The Future of Device Management: How to Create a Cohesive IoT Deployment Strategy
In this guide, we’ll explore the ins and outs of effective device management, from initial provisioning to software and firmware updates.
Author: Justin Schneck
SOFTWARE ENGINEERING FELLOW
As a Software Engineering Fellow at Very and Co-Author of the Nerves Project, Justin Schneck guides Very’s engineers on work related to Nerves and uses Nerves to solve real-world problems for our clients.GO TO PROFILE
The Internet of Things (IoT) can drastically improve business operations in many industries and even create entirely new business models. Real-time communication with smart devices gives companies valuable data and opens the opportunity for proactive — or even automated — maintenance. But this opportunity raises a question: how can organizations efficiently monitor and maintain their IoT fleets?
The more you invest in your IoT strategy, the more complex the IoT device landscape becomes, and each unique device requires management through the device’s entire lifecycle. Just like smartphones need frequent software updates to improve security, add new features, and fix bugs, IoT gateways and edge devices need the same kinds of updates. In this white paper, you’ll learn about why a robust device management strategy is crucial for your enterprise IoT strategy’s success.
Challenges for IoT Device Management
With device management being so important, you would think that creating a comprehensive device management strategy would be a solved issue. It’s helpful to look at the different stages of the IoT development lifecycle to understand why it’s more complex than it may seem.
The main goal of the initial prototyping stage is to show how a device can be connected and the value of analyzing device data. Then companies move to a pilot that deploys their solution to a limited number of users and devices. Most companies don’t seriously consider choosing a feature-rich device management solution during these stages because their needs don’t yet require advanced functionality.
However, as the solution scales, the number of devices and connection mechanisms can grow exponentially. The development team will also have to deal with multiple firmware versions when working with diverse and distributed devices. Additionally, the push toward doing more processing and computation at the edge requires software that’s constantly updated to get the most value from more powerful edge devices.
Companies that use a short-sighted approach to device management will be unable to manage the growing number of configurations for both the devices and the software running on them. Put simply, it’s essential to find a device management solution that can scale from day one to the potential deployment scenarios. Such a solution will unlock operational efficiency and significantly speed up time to market. The goal is to remain flexible and keep your options open while scaling up, avoiding getting locked into solutions that only work for small systems.
Security is a clear reason that device management is crucial even for small deployments. Not only are governments introducing legislation requiring IoT products to meet industry security standards, but security breaches — even at a small scale — can do severe brand damage.
Sidebar: California’s Security of Connected Devices Law
In January 2020, California introduced legislation requiring manufacturers of connected devices to equip them with reasonable measures “designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.”1
For devices that are equipped for “authentication outside a local area network,” the law requires that one of the following security features:
1. The programmed password is unique to each device manufactured2
2. The device requires users to create a new means of authentication before first accessing the device2
Every IoT solution should have security as a foundational requirement, which can be easier said than done. New laws add complexity that requires consideration throughout the entire lifecycle. Hardware might need to be added to the design, and added considerations need to be made on how to program these unique credentials into devices on the manufacturing line. You can also pre-provision security devices to help prevent security issues during the manufacturing stage.
Cutting corners on security simply isn’t an option.
Managing IoT Device Lifecycles
Enterprise IoT solutions are assumed to last many years, so it’s essential to plan for the entire lifecycle of devices and applications.
The device lifecycle can include commissioning, bulk provisioning, security, operations, and decommissioning. It’s no easy task to manage the complexity presented by the IoT device lifecycle. Here are elements of the typical IoT device lifecycle.
Devices are shipped to consumers with factory settings and don’t yet have customer-specific configurations. But a device management system can perform initial provisioning to deploy software components and configurations automatically, without any user input.
IoT devices should be registered in the system before they’re connected and authenticated the first time. Typically, devices are identified using serial numbers, unique device certificates issued by trusted authorities, or pre-shared keys.
Often, IoT applications start pretty simple and become more complex as they mature. Added complexity can require dynamic software updates and configuration changes to certain parts of the device without disrupting service for the user. Performing service application updates or deploying new logic should be achieved with minimal downtime.
Remote Monitoring, Diagnostics, & Observability
The more devices you have in the wild, the more critical it is to have a central dashboard to provide an overview of your devices. Because the type and quantity of devices can be varied, it’s essential to be able to create device groups using specific criteria to monitor your devices effectively. Oversight into the devices themselves can give you the ability to reboot or troubleshoot the problem in the event of a malfunction.
Device monitoring and diagnostics are table stakes when deploying an IoT solution. However, monitoring can be challenging when your devices are in remote locations. In these cases, it’s still crucial to access administrative audit logs, connectivity logs, and device diagnostics so you can do troubleshooting.
When you’re gathering telemetry data, you face a balancing act. On the one hand, streaming all data to the cloud is attractive because it can allow for predictive alerts rather than reactive alerts. However, the sheer volume of data — including data about the hardware (CPU usage, etc.), audit log messages from applications, performance metrics, and much more — can create its own set of problems. Streaming data to the cloud at a cost. If you indiscriminately stream all data to the cloud, your connectivity bills could go through the roof.
In the future, device management solutions will solve this problem by leveraging more AI tools on the edge. Then devices can identify what data is essential and only communicate when they experience anomalies.
Bulk Device Management
Bulk device management, also known as mass device management, is frequently overlooked in small-scale IoT deployments because basic device management approaches will work at first. However, this approach will become problematic as IoT projects scale. Creating dynamic hierarchies and logical groupings increases efficiency for deployment and maintenance. Bulk device management strategies can also be set up as one-time tasks, recurring tasks, or even automated rules that are triggered by schedules, constraints, or conditions. You can logically group devices by geography, across product lines, in a flexible way.
Once your devices are deployed in the wild, it’s vital to update them frequently to keep up with changes to your IoT ecosystem. This configuration could be in the form of issuing certificates, changing connection intervals, etc. Using mass management features, you can execute all configuration-level tasks based on robust rules and run them at scheduled intervals.
Software and Fireware Updates
A core piece of any device management solution is updating software and firmware on physically distributed devices. These rollouts should be deployed to so-called “canary systems,” a group of test devices identical to those deployed in the wild. You can execute acceptance tests against actual hardware using canary systems and get feedback about your rollout’s success before deploying to your entire fleet.
These updates also allow you to build a continuous integration and continuous deployment (CI/CD) pipeline for your devices. CI/CD is a modern development approach that facilitates the frequent release of small, tested changes into a production software environment. Delivering small changes frequently makes the value of updates available to users sooner. The approach also lowers your risk because small changesets make it easier to identify the root causes of errors and recover from them.
Integration & Extensibility
Even if you plan to adopt an off-the-shelf service, almost every enterprise IoT solution requires integration in two main forms: access to robust APIs and the ability to interface with various platforms through software development kits (SDKs).
Robust APIs: To reap the benefits of CI/CD (mentioned above), you need to be able to integrate CI/CD technology into your workflows so it can adapt as technology evolves. Robust APIs should be flexible enough to seamlessly integrate your device management solution into CI/CD pipelines.
SDKs: SDKs give you the ability to support a large variety of platforms and processor types, helping you implement a truly agile hardware development process.
Sidebar: Is Agile Hardware Development Even Possible?
Believe it or not, it’s true. Agile hardware development is possible. Organizations are using Agile to reach new markets, generate new ROI, and solve problems that have left some engineers stumped for decades. Here at Very, it’s what we do best.
That said, uncertainty and skepticism of Agile development can be warranted. Many companies have tried and failed to implement Agile development practices for hardware. But if there is one lesson technology development has taught us over and over again, it’s that using the word “never” is a great way to get left behind. Learn more about Strategies for Successful Agile Hardware Development.
The process of decommissioning might affect your entire IoT solution or only specific pieces. For example, you might need to decommission your entire fleet or just a single device. This process includes the revocation of certificates and the secure deletion of any confidential or sensitive data.
MQTT: A lightweight open message protocol useful for resource-constrained connections with remote locations requiring a small code footprint. The protocol employs a publish/subscribe communication pattern is used for machine-to-machine (M2M) communication.
LwM2M: A communications protocol designed specifically for remote device management and telemetry within IoT and other M2M applications. Its modern architectural design is based on REST and builds on the CoAP data transfer standard.
LPWAN Protocols (Sigfox, LoRaWAN): Low-Power Wide Area Network (LPWAN) technology provides low cost, low power, and wide-area coverage that’s needed for a vast wireless sensor network like smart cities. Because of their power-saving capabilities, they work well in use-cases where battery capacity is limited.
HTTP: Devices can check for updates by requesting against an HTTP endpoint or remain in a constantly connected state using WebSockets. This approach works well for deployments where web traffic is allowed on an otherwise restricted network.
Types of Devices
Modern edge devices vary in terms of capabilities and methods of connecting, and your IoT solution should support different device types.
- Benefits: Low cost, minimal customization necessary
- Limitations: Resource-constrained, including energy constraints and less memory that make small microcontrollers struggle with edge computing tasks like AI/ML
- Capabilities: Remote configuration and firmware update
Small microcontrollers are low-cost devices that are suitable for basic edge capabilities like telemetry. However, they have energy constraints and are typically battery-powered. The software for microcontrollers is usually developed as part of the product design process, allowing you to bring the device online with minimal customization.
More Powerful Microcontrollers:
- Benefits: Advanced edge computing capabilities
- Limitations: Firmware design can become complex because performing multi-threaded processing in microcontroller languages can be tedious and difficult, though real-time operating systems (RTOS) can help with this
- Capabilities: Resource/device abstraction, software and firmware updates, software package management, remote configuration, etc.
More powerful microcontrollers are similar to gateways from a hardware perspective, but their software is more flexible.
- Benefits: Powerful
- Limitations: Energy inefficient depending on your use case
- Capabilities: Connect with a variety of edge devices using different communication protocols, edge computing, firmware management
Microprocessors can be as powerful as a server, providing advanced edge computing capabilities like resource and device abstraction, analytics, device history, software and firmware updates, software package management, and remote configuration. Microprocessors can even be added to your solution later in the development process and can serve different purposes over time.
- Benefits: Availability
- Limitations: Limited on the amount of background processing you can perform and the inherent risks of using a mobile device as a reliable source for connection, metered connections, large power consumption compared to the other options, device's physical location can change and may not be in range of the rest of the system
- Capabilities: Can serve as gateways
Smartphones can be used as a Bluetooth gateway for wearable devices that power many IoT monitoring apps. Smartphone-based implementations are also well suited for apps that use Identity verification, GPS-based guidance, and position/orientation awareness.
Device management solutions should be able to manage all these types of IoT devices that can be connected through wide-ranging network protocols. In some instances, you may also need to implement proprietary device management protocols.
With the ever-rising number of IoT solutions, enterprises must prioritize choosing the correct device management solution early in their IoT journey. The platform you choose today needs to be able to scale as your solution scales, managing increasing complexity.
Download the PDF
- “Security of Connected Devices,” Cal. Civil Code §§ 1798.91.04-1798.91.05(b).
- Cal. Civil Code § 1798.91.04(b) (“Subject to all of the requirements of subdivision (a), if a connected device is equipped with a means for authentication outside a local area network, it shall be deemed a reasonable security feature under subdivision (a) if either of the following requirements are met: (1) The preprogrammed password is unique to each device manufactured. (2) The device contains a security feature that requires a user to generate a new means of authentication before access is granted to the device for the first time.”).
We are ready to get your IoT project started
Focused on speed, efficiency, and scalability, our product teams de-risk projects though trusted partnership, easy communication, and an agile workflow.
Focused on speed, efficiency, and scalability, our product teams de-risk projects though trusted partnership, easy communication, and an agile workflow.