Device Management & OTA Updates in IoT Systems

Welcome to IOT-6 in the IoT Patterns & Strategies Roadmap! So far, we've covered fundamentals, communication protocols, MQTT deep dives, and edge computing. Now for the problem every production IoT system faces: How do you manage thousands of devices that are spread across the globe, update their firmware without breaking them, and keep them in sync with the cloud?

Managing a single IoT device is easy. Plug it in, configure it once, done. But managing 100,000 devices across different locations, with different firmware versions, disconnecting and reconnecting on unreliable networks, and needing to push critical security updates — that's production IoT.

This post covers the patterns and strategies that make this possible.

What You'll Learn

✅ Understand device lifecycle management from provisioning to decommissioning
✅ Design a scalable device registry that handles millions of records
✅ Implement the device shadow pattern for reliable state sync
✅ Master OTA firmware update strategies, rollbacks, and delta updates
✅ Build heartbeat monitoring and health checking for device fleets
✅ Implement remote debugging and diagnostics protocols
✅ Scale device management to thousands of concurrent operations
✅ Handle device grouping, tagging, and fleet operations

The Device Lifecycle

Every IoT device goes through a predictable journey. Understanding each stage lets you build systems that handle both the happy path and the failure cases.

1. Manufacturing & Pre-Activation

Your devices leave the factory with:

Unique hardware identifier (MAC address, serial number, or TPM chip ID)
Public certificate (for mutual TLS with the cloud)
Bootloader firmware (minimal, trusted code that runs first)

The device is not yet connected to your cloud. It's just hardware.

2. Provisioning (First Boot)

When the device boots up for the first time (or after a factory reset):

Self-identify using its hardware ID
Request provisioning credentials from a provisioning service
Download root certificate for your cloud (pins it in device storage)
Register itself with the device registry
Receive device credentials (access keys, or certificate for mTLS)
Store credentials securely (encrypted storage, TPM if available)

Why not hardcode credentials in firmware? Because if firmware leaks, all your device credentials leak. Provisioning separates the hardware ID (which are mostly serial numbers anyway) from the cloud credentials.

3. Configuration

Device receives initial settings:

{
  "deviceId": "motor-factory-berlin-007",
  "firmwareVersion": "1.2.3",
  "updateInterval": 5000,
  "reportingLevel": "standard",
  "features": {
    "remoteDebug": false,
    "advancedMetrics": false,
    "edgeProcessing": true
  },
  "endpoints": {
    "mqtt": "mqtt.iot.company.com:8883",
    "http": "api.iot.company.com"
  }
}

4. Operation (Steady State)

Device runs normally:

Sends telemetry on its schedule
Responds to commands
Reports its state periodically
Monitors its own health

5. Maintenance (OTA Updates)

Firmware updates are deployed. Details coming up in the next section.

6. Decommissioning

Device reaches end of life (hardware failure, obsolete, retired):

Revoke its certificates
Remove from device registry
Securely wipe stored credentials

Device Registry & Identity Management

Your device registry is the source of truth. It answers: "Which devices exist? What are they? Are they active?"

Registry Schema

At minimum, your registry needs:

interface Device {
  // Identity
  deviceId: string;          // Unique ID: "motor-007"
  deviceType: string;        // "temperature-sensor", "gateway"
  serialNumber: string;      // Hardware serial
  manufacturer?: string;
 
  // Credentials
  certificateId?: string;    // For mTLS
  certificateArn?: string;   // AWS ARN, if using AWS
  apiKey?: string;           // Hashed API key
  lastCredentialRotation: Date;
 
  // Location & Groups
  siteId: string;            // "factory-berlin"
  zone?: string;             // "zone-a"
  tags: Record<string, string>; // {"environment": "prod", "model": "v2"}
 
  // State
  status: "provisioning" | "configured" | "active" | "inactive" | "error" | "retired";
  firmwareVersion: string;
  lastHeartbeat: Date;
  uptime?: number;           // seconds
 
  // Configuration
  config: Record<string, any>;
  desiredConfig?: Record<string, any>;
  configVersion: number;
 
  // Metadata
  createdAt: Date;
  updatedAt: Date;
  retiredAt?: Date;
}

Practical Implementation: PostgreSQL + Redis

// TypeScript queries for device registry
 
interface DeviceRegistry {
  // Basic CRUD
  createDevice(device: Omit<Device, 'createdAt' | 'updatedAt'>): Promise<Device>;
  getDeviceById(deviceId: string): Promise<Device | null>;
  updateDevice(deviceId: string, updates: Partial<Device>): Promise<Device>;
  deleteDevice(deviceId: string): Promise<void>;
 
  // Querying
  listDevicesBySite(siteId: string): Promise<Device[]>;
  listDevicesByType(deviceType: string): Promise<Device[]>;
  findDevicesByTag(key: string, value: string): Promise<Device[]>;
  listInactiveDevices(sinceMinutes: number): Promise<Device[]>;
 
  // Bulk operations
  updateManyDevices(filter: DeviceFilter, updates: Partial<Device>): Promise<number>;
 
  // Caching (for fast lookups)
  getDeviceIdFromSerialNumber(serialNumber: string): Promise<string | null>;
  invalidateDeviceCache(deviceId: string): Promise<void>;
}
 
// PostgreSQL schema
const schema = `
CREATE TABLE devices (
  device_id VARCHAR(255) PRIMARY KEY,
  device_type VARCHAR(100) NOT NULL,
  serial_number VARCHAR(255) UNIQUE NOT NULL,
  manufacturer VARCHAR(255),
 
  site_id VARCHAR(100) NOT NULL,
  zone VARCHAR(100),
  tags JSONB,
 
  status VARCHAR(50) NOT NULL,
  firmware_version VARCHAR(50),
  last_heartbeat TIMESTAMPTZ,
  config JSONB,
  desired_config JSONB,
  config_version INTEGER DEFAULT 0,
 
  created_at TIMESTAMPTZ DEFAULT now(),
  updated_at TIMESTAMPTZ DEFAULT now(),
  retired_at TIMESTAMPTZ,
 
  CONSTRAINT status_valid CHECK (status IN ('provisioning', 'configured', 'active', 'inactive', 'error', 'retired')),
  INDEX idx_site_id (site_id),
  INDEX idx_status (status),
  INDEX idx_last_heartbeat (last_heartbeat),
  INDEX idx_tags (tags)
);
 
CREATE TABLE device_credentials (
  device_id VARCHAR(255) PRIMARY KEY REFERENCES devices(device_id),
  cert_id VARCHAR(255),
  api_key_hash VARCHAR(255),
  last_rotation TIMESTAMPTZ,
  FOREIGN KEY (device_id) REFERENCES devices(device_id) ON DELETE CASCADE
);
`;

Device Lookup Performance

For large fleets, direct database queries get slow. Use Redis caching:

// Cache device metadata in Redis for fast lookups
// Key: device:{device_id}
// TTL: 5 minutes (or on-demand invalidation)
 
async function getDeviceWithCache(deviceId: string): Promise<Device> {
  // Try cache first
  const cached = await redis.get(`device:${deviceId}`);
  if (cached) {
    return JSON.parse(cached);
  }
 
  // Query database
  const device = await db.getDeviceById(deviceId);
  if (!device) throw new DeviceNotFoundError();
 
  // Cache for 5 minutes
  await redis.setex(`device:${deviceId}`, 300, JSON.stringify(device));
 
  return device;
}
 
// Invalidate cache when device is updated
async function updateDeviceAndInvalidateCache(deviceId: string, updates: Partial<Device>) {
  const updated = await db.updateDevice(deviceId, updates);
  await redis.del(`device:${deviceId}`); // Force refresh on next read
  return updated;
}

Device Shadow: The Game-Changer

The device shadow (or digital twin in some platforms) is one of the most powerful patterns in IoT. It solves a fundamental problem:

Devices are unreliable. Networks are unreliable. How do you know what state a device ACTUALLY has?

The Problem Without Shadow

The cloud sends a command, the device doesn't receive it (network glitch). The cloud waits. The device stays off. Everyone is confused.

The Solution: Device Shadow

The shadow is a JSON document stored in the cloud that represents the device's desired and reported state:

{
  "state": {
    "desired": {
      "color": "red",
      "temperature": 22,
      "power": "on"
    },
    "reported": {
      "color": "red",
      "temperature": 20,
      "power": "off"
    }
  },
  "metadata": {
    "desired": {
      "color": { "timestamp": 1673456789 },
      "temperature": { "timestamp": 1673456700 }
    },
    "reported": {
      "color": { "timestamp": 1673456500 },
      "temperature": { "timestamp": 1673456600 },
      "power": { "timestamp": 1673456400 }
    }
  },
  "version": 42,
  "lastUpdateTime": 1673456789
}

Desired state: What the cloud wants the device to do
Reported state: What the device actually reported back

How Device Shadow Works

Practical: Syncing Device Shadow with MQTT

Device subscribes to its shadow:

// Device (TypeScript/Node.js)
const mqtt = require('mqtt');
 
const client = mqtt.connect('mqtt://mqtt.iot.company.com:8883', {
  clientId: 'motor-007',
  cert: fs.readFileSync('device-cert.pem'),
  key: fs.readFileSync('device-key.pem'),
  ca: fs.readFileSync('ca-cert.pem'),
  rejectUnauthorized: true,
});
 
// Subscribe to shadow/update to get desired state changes
client.subscribe('$aws/things/motor-007/shadow/update/delta', (err) => {
  if (err) console.error('Subscribe failed:', err);
});
 
// When cloud updates desired state
client.on('message', (topic, message) => {
  const delta = JSON.parse(message.toString());
 
  // Reconcile: apply desired state that differs from reported
  if (delta.state.power !== reportedState.power) {
    await setPower(delta.state.power);
    reportedState.power = delta.state.power;
 
    // Report back to cloud
    publishShadowUpdate({
      state: {
        reported: reportedState,
      },
    });
  }
});
 
async function publishShadowUpdate(update: any) {
  client.publish(
    '$aws/things/motor-007/shadow/update',
    JSON.stringify(update),
  );
}

Cloud updates shadow and waits for device to sync:

// Cloud (TypeScript/Node.js)
async function setDevicePower(deviceId: string, power: 'on' | 'off') {
  // 1. Update shadow's desired state
  await iotService.updateShadow(deviceId, {
    state: {
      desired: { power },
    },
  });
 
  // 2. Wait for device to report it back
  const maxWaitMs = 30000;
  const startTime = Date.now();
 
  while (Date.now() - startTime < maxWaitMs) {
    const shadow = await iotService.getShadow(deviceId);
 
    if (shadow.state.reported.power === power) {
      console.log(`✅ Device confirmed power=${power}`);
      return { success: true, updated: shadow };
    }
 
    // Device is offline or still syncing
    await new Promise((r) => setTimeout(r, 1000));
  }
 
  // Timeout: device didn't sync
  throw new Error(
    `Device ${deviceId} failed to sync power state within ${maxWaitMs}ms`,
  );
}

OTA Firmware Updates

This is where things get real. A bad firmware update can brick thousands of devices simultaneously. A good OTA strategy makes updates safe, fast, and recoverable.

OTA Update Strategies

Strategy 1: Monolithic OTA (Simplest, Riskiest)

Download entire firmware image and replace it:

// Device firmware update sequence
async function performOtaUpdate(firmwareUrl: string, expectedHash: string) {
  try {
    // 1. Download to temporary location
    console.log('Downloading firmware...');
    const tempFile = '/tmp/firmware.bin';
    await downloadFile(firmwareUrl, tempFile);
 
    // 2. Verify hash (prevents corruption)
    const actualHash = await calculateHash(tempFile);
    if (actualHash !== expectedHash) {
      throw new Error(`Hash mismatch: ${actualHash} !== ${expectedHash}`);
    }
 
    // 3. Verify signature (prevents tampering)
    const publicKey = fs.readFileSync('/secure/public-key.pem');
    if (!verifySig(tempFile, publicKey)) {
      throw new Error('Firmware signature verification failed');
    }
 
    // 4. Install
    console.log('Installing firmware...');
    await installFirmware(tempFile);
 
    // 5. Reboot
    await reboot();
 
    // Device reboots here
    // On next boot, report success
  } catch (error) {
    console.error('OTA failed:', error);
    // Keep running old firmware
    // Report error to cloud
    await reportOtaFailure(error.message);
  }
}

Risks:

If download is interrupted halfway, firmware is corrupted
If device reboots before flashing completes, device is bricked
No way to rollback if new firmware is buggy

When to use: Small embedded devices with no storage for redundancy. Very time-sensitive updates.

Strategy 2: A/B Partition OTA (Recommended)

Device has two firmware partitions:

Device Storage:
[Bootloader] [Partition A: Firmware v1.2.3] [Partition B: Empty]

Update process:

Download new firmware to Partition B
Verify and sign it
Tell bootloader to try Partition B next boot
Device reboots into Partition B
If b ootup is successful, mark Partition B as stable
If bootup fails, bootloader automatically reverts to Partition A

Bootloader health checks:

// Bootloader code (C)
#define PARTITION_A 0x0000
#define PARTITION_B 0x8000
#define BOOT_FLAG_ADDRESS 0xF000
 
typedef struct {
  uint32_t boot_count;
  uint32_t crash_count;
  uint32_t is_stable;
} PartitionState;
 
void bootloader_main() {
  PartitionState* boot_state = (PartitionState*)BOOT_FLAG_ADDRESS;
 
  // If partition B is marked for boot
  if (boot_state->is_stable == 0xB) {
    // Give it a chance
    boot_state->boot_count++;
 
    // Boot partition B
    jump_to_partition(PARTITION_B);
 
    // If we get back here, partition B crashed during boot
    // Revert to A
    boot_state->is_stable = 0xA;
  }
 
  // Boot partition A (default)
  jump_to_partition(PARTITION_A);
}
 
// After successful boot, firmware calls this
void confirm_partition() {
  PartitionState* boot_state = (PartitionState*)BOOT_FLAG_ADDRESS;
  boot_state->boot_count = 0; // Reset
  boot_state->is_stable = 1;  // Mark as good
}

Device firmware confirms after booting:

// Device firmware (after booting successfully)
async function confirmPartitionAfterBoot() {
  // Wait 30 seconds to ensure system is stable
  // (if it crashes/reboots, bootloader rolls back)
  await sleep(30000);
 
  // Confirm this partition is good
  await markCurrentPartitionAsStable();
 
  // Report to cloud
  await reportOtaSuccess({
    version: FIRMWARE_VERSION,
    partition: 'B',
  });
}

Advantages:

✅ Automatic rollback on boot failure
✅ Always have working firmware
✅ Can delay confirmation for safety checks

Disadvantages:

❌ Requires 2x storage (expensive on memory-constrained devices)
❌ More complex bootloader code

Strategy 3: Delta Updates (For Bandwidth-Constrained Devices)

Instead of sending 500 MB of firmware, send only the 10 MB that changed:

// Cloud: Generate delta
const oldFirmware = fs.readFileSync('firmware-v1.2.3.bin');
const newFirmware = fs.readFileSync('firmware-v1.3.0.bin');
const delta = generateDelta(oldFirmware, newFirmware);
 
console.log(`Old: ${oldFirmware.length} bytes, New: ${newFirmware.length} bytes`);
console.log(`Delta: ${delta.size} bytes (${((delta.size / newFirmware.length) * 100).toFixed(1)}% of full)`);
 
// Device: Download delta and reconstruct
async function applyDeltaUpdate(deltaUrl: string) {
  const currentFirmware = await readCurrentFirmware();
  const delta = await downloadFile(deltaUrl);
 
  // Patch current firmware with delta
  const newFirmware = applyBsdiffPatch(currentFirmware, delta);
 
  // Verify
  if (hashOf(newFirmware) !== expectedNewHash) {
    throw new Error('Patched firmware hash mismatch');
  }
 
  // Flash it
  await flashFirmware(newFirmware);
}

When to use: Devices on metered connections (cellular, satellite).

Staged Rollout (Essential for Production)

Never push an update to all devices at once:

// Cloud: Deploy in stages
async function stageFirmwareUpdate(
  deviceFilter: DeviceFilter,
  newFirmwareUrl: string,
) {
  // Stage 1: 5% of devices
  const stage1Devices = await selectDevicesForUpdate(deviceFilter, 0.05);
  await pushUpdateToDevices(stage1Devices, newFirmwareUrl);
  await sleep(4 * 60 * 60 * 1000); // Wait 4 hours
 
  // Monitor metrics
  const stage1Metrics = await getMetricsForDevices(stage1Devices);
  if (stage1Metrics.errorRate > 0.1) {
    // More than 10% error rate, abort!
    console.error('Stage 1 failed, aborting rollout');
    return;
  }
 
  // Stage 2: 25%
  const stage2Devices = await selectDevicesForUpdate(deviceFilter, 0.25);
  await pushUpdateToDevices(stage2Devices, newFirmwareUrl);
  await sleep(4 * 60 * 60 * 1000);
 
  // Stage 3: 100%
  const remaining = await selectDevicesForUpdate(deviceFilter, 1.0);
  await pushUpdateToDevices(remaining, newFirmwareUrl);
}

Device Health Monitoring & Heartbeats

Your only way to know a device is alive is if it tells you. Enter: the heartbeat.

Heartbeat Pattern

Device publishes heartbeat regularly:

// Device: Heartbeat loop
async function heartbeatLoop() {
  setInterval(async () => {
    const heartbeat = {
      deviceId: DEVICE_ID,
      timestamp: Date.now(),
      uptime: getUptimeSeconds(),
      freeMemory: os.freemem(),
      cpuTemperature: await readCPUTemp(),
      firmwareVersion: FIRMWARE_VERSION,
      networkSignalStrength: getSignalStrength(),
      errorCount: getErrorsSinceLastHeartbeat(),
    };
 
    await publishToMqtt(`devices/${DEVICE_ID}/heartbeat`, heartbeat);
  }, 5 * 60 * 1000); // Every 5 minutes
}

Cloud listens and tracks:

// Cloud: Heartbeat listener
const lastHeartbeat = new Map<string, number>();
 
mqttClient.on('message', async (topic, message) => {
  const match = topic.match(/devices\/(.+)\/heartbeat/);
  if (!match) return;
 
  const deviceId = match[1];
  const heartbeat = JSON.parse(message.toString());
 
  // Update last heartbeat timestamp
  lastHeartbeat.set(deviceId, Date.now());
 
  // Check for anomalies
  if (heartbeat.cpuTemperature > 80) {
    await alertDeviceOverheating(deviceId, heartbeat.cpuTemperature);
  }
 
  if (heartbeat.errorCount > 100) {
    await alertHighErrorRate(deviceId, heartbeat.errorCount);
  }
 
  // Store metrics for dashboard
  await metrics.record({
    deviceId,
    ...heartbeat,
  });
});
 
// Background job: Check for offline devices
setInterval(async () => {
  const now = Date.now();
  const timeout = 10 * 60 * 1000; // 10 minutes
 
  for (const [deviceId, lastTime] of lastHeartbeat.entries()) {
    if (now - lastTime > timeout) {
      await markDeviceOffline(deviceId);
      await alertDeviceOffline(deviceId);
 
      lastHeartbeat.delete(deviceId);
    }
  }
}, 60 * 1000); // Check every minute

Remote Debugging & Diagnostics

When a device is misbehaving, you need to see what's happening inside without physical access.

Diagnostic Protocol

// Device supports diagnostic requests
mqttClient.subscribe(`devices/${DEVICE_ID}/diagnostics/request`, (err) => {
  if (err) console.error('Subscribe failed:', err);
});
 
mqttClient.on('message', async (topic, message) => {
  if (topic === `devices/${DEVICE_ID}/diagnostics/request`) {
    const req = JSON.parse(message.toString());
 
    const response = await handleDiagnosticRequest(req);
 
    // Send response back
    mqttClient.publish(
      `devices/${DEVICE_ID}/diagnostics/response`,
      JSON.stringify(response),
    );
  }
});
 
async function handleDiagnosticRequest(req: DiagnosticRequest) {
  switch (req.type) {
    case 'system-info':
      return {
        uptime: getUptimeSeconds(),
        freeMemory: os.freemem(),
        totalMemory: os.totalmem(),
        cpuTemperature: await readCPUTemp(),
        diskUsage: await getDiskUsage(),
        networkStatus: getNetworkStatus(),
      };
 
    case 'log-tail': // Last N lines of logs
      return {
        logs: await getTailLogs(req.lines || 50),
      };
 
    case 'config-dump':
      return {
        config: getCurrentConfig(),
        configVersion: CONFIG_VERSION,
      };
 
    case 'ping':
      return { pong: true, timestamp: Date.now() };
 
    case 'reboot':
      // Dangerous! Requires confirmation
      if (req.confirmationToken === await getRebootToken()) {
        await scheduleReboot(req.delaySeconds || 10);
        return { scheduled: true };
      }
      return { error: 'Invalid confirmation token' };
 
    default:
      return { error: `Unknown request type: ${req.type}` };
  }
}

Cloud can now query devices:

// Cloud: Request diagnostics
async function getDiagnosticsForDevice(deviceId: string) {
  const response = await sendDiagnosticRequest(deviceId, {
    type: 'system-info',
  });
 
  console.log(`Device ${deviceId}:`);
  console.log(`  Uptime: ${response.uptime} seconds`);
  console.log(`  Memory: ${response.freeMemory} / ${response.totalMemory} bytes`);
  console.log(`  CPU Temp: ${response.cpuTemperature}°C`);
}
 
async function sendDiagnosticRequest(deviceId: string, req: DiagnosticRequest) {
  const requestId = uuid();
 
  // Send request
  await mqttClient.publish(
    `devices/${deviceId}/diagnostics/request`,
    JSON.stringify({ ...req, requestId }),
  );
 
  // Wait for response
  return new Promise((resolve, reject) => {
    const timeout = setTimeout(() => {
      reject(new Error(`Diagnostic request timeout for device ${deviceId}`));
    }, 30000);
 
    mqttClient.on('message', (topic, message) => {
      if (topic === `devices/${deviceId}/diagnostics/response`) {
        const response = JSON.parse(message.toString());
        if (response.requestId === requestId) {
          clearTimeout(timeout);
          resolve(response);
        }
      }
    });
  });
}

Fleet Operations: Batch Updates

Managing single devices is easy. Managing 10,000 devices is where DevOps comes in.

Device Grouping & Tagging

// Tag devices for easy targeting
await updateDevice('motor-007', {
  tags: {
    environment: 'production',
    location: 'Berlin',
    model: 'v2-heavy',
    firmwareVersion: '1.2.3',
    'maintenance-due': '2026-04-01',
  },
});
 
// Query devices by tag
const berlinMotors = await findDevicesByTag('location', 'Berlin');
const outOfDate = await findDevicesByTag('maintenance-due', '<2026-03-12');

Batch Fleet Operations

// Define a batch job
interface FleetJob {
  id: string;
  type: 'firmware-update' | 'config-sync' | 'restart' | 'diagnostic';
  deviceFilter: {
    tags?: Record<string, string>;
    statuses?: string[];
    regions?: string[];
  };
  payload: any;
  schedule: {
    startTime: Date;
    maxParallel: number;
    retryPolicy: { maxAttempts: number; backoffMultiplier: number };
  };
  status: 'pending' | 'running' | 'completed' | 'failed';
  progress: {
    total: number;
    succeeded: number;
    failed: number;
    inProgress: number;
  };
}
 
// Create and execute job
async function createFleetJob(job: FleetJob) {
  // Find all matching devices
  const devices = await findDevicesByFilter(job.deviceFilter);
  job.progress.total = devices.length;
 
  // Persist job
  await db.saveFleetJob(job);
 
  // Execute in background
  executeFleetJobAsync(job, devices);
}
 
async function executeFleetJobAsync(job: FleetJob, devices: Device[]) {
  const jobId = job.id;
  const queue = new PQueue({ concurrency: job.schedule.maxParallel });
 
  for (const device of devices) {
    queue.add(async () => {
      try {
        await executeJobOnDevice(jobId, job, device);
 
        // Update progress
        await db.updateFleetJobProgress(jobId, { succeeded: 1 });
      } catch (error) {
        console.error(`Job ${jobId} failed on device ${device.deviceId}:`, error);
        await db.updateFleetJobProgress(jobId, { failed: 1 });
 
        // Record failure for retry
        await db.recordFleetJobFailure(jobId, device.deviceId, error);
      }
    });
  }
 
  await queue.onIdle();
 
  // All done
  await db.updateFleetJob(jobId, { status: 'completed' });
}

Summary: Device Management Architecture

Key Principles

Device Registry is source of truth — All devices, their metadata, and credentials live here
Shadow pattern reconciles state — Cloud and device stay in sync despite network issues
A/B partitions make OTA safe — Automatic rollback if firmware is bad
Staged rollouts prevent disasters — Monitor metrics before rolling out to everyone
Heartbeats catch offline devices — Proactive monitoring detects issues early
Batch operations scale to millions — Use job queues and parallel execution
Remote diagnostics enable debugging — See inside devices without physical access