Mender blog

Releasing new automation features with hosted Mender and 2.4 beta

We are excited to announce an update to all hosted Mender plans (Starter, Professional, Enterprise) and release of Mender 2.4 beta!

Mender 2.4 will reduce risk of errors and security incidents and increase operational efficiency through automation.

Mender 2.4 introduces automatic assignment of delta updates, automatic deployment retries, Role Based Access Control, Dynamic groups, software distribution overview, and improved device filtering.

The availability of the new features depends on the commercial plan listed on the features page.

The new features are described below. A more detailed description can be found in the Mender 2.4.0 beta release notes.

Automatic assignment of robust delta updates

Robust delta updates support was introduced in Mender 2.2. This feature is now extended with automatic assignment of delta updates which saves time and reduces chances for deployment errors. Delta updates offer fully robust automated rollback support, enabling 70-95% of bandwidth reduction, and associated cost, compared to full system updates.

With automatic delta assignment the Mender server automatically decides the correct software Artifact based on the version each device is currently running. The Mender server selects a delta update if available (i.e. has been generated and uploaded) for the given device, and also supports full image update if no delta update is available.

This feature is only available in Mender Enterprise.

Automatic retry of failed device deployments

Deployments to devices might fail for various intermittent reasons like loss of power, network or device usage. Automatic retry upon failures reduces device deployment error rates up to 90%. This translates to time and money savings managing deployments, and also leads to customers receiving the updates faster. This is of value particularly in volatile environments, such as consumer electronics where end users control devices, and for larger scale environments, where diagnosing individual device failures is infeasible.

The number of times the deployment should be retried before it is marked as failed can be customized. This customization ensures each device is retried the maximum times and devices succeeding the deployment are never retried.

This feature is available in Mender Professional and Mender Enterprise.

Role Based Access Control

Role Based Access Control (RBAC) significantly reduces the risk of accidental and unauthorized deployments. Users of the Mender server can be assigned Roles with limited access, based on the responsibility of the user and required tasks. Role assignments reduce the risk of accidents, such as deploying beta software to production devices. It further reduces the security impact of any compromised Mender server user accounts.

Mender 2.4 supports four different Roles:

  • Administrator: Full access
  • CI: Intended for Continuous Integration systems. Intended to only manage Mender Artifacts, such as upload and delete Artifacts.
  • Read only: Allows the user to see the status of devices and deployments, but not make any modifications. This role is well suited for limited technical support users, or team leads who need an overview of deployment status or individual devices, but are not involved in day-to-day deployment management.
  • Device groups Role (experimental UI): Grant access to a customizable set of Device groups in Mender. The most common use case here is to allow developers full access to Test devices, while only selected users have access to Production devices. Another common use case is to segregate device access based on geographical location, e.g. Europe vs. US.

The Device groups Role is currently experimental because it is not yet fully supported in the Mender web UI. The Device groups role is secure and can be used today with API-only access. Web UI support will be available shortly. Please contact us for more information.

This feature is only available in Mender Enterprise.

Dynamic groups

Dynamic groups allow devices to be grouped and assigned deployments dynamically based on filters on device attributes. This saves significant time compared to managing static groups, while also opening up for many new use cases, two of which are covered below.

First boot update: Devices can automatically be updated to the latest software release on first connection to the Mender server. This shortens a new product’s time to market because manufacturing can be started with minimal software, before the final software is ready, allowing for many months to finalize the software while the devices are en route to distributors and customers. It also enhances customer experience by ensuring the latest features and bug fixes are applied as soon as possible, as well as reducing the risk of security issues by addressing vulnerabilities found after manufacturing.

Geographic segregation: A common deployment workflow is to deploy to one geographic location after the other (for instance ‘follow-the-sun’ rollouts). Device group membership by location can be automated with Dynamic groups if an attribute for geolocation is available on the device, such as the IP address. Geographical deployments can lower customer support volume, especially if combined with Phased rollout as potential issues can be detected before the update hits the big masses. Customizing devices based on location can improve customer satisfaction by providing local language support, and ensures compliance of local regulations.

This feature is only available in Mender Enterprise.

Software distribution overview

The new software version distribution graph in the Mender web UI quickly displays the distribution of software releases running across all devices, or by device group such as by customer or geography. It allows for quick answers to a question like “how many devices are running the latest release one week after it has been deployed?”.

This new overview saves diagnostics time by quickly identifying the share of devices on old software versions, share of devices in need for redeployment, and further investigation. It improves customer experience by detecting potential issues with devices running outdated software before the customer notices.

Adoption of new releases can also easily be tracked for business analysis purposes.

This feature is available in Mender Professional and Mender Enterprise.

Improved device filtering

Device filtering in the Mender UI has improved usability to quickly filter on a device attribute to find a device. When frequently looking up individual devices for diagnostics purposes, this enhancement will save significant time and effort.

This feature is available in all Mender editions and plans.

Smaller and simpler server

In order to significantly reduce the footprint and simplify management of the Mender server, three major server dependencies have been removed. If you are running Mender on-premise (Open Source or Enterprise), with Mender 2.4 you will no longer need to run Conductor, ElasticSearch nor Redis as part of the Mender server stack.

Instead we have introduced a lightweight service called “workflows” that cover the same functionality Mender required from these three larger services.

Try the new features

Try out all the new features with a hosted Mender Enterprise account today. Simply contact us for an evaluation account. For new features available in the free offerings, such as Starter (time limited evaluation) and Open Source you can sign up for directly. See the Mender pricing page for an overview.

The new 2.4 documentation section includes all the necessary resources. We recommend new users to start with the Mender Quickstart with Raspberry Pi.

Support for your board

If you are new to OTA updates, or lack time to integrate the Mender client with your specific board for robust A/B system updates, several resources are available to you:

The Board Integrations category in Mender Hub is a community site to contribute, reuse and maintain Mender board integrations.

We are happy to help with consulting services to ensure verified Mender support for your board.

Share your feedback

We would love your general feedback on Mender, whether positive or in need for improvement, in the Mender Hub General Discussions forum. Your continued feedback helps Mender meet your needs even better in the future!

If you believe you have encountered a bug, please submit your report at the Mender JIRA issue tracker.

We hope you enjoy all the new features, and we look forward to hearing from you!

Recent articles

Driving secure innovation: ISO/SAE 21434 & UNECE compliance

Driving secure innovation: ISO/SAE 21434 & UNECE compliance

ISO/SAE 21434 and UNECE R155/R156 standards reshape cybersecurity in software-defined vehicles. Compliance with these frameworks is essential for protecting consumers, ensuring vehicle safety, and driving innovation in the automotive industry.
CVE-2024-46947 & CVE-2024-47190 - SSRF issues in Mender Enterprise Server

CVE-2024-46947 & CVE-2024-47190 - SSRF issues in Mender Enterprise Server

Recently discovered security vulnerabilities in Mender Server have been fixed.
CVE-2024-46948 - Missing filtering based on RBAC device groups

CVE-2024-46948 - Missing filtering based on RBAC device groups

A customer recently notified us of a security issue in Mender. For users of RBAC and device groups, one specific API did not filter devices correctly.
View more articles

Learn why leading companies choose Mender

Discover how Mender empowers both you and your customers with secure and reliable over-the-air updates for IoT devices. Focus on your product, and benefit from specialized OTA expertise and best practices.

 
sales-pipeline_295756365