Introduction

What is qbee.io?¶

qbee.io is a one-stop shop for your Linux device management needs, providing device configuration and monitoring, as well as remote access and OTA update capabilities. It's a secure and robust cloud-based platform designed to be easy to use and scale to millions of devices in a wide range of applications, including industrial IoT, home automation, and edge computing.

The Platform¶

The qbee.io platform is built with security and reliability in mind. Through the use of encryption in transport and at rest, as well as a multi-layered security model, qbee.io ensures that your data and devices are safe. Any data stored in the platform is replicated across at least three different geographical locations and the platform itself operating in at least two different locations to ensure high availability.

REST API¶

Every operation in the qbee.io platform is available through a REST API, allowing you to integrate qbee.io into your existing systems and workflows. The API structure is documented in the API documentation and can be used to automate the configuration of devices, as well as to retrieve data from the platform. To get started your REST API integration, please go to our REST API Overview.

The Agent¶

The qbee.io agent is a lightweight, open-source software package that runs on a Linux device. It is written in Go and is available for a wide range of Linux distributions, including Debian and RHEL-based systems and buildsystems like Yocto, Buildroot and OpenWRT. The agent is designed to operate efficiently, utilizing minimal CPU and memory resources, thanks to the use of a RAM disk and compression of metric and inventory data. With qbee.io, you can access devices and servers located behind multi-level firewalls, NAT routers, and even mobile networks.

Identity¶

Each device running the qbee.io agent has a unique identity, which is used to authenticate the agent with the platform. The identity is based on a private key which is generated during the bootstrapping process and is stored in the agent’s configuration.

Pull-based Architecture¶

The qbee.io agent operates in a pull-based architecture, initiating a secure connection to the central server at preset intervals (eliminating the need for the device to be publicly available). This architecture enables the system to update large fleets of devices within a short period of time. No matter if you have 10 devices or 10 million, all will be provided with updates within this window in contrast to push based systems which can build up large queues. Our agent uses only HTTPS for all communication (including remote access).

Configuration Management¶

Once a new configuration is defined, the agent downloads and converges towards the indicated state, which is consistently monitored and maintained. This mechanism allows offline devices to maintain the last seen configuration and immediately conform to the current configuration when they come online again, even after long periods of inactivity.

Connectivity¶

All traffic is protected with TLS under transport, and all agents have individual public private key pairs making end-to-end encryption possible. The main qbee.io agent and the VPN part are separated such that the VPN can be dynamically enabled or disabled.

Proxy and NAT support¶

qbee.io agent is designed to offer access through firewall and NAT as it solely relies on HTTPS (TCP on port 443) for connectivity to the platform. It also has built-in support for proxy, allowing it to operate in environments where direct access to the public internet is not possible. Please refer to the bootstrap manual to learn more about the proxy settings.

Open Source¶

If you are interested to learn more about how the agent works or customize it to your needs, check out the source code here.