Why device management in the IoT matters and how to achieve it

This article outlines the business case for effi cient device management and introduces a solution for managing edge devices remotely, reliably, and cost-effectively.

By Keith Shea, Wind River                Download PDF version of this article

For most enterprises, the compelling case for the Internet of Things (IoT) is the ability to access the valuable data being generated by hundreds or even thousands of field devices. That can happen only if the devices delivering that data and the gateways that direct data to enterprise systems are continually performing as expected. Device manufacturers and IoT system developers need to think upfront about how to manage those devices.

Data may be the hero of the IoT story, but the real workhorses are devices at the edge of the IoT system - the things in the Internet of Things. They’re out in the field either generating and transmitting data to a centralized platform or performing automated tasks that generate data. A mundane job, perhaps, yet the overall performance of a system often hinges on the health of field devices. If a device, sensor, embedded agent, or gateway begins faltering, the consequences can be dire.

The challenge of maintaining devices may sound basic compared with aggregating and analyzing data, but it's essential to a successful IoT strategy. At a minimum, device manufacturers and system operators need a way to monitor the health of devices in the field to prevent system disruption and downtime. More importantly, they need to have an action plan: how to remedy those problems that will eventually occur. With IoT, change is constant. Business priorities will shift as companies gain insights about their operations from the data. So system operators need an efficient, scalable way to provide updates across a large fleet of devices. Security, too, is a major concern. If vulnerability is discovered in device software, patches must be deployed quickly - before intruders can exploit the gaps.

Device manufacturers and system developers need to plan for these contingencies at the design stage. With potentially thousands of field devices in play, it's not feasible or cost-effective to rely on truck rolls for fixes and updates. Instead, what’s needed is a way to perform these tasks remotely, at scale, and over the Internet. But IoT data collection typically runs just one-way—from device to cloud. Even when operators detect device anomalies, they typically don't have the tools to push commands back to the device and fix the issue. So the initial design of an IoT system must consider the entire operating lifecycle, from deployment to decommissioning. Several distinct but interrelated issues must be addressed.

Once devices are deployed and connected, operators need a way to activate and provision them efficiently. Today, that often means physically going from device to device and loading applications or performing upgrades manually. IoT system operators need to be able to configure, provision, and manage field devices remotely. Device security is critical to an IoT system. Hackers often target endpoint devices as a means of gaining entry. And security breaches at the device level can have severe consequences: financial losses, damage to credibility, and even endangerment of human life. But securing devices is challenging since they're vulnerable to both physical tampering and network-borne threats. System operators need the right tools to monitor remote device performance and check for security vulnerabilities. They also need to be able to send instructions to those devices to correct a problem or change a function. This requires full two-way communication, where responses to devices can be completely automated.

Historically, information technology and operational technology systems have been kept separate. But IoT systems need to be integrated, with a centralized place to aggregate, analyze, and store data. While the devices in enterprise applications can perform for years, the software running on them will require regular updates and upgrades: from bug fixes to security patches to overall software improvements. And once an upgrade or a new application is ready, operators need to be able to deploy it quickly and cost-effectively to many devices at once. Developers must plan for end-of-device life at the design stage so operators can easily and remotely remove a device from service.

Figure 1. Block image of the Wind River Helix Device Cloud

The challenge facing every IoT system developer and operator is how to gain consistently reliable and secure remote control over devices typically far away and connected via the public Internet. Device management should be part of an IoT strategy from inception. But trying to build device management and two-way communication capabilities into a system from scratch can take time, devour resources, increase costs, and delay deployment.

A more practical solution is to leverage technology designed specifically for IoT device deployment and management. Wind River Helix Device Cloud is the ready-built platform that makes it possible. The solution also provides RESTful APIs, enabling IT and OT professionals to quickly build vertical-specific IoT solutions and integrate disparate enterprise IT systems. With Device Cloud, industrial companies can easily build device management capabilities into their infrastructures and greatly reduce the complexities of rolling out large-scale device deployments. Device Cloud gives customers the following abilities.

Deploy: connect devices to the cloud. Devices can be provisioned via a startup.bin file, authenticated via certificate exchange, and configured via network settings in the OS.

Monitor: record device-related information. Data is collected on device health (CPU, memory, etc), operations (pressure, speed, etc), connection status, and device alerts, for example.

Service: diagnose and repair devices remotely. Device application log files and historical trend data are analyzed, a tunnel is established to allow secure, remote device access, and repair procedures (change settings, push updates, etc) are conducted, when necessary.

Manage: track device properties and changes. The agent reports device properties and other “inventory” information that may be useful for understanding what is running in the field.

Update: deliver content and software updates. Updates can be made to files, application software, the agent, and even the OS kernel.

Decommission: remove devices from the system. Devices are stopped but agent files remain (deactivate), device is returned to factory default state, or devices may be deleted from the cloud, and all device data is erased (decommission).

Device Cloud automatically collects and integrates data from disparate devices, machines, and systems, enabling operators to track device status, share data, and proactively determine when updates are needed. Using an embedded software agent, device properties and operating data can be transmitted securely to the cloud. Operators can easily view device information through a web-based management console, perform diagnostics, and take prompt corrective action. The cloud-based platform is also designed to integrate with enterprise systems that utilize or analyze data from IoT networks. Device Cloud data and event forwarding ensures that device health issues will signal other systems of potential problems, allowing them to respond accordingly and prevent ingestion of potentially bad data.

Recent security breaches with connected field devices have brought the urgent imperative to protect connected systems to the forefront of the IoT conversation. Security is imperative for IoT applications, for the protection of the machines they control, and for the people who depend on their reliable performance. Further, an industrial company’s success hinges on securing their connected devices and their data. Effective security requires an end-to-end strategy that spans the entire application lifecycle.

Security adds a additional layer of complexity. Without proper planning, building in security functionality can slow down development, drive up costs and, in some cases, impair the performance of a deployed application. With Device Cloud, users can build IoT applications on a platform using pre-configured, integrated software components in which many security issues have already been addressed. This takes the onus off developers to identify, source, and patch together different security technologies as development progresses, resulting in a much more efficient development process, much less system complexity, and a reduced risk of security gaps due to misconfiguration. Device Cloud includes a wide range of pre-configured features that enable developers to implement security measures across the device lifecycle at the design stage, including: secure boot, device software update mechanism, SPM, application whitelisting, network, data, and device encryption, embedded credentials and certificates, Trusted Platform Modules, access permission, software isolation, and integrity measurement. By providing pre-integrated security components, Device Cloud helps developers mitigate the risk of misconfiguration and implement security without delaying development or compromising system performance.

With IoT adoption becoming widespread, a growing number of enterprises are unlocking the valuable data generated by their everyday operations: gaining business insights, optimizing operations, improving profitability, and uncovering new business opportunities. But IoT can only be effective if connected devices are actively monitored and managed. Fortunately, technology exists that makes it easier to build that capability into IoT devices and systems. Utilizing Device Cloud, device manufacturers and IoT system developers can accelerate device deployment and close a critical gap in IoT operations, ensuring that the devices enterprises depend on for crucial business data are secure, responsive, and performing at the highest possible level.


An introduction to the SuperTest MISRA suites

The SuperTest MISRA suites are created to verify the conformance of MISRA checking software. The aim of a, so-called, MISRA checker is to check application software for its compliance with the MIS...

Coding safe and secure applications

The world is becoming far more connected, and systems are vulnerable to malicious attacks via these connections. Safety and security are different, but there are some common ways to achieve them i...

Data Distribution Service in autonomous car design

Builders of autonomous vehicles face a daunting challenge. To get a competitive edge, intelligent vehicle manufacturers must deliver superior driving experience while meeting demanding requirement...

Nine Steps to Choosing The Right Coding Standard

Selecting the right coding standard is an essential building block for safe and secure coding. While superficially many coding standards and automatic analysis tools may look similar, they can be quit...

Basics and tools for multi-core debugging

In the past, debugging meant seeking for variables written with wrong values. These days, it’s completely different: for the multi-core systems used nowadays in automotive control units, deb...


ZES Zimmer on testing advanced power electronics

In this video Bernd Neuner from ZES Zimmer talks to Alix Paultre for Electronic News TV at the 2017 Power Electronics Conference in Nuremberg. The discussion deals with the issues involving test and m...

Weidmüller discusses the need for a better signal and power interface

In this video Rene Arntzen from Weidmüller talks to Alix Paultre of Electronic News TV about the importance of a good signal and power interface for industrial equipment. There is currently no good ...

Mouser talks about the state of engineering development today

In this video Mark Burr-Lonnon and Graham Maggs of Mouser Electronics, a major international electronics distributor, talk to Alix Paultre about the state of engineering development today. With massiv...

Infineon launches a new family of configurable industrial drive boards

In this video Infineon explains their new family of configurable industrial drive boards at SPS-IPC Drives 2017. Intended to enable easy setup and deployment, the XMC-based automation boards can handl...

STMicro explains their STSPIN family of single-chip motor drivers

In this video STMicroelectronics explains their STSPIN single-chip motor drivers at SPS-IPC Drives 2017. The STSPIN family embeds can drive motors efficiently and with high accuracy, with an advanced ...