Device Management

Deploying and managing IoT devices at large scale

Secure interaction with IoT devices is the hardest aspect of IoT development. Pelion Device Management makes this easier for you, accelerating your IoT projects with embedded and web services that can be integrated into new or deployed solutions.

Create free trial
Any device

Pelion Device Management services are designed to interact with ultra-constrained, non-IP devices all the way through to feature-rich Cortex-A devices running Linux.

Any vendor

We use the standard LwM2M protocol for device connectivity, allowing you to base your solution on a large number of devices from a wide range of vendors.

Any network

From NB-IoT to high speed networks, we provide secure connection over bandwidth-efficient protocols.

Any cloud

Build the server or single page web application wherever you host the rest of your software stack, using the Pelion Device Management API.

How Device Management works

Architecture diagram of Pelion Device Management

End-to-End IoT Development

From embedded software engineering through to web development, Pelion Device Management allows you to go from prototype to production efficiently, with tools and resources for each step. Device communication is made analogous to interacting with web APIs, while Device Management services can be integrated into your existing stack.

Supported Hardware

Build your IoT hardware using any device that integrates the Pelion Device Management Client, from simple Arm Cortex-M microcontrollers to powerful Cortex-A systems. A range of operating systems for constrained or feature rich IoT devices can be utilized, with Mbed OS and Mbed Linux OS providing close integration. Arm works closely with a large ecosystem of Silicon vendors, and we can help you to identify suitable hardware and software for your requirements.

Ultra-constrained Mainstream Feature-rich
OS Bare metal. To be used in conjunction with Edge. Mbed OS, or other (see porting guide). Linux, Mbed Linux OS
CPU -- Cortex-M3 or better Single core (Cortex-A or similar)
Flash -- 1024 KB Flash (or more) Minimum 128 MB
RAM -- 128 KB to 256 KB RAM 1 MB
Networking -- IP based networking IP based networking

Our documentation includes a more detailed table of device requirements.


Interacting with IoT devices uses the concept of resources, similar to a REST model.

Example of lwM2M to control a device feature

Optimized for constrained and battery operated devices, the OMA LwM2M over CoAP approach of Pelion Device Management allows you to achieve 8 - 10x efficiency savings over HTTP.

CoAP is 8-10 times more efficient than HTTP

IP and Non-IP

You can build IoT devices that have direct internet connectivity, utilising on-board WiFi or Ethernet, or interface to non-IP devices running protocols such as Bluetooth Low Energy using our gateway solution - Pelion Device Management Edge.


For web application development, Pelion Device Management is exposed via a REST API that gives you full control over your device fleet.

Device Directory API

Create devices, store their logs, events and define groupings.

Update Service API

Orchestrate firmware update campaigns and associated metadata.

Connect API

Subscribe to device resources and read/write values to them.

Bootstrap API

Provides the LwM2M server account credentials for device registration.

Enrollment API

Claim the ownership of a device which is not yet assigned to an account.

Connect Statistics API

Provides statistics related to Pelion Device Management services.

See full API listing

Manage the Lifecycle of IoT Devices


Securely Connecting Devices to the Internet

Provisioning devices securely on the production line

Device Management uses Public Key Infrastructure (PKI) -based security, and relies on X.509 certificates and public-key encryption for server and device authentication. Provisioning these credentials to your devices in the factory enables them to trust Device Management and enables Device Management to authenticate your devices when they attempt to connect to your account.

To facilitate the provisioning process, we provide the open-source Device Management Client, which accepts the data that you configure in the factory, stores it securely on your device, and calls Device Management services when your device is ready to connect. We also offer device manufacturers Factory Configurator Utility (FCU), a Python-based tool that integrates into the manufacturing equipment in the factory. You use FCU to configure and provision data onto the device, and generate keys and certificates in the factory line.

Claiming ownership of IoT devices

Pelion Device Management allows you to ship devices that correspond to an enrollment identity list. Once the enrollment identity list has been uploaded, devices that have been deployed in the field can be claimed (for example using barcodes or QR codes) for that account.

Secure in-field WiFi commissioning

Using the Pelion Device Management app, WiFi credentials can be passed to your IoT devices. Permission to access your devices is controlled centrally, with authorized technicians downloading and executing commissioning jobs.


Continuously Improving IoT Devices

Secure firmware updates are a key ingredient in any IoT deployment, since IoT solutions typically involve large numbers of devices that cannot be physically accessed. A secure and robust mechanism to update device firmware is essential, and recommended for any IoT product. Pelion Device Management takes the complexity out of firmware updates, whilst keeping the process secure.

Delta updates

Delta updates can greatly reduce the size of files required for update. Enable a viable update capability for low bandwidth environments such as NBIoT and mesh networks. Save bandwidth to lower costs and reduce delivery time to save on transmission power, thereby extending battery life.

Failsafe operation

Updates include rollback protection, allowing the device to boot from its current firmware if an update fails.

Conditional updates

The embedded application on your device can be configured to veto or accept updates based on customized conditions such as battery level. You can also target groups of devices and apply rules to avoid interrupting critical device operations.

Standards support

The Pelion Device management firmware update solution is built on standards including LwM2M, and we contribute to emerging IETF standards on firmware update.

Firmware update security is independent from transport protocol

The delivery network for your firmware update payload is treated as untrustworthy, enabling untrusted caches over unencrypted protocols.

Update metadata manifest is signed for authenticity and integrity

As the author of your firmware, you own the keys to provide end-to-end verification of the update. By authoring and signing a firmware manifest, you can be confident that the correct firmware will be applied to the correct devices.

Optional encrypted firmware image for confidentiality

Update Encryption key to be installed to each device.

Flexible workflow

We provide simple but powerful APIs to manage and monitor devices, including filters and groups to keep devices organised and targeted appropriately.


Understanding the State of Deployed Devices

It's important to know if deployed devices are in a healthy state. Pelion Device Management makes it easy to see the current state of a device and be alerted when something is wrong.

Device Sentry

Device Sentry generates alerts when devices are behaving incorrectly. By monitoring device statistics (such as memory, CPU and network traffic), Device Sentry can spot problems before they impact your business.

Firmware Monitoring

Track the progress of firmware update campaigns and status on all devices. Detailed statistics are available showing the status of the update, including reasons for failed firmware updates.


Keeping Devices and Data Secure

Pelion Device Management includes security features at each stage in the development of an IoT solution. During manufacturing, provisioning tools allow you to inject secrets, while external certificate authorities can be used to securely onboard devices. During regular usage, access and updates to your devices can be closely controlled.

Public Key Infrastructure

To confirm the identity of the parties involved in your IoT deployment, and to validate the information that is transferred within the system, Pelion Device Management makes use of a Public Key Infrastructure model as shown.

Roles, policies and procedures are needed to create and manage digital certificates, and to manage public key encryption. Pelion Device Management allows you to make use of a variety of options, including external certificate authorities to suit your project.

Secure Device Access

Given that many IoT deployments are in remote locations outside of the control of the team that owns and operates the devices, Pelion Device Management includes "Secure Device Access". Rather than relying on passwords, this IETF ACE standard-based approach allows technicians to access a device using validated tokens, that do not require a connection back to the internet.