Design

Connect Agent was designed with a few key points in mind to give you a simple and secure experience:

• Lightweight - Consumes about 4MB of disk space and about 11 MB of RAM.

• Always on - The Connect Agent service is always running in the background. Even when there is no Internet connection, the agent will always keep the device accessible remotely when the connection returns.

• Zero dependencies - Designed to run like an add-on, i.e., no additional installations are required to make it work.

• Smart network behavior - Only communicates as a client, using port 443 with the Connect Server. No open network ports or listening servers are required on the edge and IoT devices.

Connect Agent Functions & Behavior

Connect Agent sends regular heartbeat messages to the Connect Server. The messages include updates on your edge device’s up/down status, CPU, RAM, and disk usage. The heartbeat messages also provide updates on any of the processes and custom data being monitored. The default heartbeat interval is 25 seconds, and this can be configured in the Settings (in the JFrog Connect console) to best suit your use-case needs.

In addition, the Connect Agent:

• Facilitates the software updates to the edge device according to the blocks defined in the Update Flows

• Enables remote access and control commands to the device

• Enables creation and configuration of firewall rules on the devices

• Retrieves logs and any kind of data file stored on the device according to your request

The Connect Agent is project linked. This allows agents in different projects to have different configuration settings such as communication cycle and user access parameters. If you have multiple projects configured and you register a new agent, you will need to ensure that you associate the new agent with the intended project.

An agent acts as standalone software with regard to installation. If you re-install the same version of an agent on the same device, the new agent will have a different token and will be counted as a new device. In addition, the old device is not removed from the database in the Connect Server and appears in offline state in the web UI until you delete it.

Specifications and Compatibility

Connect Agent is designed for easy installation and compatibility on any Linux-based operating system and is suitable for use on a variety of hardware architectures including SOC, SOM, and SBC, as long as the OS is Linux-based.

Hardware

The Connect Agent is compatible with popular hardware platforms such as NVIDIA Jetson, BeagleBone, and Raspberry Pi, and will work with any hardware platform meeting the following specifications:

Minimum total device resources:

• 30MB RAM

• 30MB Disk space

Core Architecture:

• ARM:

  • ARMv5, ARMv6, ARMv7, ARMv8 - 32 and 64 bit

  • Cortex-A required for all ARM processors

• Intel: x86 and x86_64

Operating System

You can use any Linux-based OS, including:

• Yocto-based build

• Ubuntu

• Debian

• Centos

• Raspberry Pi OS

• Arch

• Custom Debian build

Required Software

Systemd/SysV (init.d) service manager must be installed on the client device.

Agent Updates

From time to time a new version of the Connect Agent will become available. The Connect Agent updates ensure that IoT devices are running the latest software and are able to communicate with the JFrog platform effectively.

The new agent version is not deployed automatically. When a new version is available, you can initiate an OTA update process at your convenience to update the agents on your connected devices. The update process takes place in the following stages:

1. Agent Version Management: Connect keeps track of the versions of the agents running on each device and compares them to the latest version available.

2. Notification: When a new version of the agent is available, a notification including the new version number appears in the web UI and a release note will be available.

3. Initiation: In the Connect Agent Update page, you initiate the OTA update process.

4. Update Verification: Connect verifies that the update has been applied successfully to each device. If a device fails to update, Connect can retry the update or alert the appropriate personnel.

5. Post-update Verification: After the update process completes, Connect can verify that the new version of the agent is running (online/offline) on each device.

Device Authentication

When a new device is added to Connect, the device is assigned a device identity that includes a unique key. The key is stored both in Connect and on the device itself.

Connect uses an identification-response protocol that verifies the device identity every time a communication cycle is completed.

• The device sends its device identity (i.e., its key) to the Connect server to initiate the authentication process.

• Connect then verifies the authenticity of the key and sends a response to the device.

This authentication mechanism ensures that only devices with a valid device identity can access Connect and receive OTA updates. The mechanism also provides a secure channel for device communications, which helps prevent unauthorized access.

What’s Next?

• Learn more about JFrog Connect’s network and security.

• Download the Connect Agent binaries.