In short - the documentation

In this tutorial we show you how to set up your embedded Linux devices to be part of the qbee device management platform. We expect you to be up and running within less than 5 minutes.

All qbee features are explained in detail:

  • in "Getting started" we present a quick start guide to on-boarding and bootsrapping devices
  • in "Functions" we present all the features and menu items for qbee
  • in "Configuration" we give you an overview over all device management and device automation fucntions.
  • In "Examples" we expand different features such as a full setup
  • "FAQ" will give you additional information, amongst other how to create a master image for production based on an RPI as example
  • The qbee-connect tool shows you how to use our Teamviewer like remote access.

The idea behind qbee is to give you a simple and effective tool for embedded Linux fleet management. Your devices can be managed throughout the lifecycle with a lot of convenience functions such as metric monitoring, device inventory for software, docker containers, processes or ports. The tool can check for CVE vulnerabilities and manage both Linux libraries and your software application over the air (OTA update). In addition an integrated VPN allows for simple remote access either through command line or with a Teamviewer like tool. is an embedded Linux device management platform to configure, manage, monitor and administrate a large number of Linux fleet devices. This includes package management and OTA software updates. In addition a strong focus is placed on secure remote access with the built-in VPN. Basically all edge device ports such as ssh, http, https, VNC, Node-RED and much more can be securely accessed across firewalls and NATs or proxy.


Another key area is device security and security hardening. Most notably a full CVE security scanner for all Linux packages is included comparing all libraries with annotations in the NIST threat library.

In contrast to other tools such as Chef or Puppet the agent is specifically designed to work both with regular Linux devices as well as with embedded devices. It uses a RAM disk to prevent flash wear and is optimized to run using a minimum amount of resources such as CPU and memory consumption. In addition some compression of metric and inventory data is performed to target the lowest possible bandwidth consumption. This is important for 4G or 5G mobile network deployments. The run interval of the agent can be configured from 5 minutes to 24 hours. Furthermore, settings allow a granular adjustment what type of information is collected from the remote edge devices. Here it is also possible to switch the VPN dynamically on and off for devices in production allowing to comply with the use of this embedded device management platform even in environments were VPNs are not tolerated.

With you can access your devices and servers behind multi-level firewalls and beyond NAT routers as well as on mobile networks. State based configuration management is easily available through the GUI and through the qbee-connect tool it is possible to seamlessly combine with Ansible. In addition to providing automation, configuration and remote access collects metrics such as CPU load, file system usage, bandwidth consumption and much more. This is supplemented with inventory discovery of libraries, open ports, registered users and also running process metrics.

The mission:

Manage, secure and orchestrate large fleets of new and legacy (embedded) Linux IoT devices. Secure and control the Internet of Things by using a server automation mindset with technology specifically developed for embedded devices. Our tool will give you the power, control and insight that usually demands a very seasoned system administrator.

Here is a system overview:


In contrast to many other tools uses a pull based agent on the remote device. This agent wakes up at pre-determined intervals and establishes a secure connection to a central server. It only uses port 443 but this port can be closed on the device. If there is a new configuration available the agent will download the new configuration and converge towards the indicated state. This state will constantly be monitored and maintained. If for some reason it is impossible to achieve the desired state an error message is issued. This concept allows offline devices (for example industrial controllers sitting in stock) to immediately converge towards the now current configuration. Since the device itself issues the connection works across most firewalls and also across mobile networks. But is not only a configuration management tool. It contains a plethora of functions that will make your life easier, all implemented through one highly secure SSL encrypted communication port using modern elliptic curve cryptography (ECDSA P-521).