Node Groups & Nodes
Nodes are virtual representations of hardware devices which you can deploy software applications to via Ferry. Node Groups are collections of Nodes which you can use to structure your device fleet according to your needs.
Nodes in Ferry have to be part of a Node Group which you can create as part of a Workspace. Ferry handles deployments of your software applications to Node Groups through your linked Cloud Account, which in turn are distributed to the individual Nodes.
There are two steps to deploying a software application to a Node:
Register & provision the Node with your linked AWS or Azure Cloud Account
Deploy Components to the Node (via it’s Node Group)
Registering & provisioning a Node
Before being able to deploy components to a Node, the Node must be registered and provisioned with your linked AWS or Azure cloud account. This means that Ferry will provision the relevant security X.509 certificates to the device for secure communication with your cloud provider as well as the correct runtime framework (Greengrass for AWS, IoT Edge for Azure).
Ferry’s provisioning process for a Node limits the interaction between your devices and your cloud provider to generating certificates which your device can use for future communication.
When you create a Node within Ferry, each Node is assigned a one-time token.
To provision your hardware device and link it to the created Node in Ferry, connect your device to the Internet (either via Ethernet or WiFi) and in the device’s root directory:
Install the relevant installer. We provide a range of installer scripts for different OS distributions (Ubuntu, Debian, Windows & more) for both AWS and Azure, which can be viewed in our public repositories here (opens in a new tab)
cd installer
sudo sh install.sh -k <<YOUR_ONE_TIME_TOKEN>>
When you run the install script, Ferry communicates with the Ferry Registration API with the Node’s one-time token. Ferry provides the device with short-lived access tokens that the device can use to communicate with your cloud provider’s account. The installation script then securely requests the required security certificates for the device directly from your cloud provider which can then be stored on the device, including encrypted in a Trusted Platform Module (TPM) if your device supports it. Finally, the device also installs the relevant run-time framework for your given cloud provider and the OS system that your device supports (including OS-variations of Greengrass for AWS, IoT Edge for Azure).
Device provisioning with AWS
Device provisioning with Azure
In the case of Azure, Ferry creates a chain of trust through linked X.509 certificates across your Organization, Workspace, Node Group and Node. This chain of trust is how Azure’s IoT Device Provisioning Service (IoT DPS) is able to verify and identify valid devices that reside within your Workspace, and which connect to Azure IoT resources in the cloud.
Deploying Components to a Node Group
Once your device has been registered and provisioned as a Node on Ferry, you can easily deploy your software applications to it (via the Node Group in which it belongs):
Create a Component in the Ferry dashboard, and generate a Component Version for that Component
Write your software application for the Component Version
Save and then publish your Component Version
Deploy your Component Version to the Node Group which contains the Node
Whenever your device gets Internet access, it will poll your cloud provider for new updates and will pull down & run the new software application automatically