locked
Best practices to distribute Beta app updates to remote device testers RRS feed

  • Question

  • I am about to enter into a stage for beta testers who are extremely busy. There will be 8 beta testers all in different remote locations. The idea is that I will work with each beta tester on a different day of the week for an hour or so at a time. These beta testers no nothing about IoT, have no development tools or skills, are unable to flash SD cards or perform any such "technical" activities. They have been chosen because they will be "typical" end users of the IoT device.

    Each beta tester will be sent one of the device to test. They will test the device at the scheduled time, tell me the changes they need to the aspect of the program that they are responsible for, receive the updates, and hopefully approve the changes. All on the same day within the same session. So I need to be able to publish updates and have the devices get and install the updates within a few minutes. My understanding of the procedures that Windows Store for IoT has is that after submitting an update it takes potentially hours before the device will get the update. This will not work for me. I need to be able to make virtually live updates to the preinstalled UWP program.

    I have already set up HockeyApp to collect usage data and error logs, but it doesn't support live updates for UWP on IoT. Publishing updated beta software on HockeyApp is very fast and that would satisfy my need for speed. But the automatic update feature doesn't work with IoT. Apparently Windows auto update feature only works with Windows Phone 8.x. For UWP apps. For Windows apps HockeyApp is designed for the user to use a PC to browse to HockeyApp on a web browser, log in with user credentials, download the APPX file, then manually install of the update using powershell. All this is well beyond the expectations of what I can place on my beta users.

    Azure IoT doesn't seem to be a good solution either. It looks like the free account only allows 1 device (which would not allow for 8 beta testers). And the smallest paid subscription has 30 days free, will be a problems since it will take more than 30 days to get through he beta rounds with updates schedule almost every day.

    The idea on this development is that I will sell the completed design to my customer. They will take it from there. So I want to minimize or eliminate as much as possible all service costs during R&D and beta test. So paying for Windows Store account or an Azure IoT account that will only be used for two months of R&D on this one product is something I want to avoid.

    Is there a low or no cost solution that will be able to provide live (within minutes) updates for beta UWP apps on 8 Windows IoT devices?


    • Edited by mjmeans Sunday, November 5, 2017 9:52 PM typo
    Sunday, November 5, 2017 9:51 PM

Answers

  • I have been able to get Windows Store updates working. I signed up for a company account and signed up for the preinstall feature so that I can download the appx file to include the initial app in my flash.ffu image. I have also added disabled automatic app updates to the flash.ffu image and added a manual check for updates in the app so that the app doesn't rely on the unpredictability of the OS to eventually check for and install the app update ad an inconvenient time for the end user. The Windows Store app submission is set to make the app not visible to browse from the store and limited distribution to only my country and turn off all distribution to all the platforms (xbox, hololens, etc.) Now Windows Store update submissions processes in about 10-15 minutes. This is fast and satisfies my needs for the app update and my need for fast updates while doing remote beta testing.

    I do not have a solution yet for the issues of OS update management. I signed up for Azure F1 and started setting up IoT Hub and IoT DM, but I have not been able to resolve all the issues. Since OS update on the RPi takes about 30 minutes to complete, this is a huge issue. The system cannot be offline for 30 minutes at an unexpected time. I realize that MS doesn't recommend disabling OS update, and I don't want to disable it. I want to make it user managed in some way. For example, if there is an OS update, then the user should be informed and be told that the update will self install in 30 days unless they choose to update now. So that's my next task.

    A new issue came up. The need to have and pay for an annual code signing certificate to be able to create a retail image (as opposed to a test image) and use a TPM for Azure. I see little benefit in the use of a code signing certificate and retail image and using TPM for my specific app which will primarily be used without an internet connection. So the cost benefit analysis seems pretty poor for those features. I will be extremely disappointed if I find out that I must use either a TPM or a code signing certificate to be able to allow the user to manage the OS updates.

    • Marked as answer by mjmeans Thursday, November 16, 2017 1:59 AM
    Tuesday, November 14, 2017 3:32 PM

All replies

  • Hello mjmeans,

    For updating UWP app on Windows iot core, it is recommend to use Windows Store.

    But based on your requirements you may need a IoT Hub S1 edition. You can check IoT Hub pricing.

    Best regards,

    Rita


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, November 6, 2017 10:01 AM
  • I don't see any guidance or example on how to add IoT Hub to an existing debugged app for the purposes of remote fast updates. The example I find all have several problems:

    1. Examples start with a new app and VS check box for Azure in the new app creation. My app already exists and is debugged. I need to add IoT Hub exclusively for remote updates.

    2. Examples projects refer to Azure Portal pages that don't exist where they example says it should exist and I'm not willing to learn all about all the Azure features. I only want remote app and OS updates.

    3. Example projects include remote database and error logging and other telemetry; all of which consume unnecessary data. I'm doing my own error logging without Azure and don't want to duplicate the effort, or pay for the Azure messages that support it. Again, I want ONLY remote app and OS updates.

    4. Example projects and walkthroughs direct me to use Azure Device Portal or command line tools to create a device to use and then add those device keys and IDs into the source code. This will not work. I will have 8 different devices deployed with a single flash.ffu using ADK AddonKit. Each device needs to register itself with it's own unique ID. I can't recompile the source code for each device. If this demo project succeeds, I will have hundreds of devices to deploy and will certainly need Azure S1. But not for a development proof of concept project.

    So, is there any guidance on how to add Azure managed remote IoT app updates to an existing non-Azure application?

    AND, is there any guidance on how to prepare a single flash.ffu that once deployed on 8 devices will be able to be take advantage of those app updates?

    This is URGENT. All this guidance has to be up to date and correct with respect to development with the current versions of VS 2017 and ADK and ADK AddonKit? I have a working UWP app that runs on the RPi 3. I need to add remote update to this project THIS WEEK so that it can be shipped to my customer for review for a few weeks before being demoed at a major sports convention.

    • Edited by mjmeans Wednesday, November 8, 2017 3:24 AM additional info
    Wednesday, November 8, 2017 3:19 AM
  • Hello mjmeans,

    >>>1. Examples start with a new app and VS check box for Azure in the new app creation. My app already exists and is debugged. I need to add IoT Hub exclusively for remote updates.

    Which example? Can you provide the link?

    Best regards,

    Rita



    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Thursday, November 9, 2017 5:52 AM
  • Hello mjmeans,

    >>>1. Examples start with a new app and VS check box for Azure in the new app creation. My app already exists and is debugged. I need to add IoT Hub exclusively for remote updates.

    Which example? Can you provide the link?

    Best regards,

    Rita

    Yep. Here's one: https://blogs.windows.com/buildingapps/2015/12/09/windows-iot-core-and-azure-iot-hub-putting-the-i-in-iot/#6vKdmfv1ooGDMkVr.97

    And for an example of a project that would not work for a commercialized app, we have https://blogs.msdn.microsoft.com/uk_faculty_connection/2016/01/27/windows-10-iot-core-beginners-walkthrough-using-raspberry-pi-2-and-the-fez-hat/. As you in that example, the device ID is manually created and compiled into the app. Definitely not suitable for mass Flash_Recovery.ffu deployment for a commercialized pre-installed OEM image.

    Devices should auto-register with a unique ID per device. The unique ID can be based upon a silicon serial number, SMBIOS or Ethernet MAC address or some other mechanism that is both unique and won't change, even if the device is reformatted. An example based on the unique MAC address would be appropriate. And if the device has gone through a device recovery process, or had it's SD card replaced, then upon first boot and connection to the internet, it should find that it's ID is already registered. If it is already registered it should ask the user whether to restore it's previous device management state from Azure IoT Hub or initialize a new default state. I can't find any guidance on how to make an OEM pre-installation scenario work with Azure IoT Hub.


    Thursday, November 9, 2017 7:26 AM
  • Hello mjmeans,

    >>>As you in that example, the device ID is manually created and compiled into the app. Definitely not suitable for mass Flash_Recovery.ffu deployment for a commercialized pre-installed OEM image.

    For this problem, Device Provisioning Service(DPS) can solve. DPS provides

    • Zero-touch provisioning to a single IoT solution without hardcoding IoT Hub connection information at the factory (initial setup)

    Best regards,

    Rita


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Thursday, November 9, 2017 7:56 AM
  • I'm looking through this and at first glance, I see a few problems with this.

    1. The example seems to require and HSM based on X.509 or TPM. Neither of these are available on Raspberry Pi.

    2. https://docs.microsoft.com/en-us/azure/iot-dps/tutorial-provision-device-to-hub#enrolldevice indicates that each device manufactured will have to be "enrolled" with Azure in advance of deploying the pre-installed image. This adds a complication to the manufacturing process in that the manufacturer has to know (or set) in advance the devices TMP Endorsement Key (or other unique code) prior to the device being deployed. I believe the assumption is that a TPM will be pre-programmed during manufacture. But again, TPM does not exist for Raspberry Pi. The only guaranteed unique code that exists in the RPi is the device's laser coded Ethernet MAC address. And even that is not known in advance of running some code on each individual RPi. What I want to see is an example where the pre-installed image handles everything; both device enrollment and registration; so that nothing has to be known in advance about the specific Raspberry Pi board being used, any TPM or cryptographic keys, or even the device's MAC address. This automatic provisioning, to prevent abuse, would deploy a minimal set of features. The Azure IoT Hub administrator (or a script running on Azure that reads additional device provided information) would enable the deployment of additional features.

    Thursday, November 9, 2017 8:55 AM
  • Hello mjmeans,

    Have you looked at the device management client that was recently posted to Git? 

    It is available here https://github.com/ms-iot/iot-core-azure-dm-client. This may be a solution to your problem.  It has links to samples and a walk-through. In particular there is an Application Update section that may be what you are looking for.

    Thanks!

    Thursday, November 9, 2017 10:31 PM
  • Thank you. I will look at it immediately.
    Friday, November 10, 2017 12:17 AM
  • Hello mjmeans,

    Any update of this question?

    Best regards,

    Rita


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, November 14, 2017 9:16 AM
  • I have been able to get Windows Store updates working. I signed up for a company account and signed up for the preinstall feature so that I can download the appx file to include the initial app in my flash.ffu image. I have also added disabled automatic app updates to the flash.ffu image and added a manual check for updates in the app so that the app doesn't rely on the unpredictability of the OS to eventually check for and install the app update ad an inconvenient time for the end user. The Windows Store app submission is set to make the app not visible to browse from the store and limited distribution to only my country and turn off all distribution to all the platforms (xbox, hololens, etc.) Now Windows Store update submissions processes in about 10-15 minutes. This is fast and satisfies my needs for the app update and my need for fast updates while doing remote beta testing.

    I do not have a solution yet for the issues of OS update management. I signed up for Azure F1 and started setting up IoT Hub and IoT DM, but I have not been able to resolve all the issues. Since OS update on the RPi takes about 30 minutes to complete, this is a huge issue. The system cannot be offline for 30 minutes at an unexpected time. I realize that MS doesn't recommend disabling OS update, and I don't want to disable it. I want to make it user managed in some way. For example, if there is an OS update, then the user should be informed and be told that the update will self install in 30 days unless they choose to update now. So that's my next task.

    A new issue came up. The need to have and pay for an annual code signing certificate to be able to create a retail image (as opposed to a test image) and use a TPM for Azure. I see little benefit in the use of a code signing certificate and retail image and using TPM for my specific app which will primarily be used without an internet connection. So the cost benefit analysis seems pretty poor for those features. I will be extremely disappointed if I find out that I must use either a TPM or a code signing certificate to be able to allow the user to manage the OS updates.

    • Marked as answer by mjmeans Thursday, November 16, 2017 1:59 AM
    Tuesday, November 14, 2017 3:32 PM
  • Hello mjmeans.

    I am glad to hear you got the Windows Store updates working and thanks for sharing your exploration.

    So we can finish this thread by marking the helpful reply as answer in order to help others better.

    For the new issue of OS updates, you can open a new thread.

    Best regards,

    Rita


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Thursday, November 16, 2017 1:50 AM
  • mjmeans,

    Did you end up needing to use a TPM or signing certificate? Or did you find a work around?

    Friday, June 22, 2018 9:38 PM
  • No. I decided to not use the soft TPM in RPi do to it being a false sense of security. I am managing app updates exclusively through the Windows Store. Azure IoT is too expensive for my beta/hobbyist use case.
    Friday, July 27, 2018 10:33 PM