How Mender works

Mender supports both robust operating system updates and application updates. Learn how Mender is designed to deliver updates over the air, securely and safely.

hero-howitworks

Architecture

There are two components in the Mender architecture - the server and the client.

 

architecture@2x

 

Mender server

The Mender server stores and controls the deployment of software updates over-the-air to your devices. You can use Mender’s web UI or REST APIs to manage your devices, upload and manage software releases to the server and create deployments to roll out software to your devices.

The Mender management server is published on GitHub for on-premise installations. It is licensed under the Apache 2.0 license.

Mender client

The Mender client runs on the device and reports to the server periodically to check for updates; if there is a software update available for that device, the client downloads and installs it. The deployment is done securely using HTTPS polling, so no ports are open on the device.

Device partition for operating system updates

device-partitioning@2x

 

For operating system updates, we require a dual A/B rootfs partition layout on the device. This ensures that the device can recover even if the deployment is incomplete or corrupted during installation for any reason, e.g. due to power loss during the update process.

The Mender client daemon runs in user space in the currently booted rootfs partition. During the update process, the Mender client writes the updated image to the rootfs partition that is not running and configures U-Boot to boot from the updated rootfs partition. The device is then rebooted. If booting the updated partition fails, the partition that was running is booted instead, ensuring that the device does not get bricked.

If the boot succeeds, Mender sets the updated partition to boot permanently when Mender starts as part of the boot process. As Mender downloads and installs the image, other applications on the device continue to run as normal.

The only time the device has downtime is during the reboot into the updated partition, which typically takes a minute, depending on the device configuration. Persistent data can be stored in the data partition, which is left unchanged during the update process.

For partial updates like application updates, the A/B partition is not necessary, and the Mender client can be installed as a .deb package.

Extensibility of update types

The Mender client can be extended to support different types of updates, using a framework called Update Modules. Installing the appropriate Update Module will enable support for installing different types of software packages such as application, containers, package managers, bootloaders and proxy deployment for attached peripherals.

 

extensibility@2x

 

Update Modules give full control and customizability over how a software type is installed. They are independent executables that can be written in any programming language.

An Update Module can be tailored to a specific device or environment (e.g. update a proprietary bootloader), or be more general-purpose (e.g. install a set of .deb packages). An existing Update Module can be used as a starting point and adjusted to fit your exact needs.

When the Mender client downloads new software from the server, it will run the Update Module executable associated with the type of software downloaded. The Update Module is responsible for carrying out the steps needed to install software of this type. An Update Module can also support more advanced functionality such as rolling back a failed update.

Get started with Mender

Quickly get up and running with Mender - deploy your first OTA update in minutes. Evaluate all the advanced features of Mender Enterprise for up to 10 devices, free for 12 months.

 

Join the community

Mender is an open source project with a great community. Join the discussion, explore tutorials, and find board integrations on our Mender Hub forum.

Technical FAQ

For more about how Mender works – including details about compatibility, security and scalability – visit our Technical FAQ page.