Scalable & Secure OTA architecture with Snap

Gopalakrishnan M
05. December 2024
Categories: Technology

Introduction

Traditional OTA solutions such as A/B partition, delta update and full image replacement are still a best solution for certain use cases, it becomes complex and heavy as product lines grow, hardware diversifies, and software components grow. In our previous blog, we explored how Docker containers could power modular and maintainable over-the-air (OTA) update mechanisms for connected devices. While Docker excels in many cloud-native scenarios and resource rich edge use cases, it doesn't always align with embedded system constraints like limited storage, tight security requirements, or need for fine-grained application confinement. Unlike Docker, Snap integrates deeply with the base OS. It’s a containerized software packaging system from Canonical (the makers of Ubuntu). Snap brings the promise of a scalable, modular OTA framework that's secure, flexible, and adaptable across hardware platforms and application domains.

In this blog, we will see how Snap can be used to design a scalable and modular OTA system, explores the architecture behind it, weighs its pros and cons, and examines how it enhances upgrade workflows, testing cycles, and system security.

Architecture of a Snap-Based OTA System

Snap operates on a containerized model where each software component is packaged with its dependencies into a single unit called a Snap package. These packages are isolated from the base system and run in their own restricted environment, ensuring consistency across devices.

Snap based OTA Architecture

Snap based OTA Architecture


The OTA system built using Snap comprises the following key components:

  1. Snap Daemon (snap): This background service is responsible for installing, updating, and removing Snap packages. It handles version tracking, channel management (e.g., stable, beta), rollback, and security confinement.
  2. Snap Store or Private Storefront: The central repository from where Snap packages are delivered. This can be Canonical’s Snap Store or a self-hosted solution for OEM-specific rollouts.
  3. Snaps: Modular application or service components that are sandboxed and versioned. Examples: UI Snap, Middleware Snap, Sensor Driver Snap, Security Services Snap.
  4. Channels: Represent different release streams, such as stable, candidate, beta, and edge. That allow staged rollouts and testing before global deployment.
  5. Device Agent (snapd API client): Runs on the target device to check for updates, download, verify, and install Snap packages via REST APIs exposed by snap.
  6. Cloud Dashboard: An optional management UI where developers can publish new versions, monitor update statuses, and manage devices and channels.

This modular structure decouples various system components, making upgrades more targeted and rollback mechanisms more robust.

Scalability & Modularity

A key advantage of Snap is that it allows you to think in terms of services or features instead of a monolithic image. This modularity helps in managing large-scale deployments more effectively. For example, an automotive head unit may comprise display logic, telematics stack, and connectivity services—each encapsulated in its own Snap. When the telematics feature is updated, only that Snap is upgraded, reducing the risk and bandwidth cost of full system OTA.

Snap also excels at horizontal scalability across hardware variants. By using interfaces and plug mechanisms, Snap packages can adapt to different boards and SoCs, reducing the need to maintain hardware-specific OTA paths. This allows a single Snap-based OTA infrastructure to serve multiple product lines, geographies, and hardware revisions, streamlining operations across the organization.

Pros and Cons of Using Snap for OTA

Aspect Pros Cons
Modularity Each component is independently packaged and upgradable as a Snap May require careful interface definition between loosely coupled Snaps
Security Built-in AppArmor confinement, signed packages, sandboxed runtime Requires AppArmor profiles and Snap-specific security policy understanding
Dependency Handling Bundled dependencies ensure consistent behavior across devices Larger package sizes compared to system package managers provided by native OS
Cross-Platform Support Works across multiple Linux distributions and CPU architectures Limited support for non-Linux platforms (no Windows/macOS client support)
OTA Management Channel-based release management (stable/beta/edge), delta updates Full Snap Store reliance unless using self-hosted infrastructure
Rollback & Recovery Automatic rollback on update failure; version tracking built-in Revert state tied to Snapd; not as customizable as Docker volumes
Developer Experience Unified tooling (snapcraft, snapd) simplifies lifecycle management New learning curve if team is used to Docker or Yocto workflows
System Integration Deep OS integration with startup control, service management, etc. Can be tightly coupled with Ubuntu-based systems unless tuned

Despite the cons, the operational simplicity and long-term scalability make Snap an appealing choice for many connected device ecosystems.

Upgrade Advantages

One of the most significant improvements Snap brings to OTA is the granularity of upgrades. With traditional OTA systems, even a minor update might require re-flashing or delivering the entire image. Snap, however, updates only the affected components, preserving bandwidth and reducing device downtime.

Additionally, Snap supports delta updates, which means only the binary diff between versions is sent to the device. This can dramatically reduce update sizes—an essential consideration for bandwidth-constrained devices in remote locations.

Furthermore, Snap supports scheduled updates, allowing OEMs to define maintenance windows or coordinate updates with user behavior patterns, such as updating only when a vehicle is parked or idle. Combined with channel-based rollouts, OEMs can create staged deployment pipelines, reducing risk by catching bugs in pre-production or early adopter groups.

Security Point of View

From a security standpoint, Snap brings multiple layers of protection:

  1. Sandboxing: Each Snap runs in an AppArmor-confined sandbox, preventing unauthorized access to system resources.
  2. Read-Only File System: The Snap itself is immutable and mounted as read-only, preventing runtime tampering.
  3. Signed Updates: Every Snap package is digitally signed, and snapd verifies signatures before installation.
  4. Automatic Rollbacks: In case of a failed or compromised update, Snap ensures rollback to a previously working version.
  5. Minimal Attack Surface: The modular nature reduces the impact radius. A vulnerability in one Snap does not compromise the whole system.
  6. Secure Channels: Updates are delivered over HTTPS with integrity checks.

In security-critical sectors like automotive, medical, and industrial IoT, these mechanisms contribute to achieving compliance with standards like ISO 21434 and IEC 62443. For instance, Snap’s trust chain and update authentication processes directly support requirements related to update security, software integrity, and tamper resistance.

Conclusion

Designing a reliable OTA (Over-The-Air) update system is a complex effort. It demands the right balance of flexibility, security, scalability, and long-term maintainability. Snap offers a powerful solution through its modular, containerized architecture, enabling robust upgrade and rollback mechanisms, fine-grained security confinement, and smooth integration with CI/CD workflows. These capabilities significantly reduce maintenance efforts while enhancing system reliability and adaptability. While Snap comes with its own set of considerations, such as larger package sizes and ecosystem alignment. The long-term benefits in agility, testability, and security often outweigh these trade-offs. As embedded devices become more connected and software-centric, leveraging modern OTA frameworks like Snap becomes essential to maintain competitiveness and deliver consistent user experiences.

At Embien Technologies, we have leveraged Snap to architect scalable, modular OTA solutions for customers in domains like automotive, industrial automation, and smart healthcare. Our hands-on experience in deploying Snap-based systems on constrained hardware platforms has demonstrated its effectiveness in ensuring secure, fail-safe updates across diverse environments.

« PreviousNext »

Related Blogs

MIPI-CSI CAMERA DRIVER DEVELOPMENT FOR NVIDIA JETSON PLATFORMS

In this blog, we will discuss in detail about the camera interface and data flow in Jetson Tegra platforms and typical configuration and setup of a MIPI CSI driver. For specifics, we will consider Jetson Nano and Onsemi OV5693 camera.

Read More

LOW CODE EMBEDDED SYSTEMS DEVELOPMENT WITH FLINT

In this blog, we will explore the scope for No-Code and Low-Code development for embedded systems and how Flint tool can help realize the same for this field.

Read More

OTA ARCHITECTURE FOR SCALABLE DESIGNS

Now a days in 2022 due to technology growth, a product is having multiple features/use cases and it has been upgraded for bug fixes and new features in the interest of customer/end.

Read More

INSTRUMENT CLUSTER DESIGN FOR ELECTRIC VEHICLES WITH RENESAS RL78

In any vehicle, the instrument cluster forms a critical part as it is the face of the vehicle that reflects the current state.

Read More

Subscribe to our Blog

15th Year Anniversary