.