Links

Architecture Overview

JFrog Connect was designed by and for developers of Linux-based IoT and edge devices in a wide range of industries.
A basic assumption from the start was that the IoT and edge devices could be in complex network environments with conditions such as:
  • Limited connectivity
  • Located behind firewalls without a public IP address
  • IT staff not available at remote sites
  • Devices deployed outside of the data center security perimeter
  • Many different hardware platforms and configurations

Client-Server Architecture

JFrog Connect is built with a robust client-server architecture scaling to support tens of thousands of edge devices.

Client

The client consists of the Connect Agent running on the edge or IoT device. Connect Agent communicates with the outside world (i.e., the Connect server) as a client only, without using any open ports or listening servers.
Connect Agent periodically sends heartbeats containing status information about the device including CPU, RAM, and disk usage and information about any processes being monitored. The timeout between those heartbeats, also called the Communication Cycle, is configurable per project in the web UI.

Server

The Connect server manages all communications to and from the Connect Agents and performs a number of functions including the following:
  • Receives regular status and monitoring messages from the clients
  • Controls the software update process and all interactions with the agents including remote control and access, obtaining device details, and fetching files requested
  • Processes all interactions between the user interface and the Connect Agents
The Connect server can work in a cloud SaaS mode or in self-hosted mode. Unless specified otherwise, the user documentation describes the cloud SaaS mode. If you have questions specifically about the self-hosted mode, please contact us and we will be happy to discuss them with you.

User Interface

The JFrog Connect console is a web UI that enables you full visibility and control of your devices. Using the console you can register devices, manage your fleet, check device status and details, create and deploy OTA updates, open a remote access session with an individual device, and take advantage of the full feature set described in the JFrog Connect Overview.

REST API

JFrog Connect provides a REST API enabling programmatic access and control, which is ideal for managing large fleets of devices. The REST API enables you to embed the JFrog Connect functionality into your CI/CD pipeline and deploy OTA updates as part of new application releases. You can also use the REST API to create a custom dashboard or integrate JFrog Connect information with an existing dashboard.

Security

The JFrog Connect team takes the privacy, security, and integrity of your data seriously. We adhere to industry standards and comply with relevant security and safety regulations to ensure the security of your data. We are also dedicated to enabling you to comply with your own internal security policies.

Data centers and subcontractors

JFrog Connect engages only top-tier vendors dedicated to privacy and security values and standards including the largest cloud hosts and service providers in the market. Our suppliers apply various controls to secure data including the use of secured data centers and compliance with the strictest certifications and accreditations.
The JFrog Connect R&D team works closely with Amazon Web Services’s (AWS’s) expert engineering team to provide the best-in-class cloud solution with the latest security compliance available.

JFrog Connect cloud architecture

JFrog Connect servers, databases, storage, and cloud environment are all based on AWS products with AES-256 encryption and live zone fallback combined with an extra layer of security, a separate Amazon Virtual Private Cloud (Amazon VPC).

Device Authentication

When a new device is added to JFrog Connect, it is assigned a device identity that includes a unique key. The key is stored both in JFrog Connect and on the device itself.
JFrog Connect uses an identification-response protocol that verifies the device identity every time a communication cycle is completed.
  • The device sends its device identity (i.e., its key) to JFrog Connect to initiate the authentication process
  • JFrog Connect verifies the authenticity of the key and sends a response to the device
This authentication mechanism ensures that only devices with a valid device identity can access JFrog Connect and receive OTA updates. The mechanism also provides a secure channel for device communications, which helps prevent unauthorized access.

JFrog Platform Integration

You can use JFrog Connect standalone to manage your IoT devices at scale, or as part of the JFrog Software Supply Chain Platform to get the full power of the JFrog platform. JFrog Connect is fully integrated with the rest of the JFrog supply chain platform, empowering developers to automate DevSecOps activities with best practices and continuous governance from developer to device.

What’s Next?