Introduction

This is the qbee.io documentation

This document contains both quick start guides to on-boarding devices, navigating the qbee.io application as well as in-depth references.


The following call outs will help to spot important information quickly

Info

This icon will highlight very important information.

Tip

This icon will indicate practical tips or best practices.

Warning

This icon will make you aware of things that can cause havoc

qbee.io is an embedded Linux device management platform to configure, manage, monitor and administrate a large number of Linux fleet devices. In addition a strong focus is placed on secure remote access with the built-in VPN. Basically all ports such as ssh, http, https, VNC, Node-Red and much more can be securely accessed across firewalls. There is also a way of doing ssh port forwarding to access other devices in a remote network securely. This can be used to access remote legacy web server devices. These could be HVAC or SCADA installations in smart buildings or industry 4.0 applications.

Another key area is device security and security hardening. Most notably a full CVE security scanner for all Linux packages is included comparing all libraries with annotations in the NIST threat library.

In contrast to other tools such as Chef or Puppet the qbee.io agent is specifically designed to work both with regular Linux devices as well as with embedded devices. It uses a RAM disk to prevent flash wear and is optimized to run using a minimum amount of resources such as CPU and memory consumption. In addition some compression of metric and inventory data is performed to target the lowest possible bandwidth consumption. This is important for 4G or 5G mobile network deployments. The run interval of the agent can be configured from 5 minutes to 24 hours. Furthermore settings allow a granular adjustment what type of information is collected from the remote edge devices.

With qbee.io you can access your devices and servers behind multi-level firewalls and beyond NAT routers as well as on mobile networks. State based configuration management is easily available through the GUI and through the qbee-connect tool it is possible to seamlessly combine qbee.io with Ansible. In addition to providing automation, configuration and remote access qbee.io collects metrics such as CPU load, file system usage, bandwidth consumption and much more. This is supplemented with inventory discovery of libraries, open ports, registered users and also running process metrics.

qbee-features

The qbee.io mission:
Manage, secure and orchestrate large fleets of new and legacy (embedded) Linux IoT devices. Secure and control the Internet of Things by using a server automation mindset with technology specifically developed for embedded devices.

qbee-vulnerability-check-CVE-1

In contrast to many other tools qbee.io uses a pull based agent on the remote device. This agent wakes at pre-determined intervals and establishes a secure connection to a central server. If there is a new configuration available the agent will download the new configuration and converge towards the indicated state. This state will constantly be monitored and maintained. If for some reason it is impossible to achieve the desired state an error message is issued. This concept allows offline devices (for example industrial controllers sitting in stock) to immediately converge towards the now current configuration. Since the device itself issues the connection qbee.io works across most firewalls and also across mobile networks. But qbee.io is not only a configuration management tool. It contains a plethora of functions that will make your life easier, all implemented through one highly secure SSL encrypted communication port using modern elliptic curve cryptography (ECDSA P-521).