Izuma Connect

An open-source stack + toolset for microcontrollers and ultra-light devices providing a complete IoT Device Management software solution when using an Izuma Cloud instance.

Izuma Connect

An open-source stack + toolset for microcontrollers and ultra-light devices providing a complete IoT Device Management software solution when using an Izuma Cloud instance.

Izuma Connect is a proven ANSI-C library that can drop into most microcontroller RTOS or bare metal builds. Izuma Connect provides secure connectivity to any Izuma Cloud instance for microcontroller-based or other ultra-lightweight embedded devices.

Izuma Connect in a nutshell:

  •  Open source ANSI-C code. Deploys on almost any microcontroller.
  •  Silicone and cloud platform independent. Can co-exist with services you already may want to use.
  •  Provides secure identity and bootstrapping to a specific cloud instance on first boot.
  •  Certificate management supports root-of-trust hardware to protect identity & connectivity
  •  Firmware OTA (over-the-air) update capabilities - with advanced features such as delta update and subcomponents
  •  Device health APIs which can report on the state of a device for diagnostics
  •  Secure CoAP + Lightweight M2M communication to the Izuma cloud instance.
  •  Works in low bandwidth, intermittent & high latency environments

Izuma Connect works in conjunction with your Izuma Cloud instance to provide a complete device management service for IoT devices.

You should view Izuma Connect as a toolset to accelerate your development timeline when creating IoT devices. Our services do not mandate that you use a specific protocol or make you commit to a specific design pattern. Instead, you may choose the tools you need out of the Izuma Connect libraries to speed up product development.

Typically users call on Izuma Connect to:

  • Provide firmware updates
  • Have secure “onboarding” of a device when it is unboxed
  • Verify the identity of a device
  • Do basic configuration remotely
  • Monitor device health

Often Izuma Connect is used with other services, such as AWS Greengrass, or standards like MQTT, when customers build their products.

Read our IoT Solutions page to learn more about how Izuma Connect along with Izuma Cloud can accelerate IoT development teams.

Izuma Connect helps in different stages of a product life cycle:

At manufacturing time…

Using Factory Flow tools available for Izuma Connect & Izuma Edge, individual certificates can be generated for every device manufactured. The team at Izuma Networks has extensive experience working with major contract manufacturers (CMs). This means our tools easily fit into the workflow expected by a major factory operator.

Initial certificates can take two approaches:

  •  Use a certificate chain which uses Izuma Networks global bootstrap services to associate itself dynamically with a cloud at initial onboarding.
  •  Use a certificate chain which always requires a device to be associated with a specific cloud instance. (This is a good option for isolated networks.)
Learn more about factory provisioning.

At initial onboarding time…

When a new device running Connect is connected to the Internet it will either reach out to the global bootstrap service or to a specific cloud instance. Bootstrapping moves the device from a manufactured state to a live state on the cloud network. During this process, the device is provided a new certificate specific to both the cloud it will use and the account in this cloud. For an end-user, this might look like a simple step of punching in a code to an App, or scanning a QR code. Izuma Cloud provides APIs that will allow flexibility in how the onboarding experience should operate.

After an initial onboard the device is securely connected to a specific account in a cloud instance, and it cannot be bound to another account unless released by the cloud and/or through a firmware reset. These are options configurable by the developer.

How devices connect in Izuma Cloud.

At upgrade time…

Once devices are in the field at some point their firmware will need to be upgraded. Izuma Networks provides very robust APIs and processes for upgrades, which allow for secure firmware updates. For devices on constrained networks, there are delta update features that send only changes to the firmware, and also gracefully handle network timeouts and restarts.

Upgrades can be performed very granularly or across many devices at once. Firmware updates can also upgrade specific portions of a firmware image or specific subsystems as needed. The firmware update APIs are built for flexibility.

Upgraded images are signed for security, using the certificate chain specific to a cloud instance and/or to a manufacturer. Connect provides hooks to use secure boot facilities if available on the hardware, and supports TPM 2.0 along with hooks for other dedicated secure silicon or features such as TrustZone.

How microcontroller devices upgrade in Izuma Cloud w/ Izuma Connect

When configuring devices & moving data…

IoT Configuration Management is critical to the entire product lifecycle of the device you are shipping. Devices often need to be configured during first time use, to changing environmental conditions, after upgrades and sometimes even at the end of their lifecycle.

First, Izuma Networks products are data schema-agnostic. This means your data path can be entirely separate from our control plane traffic to Izuma Cloud. Furthermore, Connect can help manage your own certificate chains for your own data connections.

For configuration managment you can use our built-in LwM2M APIs. These APIs allow a set or get to a specific key on a device. Keys are organized as LwM2M paths. A copy of the value is always kept in the cloud, where the last value is stored in the Device Directory. Some vendors refer to capabilities like this as a “device shadow.” Connect includes full LWM2M support over CoAP/UDP with full mTLS support using a two-way handshake. Once data arrives in your Izuma Cloud instance, you can retrieve it and set up webhooks with our APIs. Data can be browsed through via the Device Directory web interface. Because CoAP is extremely lightweight and bandwidth efficient, devices can be configured over high-speed or low-bandwidth connections the same way.

Your own cloud services can install a webhook to get updates when a LwM2M path changes for any device. This lets your own services react to device changes in a traditional web services pattern.

At the firmware level, devices can use the Izuma Connect libraries to hook any change seen in a LwM2M key. Changes are delivered immediately, and if a device is not online at the time, when it comes online the latest value in the Device Directory is sent to the device. On Linux, developers have the option to use edge-core instead, allowing them to communicate with Izuma Cloud without even having to build Izuma Connect libraries into their product.

At the firmware level, using the Izuma Connect libraries, different routines can react to changes in LWM2M data paths. Developers can focus on device functionality, not the transports needed to make communication happen. And, all of this is cloud provider independent. It can work on any Izuma Cloud instance, whether that is running on AWS, Azure, on other providers, or on your own servers in an isolated network. See: Izuma Cloud deployment options

Documentation: Collecting data from devices