[NTLUG:Discuss] What is the best method to communicate between a device and a server?

Chris Cox cjcox at acm.org
Fri Apr 4 11:08:10 CDT 2008 

Kipton Moravec wrote:
> I am designing a device or appliance (it does not matter what) that
> needs to report results to a server, over the Internet and get new
> instructions once a day or whenever it powers up. (Or had a power
> failure). There could be thousands of these devices.
> 
> I have to assume the device will be behind a firewall so the device will
> have to contact the Linux server and the server will not be able to
> initiate the communications to the device.
> 
> The device will send a progress report each day, reporting a few
> statistics (probably 100 - 200 bytes). The only other time it will
> report is when things go wrong.
> 
> When it checks in, it will look for any new commands for itself,
> including software updates. A command may be to provide additional data,
> or a recommendation to check in at a specific time (for load balancing
> on the server). It may be required to download a new program revision,
> and reprogram itself.
> 
> I do need to keep track of time, so I am thinking of implementing NTP
> also. It will have its own clock that is good to a couple of seconds per
> month.

Doubtful on the clock... but ok...

> 
> What application protocols are best for something like this?

I'd use SSH.  Every appliance would register a key on
initial (first time) startup.  This way, not only do you
have secured communication from the device to the server, you
could actually identify the device from the server for
troubleshooting.

> 
> I can see using FTP to upload and download files with the data.

Insecure.

> 
> I can see using SMTP and a POP server (email) for sending and receiving
> messages.

Insecure (yes... even if you go through the gazillion steps
to try to secure it).

> 
> Some have suggested SNMP which I am not familiar with.

Good for somethings, but I think inappropriate in your case.

> 
> Another way is to open a socket to socket custom connection.
> 
> Someone suggested opening up a secure telnet connection.

<cough> ssh... better...

> 
> I am sure there are more ways to do this. But what I do not know is what
> is the best way to do this. I want something that is robust, and easy.
> (KISS) And preferably small. 

SSH is extremely easy.... give you the ability to have not only
secure control, but without clear text password and allows host,
auth and command level security.

> 
> It is hard to predict what will be required in the future so flexibility
> is good for both sides, the device and the server.

SSH, the swiss army knife of computing.

> 
> Any suggestions? And more importantly why one way would be better than
> another?

SSH, secure key based authentication with the ability to execute
remote commands where the commands can be automatically invoked
depending on the connection received.... it's an effective two
way secured bidirectional communication pathway.

e.g.

Device powers up first time
----------------------------
Generates ssh host and user keys.
Registers those keys with the server.
Server possibly gives back a key or
  some kind of acknowledgment.
Device uses ssh to inquire updates.
Server uses connection to send back updates.
Device uses ssh to send back any messages
  about successful 1st time start or issues.
Device notifies server of new state.

Device in operation
-------------------
At certain intervals, check is made for
  error messages.
If error messages are found, use ssh to
  notify the server (this one may be
  immediate rather than waiting for the normal
  interval).
Wait for server response/ack and possible
  remedy (code patch?)
Device notifies server of new state.

Device normal startup
---------------------
Device uses ssh to inquire updates.
Server uses connection to send back updates.
Device uses ssh to send back any messages
  about successful 1st time start or issues.
Device notifies server of new state.


Other considerations
----------------------
Might be nice to force expire a device's
set of keys.  Forcing the device to
reregister.  Why?  Well.. in the case of
a hard reset of the device you'll probably
want new keys generated... if keys stored
on the server expire, the server can clean
up keys that are no longer in use.  Also,
it's a good idea just in case keys are
compromised somehow.

More information about the Discuss mailing list