The distribution of things: IoT, M2M, and software distribution

June 1, 2015 OpenSystems Media

The Internet of Things combines smart devices and sensors with analytics and the cloud. This paradigm shift presents new challenges involving software distribution, updates, and security.

The world is evolving into an "everything as a service" environment and the embedded industry is no different. Internet of Things (IoT) applications make heavy use of the cloud and this new paradigm is essentially what differentiates IoT from traditional networked embedded systems.

Previously I've covered various industry IoT applications and capabilities from the component and functions points of view. However, the proliferation of IoT and M2M applications within the context of the cloud is giving rise to a unique challenge involving how to coordinate and deliver new software features, updates, and/or distributions to these devices.

Software updates are essential

Within the context of IoT and cloud applications, the ability to soft-configure the system is critical and an essential part of the motivation for moving traditional networked embedded systems in this new emerging direction. These kinds of capabilities offer the ability to quickly deploy new features and capabilities at a fraction of the cost. New capabilities promise lower cost and increased revenue. The ability to quickly, securely, and flexibly update any cloud-based service is essential in order to take advantage of the benefits this environment provides.

Further, within the cloud itself, adding new services can adversely affect the security of the existing hosted services. For these reasons, new tools, capabilities, and techniques are emerging to coordinate and synchronize software distribution.

Software distribution and DevOps

JFrog is a company positioning its products and services to become the de facto standard for software development and distribution for IoT, M2M, and cloud environments.

I discussed software distribution challenges with Fred Simon, Co-founder and Chief Architect at JFrog. His perspective on the software distribution and coordination side of IoT applications reflects JFrog's thought processes behind these challenges. My leading question asked about the software distribution process for IoT.

"I'm not completely sure how to respond to that question," Simon says. "The broad range of IoT services and applications makes that question hard to answer. For higher-end applications involving things with larger storage and compute power like game consoles or smartphones, continuous deployment mechanisms may be involved. For smaller sensor and data driven applications, it's about having a local server that manages pushing firmware into the device. Data driven applications involving sensors also typically have a need for aggregating information into servers that are distributed, but closer to the sensors. The software on these sensor data aggregation servers also needs to be managed and updated."

Software distribution considerations

The software distribution process involves software developers and software users. The developers are creating the software and utilizing a variety of integrated development environments (IDEs), code repositories, automated test, and continuous integration tools. Once the production binaries are created and tested, these binaries need to be controlled, stored, and managed throughout the release. Simon calls these "binary artifacts" and the JFrog Artifactory service bridges the developer tools and remote repositories in the cloud. It's important for binary management solutions to integrate with popular repositories, build tools, and continuous integration servers. Simon mentions Artifactory does this and adds the dimension of management, synchronization, and control of binaries and their distribution to remote repositories.

The other consideration is how developers store, publish, download, and distribute software. The cloud environment adds significant complexity. In many IoT instances, endpoints may be a variety of platforms with end users that may or may not upgrade in a timely manner. These issues complicate the distribution process and the JFrog Bintray solution provides this level of control.

Figure 1: The development and distribution processes with JFrog Artifactory and Bintray solutions.

Developers can control what versions of binary, software packages, or microservices are to be made available, which end users are allowed to update services, and also incorporates push notifications of new software availability.

Authentication, verification

Given this fully automated management and distribution environment, Simon is fully aware of the security considerations involved.

"Within a networked environment such as this, it's important to have security features that authenticate developers, users, and binary artifacts in order to minimize security risks," Simon says. "We incorporate many signing mechanisms at various levels to ensure security within IoT, M2M, and cloud environments."

Simon admits that there is a need for standardization around different authentication elements within an IoT environment. He mentioned a VMware project called Lightwave – an open source project comprised of standards-based identity and access management services targeted at security, governance, and compliance challenges for cloud-native applications[1].

For the developers, Simon says there is a significant amount of authentication and access permission capabilities in order to authenticate software loads into the cloud environment. For the users, there are a number of rights and permissions features in order to ensure end users get notified or automatically updated with software that is signed, verified, and contains only the features the end user is licensed for.

Corruption and rollbacks

When asked about accidental corruption or non-working components, Simon explained a couple of approaches. First, in order to alleviate complications involved with downloading of incompatible components, it's important to make sure the binary objects are thoroughly tested and ready for release. Second, when managing binaries and software packages you don't modify – you always create a new version. This way you avoid situations where bits and pieces get downloaded that might cause problems. It's important to update packages everywhere and consistently. In case of emergencies, Bintray has the ability to perform rollbacks, but that's to be avoided at all costs.

Facilitating change

Paradigm shifts often usher in new methods and processes designed specifically to support emerging changes. The presence of cloud services coupled with flexibility, reach, and distribution of IoT and M2M end devices and applications requires a new approach to software maintenance, versioning, and distribution.


[1] Introducing Project Lightwave, VMware, For more information about JFrog, visit

Curt Schwaderer (Editorial Director)
Previous Article
Internet of (enchanted?) Things

Emerging claims suggest that the next thing after the Internet of Things will be "Enchanted Objects", but i...

Next Article
5 steps to secure embedded software

"When we do cybersecurity assessments, we get in almost every time. In our view, [the agencies] didn't need...