How It Works

Mender is an open source remote software manager for Linux-based IoT devices. It includes both a client and a management server, which are both licensed under Apache 2.0.

Mender enables the management of software updates to connected devices remotely over any TCP/IP network. Mender can update devices over-the-air (OTA), but also enables standalone deployments which can be used to deploy updates through external storage such as a USB stick.

Mender allows you to deploy an image-based update from the server-side component to your connected device or fleet of devices. The deployment is done securely using HTTPS and the partitioned setup makes sure your device will stay up and running should anything interrupt the update process. Mender also supports code signing for added confidence that your devices will be updated by a trusted party.

You can read more on our FAQ. Our customer case studies also detail why Mender is chosen for secure and robust OTA updates.


Mender is a client-server application, where the client is installed in embedded devices running Linux. The Mender client regularly checks with the Mender server over HTTPS to see if it has an image update available for deployment, and deploys it if there is. A dual A/B rootfs partition layout ensures robustness, so that the embedded device can recover even during incomplete or corrupted deployment installations.


The Mender management server is now published on GitHub for on-premise installations. It is licensed under the Apache 2.0 license.

Partition layout and reliability

For reliability during the update process, Mender uses a dual A/B rootfs partition layout. The Mender client daemon runs in user space in the currently booted rootfs partition.


During the update process, the Mender client writes the updated image to the rootfs partition that is not running and configures U-Boot to boot from the updated rootfs partition. The device is then rebooted. If booting the updated partition fails, the partition that was running is booted instead, ensuring that the device does not get bricked. If the boot succeeds, Mender sets the updated partition to boot permanently when Mender starts as part of the boot process.

As Mender downloads and installs the image, other applications on the device continue to run as normal. The only time the device has downtime is during the reboot into the updated partition, which typically takes a minute, depending on the device configuration.

Persistent data can be stored in the data partition, which is left unchanged during the update process.

Board support

Out of the box, Mender supports the Raspberry Pi 3 and BeagleBone Black. Mender also supports several other devices through Mender Hub, our community board integration forum. Contact us with your board information to find out more about integrating Mender with your custom board.

Choose the right plan to enable OTA updates on your device fleet with Mender


Free to use and open source from end to end

Get started

Follow the Getting Started guide to start running Mender on-premise

Better than homegrown

Full-image updates with automatic rollback

No vendor lock-in

An active community and extensive documentation to help guide you

Learn more

Hosted Mender

Save time and money with our hosted management server

Sign up now

Sign up and get $120 free credit in your first 12 months. You can cancel at any time

Focus on your core product development

A secure and up-to-date server

Extensive monitoring with production-grade uptime

Get new features first

+ all the features of open source Mender

Learn more