Attention

You are viewing an older version of the documentation. The latest version is v3.3.

Intel® In-band Manageability

Intel® In-Band Manageability Framework is a software running on Edge IoT device, which enables an administrator to perform critical Device Management operations over-the-air (OTA) remotely from the cloud. It also facilitates publishing of telemetry and critical events and logs from the Edge IoT device to the cloud enabling the administrator to take corrective actions if and when necessary. The framework is designed to be modular and flexible ensuring scalability of the solution across preferred Cloud Service Providers (for example, Azure* IoT Central, ThingBoard.io*, and so on).

Some of the key advantages of Intel® In-band Manageability solutions are:

• Out-of-box cloud support: Azure IOT Central, ThingsBoard.io

• Single interface to handle OS, FW and Application (Docker container) updates

• Scalable across Intel® x86 (Intel® Atom and Intel® Core) architectures SoCs and on Vision platforms from Intel

The following table lists the Device Management use cases covered by the Intel In-Band Manageability Framework.

Use cases	Notes
Software-over-the-air (SOTA)	OS Update
Firmware-over-the-air (FOTA)	Platform Firmware update
Telemetry	System attributes, Events, Devices States, Usage data
Power Control	System Reboot/Shutdown

Embedded within the Intel In-Band Manageability Framework are features, which ensure Security and Diagnostics aspects:

Feature	Notes
Security	ACL for trusted repositories, Mutual TLS authentication between services, TPM to store framework secrets
Diagnostics	Pre and Post OTA update checks, Periodic system checks

Install Intel® In-band Manageability

You can install this component from the ECI APT repository. Setup the ECI APT repository, then perform the following steps to install this component:

1. Intel® EII requires the Docker Engine. Install docker-ce and docker-compose on the target system:

   • For Debian-based systems, follow these instructions: https://docs.docker.com/engine/install/debian/

   • For Ubuntu-based systems, follow these instructions: https://docs.docker.com/engine/install/ubuntu/

2. Install prerequisites LXC, AppArmor, and the ECI AppArmor GRUB package to enable AppArmor at boot:

   $ sudo apt install lxc apparmor apparmor-grub
   

3. Reboot the system to enable AppArmor.

   $ reboot
   

4. Verify whether AppArmor is active:

   $ sudo apparmor_status
   

   The command should print apparmor module is loaded if AppArmor is active:

   apparmor module is loaded.
   ...
   

5. Install the ECI In-Band Manageability meta-package:

   $ export DEBIAN_FRONTEND=noninteractive
   $ sudo -E apt install eci-infra-clients-manageability
   

Intel In-band Manageability User Guides

To manage your ECI device, the device need to be registered to a supported DMS. Refer to the following the Developer/User Guide corresponding to the desired DMS (Azure or ThingsBoard).

Document	Description
In-Band Manageability Developer Guide	Developer Guide containing info on Extending FOTA to a new platform, debug, logging, code structure, and adding a new agent to the framework.
In-Band Manageability User Guide - Azure	User guide for provisioning device to Azure and performing OTA use cases.
In-Band Manageability User Guide - ThingsBoard	User guide for provisioning device to ThingsBoard and performing OTA use cases.

Provision Intel In-band Manageability Framework without SDO

The following section is applicable to:

To provision the edge devices with the cloud provider of your choice, click the corresponding tab. Note that an account with the provider is needed to generate a token for provisioning.

Provision for Azure IOT CentralProvision for ThingsBoard

See also

These steps are also available in the Provisioning a Device section in In-Band Manageability Framework User Guide - Azure.

Prerequisites and Assumptions

• The Intel® In-Band Manageability Framework is installed on the Edge IoT device.

• The date and time on the edge device needs is set correctly

• Device credentials (for example, Device ID, Scope ID, SAS token) that have been obtained from the Azure® portal.

1. Run the following command:

   # provision-tc
   

2. If the device was previously provisioned, the following message will appear. To override the previous cloud configuration, press Y:

   A cloud configuration already exists: "telit"
   Replace configuration?
   [Y/N]
   

3. When prompted to select a cloud service, press 2 to select Azure IOT Central, and then press Enter:

   Please choose a cloud service to use:
   1) Telit Device Cloud 3) ThingsBoard
   
   2) Azure IOT Central  4) Custom
   

4. When prompted for the Scope ID, the Device ID, and the Shared Access Key; enter the information collected from Creating a Device and Obtaining Device Credentials:

   Please enter the device Scope ID:
   dEviCeScopeID1234
   
   Please enter the Device ID:
   Device-ID-1234
   

5. Select the authentication mechanism:

   Please choose provision type
   1. SAS key authentication
   2. X509 authentication
   

   If you choose 1: SAS key authentication, you will be prompted to enter the SAS key. Enter the SAS key obtained from the steps from the Shared Access Signature (SAS) Authentication section.

   Please enter the device SAS primary key (Hint: https://docs.microsoft.com/en-us/azure/iot-central/howto-generate-connection-string)
   

   If you choose 2: X509 authentication, you will be prompted to confirm whether you have generated the device certificates:

   Configuring device to X509 auth requires device certificate verification
   
   Are device certs and keys generated? [Y/N]
   

   If you enter N, the provisioning exits stating that the device certificates are required to proceed further.

   If the device certificates are already generated, enter Y, and provide the path to the certificate file.

   Please enter a filename to import.
   Input path to Device certificate (*)
   

6. When prompted to enter the device key file, enter the path to device key file:

   Input Device Key from file? [Y/N] y
   
   Please enter a filename to import
   Input path to Device Key file (*key.pem):
   /home/certs/device_key.pem
   

   If the cloud provisioning is successful, the following will appear:

   Successfully configured cloud service!
   

7. When prompted Signature checks on OTA packages cannot not be validated without provisioning a cert file. Do you wish to use a pre-provisioned cert file for signature checks for OTA packages?, select Y if FOTA or config load packages need to be verified using signature, else choose N.

   Signature checks on OTA packages cannot be validated without provisioning a cert file.
   
   Do you wish to use a pre-provisioned cert file for signature checks for OTA packages? [Y/N]
   

   The script will then start the Intel In-band Manageability services. When the script finishes, the device should be able to interact with its associated IoT Central Application. To verify whether the device is provisioned to the right device on the Azure portal, check the status of the device created Creating a Device and Obtaining Device Credentials. The device will be shown as ‘Provisioned’ on the top right corner. Refer Using the IoT Central Application.

8. To verify the connectivity, check if telemetry/events appear or trigger a command like Reboot; refer Using the IoT Central Application..To change or update the cloud service configuration, run this provisioning script again.

Note: If the device does not provision successfully, refer to the section Issues and Troubleshooting.