IoT & Devices

Mender and Cloud IoT facilitate robust device update management

011-GBH-MenderPartnership.png
menders.png

In developing today’s Internet of Things (IoT) products, we find it important to build two essential features to benefit end users: support for both analytics and software updates. This combination enables product and support teams to quickly detect and remediate issues, and to address unforeseen customer needs. For example, a support team can detect an application producing a higher volume of error logs from IoT analytics data before it ever impacts the end user. Once the issue is successfully diagnosed and fixed, the fix can be deployed to all devices with over-the-air (OTA) software updates.

Google provides Cloud IoT Core, a fully managed service to easily and securely connect, manage, and ingest data from globally dispersed devices. Mender is an open source project for OTA software update management for IoT devices. Together, we have collaborated on a tutorial and reference integration to easily detect issues and the ability to remediate IoT devices with Cloud IoT Core and Mender.

A widespread challenge that many IoT developers face is the challenge of needing to build a bespoke, complete and robust update mechanism to for devices deployed in the field. The process for remotely updating embedded devices is often neglected until very late in the development cycle, resulting in incomplete or otherwise risky update mechanisms. Many developers must hastily assemble an update mechanism toward the end of the project and overlook the nuances that comprise a secure and robust update process such as:

  • Code signing (cryptographic validation) of the update image to ensure tight control over who can reprogram sensitive components.

  • Encrypted communication channels to avoid the risk of man-in-the-middle attacks.

  • Resiliency to bricking in case of power or network loss during the update process.

  • Built-in rollback in case of a failed update.

  • Atomic installations during which an update is either installed completely or not at all, removing the inconsistency and unmanageability of partial installations.

The reference integration between Google IoT Core and Mender ensures the same identity and cryptographic credentials are used by both products. Three main benefits result:

  1. You no longer need to manage device registrations in multiple places; once a device is registered in Google IoT Core, it is also registered with the Mender update service.

  2. Since the same device identity is used across the two products, you can easily correlate analytics from IoT Core with past software update deployments with the Mender server.

  3. You minimize the number of secret key credentials that need to be handled and protected, which results in stronger security through more focused oversight. In the future a single hardware-based key management system can be used for even higher levels of security.

Pre-built demo device images are provided so you can get started quickly on popular devices like the Raspberry Pi 3. When you are ready to take the next step, an automated setup of a build environment on Compute Engine is also provided. This allows you to build an embedded Linux image for a wide variety of devices, with both Google IoT Core and the Mender OTA updater client built in. It is integrated into one of the most widely used embedded Linux build systems, the Yocto Project.

You can get started with the tutorial here.