owned this note changed a year ago
Published Linked with GitHub

DeviceOn Getting Started

DeviceOn Server Installation

Setup Standalone Version on Windows (On-premises)

Step 1: Install the DeviceOn Package on Your System

Copy the installation file (DeviceOn_Server_Setup_4.7.x.exe) to your target system and run it as administrator.

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Click “Next” to start the installation process.

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Select “I Accept the terms in the License Agreement” and click “Next

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Select the “Installation Folder” for DeviceOn Server and click “Next

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Enter “Public IP” or “Domain Name” for this physical/virtual machine and click “Next”. This information is required for “Edge Device” connectivity, please make sure your device is reachable under this IP or Domain Name.

Note: You can start a Windows command prompt and type “ipconfig” to retrieve your IP address(es) on this physical/virtual machine.

You will need to configure the HTTP port number that is used for web browser-based access the DeviceOn management portal. The default port is 8080, but you can select any other port as long as it does not conflict with any other application or service. Click “Next”.

Configure the password of the relational database (PostgreSQL) that DeviceOn uses to manage account, device, permission, and relation data. The default account name is “postgres” and the password should follow below guideline.

Strong Password Rules:

Minimum eight characters, at least one number, one lowercase letter, one uppercase letter, and one special character (Blank character, Backslash(\), Double quotes(") are prohibited)

Configure the password of the NoSQL database (MongoDB) that stores device sensor data. The default account and database is “wisepaas/WISE-PaaS”. This password should also follow strong password rules as outlined above.

Select the database installation path and cache size of MongoDB and click “Next”. A larger cache size will result in better performance. For more information on this parameter, please referend to the official documentation

Enable capped collections for data recycling and set the size for each collections. Capped collections work in a way similar to circular buffers: once collection files its allocated spce, it make room for new documentas by overwriting the oldest documents in the collection.

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →
The charateristic of capped cannot be disabled, if you enable the collection at first.

Configure the password of the root account (dummy name “root@advantech.com.tw”) and click “Next”. This root account has the highest permission level and is used to log in to the DeviceOn web service and create other user accounts.

Set up the HTTP service port for Grafana dashboard. The default user name and password is admin/admin. You will be able to modify this at the first login.

Set up FTP service port for application (App Store), device log storage.

DeviceOn license is tied to network inteface. The above lists all choose-able network cards informations. To install DeviceOn, you have to determine which network card to be tied to. Choosing a connected and physical interface over a virtual one is highly recommended to prevent potential issue that DeviceOn may encounter in the future.

For devices with a TPM chip, TPM data encryption can be enabled to restrict DeviceOn Server execution solely to the same hardware, thus ensuring data security.

image

Click “Install” to begin the installation.

Click the “Finish” to exit the program.

Step 2: Launch DeviceOn Web Service Shortcut on Desktop

Two shortcuts will be generated on the desktop - one is for the DeviceOn web portal and the other one is for the Grafana dashboard.

Click the “DeviceOn Server” shortcut in order to launch a browser and to start device operation and management. It is recommended to use Chrome for the best user experience.

Setup Standalone Version on Linux (On-premises)

If you are interested in DeviceOn and used to Linux platform, On-Premise, we also provide an installer for Ubuntu Linux (one of the most popular Linux distribution). This section will guide you how to install DeviceOn on Ubuntu Linux. Note here that:

  • The DeviceOn Ubuntu Linux installer is named something like "DeviceOn_Server_Ubuntu 18.04_x64_4.7.x.run". To acquire the installer and ensure having the latest version, please contact us.

  • If you are running the installer with an account other than "root", you should use "sudo" command to obtain higher privileges, or the installation may fail at any step.

Step 1: Open a terminal

The installer runs in CLI (Command Line Interface) mode. As such, open a terminal preferable for you.

Step 2: Copy the installer to target host

Use the way you like to copy the installer to the target host.

Step 3: Set the installer as executable

In the terminal, run "chmod 0755 DeviceOn_Server_Ubuntu 18.04_x64_4.7.x.run" so that the installer as an executable file under Ubuntu Linux.

Step 4: Running the installer

Change your working directory to where the installer is and run "./DeviceOn_Server_Ubuntu 18.04_x64_4.7.x.run ". You may need to run "sudo ./DeviceOn_Server_Ubuntu 18.04_x64_4.7.x.run " to acquire higher privileges if you were logged in as a normal user.

Step 5: Answering some questions

Throughout installation process, it's necessary to answer some questions to complete the installation:

A. The password of user postgres to login PostgreSQL database.

When you run into this step the question shows like above. Just input the password you would like to use to login PostgreSQL database for “postgres” account.

B. The password of user “wisepaas” to login MongoDB database.

When you run into this step the question shows like above. Just input the password you would like to use to login MongoDB database for “wisepaas” account.

C. The valid IP or host name of the target host.

When you run into this step the question shows like above. Just input the IP address of the target host. A hostname (even a FQDN) is also acceptable if you are sure that agents can connect to via the name you provide.

D. If turn MongoDB capped functionality on or not.

When you run into this step the question shows like above. Just input “yes” or “no” to enable or disable “capped” functionality. If you answer “yes”, a subsequent question followed to ask you “how much capped size, in MB, to be used? “. Just input the size, in MB, you want to use in “capped” functionality in MongoDB database.

Capped collections are fixed-size collections that support high-throughput operations that insert and retrieve documents based on insertion order. Capped collections work in a way similar to circular buffers: once a collection fills its allocated space, it makes room for new documents by overwriting the oldest documents in the collection.

E. The password of user “root@advantech.com.tw” to login DeviceOn portal, and the rule should follow below guideline.

Strong Password Rules:

Minimum eight characters, at least one number, one lowercase letter, one uppercase letter, and one special character (Blank character, Backslash(\), Double quotes(") are prohibited)

When you run into this step the question shows like above. Just input the password you would like to use to login DeviceOn portal for “root@advantech.com.tw” account.

Finally, a workable DeviceOn server should be there the target host. Open a browser and input http://{IP-USED-IN-QUESTION-C}, you should see the DeviceOn login page.

Cloud Deployment from Azure/AWS

Deploy DeviceOn from Azure Marketplace

Step 1: Deploy DeviceOn from Azure Marketplace

Please enter to Azure Marketplace and click "GET IT NOW"

Sign in your Account

You will enter to Azure portal and please click on Start with pre-set configuration to be quick deployment

This page includes our recommended configuration for DeviceOn Server, you can just click on Continue to create VM, following the default setting.

In this page, please note that the red star parts info are MUST.

  • Select your Azure Subscription
  • Create a new resource group or pick-up
  • Define your Virtual Machine name
  • Select the Virtual Machine region, you can pick one which is the nearest one to your location
  • Select DeviceOn as default Image
  • Here you need to create the Username and remember the Password which is to secure this DeviceOn VM (Remote Desktop Used)

Then click Next to move on, or you can directly click “Review + Create”, then all the following items will be set as default.

By using the default disk Premium SSD, then click Next to move on.

Set the network interface

  • Select the one you just defined in previous grouping or create new

In this page, you can schedule the power management of VM for reducing the unnecessary cost

  • Auto shut-down schedule (please make sure the time zone is correct)
  • Email account

Basically, you can click Review + Create if you don’t need advanced setting. VM will be validating and creating within 5 minutes.

A few minutes later, you can see below picture that VM has been created.


Click “Go to resource” to review more detail.

After deployment, please click on "Connect" to remote login to VM via Microsoft Remote Desktop. The password that you configure on Step 1. There is a Quick Start Guide on the desktop and include the random password to access DeviceOn Web Service.

Step 2: Access DeviceOn Web Service

Please copy the public address first from Azure VM, and open Microsoft Edge or other browsers to paste the IP address (Suggest using Microsoft Edge for best experience)

Enter to DeviceOn main page, please follow the steps to finish the basic questionnaire and then confirm the related policy and agreement. (As below pictures)

Enter the default account and password (through Quick Start Guide)

Note: Please remember to modify your own password after log-in.

Deploy DeviceOn from AWS Marketplace

Step 1: Deploy DeviceOn from AWS Marketplace

Please enter to AWS Marketplace and click on the "Continue to Subscribe"

Sign in your AWS account.

Click on the "Continue to Configuration"

Congigure this DeviceOn software and click on the "Continue to Launch"

  1. Deleviery Method: 64-bit (x86) Amazon Machine Image (AMI)
  2. Software Version: 4.2.3 (May, 22, 2020)
  3. Region: Select the Region that the nearest to your location.

Launch this DeviceOn software

  1. Choose Action: Launch from Website
  2. EC2 Instance Type: t2.large (Recommand select higher than t2.large for better performance.)
  3. VPC Settings: default vpc
  4. Subnet Settings: default subnet

  1. Security Group Settings:

Create a security group based on our setting, enter name, description of this security group.

  1. Key Pair Settings

Create a key pair in EC2, enter name and select file format as "pem". The key pair used to get the password of Remote Desktop.

  1. Click on the "Launch" to deploy EC2 machine.

Step 2: Login EC2 Virtual Machine

After deployment, please enter to AWS EC2 Console, select your instance and get the connect remote desktop and password.

In order to retrieve your password you will need to specify the path of this Key Pair (DeviceOnKey.pem) on your machine.

There is a Quick Start Guide on the desktop and include the random password to access DeviceOn Web Service.

Step 3: Login DeviceOn Web Service

Enter to DeviceOn main page (Suggest using Microsoft Edge or Google Chrome for best experience), please follow the steps to finish the basic questionnaire and then confirm the related policy and agreement. (As below pictures)

Enter the default account and password (through Quick Start Guide)

Note: Please remember to modify your own password after log-in.

Deploy Enterprise Version on Azure Kubernetes

This document tries to describe, and guide you, how to deploy DeviceOn on Azure cloud. The version is focused on Azure components to integrate to provide security, scalability and high availability.

Microsoft Azure provides lot’s of cloud services with security, scalability and high available. Based on Azure components, DeviceOn could focus on functionalities for device management and data acquisition. We fully integrate with below services:

  • Azure Application Gateway (WAF protection and traffic load balancer), Optional
  • Kubernetes (Container Management)
  • Azure AD (Authentication), Optional
  • Cosmos DB, Azure PostgreSQL (Database)
  • Azure Function, IoTHub (Secure Device Connection)
  • Stream Analytics, Event Hub, Service Bus (Message Bus and Filter)

When you build on Azure’s secure foundation, you accelerate your move to the cloud by achieving compliance more readily, allowing you to enable privacy-sensitive cloud scenarios, such as financial and health service, with confidence.

Prerequisites

To achieve the goal to deploy DeviceOn, some resources have to be acquired and preconditions must be met as well.

  • An active Azure subscription.
  • An Azure CLI installed on your laptop, please refer to Azure documentation to download and setup. The Azure CLI is available to install in Windows, macOS and Linux environments. It can also be run in a Docker container and Azure Cloud Shell.

Second option, if you don't want to install Azure CLI, you can also adopt Azure Cloud Shell, please refer to Microsoft documentation.

Step 1: Obtain the following three parameters for deployment

  • Application ID
  • Password (Client Secrets)
  • Tenant ID

a). Sign into your Azure account through Azure CLI
Use any way you prefer to open a Command Prompt and enter

az login

Note: If the CLI can open your default browser, it will do so and load a sign-in page. Otherwise, you need to open a browser page and follow the instructions on the command line to enter an authorization code after navigating to https://aka.ms/devicelogin in your browser. Sign in with your account credentials in the browser.

b). Select your Subscription
After you login, the terminal console will list all subscriptions, please select the subscription that you would like to deploy.

az account set --subscription <SUBSCRIPTION_NAME>

If you don’t know which subscriptions you have, you can use below command to list all the subscriptions, and determine whether the subscription has been selected according to isDefault.

az account list --output table

c). Create a service principal
The last step to create a service principal and generate these parameters. (1. Application ID, 2. Password and 3. Tenant ID)

az ad sp create-for-rbac --name <SERVICE_PRINCIPAL_NAME> --role "owner"

If you want to further limit the scope of service principle to resource group, please try to create the resource group, and then use the following command to limit.

az ad sp create-for-rbac --name <SERVICE_PRINCIPAL_NAME> --role "owner" --scopes /subscriptions/{SubID}/resourceGroups/{ResourceGroup1}

Step 2: Deploy DeviceOn via Custom Template

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

a). Open the Azure Portal

This will open the Azure Portal (portal.azure.com) in your subscription and create the required resources.

b). Enter the following values:

​​​​| **Name**                   | **Value**                                                                                                                                                                                                   |
​​​​|----------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
​​​​| Resource Group             | Select the resource group name you created in the last section.                                                                                                                                             |
​​​​| Region                     | Select a location for the resource group. For example, Southeast Asia.                                                                                                                                      |
​​​​| Application Id             | The application Id is obtained from Step 1.                                                                                                                                                                 |
​​​​| Password                   | The password is obtained from Step 1.                                                                                                                                                                       |
​​​​| Tenant Id                  | The tenant Id is obtained from Step 1.                                                                                                                                                                      |
​​​​| Email                      | After deployment, the result/progress will be sent to this email                                                                                                                                            |
​​​​| Location                   | Enter the location name according to the data center. for examle, Asia East(**eastasia**), Asia Southeast(**southeastasia**), Japan East(**japaneast**), US East(**eastus**), Europe North(**northeurope**) |
​​​​| IoTHub Sku                 | S1/S2/S3, the default is **S1**, you could adjust the tier from Azure Poral, if need.                                                                                                                       |
​​​​| IoTHub Unit                | default is 1                                                                                                                                                                                                |
​​​​| Activate Key               | Advantech hardware connection, enter **N/A** (free support for 1000 Advantech devices), or please [contact us](mailto:DeviceOn.Support@advantech.com) to purchase license key for Non-Advantech devices.    |
​| AKS Max Node Count         | Maximum number of Kubernetes nodes to auto-scaling                                                                                                                                                          |
​| Utc Value                  | Fix value for generating unique string                                                                                                                                                                      |

c). Select Review + create

d). Validation and start to create.

e). Deployment Process
The entire deployment process takes about 30 minutes. After completion, you will receive a mail notification. The content of the mail includes the DeviceOn web Service IP and login Account password.


Assuming that your mail is intercepted/block or not received due to mail server filters, we will synchronously write this information to the Azure Blob Log container. Go to your resource group (you entered at the stage of deployment) storage account -> container -> Log -> ServerInformation.log. If the container has not been created, please wait a few minutes for initialization.



f). Result
There are two resource group generated on your subscription, one is you entered at the stage of deployment, which include the services such as: AKS, IoTHub, EventHub, Stream Analytics, CosmosDB, PostgreSQLetc. Another resource group name prefix name starts with MC, that contains AKS VM node.

DeviceOn Agent Installation

Device Onboarding on Windows

Step 1: Onboarding Your Device to IoT Device Platform (DeviceOn)

Once your DeviceOn server installed, you could start to follow steps to onboarding your edge device.

a). Log in to the DeviceOn Cloud Service with Your Account and Password

b). Download DeviceOn Agent and Connection Configuration (Agent.config)

At the first login, the “Device Onboarding” dialog will pop up automatically. Please click “Download” to get the latest version of DeviceOn AgentSetup.exe and the respective connection configuration. (Agent.config)

image

Click “Next” to wait for connecting devices.

image

c). Set up Your Local Device

Copy those two files (DeviceOn AgentSetup_2.x.x.exe and Agent.config) to the target device and launch “DeviceOn AgentSetup_2.x.x.exe” as administrator.

image

Click “Next” to set up the DeviceOn Agent program.

image

Select “I Accept the terms in the License Agreement” and click “Next”

image

When the “DeviceOn AgentSetup_2.x.x.exe” program detects a cloud connection configuration file (Agent.config) in the same folder, “Quick Mode” as shown in this dialog will be available. For “Quick Mode”, the installation path is fixed to “C:\Program Files (x86)\Advantech\DeviceOn Agent”. If you would like to adjust the installation location, please select “Advanced Mode”.

Quick Mode:

image

Advanced Mode:

image

The DeviceOn Agent includes a web-based management interface. The default credentials are:

  • Username: admin
  • Password: admin

You will be prompted to change the password after your first login. The web interface runs on port 8080 by default. This is the port you should use to access the management UI from a web browser. There is also a separate websocket port used internally for communication between plugins. You do not need to access this port directly.

image

Set up the cloud connection configuration (Credential URL & IoTKey). This information can be retrieved from the DeviceOn web portal as shown in Step 2, and click “Next”.

  • “Zero-touch onboarding”: Only supported on Advantech platforms with SUSI Driver and pre-configuration on the provisioning server.
  • “Assign to User Account”: Each account has its own connection IoTKey. If checked, the device will be assigned to this account automatically.
  • “Enable SSL”: The communication between DeviceOn Agent and DeviceOn Cloud is MQTT. If checked (default setting), all the messages and content are SSL encrypted (MQTT SSL port: 8883). Otherwise, port 1883 is used for MQTT without SSL.

image

DeviceOn Agent supports remote desktop through built-in UltraVNC. You can manually specific the location of your own UltraVNC installation if preferred. If you do not want the remote desktop feature to be available, please select “Disable KVM Connection”.

image

DeviceOn Agent integrates Intel AMT (Intel Active Management Technology) for remote power management (Power Up, Down, Cycle and Reset) as well as remote desktop access, even in case the operating system has crashed. However, this feature requires hardware support (Intel Core i5, i7) and the target device needs to be on the same local network as the DeviceOn server. Please pre-configure iAMT, enable it in the device’s BIOS and provide the account and password information in this dialog if you would like to enable iAMT based remote control features.

image

Click “Install” to begin the installation.

image

DeviceOn Agent requires the Microsoft Visual C++ Redistributable 2008, 2013, 2015 x86 packages, which will be downloaded from the Internet and set up during the installation process. If you are in an environment with limited or no Internet access, please download the “Agent Dependency Package” through an Internet connected device and install this package first.

d). Set up Your Local Device

Click on the “DeviceOn Agent” link or the icon on the Windows Desktop to open the DeviceOn Agent user interface.

image

e). Login to Agent Web Service

image

The default username and password are both "admin". Please change the password after logging in for the first time.

If the status shows “Disconnected”, please make sure your network settings are configured correctly and that you have access to the DeviceOn server-side application, either located in a public cloud (Microsoft Azure, AWS) or on premise (standalone server version) depending on deployment scenario. Then, please click the “Connect” button to try to reconnect.

image

e). Grouping Your Devices

Once the device connects, the DeviceOn user interface will move on to the device grouping page, where the device group for these devices can be selected.

There is a “Default” group that can be used, or other groups for this device can be created after checking “Advanced options”. Click “Confirm” to start device management.

f). Start Device Management

By default, two “Real-time Actions” are created for a group, one is “Screenshot” and the other one is “Reboot”. The overview page further shows the online status of registered.

Device Onboarding on Linux

Once your DeviceOn server installed, you could start to follow steps to onboarding your edge device.

a). Log in to the DeviceOn Cloud Service with Your Account and Password

b). Download DeviceOn Agent and Setup on your Device

Please try to get and download the latest version of DeviceOn Agent installer for Linux version from technical portl or landing page.

c). Open a terminal

The installer runs in CLI (Command Line Interface) mode. As such, open a terminal preferable for you.

d). Copy the installer to target host

Use the way you like to copy the installer to the target host.

e). Set the installer as executable

In the terminal, run “chmod 0755 deviceonagent-Ubuntu_20.04-x86_64-2.x.x.0.run” so that the installer as an executable file under Ubuntu Linux.

f). Running the installer

Change your working directory to where the installer is and run "./deviceonagent-Ubuntu_20.04-x86_64-2.x.x.0.run". You may need to run "sudo ./deviceonagent-Ubuntu_20.04-x86_64-2.x.x.0.run" to acquire higher privileges if you were logged in as a normal user.

g). Start DeviceOn Agent and Connect to DeviceOn

Change your directory to /usr/local/AgentService and run sudo ./setup.sh to answer connection information, such as credential URL, IoTKey, Device Name and etc.

  • Zero-touch onboard is a zero-configuration and quick connection mode for a special purpose. The default is disabled (n).
  • Enter Credential URL and IoT Key that information could retrieve from the DeviceOn portal.

image

  • Assign device to User Account: You can bind the target device into a “Default” group in your account on the portal automatically.
  • Enable TLS: Turn ON/OFF the TLS/SSL mode.
  • Input Device Name: Give your device name and show it on the portal.
  • Input AMT ID and password: If your device support Intel AMT, please enter AMT ID and Password to enable these functions.
  • Select KVM Mode [0:default, 1:Custom VNC, 2:disable]: User can use our default VNC to support the Remote Desktop function by entering 0 and give a listen port if you don’t want to use the default port. Second, select Custom Mode, if they already have a VNC server by entering 1 and provide the listen port and password. To disable the KVM function by entering 2.

When you run into this step the question shows like above, device is connected and under your account. To confirm the connection status via agent_status:
0: Disconnect, 1: Connected, 2: Connecting.

cat /usr/local/AgentService/agent_status

The connection parameters are stored into agnet_config.xml, if you would like to update or modify, please edit the configuration and restart the service (saagent.service)

h). Start Device Management

By default, two “Real-time Actions” are created for a group, one is “Screenshot” and the other one is “Reboot”. The overview page further shows the online status of registered.

Select a repo