Hello,
I have been evaluating some of the opensource products for secure OTA and got stuck on “OTA Community edition, aktualizr” and mender.io .
Could you pls help me to chose mender here . How mender is better than other one?
Is mender also based on uptane?
Thanks,
Abhilash.
1 Like
Hello @abhilash-kv,
thanks a lot for your interest. From a very high level perspective I would say the main differences are:
- Uptane is highly focused on ground vehicles - thats its mission statement, whereas mender is a solution for the whole IoT product space.
- the Uptane/aktualizr combination that you mentioned seems to not offer any hosted, or ready to go offerings. With mender, you can start right away using a free account, and gradually upscale on the go, all the way to running your whole infrastructure on premise if needed.
For specific needs a more detailed comparison might be needed, but from an initial starting point I would say: give mender it a try.
If you have more questions, feel free to reach out.
Greetz,
Josef
Hi Josef,
Thanks for the quick response. Yes agreed the deployment was faster when I tried mender.io opensource compared to the aktualizr.
One more question
- From security stand point how about mender ? whats the protocol used for delivering the payload?
Thanks,
Abhilash.
1 Like
Hi @abhilash-kv,
the transfer protocol between client and server is HTTPS. So the data payload is encrypted, and the origin is authenticated. For additional verification, you can opt in to signing of the payload that you are creating and deploying.
Greetz,
Josef
Hi Josef,
So except transport layer security , you are not providing any security for the payload by default?
Thanks,
Abhilash.
@abhilash-kv
Well of what kind of “security” are you thinking? Any specific requirements you need to fulfill? Its hard to give a good answer here because I don’t know what you expect. Just try to elaborate on your usecase a bit and then I can relate it to what we are offering.
Greetz,
Josef
If I recall, it uses, certificate based client/server authentication of which you need to authorise/pre-authorize the devices server side.
There is also the mTLS authentication available. But as the original question was explicitly about the “protocol of delivering the payload”, I would need more input on what might be needed beyond HTTPS-provided encryption and authentication.
Greetz,
Josef