>>Updating software and firmware on an IoT device over-the-air
is complicated and tricky. Many things can go wrong. Mender.io will help you. It’s an open source project. Eystein actually is here
to talk to us about it. [MUSIC]>>Hi everyone. Thanks
watching the IoT Show. I’m Olivier, your host. Here, today, we’re
going to talk about device management and
over-the-air updates. For that, we have Eystein
from Northern Tech. Thanks for joining us, Eystein.>>Sure. Thank you, Olivier.>>So can you tell us a bit
about yourself, who you are, and then we’ll talk about Mender.io which is an open source project, you’re one of the tech leads on, and that actually allows doing
fantastic things with devices.>>Thank you, Olivier. So I’m
the CTO of Northern Tech, the company behind the Mender. Mender is over-the-air
open-source update manager.>>Okay. So I hear the idea here is to update devices over-the-air, but not just applications, it’s also that firmware, right? When we talk about securing devices, it’s important that these devices
are always up-to-date.>>Right.>>But also allows us to bring new features and functionality
to Azure devices.>>Exactly.>>So, IoT Hub provides
an infrastructure or a platform to manage devices, but it’s a platform, right? So tell me a bit more
about Mender.io. What does it do? How does it do that?>>Right. So, we focused on
over-the-air updates in particular. Like you say, system updates
and application update, so it’s a bit similar to
your smartphone, iOS, for example, you will get
updates now and then, then you also have applications
running on top of an iOS, but there are also getting updated. So that’s fine for
mobile phone, Android, iOS, but how do you bring
this to IoT device? How can you do this in
a robust and secure way?>>Yeah. Because actually I
like you bringing out robust because you don’t want a device
to go off and not work anymore, and then you have to send someone
to go fix it manually because it would void the idea of doing
over-the-air updates, right?>>Exactly.>>On devices, they are actually
millions of them in the field, that’s not sustainable
if it’s not robust.>>Exactly.>>Security is important as well. You don’t want someone
to actually hack your device by injecting code, in short, to whatever
software runs in there and is updated
is the right one.>>Exactly.>>Tell me more about
how you do that, and how you make it robust, and how you make it secure.>>So on the robustness side, we have two system partitions. So, we never update the system we’re running on but we update
a different system.>>Okay.>>Then, whenever
the update is completed, we just start a new system basically.>>Okay.>>So that means, even
if you lose power, you can just unplug the device in the middle of the update process, it will still just boot
into the system you are in, so the device will
still be operational.>>That means, as well, you
can do rollbacks, right? If something goes
wrong in your update, and it can, you still have
a working version there.>>Exactly. So if you do
reboot into the new updates, you can do some tracks is okay. Is my application working? Can I collect data still? Can I talk to Azure? If not, we can just throw it
back to the old partition.>>Okay. Love it. You have
some more slides, right?>>Yes, exactly. So I have
a quick introduction about Mender. So this gives a little bit overview of what we
just talked about now. So you can see there’s
a server component, and a client component, and then the partition layout
you can also see in this slide>>Okay. So the server
actually would be where they’re hosted on the Cloud provider, or as an enterprise,
you can actually run it on-premise on your own
infrastructure, correct?>>That’s correct. So we have
non-hosted Mender which is a SaaS service where
you can basically just connect your device
to Hosted Mender. You don’t have to worry about
server infrastructure at all or you can host it if you have more privacy or security concerns
or regulation consumption.>>Or you work offline,
where your On-Prem is. If you have a device in the factory, you want everything
to happen down there.>>Exactly.>>Okay. How does that integrate with IoT Hub and the Azure tools
that we have for IoT?>>Cute point. So, I’ll
move on to the next slide. Yeah, so these are some of
the benefits with Mender. I think we covered
most of this already but it’s fully open-source no vendor lock-in
client-server solution.>>Okay, I like it.>>We focus a lot on integration, because when you’re
developing a new IoT product, important to get it
to market quickly so you don’t want to
spend too much time on trying to integrate with
different solutions and how would you get
the OTA updates to work.>>It make sense.>>So this is also part of the
Azure work that’s been done. So, with Azure, you obviously need to connect your device
to the Azure platform.>>Yeah.>>You need to be
securely authenticated, and now you also need
the OTA updates, so you need to connect
it to Mender also, for example, if it’s
what you’re using. So, you have to manage these multiple authentications
and multiple registrations. You need both these services. So this is what we’re trying to solve with this
integration that we’ve done that you can just choose one identity and
a single set of credentials.>>For both platforms, basically, you end up
with one solution, one identity and authentication, key for the device itself to
connect to both services, right?>>Exactly.>>Okay.>>Yeah. So these are some of
the benefits you get out of it, so you don’t need to
register at multiple places and you can correlate those to
the device from Azure and Mender. So if you see some problems
from analytics in Azure, you can actually look
up that same device, same identity in Hosted Mender.>>Got it.>>You can deploy and update it.>>Yeah. So Mender specializes
in the over-the-air updates and IoT Hub provides all the other services to be analytics on that data
after the fact. So you’re connecting these two worlds making it easy for developers
to integrate the best of them.>>Exactly.>>Okay. Looks good.>>Thank you.>>So, I have one more slide.>>Another diagram, right? Yeah.>>So there’s the last diagram, and this relates a bit to the demo that we will
go through as well.>>Okay. So what’s the
workflow that the user who goes through using this integration? So like today, you would create the device in Azure
in DPS in IoT Hub.>>Yeah.>>But what we’ve added this Azure
function that when you do that, you will actually also
create the device in Hosted Mender using the same
credentials and same identity.>>Got it.>>Then, you can obviously
build on top of that to take benefit of the Azure platform, Reporting Analytics, and also
Deploying Software Update.>>Got it. Awesome. I want
to see that in action.>>Yeah.>>You have to show me a demo here.>>So let’s start out.
We’re starting out blank with the Azure environment.>>Okay.>>So you can see that we have a DPS service and we
have IoT Hub here. That doesn’t have any devices.>>I got it. So blank slate?>>Blank slate. We also have Hosted Mender which is also in
the same state, nothing here.>>Okay. So that’s what Mender.io looks like
in the hosted version.>>Right.>>You have devices list in there.>>Yeah.>>When you would typically
dealing workflow like, let’s say, no Azure involved, Mender.io, you would actually create a new
device or group of devices.>>Yes.>>It would actually generate
the credentials from the device then to use them in the client for doing the connectivity
and software updates, right?>>Right.>>Okay.>>There’s a couple of models. So, one we have is where you could accept the
device after it reflects, so you can simply connect the device and it will
show up as pending here. But that’s more for demo purposes.>>Okay.>>So it’s not very scalable
to manually approved devices.>>Yeah. I know. I figured.>>So, what you’re alluding
to is pre-authorized. This is where you would create the device while it’s
on manufacturing.>>So then, do you
have like certain type of device that you define in Mender, and then when you’re
pushing an update, you can actually address
a group of devices of a certain type to provide
your updates. Got it.>>Exactly.>>Okay. Let’s provision that, right?>>Yeah.>>You have a device here?>>Yeah, there’s a device. So this is a BeagleBone Black device. I have added the Azure IoT device
provisioning client.>>Okay. So what is
it running right now?>>So this is running Debian.>>Okay.>>So the standard BeagleBone
Black operating system.>>So the Mender client actually
what does it work on today?>>We’ve supported Linux.>>Okay.>>So we started out with a Yocto
Project which is a build system. It’s actually the most popular way
to run Linux in IoT devices.>>Yeah.>>Don’t leave without one.>>Yeah.>>Love it.>>Then debian, we also
support and raspbian.>>Got it, okay. This one is ready.>>Yeah.>>It has a GPS client
that has a menu client.>>Yes, that’s right.>>Basically, you will
provision it in a second, right, pressing enter there.>>Yes, if I type
everything correctly, it should now be ready
to be provisioned.>>Enter there.>>Then I just need
to authenticate it. So there’s a lot of
outputs here obviously. But what it’s doing is connecting
to the DPS service in Azure.>>Got it, okay.>>It’s trying to provision itself.>>Okay.>>Using the certificate
that we have put on it.>>Got it.>>Now, it’s actually completed, so we should be able to see. If we do a refresh, if it’s available in
Azure. Yeah, there it is.>>Boom. Yes, cool.>>Okay. This is
Standard Workflow in Azure. What’s new here is that if you go to pre-authorized
in Host Mender, you will actually see
the same device here.>>Okay.>>So now, it’s actually ready
to be part of Hosted Mender. The Mender Client is
still not running on it, so I will have to start up as well. And it will become provisioned.>>Okay. So what you needed to do actually on Azure is
to have an Azure Function, that’s actually hooked up to DPS. DPS triggering, hey,
I have a new device.>>Yeah.>>That function actually
has credentials to access your Mender.io hosted accounts, and added the same device
of their right.>>That’s correct.>>Okay. That’s pretty cool. The second part is about updating
the software on that device.>>Yes, that’s right.>>Let’s do that.>>Cool. So now, I just need to start
the Mender Client on the device, and it will connect to Hosted Mender. Obviously, this is typically
with automatically started, but for demo purposes, I did it manually here.>>Got it. So you see
your devices have been actually showing up in there.>>Yeah. Now, it’s fully available. You have some more
inventory information.>>Okay.>>You can see it’s connecting, so we can actually start
deploying software updates to it.>>Okay. You’re going to
show me how you deploy that?>>Yes, I will. I have created a couple of
artifacts as we call them.>>Okay.>>Their full system updates
for the beagle-bone itself.>>Okay.>>There’s one updated system, and then this is the one that’s already running there,
the provisioner. So we can switch between them.>>Got it.>>So these are the outputs from the Octal Project Integration
we have or the [inaudible].>>Basically, in a typical scenario, you prepare your image
with the Octal. The new image with a new App or whatever updates to
the firmware already, and you basically have it on Mender, and then you’re going to
do, ‘hey I’m going to do a deployment on all these devices.>>Yeah, exactly.>>Okay.>>So I would just go to deployments, and I can deploy the updated version. I can also make groups here.>>Yeah.>>So if I just wanted to
deploy to one customer, or to a test group or something
like that I can do that as well. This is also part of
the robustness part. How the software and
the hardware is compatible. Mender knows that this
is a beagle-bone, and then it also knows that the software is built
for a beagle-bone.>>Got it.>>This is why it will say
one device will be updated.>>Got it.>>Then now, the Mender Client
is running on the device, and it will check if there’s an update available
at regular intervals. Then the server tells it, yes there’s a new updated artifact
available for you. It will start downloading it, and stream it to
the inactive partition.>>Got it. It comes
from Mender itself, so that the image is hosted on
your instance of Mender.io.>>Right.>>Right. So basically, you
don’t go and pick it up somewhere else unknown,
you have it there. Or do you have any way of signing
the image or something to ensure that what you’re downloading
is actually what you want?>>Yes, we do. There’s obviously
a TLS transport security.>>Okay. Yeah.>>This one is not signed, but we do support co-signing.>>Got it. Okay.>>As part of
your development process, you are doing the QA, you practice the QA manager
can sign this offline, just test them in, sign it with
a key has offline, and upload it. The public key will be
on the device to verify.>>Awesome, cool. How long does it take actually for doing such as an update,
as an example?>>This will actually take a while, but what I can do instead of waiting.>>How many minutes
is a while for you?>>Maybe it depends on
the metric connection. I would say maybe like 15, but what we can do and start this
to demo the robustness aspect. Now, I just unplug the device->>Got it.>>-while it was updating.>>Yeah.>>If you’re not careful on
the way you’re doing updates, this could lead to
problems obviously.>>Yes, obviously.>>This happens all the time because your device is
running on battery.>>Yeah.>>You have users that unplug
devices and you never know.>>Classic.>>Maybe you turn off your car,
or something like that.>>Yeah. They have
rules you can set up on the device itself for
retrying the download, or is it like something
is managed in Mender, we can actually set things up, and number of retries,
something like that.>>Yes, we can
configure this as well.>>Okay.>>So by default, it will retry, I think, three times.>>Okay.>>But you can also create scripts or executables to such conditions for when is a good time
to do updates. For example, if for a car, I don’t want to update
it while I’m on 3G connection on
the road, for example. But when I get home, I
have Wi-Fi connection, you can make a script to check, is it on Wi-Fi, yeah, then
I will proceed the update.>>Got it. Here, we see one failed.>>Yes. So that was unfortunate,
but that’s expected.>>Because you unplugged it?>>That’s right.>>Basically. Okay.>>Yeah, so in this case, you can still see the device
itself is fully operational. You can see the log as well, this is quite detailed. But you can diagnose what
really happened here.>>Okay.>>But you can still see the
device is still being updated.>>It’s still not messed up.>>Right, and it’s on the same version that it was
before we started the update.>>Okay. Safe, still working. You’re going to retry
the update later.>>Yes.>>All managed by Mender.io?>>Yeah.>>Awesome, all that is open-source. The Mender.io, actually
we’re going to add the links, easymender.io.>>Yeah.>>Eystein, thanks a lot for
that insight into Mender.io, and the integration with IoT Hub. You guys, thanks for watching. Hope to see you soon on the IoT Show. Don’t forget to subscribe.


Leave a Reply

Your email address will not be published. Required fields are marked *