Izuma Connect is a proven ANSI-C library that can drop into most microcontroller RTOS or bare metal builds. Izuma Connect provides secure connectivity to any Izuma Cloud instance for microcontroller-based or other ultra-lightweight embedded devices.
Izuma Connect works in conjunction with your Izuma Cloud instance to provide a complete device management service for IoT devices.
You should view Izuma Connect as a toolset to accelerate your development timeline when creating IoT devices. Our services do not mandate that you use a specific protocol or make you commit to a specific design pattern. Instead, you may choose the tools you need out of the Izuma Connect libraries to speed up product development.
Typically users call on Izuma Connect to:
- Provide firmware updates
- Have secure “onboarding” of a device when it is unboxed
- Verify the identity of a device
- Do basic configuration remotely
- Monitor device health
Often Izuma Connect is used with other services, such as AWS Greengrass, or standards like MQTT, when customers build their products.
Read our IoT Solutions page to learn more about how Izuma Connect along with Izuma Cloud can accelerate IoT development teams.
Izuma Connect helps in different stages of a product life cycle:
At manufacturing time…
Using Factory Flow tools available for Izuma Connect & Izuma Edge, individual certificates can be generated for every device manufactured. The team at Izuma Networks has extensive experience working with major contract manufacturers (CMs). This means our tools easily fit into the workflow expected by a major factory operator.
Initial certificates can take two approaches:
-
Use a certificate chain which uses Izuma Networks global bootstrap services to associate itself dynamically with a cloud at initial onboarding.
-
Use a certificate chain which always requires a device to be associated with a specific cloud instance. (This is a good option for isolated networks.)
At initial onboarding time…
When a new device running Connect is connected to the Internet it will either reach out to the global bootstrap service or to a specific cloud instance. Bootstrapping moves the device from a manufactured state to a live state on the cloud network. During this process, the device is provided a new certificate specific to both the cloud it will use and the account in this cloud. For an end-user, this might look like a simple step of punching in a code to an App, or scanning a QR code. Izuma Cloud provides APIs that will allow flexibility in how the onboarding experience should operate.
After an initial onboard the device is securely connected to a specific account in a cloud instance, and it cannot be bound to another account unless released by the cloud and/or through a firmware reset. These are options configurable by the developer.
At upgrade time…
Once devices are in the field at some point their firmware will need to be upgraded. Izuma Networks provides very robust APIs and processes for upgrades, which allow for secure firmware updates. For devices on constrained networks, there are delta update features that send only changes to the firmware, and also gracefully handle network timeouts and restarts.
Upgrades can be performed very granularly or across many devices at once. Firmware updates can also upgrade specific portions of a firmware image or specific subsystems as needed. The firmware update APIs are built for flexibility.
Upgraded images are signed for security, using the certificate chain specific to a cloud instance and/or to a manufacturer. Connect provides hooks to use secure boot facilities if available on the hardware, and supports TPM 2.0 along with hooks for other dedicated secure silicon or features such as TrustZone.
When configuring devices & moving data…
Izuma Networks products are data schema-agnostic. This means your data path can be entirely separate from your Izuma Cloud instance if desired. Furthermore, Connect can help manage your own certificate chains for your own data connections.
You can also use our built-in LwM2M APIs. These APIs allow a set or get to a specific key on a device. Keys are organized as LwM2M paths. Value are also kept in the cloud, the last value is stored in the Device Directory. Some vendors refer to capabilities like this as a “device shadow.” Connect includes full LWM2M support over CoAP/UDP with full DTLS support using two-way handshake. Once data arrives in your Izuma Cloud instance, you can retrieve it and set up webhooks with our APIs. Data can be browsed through via the Device Directory web interface.
At the firmware level, using the Izuma Connect libraries, different routines can react to changes in LWM2M data paths. Developers can focus on device functionality, not the transports needed to make communication happen. And, all of this is cloud independent. It can work on any Izuma Cloud instance, whether that is running on AWS, Azure, on other providers, or your own servers in an isolated network. See: Izuma Cloud deployment options