Mistake on this page? Email us

Introduction to Pelion Device Management Client Lite

Device Management Client Lite is Arm's solution for constrained Device Management devices.

Note: The current version of Client Lite supports pre-shared keys only. The upcoming updated version will be soon available as an Alpha release and it will introduce:
* Support for full X.509 public key cryptography, improving security.
* Smaller RAM (from 20 kB) and ROM footprint (57 kB, with firmware update).
The current version of Client Lite is available for partners only. The new version will be available publicly.

With Device Management Client Lite, you can make your product work with minimal resources, typically a board with:

  • 64 kilobytes of RAM (of which max. 36 kilobytes used by Mbed OS and Device Management Client Lite, excluding the network stack).
    • Assuming eXecute in Place (XiP) is in use.
  • 512 kilobytes of ROM (of which max. 180 kilobytes used by Mbed OS and Device Management Client Lite).
    • Firmware update needs space for the entire update package.

The high-level APIs allow developers to create applications with LwM2M features as described in the Lightweight Machine to Machine Technical Specification.

Tip: For Device Management Client Lite, you need access to the restricted GitHub repository referenced in this section. If you cannot access it or other repositories, please contact us.


The feature set is very similar to the full Device Management Client.

  • PSK-based bootstrapping.
  • IP-based connectivity (TCP or UDP) over TLS/DTLS.
  • Matching LwM2M feature set.
    • GET/PUT/POST/DELETE operations.
    • Observations.

Using this library you can:

  • Connect and provision your devices on Device Management.
  • Securely communicate with Device Management over the industry standard TLS/DTLS.
  • Fully control the device and application logic.
  • Update your device's firmware.

Client Lite has a high-level API written in C++ to allow quick application development.

The API provides full control of the endpoint and application logic, including:

  • Provisioning and registration of devices to Device Management.
  • Deregistering of devices from Device Management.
  • Pre-shared key (PSK)-based device authentication to Device Management using Mbed TLS.
  • Low memory footprint (both Flash and RAM) on the device, allowing constrained devices connectivity to Device Management.
  • Firmware update capability.
  • Notifications of resource value changes to Device Management.
  • LwM2M-based device management and service enablement.
  • LwM2M-based object management.
  • Data format support for plain text and OMA TLV.

Differences between Device Management Client and Client Lite

Device Management Client uses X.509 based certificates for device identity and connectivity, whereas Device Management Client Lite uses device-specific PSKs. Device PSKs are lighter, so the code size is smaller and peak RAM consumption lower.

Device Management Client Lite does not support First-to-Claim, as the PSK would have to be known to both owners, which breaks the secrecy.

Inject the device's original bootstrap PSK to Device Management using POST /v2/device-shared-keys. Inject the same device-specific bootstrap PSK also to the device. The PSK is identified using a pre-shared key identity (PSK ID). Make sure the PSK ID is globally unique. Please follow the OMA LwM2M specifications. Chapter 6.3.1 Endpoint Client Name specifies guidelines for that.

For a full comparison of Device Management Client and Client Lite, please see the table below:

Features Device Management Client Device Management Client Lite
Repository Public, mbed-cloud-client-example Restricted, mbed-client-lite-example-restricted
Block storage Yes.

X.509 certificates and secure time stored to internal flash using KVStore (or optionally to external SPI flash or SD card).


PSK/PSK ID stored to NVStore in internal flash.

Block storage with filesystem Optional

If you have enough internal flash, everything can be stored there. Otherwise, you can use SPI flash or SD card.

Not needed.
Security X.509 certificates Pre-Shared Keys
(D)TLS Yes Yes
(D)TLS Resume Yes No

PSKs are much smaller than X.509 certificates, so not necessarily required.

Bootstrapping Yes Yes
First-to-Claim Yes No
Firmware Update Yes, with delta. Yes, no delta.
LwM2M Yes Yes
Licensing Apache 2.0 Apache 2.0
OS Support Mbed OS, Linux.

Adaptation Layer for other ports.

Mbed OS only.