Device lifecycle management plays a significant role in Internet of Things (IoT) solutions. In this article, we’ll discuss which phases an IoT device goes through and what needs to be considered.
The IoT is still on the rise and offers companies numerous opportunities for new, innovative business models. As the number of connected devices grows rapidly, easy management and remote control of IoT hardware become more and more paramount. For this reason, IoT device lifecycle management is particularly important.
A holistic approach to managing the devices used helps to extend their lifespan and thus contributes to the success of your own IoT use case. Of course, the life cycle of an IoT device differs depending on the industry and use case. However, it can be roughly divided into these sections that you can see below.
These individual phases will be discussed in more detail below. It is crucial to know that the processes described below can be automated as much as possible. This is a way to scale your own IoT solution when using many devices.
Purchase of the Hardware
IoT devices can be connected to the Internet directly, through a field gateway, or through an edge device that acts as a field gateway. A field gateway can be a mobile phone gateway with a SIM card or a protocol converter that connects a non-IP-enabled device to the Internet. Edge devices usually also have gateway functionalities, but can also execute the business logic locally, for example in the form of containers that are loaded from the cloud. For field gateways or edge devices, a manufacturer must be researched and a supply chain established.
Initial device setup and vulnerability management
This is followed by an initial device setup which means the installation of the operating system and, if necessary, the Edge Framework on the Edge Devices or Field Gateways. Ideally, the manufacturer supplies devices that are already pre-installed, including any licenses that may be required, such as for Windows devices. Finally, the vulnerability management of the software stack poses a special challenge. A process must be established in which newly discovered security gaps can be quickly assessed and patches deployed promptly. The hardware supplier may already offer appropriate options. Device hardening which means increasing device security should also be discussed with the hardware supplier. Among other things, it must be ensured that no unnecessary services are running on the device and that all ports are closed. This also includes securing physical access to the devices. Device hardening and the corresponding test suites should be automated.
With device provisioning, the device is registered in the IoT system and configured in such a way that it sends data to the system and authenticates itself in the corporate network. This is often done using certificates that are installed on the device. Certain IoT platforms also offer a separate device provisioning service that automates this step. Nevertheless, there is a certain implementation effort to adapt device provisioning to your processes and systems
Connection types that are used in IoT systems directly affect the success of the system. We can list them as Ethernet, Wi-Fi, low consumption wide area network (LPWAN), cellular network, satellite connection, Bluetooth and much more. A suitable connection type should be selected according to the application to be made.
If the device is installed in the field, configured, and connected to the cloud, it should be able to be updated from the cloud. This applies in particular to security patches in the software stack, but also to the import of new server TLS root certificates from the cloud gateway or configuration updates. With edge computing, the cloud platform must also offer lifecycle management for container images that should be loaded onto the devices. In the event of an error, the update function should be able to automatically roll back to a working setup. It should be ensured that devices with very old software can still be updated with the remote update functionality. The integrity of software updates must also be ensured, because even worse than data loss is the risk.
As long as IoT devices are actively in use, they should be able to be monitored via the cloud. This is referred to as fleet monitoring since each device as well as device groups are monitored – both in terms of device status and configuration, the status of edge containers, and system parameters such as capacity utilization or energy consumption.
Under certain circumstances, automated scanning for malware is also part of monitoring edge devices. It should also be possible to carry out device hardening tests regularly in the field.
Just as a car changes hands several times in its lifetime, IoT-enabled devices and machines can also be resold. This raises the question of how one’s data should be handled.
Deprovisioning / Disposal
When deprovisioning, it must be ensured that the device is also deregistered from the cloud and that the access data stored on it become invalid.