United States - Flag United States

Please confirm your currency selection:

Bench Talk for Design Engineers

Bench Talk

rss

Bench Talk for Design Engineers | The Official Blog of Mouser Electronics


IoT Device Management Affects System Design Sravani Bhattacharjee

(Source: THINK A/Shutterstock.com)

Gone are the days of manually provisioning devices and equipment. In the world of the Industrial Internet of Things (IIoT), as millions of smart, connected devices proliferate the market, there must be a scalable and reliable solution to provision and manage devices. That’s what makes device management a must-have component of today’s connected ecosystem, and thoughtful device management needs to be designed into IoT systems. Here’s a quick rundown of IoT device management.

A Quick Peek into IoT Device Management

There are two main aspects of device management (DM):

  • Onboarding of new devices. For example, provisioning configurations to deploy 10,000 smart bulbs across a large industrial site
  • Management of the installed devices throughout their life cycle. Involves secured provisioning, identity and access control, configuration management, remote monitoring of device health, and retirement of unused devices

DM for the IoT and for mobile devices (smartphones, tablets, etc.) might appear similar, but the former is much more challenging because of a highly heterogeneous mix of devices in any deployment in terms of operating system, application, and service layer functionality.

For cost-efficiency reasons, IoT DM platforms are typically cloud-based and often built into the IoT solution. While designing the application and service layers of the product, you have a choice to either customize them to a specific cloud platform (such as Amazon Web Services, Microsoft Azure, IBM, Predix) or design them as platform agnostic.

An automated device provisioning service registers new devices with geographically diverse points of presence, manages device configurations, secures devices by pushing over-the-air (OTA) patches and updates, and reprovisions devices when they reconnect or relocate. For secure and efficient access to device state information and health data and to facilitate analysis and business application development, a virtual replica of each device is maintained in the cloud. This replica is referred to by various names by various cloud platforms—for example, digital or device twins and device shadows. The digital replica in the cloud and at the edge are state synchronized with the physical device in quasi-real time. This mechanism gives greater visibility into device state, security posture, its software and firmware versions, and device health (Figure 1).

Figure 1: DM using a state-synchronized digital replica at the edge and in the cloud. (Source: Practical Industrial IoT Security, Packt)

Fundamental Aspects of DM Design

Design for any IoT system must factor in the following fundamental aspects of DM:

  • Authentication and provisioning
  • Configuration and control
  • Monitoring and diagnostics
  • Maintenance and patching

Authentication and Provisioning

Network-connected devices provide an excellent entry point for attackers unless adequate security is built in. As soon as a device is connected, the DM platform needs to verify that the new device is indeed trustworthy. During authentication, devices establish their identity by using credentials. Default user names and passwords are the least reliable credentials for the machine-to-machine world. Password-less authentication using keys and certificates and hardware-based root-of-trust are more suitable credentials to consider. Some original equipment manufacturers install certificates before shipping the product. Additional certificates can be added along the supply chain to create a chain of trust. Safe storage of credentials, run-time processing, power consumption, etc., are important considerations at this stage. After the device has successfully authenticated itself, the DM platform can begin provisioning to enroll the device based on its access privileges.

Configuration and Control

Typically, your device would be shipped with default configurations. Once deployed, the DM platform applies use case–specific configurations such as location, unique ID, and other application-related settings. For example, a device that is provisioned to track location and report on-vehicle telemetry in a fleet management system would need to be programmed with the vehicle’s license plate or vehicle identification number, and notification frequency. Remote programmability and secure application programming interfaces and configuration interfaces are important considerations at this stage.

From a control perspective, it should be possible to power off the device remotely or reset it to recover from error conditions or retire it. Remote commands to apply firmware updates, patch bugs, and reload are also necessary features.

Monitoring and Diagnostics

Typical IIoT deployments involve thousands of devices installed in locations that are not easily accessible for in-person troubleshooting. To minimize the fallout of unscheduled downtime, it’s important to detect failures early. Most DM platforms come with continuous monitoring capabilities to collect device health data such as CPU usage, account activity, network traffic, and process-level input/output activities to detect anomalies. To support these data, the system should generate in-depth logging, run-time statistics, and process dumps for diagnostics for remote triage.

Maintenance and Patching

It’s unfortunate but true that no software is 100 percent bug free when shipped. After device deployment, bugs and security vulnerabilities are sure to surface. Besides, you might want to introduce feature enhancements for the software and firmware. Thus, throughout the product’s life cycle, it would be necessary to apply software and firmware patches and upgrades.

The challenge here again is that IoT devices are many in number, and they are often installed in bandwidth-constrained areas where connectivity is intermittent. It’s necessary to design products that can handle OTA updates during upgrade windows over encrypted communication channels for security.

Conclusion

Much like a device’s power supply module, DM features seemingly do not add any differentiating value to the product; as such, their inclusion tends to be an afterthought. These features are, however, critical to reducing downtime and improving run-time efficiency, which directly affects the financial bottom line. Many commercial development platforms from Microsoft, Wind River, Intel, and other vendors simplify the integration of DM, which system designers and developers can use.



« Back


Sravani Bhattacharjee has been a Data Communications technologist for over 20 years. She is the author of “Practical Industrial IoT Security,” the first released book on Industrial IoT security. As a technology leader at Cisco till 2014, Sravani led the architectural planning and product roadmap of several Enterprise Cloud/Datacenter solutions. As the principal of Irecamedia.com, Sravani currently collaborates with Industrial IoT innovators to drive awareness and business decisions by producing a variety of editorial and technical marketing content. Sravani has a Master's degree in Electronics Engineering. She is a member of the IEEE IoT Chapter, a writer, and a speaker.


All Authors

Show More Show More
View Blogs by Date