Gunnebo Business Solutions, IBM International Business Machines, Mender, Node RED, Technical

Mender IoT Device Management

With the progress in humanity, innovations are starting to move towards being digitalized. The vast majority of all human data are stored using digital methods. This would involve the use of computers, cloud computing and the Internet of Things (IoT) which is one of the latest technological disruption. These technologies are used to connect devices through digital channels, which are used to transfer data back and forth. On the other hand, the digital world is in constant need for updates. These updates are essential to cope with the increase in data and the overall customers’ requirements.

Update Software Computer Program Upgrade Business technology Internet Concept-1

Why is Software Update Essential?

  • Bugs: One of the main problems in computing technology is the number of bugs that rise due to weak developing skills or high amounts of data; which was not accounted for. Updating your software will acts as means to fix and overstep such bugs.
  • Security: Unfortunately, cyber security is a huge issue in this era. With many threats rising in the field, updates are always released with better security settings in hopes to lower and eliminate threats.
  • Features: The most common reason for software updates is to release new competitive features that copes with the customers’ requirements.

However, with the high numbers of devices invading our planet, it is impossible to provide these software updates through physical means. This is why, Over-the-air (OTA) methods are the most efficient way to deliver software updates. In some cases, the only available method to use is OTA; where physical means can’t be used. The process of software update through OTA is a very complex process where the data is delivered over networks and digital channels to reach your device. This is a very delicate process where you have to ensure proper connection and power connectivity to avoid any errors in the process.

Mender: Your New Solution

With the intensity of such transactions, you should always look for the best service out there to implement the process as efficient as possible. Trying to build your own infrastructure that will achieve efficient OTA might be a real hassle. The amount of time and work spent on the process is way more than you can handle, so is the cost you are about to pay too.

Mender

This is why, companies should look for the different software update solution companies out there. Here is where Mender kicks in; it is an end-to-end open source software update solution for connected devices and IoT. You can consider Mender as a ready-made infrastructure that will solve all your software update issues.

Why we use Mender?

No Vendor lock-ins: One thing to look forward too while using Mender is the fact that we won’t face any vendor lock-ins. Mender is an open source, licensed under Apache 2.0. This gives it the complete freedom of being used by the customers without the interference of vendors or other third parties. With Mender, you should no longer worry about getting locked in.

Global communication network concept.png

Reduction in customer support issues: Mender focuses on their customers’ experience, making it as smooth as possible. This is achieved through strong security protocols during the update process. The process is focused to be as efficient and optimal as possible, compensating for any pitfalls in the connection. Mender uses image-based updates which acts as a safety net when connectivity problems rise. It will ensure full device connectivity at all times leading to a decrement in system failures and device recalls.

Features and Functionality

The developers of Mender are very concerned with the common software update issues and the hassle customers go through. This has helped them develop Mender with more features that other software update solution provider that surely helps in making the process simpler and more effective for the users. The following is a list of some of the features you can enjoy while using Mender:

  • Intuitive UI
  • Deployment Reports
  • Custom checks via scripting support
  • Code signing

Anticipated Progress and Updates

With Mender, there is still much more to look forward too. Gunnebo, which is a multinational business specialized in security services, are of course interested in contributing to Mender, possibly to help implementing the features we and other companies like us needs.

Our first project will be updating Node-RED flows from the Mender v.2 update module. If you are interested in contributing or want to know more – feel free to contact me at: bjorn.nostdahl@gunnebo.com

Gunnebo Business Solutions, IBM International Business Machines, Microsoft Azure, Node RED, Technical

Node-RED deployment on Azure

Today I would like to talk about the process of deployment Node-RED instances on Azure platform.

The initial tasks were:

  1. Deploy Node-RED instance to Azure cloud and provide public IP address/ DNS name to it.
  2. Secure Node-RED instance access with user credentials.
  3. Update instance with actual node set and provide ability to keep them up to date.

Let’s discuss all steps one by one.

Azure deployment

The most common and convenient way to deploy your application on Azure platform is by using Azure Resource Manager. It enables you to use all application resources as a group and to deploy, manage or delete them just in one operation. With Resource Manager, you can create a template (Azure Resource Manager template) that defines the infrastructure and configuration of your Azure solution. It allows you to deploy your solution repeatedly throughout its lifecycle being confident that your resources are deployed in a consistent state.

Resource Manager template is a JSON file that defines resources which you need to deploy to a resource group. Resource Manager analyzes the template and then converts its syntax into REST API operations for the appropriate resource providers. For the resources to be deployed in correct order, you can set dependencies between them.  It is done when one resource relies on a value from another resource, for example, in case of a virtual machine which needs a storage account for disks.

You may wonder, “What resources are and why we need them? We just want to deploy NodeJS application (Node-RED) on Azure”.  Well, a resource is a manageable item that is available on Azure. Some common resources are a virtual machine, a storage account and a virtual network, but there are much more. To start Node-RED in the cloud, we need to create VM and deploy a Docker container(image) with Node-RED inside. Since one resource relates to another one, we should create a bunch of resources in our resource group (that is a container holding related resources for our Azure solution). It includes:

  • Storage account
  • Public IP address
  • Virtual Network
  • Network interface
  • Network security group
  • Virtual Machine
  • Extensions

Resource Manager provides extensions for scenarios in case you need additional operations such as installing particular software which is not included in the setup. We used Docker Extension in order to setup Docker container on VM.

Ok, so now we are ready to create a template. The detailed description can be found here.

Here I would like to  talk only about extension section:

At this stage, we define DockerExtension resource that depends on our Virtual Machine resource. We specify to use “nodered/node-red-docker” image from DokerHub

Also, we need to enable Docker Remote API for further use:

Since we need to get access to the API we also expose port in Network Security Group:

Also, we need to map 80 VM port to 1880 (default port for Node-RED):

After defining the template, we are ready to deploy the resources to Azure. There are several ways to do that: PowerShell, Azure CLI, Azure Portal, REST API or Azure SDK.

Since we want to develop automation solution for application deployment, REST API and Azure SDK seem to be most suitable for us.  The reason why I want to highlight the Azure SDK for .NET is that it is much easier to build an application using existing wrapper classes for the API than to create your own REST wrappers and methods

Take these four steps to deploy your template with C# SDK:

1. To be able to make any requests to the API, first we need to authenticate and authorize our request. Let’s create the management client:

azureauth.properties  –  authorization file. Before you can deploy a template, you need to acquire a token for authenticating requests to Azure Resource Manager. You should also record the application ID, the authentication key, and the tenant ID which you need in the authorization file.

2. Create resource group and storage account:

3. Upload your template file to Azure:

4. Deploy template:

That’s it. On the whole, the deployment process in our case takes about 3-5 mins.

To retrieve public  IP address our Docker container is available on:

So now we have Node-RED instance up running on Azure cloud and accessible via public IP/DNS name. Let’s proceed to the next step.

Secure Node-RED instance

Node-RED Editor supports two types of authentication:

  • username/password credential based authentication
  • starting from Node-RED 0.17, authentication against any OAuth/OpenID provider such as, for example, GitHub or Twitter 

If we choose the first option, we need to add the following to our settings.js file:

Since we want to make this credentials customizable for each deployment we can’t embed this configuration in Docker file. So we need a way to execute commands inside Docker container after deployment. That’s why we use Docker Remote API to adjust credentials settings. And this is the reason to expose additional port in our template, as mentioned above.

Here is a command example to setup credentials for Node-RED:

We used .NET Client for Docker Remote API as a wrapper to REST API:

Now we have secured our Node-RED editor with custom username and password.

Keeping nodes and flows up to date

Now we need a way to provide our cloud Node-RED instance with custom node’s set and keep it up to date. We already have all tools for that. Custom nodes are stored in separate Git repository. A few options are available:

  1. Execute npm install <git repo url>  inside Node-RED userDir ( /data  for "nodered/node-red-docker"  container)
  2. Copy custom nodes to /data/nodes inside a container.

Node-RED flows can be synchronized in a similar way. By default, Node-RED Docker container stores flows data in /data/flows.json. The flows configuration file is set using an environment parameter ( FLOWS), This can be changed by setting environment variables in docker-compose configuration section:

Using this approach we can put nodes and flows file under version control inside a container and synchronize them with a remote repository.

All commands can be executed via Docker Remote API in the same way, as described in the previous section.

Each time we need to update our nodes, we just call Docker API and pull updates from repository. Also, we can backup our flows.json  by committing and pushing it into the repository.

As an improvement, we can create Git hook in order to update our Node-RED instances once some changes are pushed to our node’s repo. But this is out of the scope of this post.

Summary

Here we make a short overview of how to automate your deployments on Azure cloud with Azure Resource Manager and Azure SDK for .NET. In our example, we set up Node-RED docker container in the cloud but all mentioned steps are applicable to any similar Docker deployments.