When your system contains many IoT devices that are scattered over a large production facility or even distributed over multiple facilities, it is important that you can manage and update the deployed software, access logs and easily provision new devices. This article describes and compares two popular technologies that can help you manage different features of your device fleet.
Why do we need fleet management?
As soon as you design a system with a lot of devices, it is no longer feasible to manage each device individually by installing Linux on it and using SSH to access it. In most IoT applications, many of the devices are very similar to each other, so you want to be able to execute operations and updates across many computers in parallel. There are a couple of main use cases you will come across if you want to create an IoT system with multiple devices.
- You will need access to the device, which will allow you to read logs and restart your applications. This can already be problematic if the device is placed in a customer facility in a network that you can't access directly.
- An efficient DevOps strategy requires the ability to roll out automatic updates of your application throughout your whole fleet. Ideally, this includes having different environments for development, test and production.
- To ensure security, you need to be able to easily update the device operating system, installed packages or application dependencies.
- Provisioning of new devices should be as easy as possible, so you don't have to waste your time on installing Linux, installing packages, deploying your applications and so on for each device individually.
What does balena do?
The balena environment consists of the balena OS, the balena Docker engine, a cloud service, a CLI for controlling the system and a web dashboard. In most cases you will want to use all of these components as they work together very well. The system is based on Docker containers that can be configured in a Docker compose format and that will be run by the balena Docker engine on the devices. balena is free for 10 devices, and you will be charged on a per-device basis if you have more devices in your fleet.
To use the system, you first need to flash balena OS onto one of their supported devices and connect it to power and the internet.
The device will automatically connect to your account in the balena cloud and will be available for running your application containers.
Deploying an application to your device fleet can be done through the CLI with a simple
balena push command.
The included dashboard is very useful for monitoring and administration of your fleet. Here you can define groups and add devices to them. You can also manage updates to your application releases and even the host OS version. To configure your services, you can define environment variables, monitor the application status and check the container logs. Additionally, you can also access the application containers and the host OS via SSH directly to fix errors or debug your software.
What does Portainer do?
Portainer builds upon an existing container runtime that is running on your edge device already. This is the main difference to the balena ecosystem which builds directly onto bare metal by supplying an operating system and the container engine as well. Portainer installs a container running the Portainer agent on the device, which registers itself at the cloud service that is responsible for managing the whole fleet. Portainer supports all devices that can run Docker or Kubernetes because the whole system is running inside of containers. The community edition of Portainer is free and if you want some extra features or better support from Portainer, you will be charged on a per-device basis, like with balena. Because the Portainer agent runs in a container, you cannot access the host operating system from within Portainer. If you need to, you can use another tool like Teleport for this, which gives you direct SSH access, application tunneling and much more.
After your devices have connected to the Portainer cloud, you can deploy your services onto the device. You can define your services in a Docker compose format or in a Kubernetes manifest, depending on which container engine is running on your devices. Portainer can fetch the configuration from a Git repository automatically, which lets you update your service deployment automatically when committing to that repository. There also is an HTTP API that you can use to deploy new application versions, from a CI pipeline for example.
The cloud dashboard gives you a lot of control over device groups and individual devices. You can register new devices and sort them into groups that are used to categorize different deployments. The interface also makes the access to the Docker engine very explicit as it gives you the option to directly use Docker features like containers, images, networks or volumes. This way you can also look at application logs or connect directly to the containers.
Comparison of both technologies
As you can see, these products use a slightly different approach to managing a fleet of devices. balena supplies a combination of different tools, starting from the custom operating system, that make fleet management an easy task. Portainer, on the other hand, builds upon an existing container runtime and focuses on giving you as much control over that as possible.
Portainer and balena will both support you when debugging your services because you will have access to the application status and logs. You will also be able to access the service containers via SSH if you need to dig deeper. However, only balena will give you access to the host OS because Portainer is not able to break out of the Portainer agent container. This should rarely be necessary if your system is set up correctly.
You are able to define different fleets for different environments in both systems to be able to create a development cluster, for example. To update these fleets, balena has a CLI that can be called from a CI pipeline so automatic updates are not a problem. Portainer, on the other hand, provides an HTTP API that could be a little more difficult to use from within a CI pipeline, but it works as well. Additionally, Portainer can monitor a Git repository for changes of its configuration and will update the fleet automatically.
balena makes it super easy to provision new devices because you can flash balena OS onto the device directly, and it will connect to the cloud automatically. This way you will be able to easily set up a large number of devices and go productive very quickly. Portainer can be a bit more tricky to set up because it is based on an existing Docker daemon running on the device already. To save some time here, you can base your system on devices that already come with an OS and Docker preinstalled. Alternatively, you can use Ansible scripts to set up multiple devices in parallel. The fact that Portainer can be installed on any OS that is running Docker comes with the benefit that you will be able to integrate it into existing systems. You can also install Portainer on devices where you can't change the preinstalled operating system at all, like the PLCNext industrial computer, for example.
Because the balena OS that is running on the device is part of the whole infrastructure, you will be able to update it through the web UI. You will see a warning that updating might break your production environment when something goes wrong, but if there are any security patches that you have to install, you will at least have the option. Balena OS is also a very security-focused, limited operating system that is optimized for basically only running Docker on embedded devices. Portainer does not make any restrictions for the operating system that is running on the devices, so you will have to pick one yourself. You probably will want to choose something that is also very limited and security-focused, so you won't have to do updates too often. Portainer will unfortunately not support you with operating system updates, so you will have to do that manually.
In my opinion, the UI of the balena dashboard is very easy to use and understand. Some concepts from the underlying Docker system are abstracted in a sensible way, and many other nice features have been added that make managing your devices very convenient. Portainers UI was a bit harder for me to understand, and the structure of the menus was not always clear to me. However, the advantage here is that you have more direct control over the Docker system, so it will probably be easier to debug some Docker-related issues with your system.
To conclude this breakdown of balena and Portainer in one sentence, I would say: If your hardware is supported, you only want to use the tool for IoT and you can pay the price for it, you should probably use balena. The whole user experience is much better, deployments and device provisioning are easier, and you will gain access to the host operating system to update or dig deeper into debugging. Portainer is a great alternative if you don't have the option to change the operating system of your devices, or they are not supported at all, as with PLCNext. Because the community edition is free, Portainer will also be cheaper to operate than balena as long as you don't need any of the business edition features. Portainer will also be more versatile if you want to use Kubernetes on your devices for example, or you also want to integrate your backend services in the same management software.
Your job at Codecentric?
More articles in this subject area
Discover exciting further topics and let the codecentric world inspire you.