Update Strategies for the Edge There’s a better way. @jfrog | Copyright © 2019 JFrog. All Rights Reserved
A presentation at GIDS in July 2020 in by Kat Cosgrove
Update Strategies for the Edge There’s a better way. @jfrog | Copyright © 2019 JFrog. All Rights Reserved
Kat Cosgrove IoT Engineer Developer Advocate Twitter: @Dixie3Flatline Email: katc@jfrog.com jfrog.com/shownotes @jfrog | Copyright © 2019 JFrog. All Rights Reserved
How large is the Edge? @jfrog | Copyright © 2019 JFrog. All Rights Reserved
20,400,000,000 That’s a lot of devices. @jfrog | Copyright © 2019 JFrog. All Rights Reserved
Updates Today They don’t update; device is effectively single-use OR It’s time-consuming, complicated, or requires physical access @jfrog | Copyright © 2019 JFrog. All Rights Reserved
Why change? @jfrog | Copyright © 2019 JFrog. All Rights Reserved
It’s beyond inconvenient Edge computing is massive and growing
Expose private data Harnessed for a botnet Used for cryptocurrency mining Safety implications for medical @jfrog | Copyright © 2019 JFrog. All Rights Reserved
What’s slowing us down? @jfrog | Copyright © 2019 JFrog. All Rights Reserved
Not building for it. Many devices are not made to be updated.
Between 1 and 25 Number of bugs per 1000 LOC @jfrog | Copyright © 2019 JFrog. All Rights Reserved
Connectivity Concerns We can’t rely on the device’s network
Hardware Variations - It’s 20.4 billion devices - Lots of specialized hardware - Variations in memory, storage space, architecture How do we design something that handles so much variety? @jfrog | Copyright © 2019 JFrog. All Rights Reserved
Think future-forward. Updates are your friend. Embrace updates, not security nightmares. @jfrog | Copyright © 2019 JFrog. All Rights Reserved
Get better with age. Your product should not be getting worse from the moment it ships. @jfrog | Copyright © 2019 JFrog. All Rights Reserved
Build robust. Brittle software means a brittle device, and that doesn’t inspire trust. @jfrog | Copyright © 2019 JFrog. All Rights Reserved
Modern DevOps tools. Your developers will thank you and things will run more smoothly. @jfrog | Copyright © 2019 JFrog. All Rights Reserved
The Proof of Concept @jfrog | Copyright © 2019 JFrog. All Rights Reserved
@jfrog | Copyright © 2019 JFrog. All Rights Reserved
Cars Now - Majority not designed for OTA updates OTA updates are still slow and inconvenient Little standardization Significant portion of recalls are due to software @jfrog | Copyright © 2019 JFrog. All Rights Reserved
Cars as Edge Devices - Presented a range of solvable pain points in one device - Tangible example for end users and manufacturers - Device in question meant speed, reliability, and safety were equally important @jfrog | Copyright © 2019 JFrog. All Rights Reserved
Workflows and Tools @jfrog | Copyright © 2019 JFrog. All Rights Reserved
Two Distinct Workflows Software Updates Firmware Updates
Software Workflow @jfrog | Copyright © 2019 JFrog. All Rights Reserved
PIPELINES VCS & CI Code & Build CD ARTIFACTORY XRAY Schedule Containers K3S + Helm ACCESS @jfrog | Copyright © 2019 JFrog. All Rights Reserved Deploy to production (car) MISSION CONTROL
@jfrog | Copyright © 2019 JFrog. All Rights Reserved
@jfrog | Copyright © 2019 JFrog. All Rights Reserved
JFrog Xray - Vulnerability scanning tool All major package types supported Continuously scans your artifacts Risk Based Security’s VulnDB @jfrog | Copyright © 2019 JFrog. All Rights Reserved
Kubernetes, but 5 less @jfrog | Copyright © 2019 JFrog. All Rights Reserved
K3S - Lightweight Kubernetes, designed for Edge devices - Uses only 512mb of RAM - 40mb binary - Very minimal OS requirements @jfrog | Copyright © 2019 JFrog. All Rights Reserved
A package manager for Kubernetes @jfrog | Copyright © 2019 JFrog. All Rights Reserved
Easily repeatable installation Final authority on application Easy to version Supports rollbacks @jfrog | Copyright © 2019 JFrog. All Rights Reserved
Helm Charts @jfrog | Copyright © 2019 JFrog. All Rights Reserved
Average of 35 seconds from dev to car No interruption for the user Can happen while device is in use Could happen silently, depends on device purpose @jfrog | Copyright © 2019 JFrog. All Rights Reserved
Firmware Workflow @jfrog | Copyright © 2019 JFrog. All Rights Reserved
PIPELINES VCS & CI CODE & BUILD XRAY ARTIFACTORY EMBEDDED OS ACCESS @jfrog | Copyright © 2019 JFrog. All Rights Reserved Deploy to production (car) MISSION CONTROL
OTA updates for embedded Linux devices @jfrog | Copyright © 2019 JFrog. All Rights Reserved
Updates are signed and verified Supports automatic rollbacks Several distinct installation strategies Dual A/B strategy @jfrog | Copyright © 2019 JFrog. All Rights Reserved
Mender - A/B Two partitions are on the device
Custom Linux distributions for any hardware architecture @jfrog | Copyright © 2019 JFrog. All Rights Reserved
Yocto Overview - Eliminates OS bloat Drastically reduces resources required BitBake recipes and layers define your build Layers for common configurations are provided Custom layers to isolate applications or behaviors @jfrog | Copyright © 2019 JFrog. All Rights Reserved
Yocto Layers @jfrog | Copyright © 2019 JFrog. All Rights Reserved
Yocto and Artifactory - After first build, we can make things much faster Yocto cache allows for incremental updates Build cache can be stored in Artifactory Reduces time required to build by up to 50% @jfrog | Copyright © 2019 JFrog. All Rights Reserved
The Result - Firmware - Cuts the total time after first build to 5-10 minutes Build is as small as possible Updates are signed and secure Automatic rollbacks in case of failure Success! @jfrog | Copyright © 2019 JFrog. All Rights Reserved
Wrapping Up @jfrog | Copyright © 2019 JFrog. All Rights Reserved
Edge and IoT updates are broken This is a security problem that must be addressed Modern DevOps tools are here to help @jfrog | Copyright © 2019 JFrog. All Rights Reserved
THANKS! @Dixie3Flatline katc@jfrog.com jfrog.com/shownotes @jfrog | Copyright © 2019 JFrog. All Rights Reserved
