OTA Update for Edge and IoT devices in Azure

Device Update Service in IoT Hub

• It is a service that enables you to deploy over-the-air updates (OTA) to your IoT devices.
• It supports OTA updates for sensors to Gateway devices. Few supported vendors:
  • STML4 series
  • NXP
  • Renesas
  • Microchip
  • Supports Azure IoT Edge devices
  • Device update agent is Open Source to be port it to any platform, by default it supports for Ubuntu 18.04 amd64 and Raspberry Pi Yocto image.
  • Support for Linux and RTOS
• Update Types:
  • Image based:
    • Seems to be complete OS image update
    • Avoids issues of packages and their dependencies management.
    • Atomic in nature
    • Can adopt A/B failover model
    • Azure Percept uses a dual-image partition, which uses Azure Device Update Feature.
  • Package based:
    • Targeted updates that update only a specific component or application on device.
    • Can be used in Patch Updates.
      • Critical Security Patch Update for Sudo Command
    • May be used for Kernel Patch Update
      • KernelCare a CloudLinux company can update Live Kernel patches without rebooting or any downtime
  • Supports Device group update Rollouts
  • Schedule Updates
  • Programmatic APIs for automation and custom portal
  • Status views across devices fleets
  • RBAC and Subscription based controls from Azure portal.
  • On-premise_* Microsoft *_Content Cache and Nested Edge support for updates to disconnected devices.
  • Update Management and Reporting tool
    • Ability to pin-point the failed device
    • Details of failed update
  • Device Update Agent Workflow:
• Importing Update artifacts in Azure IoT Hub System:
  • Supports Single Update (~package/artifact) per device.
  • Full-image updates that update an entire OS partition at once, or
  • An apt Manifest that describes all the packages you want to update on your device.
  • Update Package Management may consist of
    • An import manifest describing the update.
    • update file(s).
  • Use Device Update REST APIs or Azure portal to import update package in system.
    • The Update artifacts are hosted in a Azure Storage container.
    • Device Update uploads the files, processes them, and makes them available for distribution to IoT devices.
  • Delta Updates is not yet a feature for Azure Device Update, but may come in future:
    • “To reduce the update size and accommodate larger edge devices and those in bandwidth-constrained environments, the Azure Percept team is engaging with partners and investigating feature developments.”
  • With SWUpdate as an installer, we get an Offline-USB based Update (Image partitions also) feature in Azure ecosystem.
  • Azure Percept uses Device Twin messages to communicate and start the Device Update.
  • Delivery Optimization Agent downloads the payload and the SWUpdate Agent installs the update.

 

• References:
  • Critical Security Patch Update for Sudo Command
  • KernelCare a CloudLinux company can update Live Kernel patches without rebooting or any downtime
  • end-to-end image update using Device Update for IoT Hub on a Raspberry Pi 3 B+ device
  • Device Update for IoT Hub (Preview) Overview
  • Azure Percept uses an atomic A/B image update to update the host operating system (OS) and firmware (FW) using Device Update for IoT Hub
  • Azure Device Update Agent uses SWUpdate Project
  • Image based updates are handled by SWUpdate
  • Package based updates are handled by APT

---

Disconnected Device Update with Azure IoT:

• Used to update IoT devices behind Edge Gateway, which are not connected to Azure IoT Hub in cloud.
• Also supports Edge Gateway behind Edge Gateway i.e., nested Gateways scenario.
• Available as a Preview only yet.

 

• References:
  • Understand support for disconnected device updates
  • How to Update Disconnected IoT Devices

---

Firmware Update for MCUs (non-RTOS) connected to IoT/Edge devices:

• For MCUs, that can run Azure RTOS, Device Update for IoT Hub service provides OS image-based updates.
  • Azure RTOS for STM32, Renesas
• MCUs which do not run RTOS will usually be categorized as the devices which cannot be connected and cannot have an identity in IoT Hub.
• Such MCUs will use IOT Edge devices in Translational Gateway Pattern and in turn can be configured in Protocol translational pattern or Identity translational pattern.
• Such MCUs are usually connected to Edge/IoT devices over serial protocol.
• If Identity translational pattern is used, each such MCU will have its own identity and Device Twin in IoT Hub.
• As MCU has its own Device Twin, a standard firmware update flow can be established. Just the difference will be that, the parent IoT/Edge device will have to own the responsibility of Device Twin interaction, Download, verify, apply firmware images.

• firmware update flow:

  

 

• Reference:
  • Implement a device firmware update process

---