The intersection of modern OTA updates and configuration management

The term over-the-air (OTA) updates is today often used interchangeably with “software updates” in the context of connected devices and IoT.

However, the term originates from the telecom industry, where it has been used for a much wider scope than just software. For example, a special type of SMS message from the cellular provider to all phone subscribers can change the way phones are configured against the network. For customers installing a new cable modem, an initial OTA update properly registers the modem with the network and reboots it.

At the same time, more advanced operating system configuration management is today a mature industry in server and cloud infrastructure. Typical use cases include:

• Network configuration
• SSH daemon configuration
• User management
• Service management
• Package management
• and many more

Now that especially Linux-based connected devices are becoming more powerful and the software systems running on them become more complex, the same use cases start to apply here.

Requirements for updating software to connected devices is inherently different than for cloud infrastructure because connected devices must be treated as unreliable and are not redundant. For example, if a software update is partially or half-way installed on a remote location, the device might get “bricked” and there is no way to “spin up a new device”. So the software update process needs to be robust (atomic, supporting rollbacks) and secure (authenticated communication and cryptographically verified software).

Given all this, an OTA update manager like Mender can be combined with a mature configuration management system like CFEngine in order to play to the strengths of both types of tools to provide both robust software updates, as well as more advanced, dynamic per-device configuration.

Take a look at the Mender Hub article Integrate CFEngine configuration management into Mender to see one approach for integration of these two types of tools by first deploying a software update and then following up with powerful device configuration.