Escrow Device Management

Escrow Device Management

Posted by Tony Hillerson on June 26, 2020

The Importance of Zero Touch Configuration

The idea of "zero-touch-configuration" of devices has been around for a while, notably in the SD-WAN space. In terms of device management in general, the important goal is that of making a device's physical location irrelevant to the device's manager. Ideally any device should never have to be in someone's hands throughout its entire lifecycle, from production line to warehouse to deployed location and so on until the end of the device's normal operations, in order for its configuration to be updated.

Configuration here can cover simple things, like network settings, to higher-order capabilities, like management of software running on the device, including updates to that software. The general implementation model is that some software runs on the device in order to maintain a connection to a management system. When the device comes online, no matter where it is at the time, it can retrieve its configuration and begin its lifecycle. As new devices roll off the production line, they have the latest configuration waiting for them, and the latest configuration can also be delivered to devices already in the field.

However a nuance exists to the zero-touch-configuration workflow, one that we've noticed as we've worked with a few different types of customers. The question is one of ownership.

Configured For Whom?

As a device management platform, there's a question we need to ask whenever it comes to configuring a device: "which account owns the device". Configuration of the device necessarily involves access to important data, some of which need to be protected and not shared.

There are a few customer types, notably but not exclusively device OEMs that use our platform to offer device management and the other rich capabilities of our platform to their customers. An important choice these OEMs can make with our platform is whether or not they wish to manage the customer's account themselves, or whether they'd like the end customer's account to stand alone and share no data with the OEM's account. The trade-off is between management responsibility for the end-customer versus the customer's privacy.

Another important relationship to consider is any intermediate owners of the device on the way to the end-customer. Some of our customers may pass ownership of the device through another entity - and thus another account - on the way to final ownership and configuration by the end-customer. An example is the chain from OEM to reseller to end-customer. There could also be enterprise use cases that follow the same pattern between business units.

Configuration of the device probably makes sense within the end-customer's account, using information that is owned by that account. However some initial information needs to be in place at the point the device is produced and provisioned with our SmartEdge management software. This allows the device to be identified and available for remote configuration through any changes that need to take place. However in many cases, the destination, end-customer, account is not yet known.

Since the initial configuration is only necessary, or for reasons noted above, only desired, at the point the end-customer account is known, but the account may not be known until later in any given process - we've designed a lightweight concept for defining and managing a device in this interim state: an escrow device.

Escrow Devices and Device Transfer

The conceptual model of an escrow device is that the device is held on behalf of an end-customer, and destined to finally come to rest in a customer account. At that point, the initial zero-touch-configuration process can take place. In the meantime, all that needs to be done by the device management system is to keep track of the device until that process is ready to take place.

The process is this:

  • The initial owner, for our purposes let's call it the "device provisioner", installs our SmartEdge software on the device with a minimum of information in place in order to uniquely identify the device
  • An escrow device is created in our platform in the device provisioner's account
  • Our SmartEdge software connects with our platform in what is known as "escrow mode", where minimal resources are needed to simply maintain the connection with the management system and watch for configuration changes
  • When the end-customer's account is finally known, whether that account is maintained by the device provisioner or is a separate account, the device provisioner can issue what we call a "Device Transfer Request" to the end-customer account.
  • The end-customer will see that these devices are being transferred to their account, and can select to approve some or all of these transfer requests.
  • Upon approval, device records will be created from the escrow devices, initial configuration will be pushed from our platform to the devices, and our SmartEdge software will move from escrow mode to normal operating mode.

This process balances the concerns of remote management and delivery of device configuration, data ownership, and optimization of the device provisioning process.

Escrow Devices Extend Zero Touch Configuration

The concept of "zero-touch-configuration" is an important admission of the needs of managing connected devices in the modern world. Physical interaction with devices is costly in time and limited to the processes by which devices are produced, stored, shipped, and ultimately arrive at the location they need to be. Any device management system worth mentioning offers this capability.

However other concerns of a device management platform, such as data protection, account sandboxing, and so forth require the ability to manage devices' journey through the platform to the end-customer account. The concepts of escrow devices and device transfers, built into EdgeIQ's platform, give our customers, whether OEM, device provisioner, reseller, or end-customer of any type, the ability to manage the important changes of ownership that take place in these cases.