Home > Blog > OTA ARCHITECTURE FOR SCALABLE DESIGNS

OTA Architecure for Scalable Designs

Gopalakrishnan M
14 November 2024 Categories: miscellaneous, Miscellaneous,

In the growing IOT world of connected devices, the ability to update embedded systems remotely has moved from comfort to essential. All modern embedded systems such as Vehicle ECU, Industrial control panel etc., require scalable and secure OTA mechanisms to roll out patches, enhance features, and maintain/manage devices deployed in the field.

Developers working on automotive or industrial solutions, building OTA capabilities to confirm system longevity, cybersecurity compliance, and cost-effective maintenance. Scalability brings in complications like different hardware platforms, field conditions, and real-time constraints etc. Today we will explore the architecture, strategies, and tools that help embedded developers design a better OTA system that is scalable.

Importance of OTA in Modern Embedded Designs

Some of the key reasons that Over The Air upgrades are needed in modern electoni products are captured in this section.

Cybersecurity

Today 90% of devices connect to broader networks, making them vulnerable to cyber threats. OTA feature helps product owners to quickly roll out security patches. This is especially important when working under standards like ISO 21434 or IEC 62443.

Operational Continuity

In industrial settings, many devices are deployed in remote or risky environments. OTA helps to avoid manual involvement, reducing downtime and cost.

Feature Upgrades Post-Deployment

OTA enables product owners to release new features, UI updates, and performance enhancements after deployment. Vehicles, for instance, can receive new infotainment capabilities or better battery management without waiting for a periodic maintenance update or by visiting service center.

Regulatory Compliance

For products require strict regulations such as surgical equipment in medical domain, fire and safety in industrial, OTA helps ensure all deployed systems run certified and validated versions, allowing better auditability and traceability.

Key Elements of a Scalable OTA Architecture

A scalable OTA system in embedded environments must be:

  • Modular: system shall support to update only application, only OS, or driver alone etc.
  • Platform-Agnostic: system should be able to run on various hardware and OS types.
  • Secure: system shall support data encryption and signing of images.
  • Fault-Tolerant: There should be way to recover system while device bricks and support to rollback application.
  • Manageable: system should be controllable from the cloud/backend.

OTA Strategies

This section describes some of the OTA strategies that can be followed in embedded systems.

A/B Partitioning

A/B partitioning is a robust OTA update strategy widely used in embedded Linux and Android systems. It involves maintaining two separate system partitions: A (active) and B (inactive). During an update, the new system image is written to the inactive partition. On successful installation and verification, the bootloader switches to the updated partition.

Pros:
  • Rollback Safety: In case the new partition fails to boot or crashes, the system can revert to the previous working partition.
  • Zero Downtime: Updates shall get downloaded and flashed in the background while the device is running to improve user experience of zero downtime.
  • No partial update: The system is either fully updated or remains on the previous version—no half-updated state.
Cons:
  • Storage Overhead: Requires nearly double the storage for system partitions, which may be challenging for memory-constrained devices.
  • Update Size: Each update typically replaces the entire system partition, resulting in larger OTA packages, which results in larger transfer time to the device.
  • Partition Management Complexity: Bootloader logic and metadata tracking need to be clearly designed and managed to ensure correct boot and fallback behavior.

Container-Based Updates

Using Docker containers for OTA (Over-the-Air) updates is a modern and flexible approach, especially for embedded systems running Linux in the automotive and industrial domains. Instead of replacing the entire system image or partition, only the affected application containers are updated.

In a docker setup, each software module (e.g., telemetry, UI, diagnostics) runs in its own container. Update process involves pulling new container images and restarting only the affected service, no need to reboot the whole system.

Pros:
  • Granular and Modular Updates
    Each containerized service is updated independently. This reduces bandwidth usage and minimizes risk, as only a small portion of the system changes.
  • Rollbacks
    In case of failure, rollbacks are simple. Just redeploy the previous container version using tags. No need for partition switching or full image upgrade or downgrade.
  • Improved Isolation
    Containers are isolated from each other and the host system, reducing the impact of a failed update or a compromised application.
  • Developer Efficiency
    Docker simplifies CI/CD integration, enabling faster development, testing, and deployment cycles using familiar tools like Docker Compose and registries.
  • Minimal Downtime
    Since only services restart, overall system availability remains high.
Cons:
  • Resource Requirements
    Docker introduces overhead in terms of CPU, RAM, and storage. On low-end/low cost embedded product, this may not be possible.
  • Security Management Complexity
    Managing container images securely requires a process for signing, verifying, and scanning for vulnerabilities.
  • Networking Complexity
    Multi-container communication, port bindings, and firewall configurations require clear configuration and design in a constrained embedded environment.

Snap Packages

Snap is a packaging system developed by Canonical for containerized software deployment, particularly suited for embedded Linux environments. In the context of OTA (Over-the-Air) updates, using Snap allows developers to package applications and dependencies into a self-contained “snap” bundle, which can be securely updated, rolled back, and versioned.

Snap updates are delivered via a Snap store or private repository. The system automatically downloads, installs, and switches to the updated snap at the next application start or system boot, depending on configuration.

Pros:
  • Updates
    Snap ensures that updates are applied atomically. If an update fails or is interrupted, the system remains on the previously working version.
  • Built-in Rollback Support
    Snap keeps a backup of the previous version, allowing instant rollback to a known-good state, critical in mission-critical devices like vehicle infotainment or industrial HMI systems.
  • Security Features
    Snaps are sandboxed and controlled or restricted access using AppArmor and seccomp. They also support image signing and verified delivery, reducing the attack surface for OTA threats.
  • Dependency Management
    Each snap includes its required libraries, reducing compatibility issues across various system versions. This is helpful in multi-vendor automotive Tier-1 integrations.
  • Automatic Updates
    Devices can be configured for automatic updates with phased rollouts, and update rescheduling. It helps in managing a global fleet of industrial gateways or telematics units.
Cons:
  • Resource Consumption
    Similar to Docker, Snap package also includes bundled dependencies, increasing storage usage.
  • Performance Overhead
    The sandboxing and confinement mechanisms may introduce minor latency and CPU overhead, which could impact performance-sensitive applications.
  • Real-Time Limitations
    Snap is not ideal for deploying real-time or time-critical components, such as those in automotive powertrain control or industrial motion systems.
  • Platform Dependency
    Snap is tightly integrated with Ubuntu-based systems. Porting it to other embedded distributions (like Yocto or Buildroot) can be complex and may need customization.

Conclusion

With these many options, the developer can choose the right OTA strategy. For example, simple MCU based designs can leverage A/B firmware. More powerful Linux bases systems can explore Container or Snap strategies.

Since devices become more complex and connected, OTA systems need to be secure, scalable, and easy to manage. Developers must treat software updates as a key part of the design, not as additional features. Irrespective of choosing containers, Snap or A/B partitioning, the prime goal is to deliver reliable updates across all edge devices. The best method depends on our system’s limits like memory, network, operating system, real-time needs etc.

At Embien, we specialize in designing and implementing end-to-end OTA solutions tailored for embedded systems. With deep experience across automotive and industrial domains, we help our customers build scalable, secure, and future-ready update architectures that meet both business and technical goals.

Related Blogs

MIPI-CSI CAMERA DRIVER DEVELOPMENT FOR NVIDIA JETSON PLATFORMS

In this blog, we will discuss in detail about the camera interface and data flow in Jetson Tegra platforms and typical configuration and setup of a MIPI CSI driver. For specifics, we will consider Jetson Nano and Onsemi OV5693 camera.

Read More

LOW CODE EMBEDDED SYSTEMS DEVELOPMENT WITH FLINT

In this blog, we will explore the scope for No-Code and Low-Code development for embedded systems and how Flint tool can help realize the same for this field.

Read More

OTA ARCHITECTURE FOR SCALABLE DESIGNS

Now a days in 2022 due to technology growth, a product is having multiple features/use cases and it has been upgraded for bug fixes and new features in the interest of customer/end.

Read More

INSTRUMENT CLUSTER DESIGN FOR ELECTRIC VEHICLES WITH RENESAS RL78

In any vehicle, the instrument cluster forms a critical part as it is the face of the vehicle that reflects the current state.

Read More

Subscribe to our Blog