Mender blog

Device Update for Azure IoT - How to Get Started

Azure IoT Hub enables developers to put device management capabilities into their products' device twins. This enables synchronization of device configuration. Automatic device management is also enabled so configuration changes can be deployed across a large device fleet.

Critical importance of update manager

An update manager must also be factored in when you want to have device management capabilities all in one place. This is especially the case for a large fleet of devices. This is also critical in order to respond quickly to security vulnerabilities through deploying fixes, delivering new functionalities and performing updates of all kinds with automation and to scale.

Shared device identity between Azure and Mender

There is an integration between Azure IoT Hub and Mender which allows for IoT device identity credentials to be shared between Mender and IoT Hub which is accomplished using a custom allocation policy (A custom allocation policy gives you more control over how devices are assigned to an IoT hub. This is accomplished by using custom code in an Azure Function to assign devices to an IoT hub. The device provisioning service calls your Azure Function code providing all relevant information about the device and the enrolment. Your function code is executed and returns the IoT hub information used to provision the device); and Azure Functions (Azure Functions is an on-demand cloud service for continually updated infrastructure and resources needed to run applications).

As a result of this Azure-Mender integration, operators can monitor IoT device states and analytics through their product built with Azure IoT Hub, and then assign and deploy over the air updates to those devices using Mender because they share device identities.

This is a solution that customers can use to publish, distribute and manage over the air updates for everything from tiny sensors to gateway level devices. Mender provides both the management server and the device update agent (client) in this operation. Tiny sensors are supported through proxy deployments .

The full integration between Azure DPS and Mender is described on Github and leverages Azure Device Provisioning Service and IoT Hub. It automates authentication of devices in Hosted Mender so that when devices are provisioned into Azure Device Provisioning Service, they are also automatically pre authorized in Hosted Mender. Once this step is done the Mender device client can immediately start deploying software updates to provisioned devices.

The following flow diagram illustrates the integration path:

mender-azure-integration-flowchart

Benefits of this Azure and Mender integration

With this integration, when an operator performs a firmware update or an application update, they get additional security benefits as both Azure DPS, IoT Hub and Mender use the same identity credentials. Administrative burden is also minimized as the need to manage device registrations in multiple places is removed; as once a device is registered in Azure IoT, it is also registered in Mender. There is a further security benefit: the number of secret key credentials that need to be handled and protected is also minimized.

Users also get to perform flexible and customizable updates with devices that are pre registered in Azure IoT Hub. The following advanced updating capabilities can be applied to an Azure-registered device fleet:

Prevents device bricking - A/B device partition design on the device where if an software image update fails, the device will roll back to the previous software version thereby avoiding corruption upon the new update. According to Mender product engineering research, 8.5% of IoT devices can fail to update within 3 years of deployment in the field. Device failure is a big risk for the business but Mender has a unique technology that prevents this.

Advanced deployment automation - For maximum efficiency and time saving, Mender offers update retries to assure that an update can be performed irrespective of a disconnection, synchronized updates1 to ensure that devices with certain attributes get the same updates at precisely the same time; and phased rollout so that software updates can be gradually rolled out across a large device fleet thereby minimizing the risk of something going wrong upon update.

Delta updates - Customers often need to update IoT devices in conditions of low bandwidth or intermittent cellular or satellite connectivity. Mender can reduce the size of the update by up to 90% to save on data transfer time and cost, and schedule resuming updates in case of connection loss. In this Mender Hub tutorial, you can learn how to perform delta updates with Yocto and Raspberry Pi 3.

The best place to do a test of the Azure Mender integration is to sign up for a Mender Enterprise Free trial where all features and add-ons are available for 12 months for free; and refer to the Github documentation for hints and guidelines on how to setup the existing integration.

New improved Azure Mender integration coming soon

This integration is currently being further improved. Mender users will be able to provision and inspect devices registered in Azure IoT Hub through the Mender Web UI. They will also be able to synchronize information about the device such as its software update status or configuration with the Azure Device Twin without any extra components required. This means that devices only need to be provisioned and managed in one place while the users get the benefits of both Mender and Azure for device fleet management at scale.

If you would like a sneak preview of the upcoming integration improvements, please visit this preview page and leave your email address.

 

Notes

1. The synchronized updates feature has since been deprecated – read more here.

Recent articles

An Overview of EU Cyber Resilience Act (CRA) Compliance

An Overview of EU Cyber Resilience Act (CRA) Compliance

Learn how the EU Cyber Resilience Act (CRA) enforces stringent cybersecurity requirements for PDEs. Explore compliance essentials in part 1 of 4
Mender versioning: New releases by component

Mender versioning: New releases by component

Explore Mender's shift to independent component releases and versioning, designed to enhance update speed and user clarity.
Driving secure innovation: ISO/SAE 21434 & UNECE compliance

Driving secure innovation: ISO/SAE 21434 & UNECE compliance

ISO/SAE 21434 and UNECE R155/R156 standards reshape cybersecurity in software-defined vehicles. Compliance with these frameworks is essential for protecting consumers, ensuring vehicle safety, and driving innovation in the automotive industry.
View more articles

Learn why leading companies choose Mender

Discover how Mender empowers both you and your customers with secure and reliable over-the-air updates for IoT devices. Focus on your product, and benefit from specialized OTA expertise and best practices.

 
sales-pipeline_295756365