Skip to main content

IoT Fleet Management

Fleet (or device) management refers to the process of managing a fleet of IoT devices. This would include problems such as

  • Adding and removing devices to/from the fleet
  • Routing messages to and from devices
  • Version management, such as OTA (Over the Air Upgrade)

AWS provides a service called IoT Core, which has all the features you need to deploy and scale your fleet on the cloud side. But to use these features in AWS, the hardware must comply with them.

A device is registered in AWS with a thing name and an X.509 certificate. The certificate uniquely securely identifies the device, ensuring that the device is who it claims to be, and allowing for secure communications. See Crash Course in Cryptography and X.509 for a more detailed explanation of those concepts.

The ECC608B from Microchip is a secure element which stores the cryptographic keys for such a certificate and is on board the AVR-IoT Cellular Mini. When adding a new device to your fleet, this certificate is used in one of two ways Just in Time Registration (JITR) and Multi-Account Registration (MAR).

When using Just in Time Registration, as the name implies, the device is registered when it initially tries to connect to AWS. AWS knows it is an authenticated device if the device certificate is signed by a root certificate, and is specific for every account. Multi-Account Registration, on the other hand, requires that the device certificate is pre-added to the list of authenticated devices.

Microchip offers a solution for both of these, using the Trust Platform to have these certificates pre-provisioned out of the factory. For the case of JITR, upon the initial connection AWS automatically adds it to the list of devices and assigns pre-defined policies.

For more information, see A More Thorough Look Into the Provisioning Process.