Automating OTA Software Updates for IoT
Founded in 2015, Mender is an early-stage software company located in Palo Alto, California. The company is developing an open source, over-the-air solution for updating embedded Linux devices in the field and operates under Apache License 2.0. In addition to developing and publishing the software for enabling updatability in products, the company offers commercial support to customers.
Besides developing the embedded updater, Mender is an advocate in the Internet of Things (IoT) market that automated software updates be an integral component of open source embedded products.
Initially, Mender will support products based on Linux and the Yocto Project, which is a Linux Foundation workgroup that provides templates, tools, and methods to help users create custom software for embedded products regardless of the hardware architecture.
Software-driven transformation has been taking place in the IT infrastructure industry for decades, as servers became connected to networks, executables were abstracted through virtualization, and, finally, services were made available on demand through public clouds.
A similar software-driven transformation has taken place in the consumer electronics industry through the advent of smart devices and Apps that replace everyday physical items like Auto GPS units, newspapers, cameras, maps, alarm clocks, music players, and ATMs — to name just a few.
The IoT will bring many software innovations to embedded devices that have previously not been connected to a network. The IoT will change the business landscape in ways similar to a pattern seen in the IT infrastructure and consumer electronics industries, where companies that adopt new technologies tend to thrive, while those that pass on the opportunity expose themselves to greater risk.
Two IoT Business Drivers
The increasing interest of business executives in the IoT is accelerating the explosive growth we are seeing in today’s marketplace. When new trends arrive, discernment is required to look past the buzz and evaluate if this wave is a passing fad or if we are witnessing a sea change with a lasting impact.
Chances are that the IoT is here to stay because the drivers behind it are fundamental for every business: improved operational efficiency plus new products and services equals new net revenue streams.
There are many examples in business today of how billions of dollars in operational efficiencies are gained through the Machine-to-Machine (M2M) connection of sensors and devices, as well as the application of analytics on the collected data. In agriculture, sensors are placed in the field to measure the moisture, fertilizer level, temperature, and other key metrics that affect crop yield. By leveraging this data, farmers know precisely when to water and fertilize their crops to maximize yield. Water schedules can be correlated with weather forecasts to determine that even though moisture levels are falling below normal, nothing need be done because rain is expected the next day.
In the U.S., the overland transportation industry in 2012 was a USD 1.33 billion business, or 8.5 percent of GDP. It is clear that improving efficiency in this sector will have a massive impact. One company discovered that trucks driving very close to one another on the highway to reduce air resistance could use up to 30 percent less fuel. The problem is that because of the time it takes a human to react when the vehicle in front applies the brakes, humans cannot safely drive at such close distances. The solution is to install a connected device in each truck to assist with emergency braking. The devices in the trucks are networked with one another. Any one device will signal the other devices that ‘hard braking’ is happening, which results in the other trucks quickly and automatically being slowed down safely.
There are also major innovations enabled by the IoT that facilitate the creation of entirely new categories of products and services. A notable example is the self-driving car, which would dramatically change the way we commute. For instance, instead of parents driving their children to football practice, the car could do it alone — and more safely than is humanly possible. This innovation is only feasible because of a growing wealth of new sensors, intelligent devices, and cloud-based analytics that the IoT promises.
Business Needs for IoT Updates
A key part of the intelligence required for IoT innovations is implemented in software running on embedded devices. It is only natural that all this new software intelligence brings with it a great deal of complexity and a constant need to improve and update it.
We can break down the types and business value of software updates into these three categories.
- New Features: Delivering new features to products that customers have purchased will increase the customer value of the product, thereby allowing increased revenue through higher prices and/or higher margins over extended device lifetimes.
- Bug Fixes: When critical problems are found with a product, the ability for quick remediation avoids negative customer impact. Industry statistics reveal that there are up to 25 bugs per 1,000 lines of software code and, as products get more intelligent and complex, there is no reason to believe that this rate of problems will drop.
- Security Vulnerabilities: An unfortunate reality is that software contains security vulner-abilities that put customer safety and data privacy at risk. Companies that experience devastating losses will also suffer brand damage if the weaknesses are left unaddressed. The press tends to be very unforgiving when this type of issue becomes public.
As seen in the past growth of the IT infrastructure, the updatability of embedded devices is expected to evolve over the same three phases:
- Static Updates: In this phase, it is not possible to deploy improvements and updates to remote devices after they have been placed in the field. After a device has left its manufacturing plant, no improvements can be made to it. Companies that don’t evolve from this phase will become less competitive and are more than likely on the way to losing their business.
- Manual Updates: Field technicians and, in some cases, end users can apply updates to devices while they are used in the field. Typically, this is only done when a critical issue is encountered that must be fixed by installing new firmware provided by the manufacturer. For example, this is the way most car manufacturers work today. If you need to update the software in your car, you will probably take it to the dealership. The obvious disadvantage of this approach is that it is prohibitively expensive and therefore does not scale.
- Automated Updates: This is where the innovators of today are and the mainstream will go. Companies taking advantage of automated software updates gain significant competitive advantage by having the ability to improve their products over time without leaving their customers’ hands. Automation ensures that the cost of deploying mass-scale updates is very low, which allows updates to be deployed frequently.
It is clear that automated software updates must become standard practice for the IoT to continue growing, and those who obtain this ability first have a significant advantage over the rest of the industry.
Designing for Automated Updates
There are clear analogies to what has happened in the IT infrastructure industry and what has begun to happen with updatability for connected devices.
However, there are also issues that make delivering updates to connected devices more challenging than in other domains.
- Expensive to Reach Physically: A connected device can be physically located very far away from its manufacturer. This means that a critical problem with the update could leave the device unusable and require physical access to fix — a very expensive solution whose costs may never be recovered.
- Unreliable Power Source: Many connected devices rely on battery power or may otherwise be disconnected from their power source at any time. This requires the software update process to have the ability to safely recover from a loss of power.
- Unreliable and Expensive Network Traffic: Most connected devices use wireless networks, like 3G, that have frequent and intermittent connectivity losses, such as when a mobile device is moved to an area with low cell coverage — like underground. The software update process must take such interruptions into account to ensure that update integrity is maintained in the event of lost connections. Ideally, the update process will conserve network traffic by resuming a partial update through applying intelligent compression or differential segmentation.
- Unsecure Networks: With updates happening over wired and wireless networks or Internet connections, the update process is exposed to threats from attackers who can intercept and manipulate network payloads. There have been several examples of lax security in update processes, allowing attackers to inject malicious software into embedded devices.
Tackling these challenges requires domain expertise and technical skills that the majority of IoT product teams do not have. With time and investment, such skills can be acquired but only at the expense of resources that can be better used to create product value.
The economics of every company investing to build a software updates solution in-house is not justified because of the significant investment required to achieve reliability. There is typically no business-specific logic in a software updates solution, which is exactly why it makes sense to find a third-party solution to leverage in the update process.
At Mender, we are developing a standalone open source software updater that manufacturers and embedded product companies can integrate into their products, independent of industry verticals. The benefit of using the Mender solution is the ability to cost-effectively deploy automated software updates to remote devices. Today, Linux is enjoying an explosive growth in embedded devices, in particular because of the Yocto Project, whose goal is the creation of custom distribution for embedded Linux products.