Mender blog
Here at Mender.io, we did a comprehensive survey with embedded developers and what they did with devices that required software updates over-the-air (OTA). Our findings included two very distinct approaches to handling updates, which we will go over in more detail in this blog post.
The results of our survey included the following:
Whether you do manual firmware updates to your devices or have the capability to provide them over-the-air, there are two primary methods to deploy them: image-based or package-based updates.
The most quoted reason why image-based updates was chosen is confidence in device consistency. Of course, consistency helps lower the risk of device downtime and the developers we’ve surveyed claim they feel strongly that what they tested in the preproduction/test environment is exactly the same as the one being deployed to the devices in the field. It also makes the design easier for atomic installation using a failover partition if there is a problem such as a power loss during the installation.
Package-based updates have the benefit of being more targeted and only changing a small part of the device software. Another key benefit is less consumption of the bandwidth and of course helping with the time to transfer and installation.
There are pros and cons to each approach. For example, a package-based update may be smaller to transfer and install, but it can be an enormous challenge to properly test and there are simply more moving parts that increases the likelihood of errors. With an image-based approach, the size means a larger consumption of bandwidth and the time it takes for delivery and installation. But it is atomic, meaning it will either work or not and eases the testing burden.
Ultimately, the context of your specific situation with your connected devices will dictate which approach works best for your team to ensure bug-fixes get delivered, security vulnerabilities are patched, and new features are delivered for your customers.
Recent articles
Why a robust over-the-air (OTA) update process is critical in today’s digital age?
Lessons learned from Crowdstrike: Organizations must embed digital resilience throughout their device management lifecycle
Enhancing sustainability in oil & gas: tackling methane emissions with cutting edge solutions
Discover how Kuva Systems overcame challenges in managing methane emission monitoring cameras in the oil & gas industry with advanced OTA updates and remote troubleshooting.
CVE-2024-37019 - Account takeover using SAML
CVE-2024-37019 is an account-takeover vulnerability in Mender Enterprise which was fixed in versions 3.6.4 and 3.7.4.
Learn more about Mender
Explore our Resource Center to discover more about how Mender empowers both you and your customers with secure and reliable over-the-air updates for IoT devices.
