Blog

Mender and Microsoft Azure IoT Facilitate Robust and Secure Device Software Management Update

We are thrilled to announce our collaboration with the Azure IoT team at Microsoft for reference integration of Mender, an end-to-end open source OTA software update manager for IoT products. Microsoft Azure IoT is a secure, open and scalable cloud platform to connect, monitor, and control billions of IoT assets.

In developing today’s Internet of Things (IoT) products, support for both analytics and software updates are paramount. This combination enables product and support teams to quickly detect and remediate issues, and to address unforeseen customer behavior. For example, a support team can detect an application producing a higher volume of error logs from IoT analytics data before it ever impacts the end user. Once the issue is successfully diagnosed and fixed, a patch can be deployed to all devices with over-the-air (OTA) software updates.

We have collaborated on a tutorial and reference integration to support application and system updates, which means one solution for all updating needs. System updates provide a brick-safe way to patch the latest security updates, limit application sprawl and ensure all software is consistent across devices. Application updates provide small, fast and targeted improvements to the differentiated applications allowing for new features to hit the market faster.

A widespread issue many IoT developers face is the challenge of needing to build a bespoke, complete and robust firmware and software update mechanism for devices deployed in the field. Many developers must hastily assemble an update mechanism toward the end of the project and overlook the nuances that comprise a secure and robust update process such as:

  • Code signing (cryptographic validation) of the update image to ensure tight control over who can reprogram sensitive components.
  • Encrypted communication channels to avoid the risk of man-in-the-middle attacks.
  • Resiliency to bricking in case of power or network loss during the update process.
  • Built-in rollback in case of a failed update.
  • Atomic installations during which an update is either installed completely or not at all, removing the inconsistency and unmanageability of partial installations.

The reference integration between Azure IoT and Mender ensures the same identity and cryptographic credentials are used by both products. Three main benefits result:

  1. You no longer need to manage device registrations in multiple places; once a device is registered in Azure IoT, it is also registered with the Mender update service.
  2. Since the same device identity is used across the two products, you can easily correlate analytics from Azure with past software update deployments with the Mender server.
  3. You minimize the number of secret key credentials that need to be handled and protected, which results in stronger security through more focused oversight. In the future a single hardware-based key management system can be used for even higher levels of security.

Mender’s Eystein Stenberg appeared on the Channel 9 IoT Show to demonstrate how it works, watch the full video here.

Read more on Azure IoT blog. Get started with the tutorial here.