LwM2M Device Profile is referenced by a Thing and defines the desired behavior for the device within the portal as it relates to bootstrapping, registration, registration update, observation of different Object/Instance/Resources, FOTA settings and bindings of the Object/Instance/Resources to Thing attributes and properties to be represented in the portal. An LwM2M Device Profile can be shared by multiple Things or can be created for one specific a Thing.
The LwM2M device profile can be used to configure the following items of a device within the Portal:
- Turn on or off the location donation.
- Read a set of Object/Instance/Resource values
- Bind a set of LwM2M client URIs to a property or attribute of a thing
- Define the LwM2M Server information
- Define the Access Control List on the device when bootstrapping
- Define the FOTA settings of the device
LwM2M Bootstrapping for 3rd Party DM Servers
A device profile might involve one or multiple application DM servers, by default it will always be configured in order to reach out the deviceWISE DM Server. Below, it is possible to better comprehend the interactions when multiple application DM servers are configured in the device profile, adding secured connections with 3rd party DM Servers. For the sake of this example:
-
3rd party DM Servers are represented in this diagram by the “Custom DM Server” box
-
ep represent the endpoint associated to the thing
-
id represent the public identity related to a specific connection (id_bs, id_dm, id_dm_custom)
-
psk represent the pre-shared secret key related to a specific connection (psk_bs, psk_dm, psk_dm_custom)
It is important to note that the KeyShare Server must be available on a public IP and accessible by the bootstrap server. Therefore, the server should be properly configured to accept only mTLS connections from the bootstrap server, preventing potential attacks from an external entity such as Denial of Service (DoS) attacks.
Please, note that the flows related to the “custom” DM Servers applies as many times as the number of application custom DM servers configured.
A successful POST request to the Key-share endpoint server is required to succeed in the Bootstrap phase. In case the Key Share endpoint server rejects the request, the Bootstrap phase will be aborted on the server side.
What's Inside
This section contains the following pages: