DigiCert® Device Trust Manager uses several key concepts, each of which plays a critical role in managing and securing IoT devices. These concepts work together to provide granular control over device operations, security, and lifecycle management.
A core concept is a device group, which serves as the core organizational unit for devices. Every device must belong to a group. Device groups allow you to apply consistent security policies, certificate management, and updates across many devices at once, ensuring scalability and control over large device fleets.
The diagram below illustrates the main concept components and their relationships within Device Trust Manager.
Demonstrates how devices, groups, policies, certificates, and jobs are interconnected to deliver comprehensive device management.
Select the links for more information about each Device Trust Manager concept or feature.
Term | Description |
|---|---|
A connected physical unit or a product with sensors, chips, and connectivity, such as BLE (Bluetooth Low Energy) or Wi-Fi. These are typically manufactured by OEMs and managed in Device Trust Manager. | |
An organizational unit in Device Trust Manager that streamlines device management by grouping devices for policy application, updates, and configurations. | |
Defines the credentials and methods devices can use when requesting certificates through different protocols, such as SCEP, EST, and REST. | |
Defines how certificates, including bootstrap and operational certificates, are issued, renewed, and revoked for devices. It outlines the protocols for certificate requests, keypair generation methods, and the use of certificate profiles and issuing CAs. | |
A Certificate Authority (CA), assigned to your account. It is used for signing and issuing x.509 certificates to devices. These signed certificates can either be bootstrap or operational certificates. These are used to establish device identities and authenticate devices. | |
Used within the certificate management policy to configure specific attributes and settings for certificates issued to devices. It allows customizing key details such as subject fields, certificate extensions, and validity periods. | |
Defines key parameters and constraints for certificates issued within the certificate management policy. It establishes essential settings such as allowed key types and signature algorithms. | |
Long-running operations that perform batch tasks, such as registering many devices or processing deployments. | |
Registering devices establishes a secure connection and enables device management with Device Trust Manager. Devices can be registered individually or in batches. | |
Enables submission of multiple certificate requests in a single job, streamlining the certificate management process. | |
A package that contains everything required to deploy an update to a device and can include software, firmware, metadata, and handling scripts. | |
A software update package in Device Trust Manager that consists of one or more artifacts. It enables the delivery of controlled and efficient updates to devices. | |
Delivers software updates (releases) to device groups. Once a deployment is created, Device Trust Manager rolls out the release to both static and dynamic device groups. |