Introduction

This is the qbee.io documentation

This document contains both quick start guides to on-boarding devices, navigating the qbee.io application as well as in-depth references in the example section.


The following call outs will help to spot important information quickly

This icon will highlight important information.

This icon will indicate practical tips or best practices.

This icon will make you aware of things that can cause problems.

qbee.io is an embedded Linux device management platform to configure, manage, monitor and administrate a large number of Linux fleet devices. In addition a strong focus is placed on secure remote access with the built-in VPN. Basically all edge device ports such as ssh, http, https, VNC, Node-Red and much more can be securely accessed across firewalls and NATs or proxy.

Another key area is device security and security hardening. Most notably a full CVE security scanner for all Linux packages is included comparing all libraries with annotations in the NIST threat library.

In contrast to other tools such as Chef or Puppet the qbee.io agent is specifically designed to work both with regular Linux devices as well as with embedded devices. It uses a RAM disk to prevent flash wear and is optimized to run using a minimum amount of resources such as CPU and memory consumption. In addition some compression of metric and inventory data is performed to target the lowest possible bandwidth consumption. This is important for 4G or 5G mobile network deployments. The run interval of the agent can be configured from 5 minutes to 24 hours. Furthermore, settings allow a granular adjustment what type of information is collected from the remote edge devices. Here it is also possible to switch the VPN dynamically on and off for devices in production allowing to comply the use of this embedded device management platform even in environments were VPNs are not tolerated.

With qbee.io you can access your devices and servers behind multi-level firewalls and beyond NAT routers as well as on mobile networks. State based configuration management is easily available through the GUI and through the qbee-connect tool it is possible to seamlessly combine qbee.io with Ansible. In addition to providing automation, configuration and remote access qbee.io collects metrics such as CPU load, file system usage, bandwidth consumption and much more. This is supplemented with inventory discovery of libraries, open ports, registered users and also running process metrics.

qbee-features

The qbee.io mission:
Manage, secure and orchestrate large fleets of new and legacy (embedded) Linux IoT devices. Secure and control the Internet of Things by using a server automation mindset with technology specifically developed for embedded devices.

qbee-vulnerability-check-CVE-1

In contrast to many other tools qbee.io uses a pull based agent on the remote device. This agent wakes at pre-determined intervals and establishes a secure connection to a central server. If there is a new configuration available the agent will download the new configuration and converge towards the indicated state. This state will constantly be monitored and maintained. If for some reason it is impossible to achieve the desired state an error message is issued. This concept allows offline devices (for example industrial controllers sitting in stock) to immediately converge towards the now current configuration. Since the device itself issues the connection qbee.io works across most firewalls and also across mobile networks. But qbee.io is not only a configuration management tool. It contains a plethora of functions that will make your life easier, all implemented through one highly secure SSL encrypted communication port using modern elliptic curve cryptography (ECDSA P-521).