With DAL OS embedded on these devices, developers can leverage an extensive set of software features and capabilities built into firmware that is signed, vetted, and distributed as part of our Digi Trustfence®-approved standards. To run applications not already in the distributed firmware, the most streamlined and standardized option is to create a virtual space through Lightweight Linux Containers (LXCs).
Using Containers-as-a-Service in conjunction with Digi Remote Manager (Digi RM) can enable you to optimize and extend the capabilities of your Digi connectivity solutions in a number of use cases.
Digi Container Service is an add-on service that simplifies and centralizes the process of building, deploying and running custom applications on devices managed with Digi RM. With a Digi RM license and Digi Containers, you can deploy containerized programs or Python applications at scale and on any device running DAL OS.
Implemented via Lightweight Linux Containers (LXC), Digi Container Service makes the process portable, scalable, secure, fast and efficient. Digi empowers companies to orchestrate and manage a complex series of containers in various structures and configurations across enterprise, industrial, transportation and other use cases.
Linux Control Groups (cgroups) can define and control the access that various processes have. Cgroups can stop processes that access hardware (such as CPUs, devices, RAM, disk, or I/O), or other processes. This essentially creates a “sandbox” for your process so it can't harm the running system. By combining cgroups and chroot, we create a device with its own root filesystem that can't interfere with or harm the device it is running on. This is called a container.
Because containers are lightweight and portable, they offer both security and flexibility, while enabling you to expand upon the capabilities of your Digi solution to support your needs.
LXC is a set of tools that create and manage the container, which is, essentially, a virtual machine. The only thing in common with the physical device is the running kernel. This means that processes running inside a container run at native speed, as if they are actually running directly on the host device.
Containers offer numerous benefits:
The Digi Containers add-on license must first be enabled for your account in Digi Remote Manager. Contact your Digi sales representative for information.
To load a container on a DAL OS device, you simply need the root filesystem in either squashfile (.sqfs) or gzipped tar file (.tgz) format. This LXC container can be loaded as part of the Configuration template in Digi RM, which will then load the container(s) onto one or multiple devices linked to that template. When you add the container, the configuration is automatically generated within the Configuration template in Digi Remote Manager. You can edit this configuration to enable the required setup for this container.
Once the container is loaded onto the Digi device through Digi Remote Manager, you have options within Digi Remote Manager or the Digi device itself to run the container either automatically or manually. See the following two links to our user guides for running Digi Containers:
Note: If a container is run as persistent, the root filesystem is written to the DAL OS flash, and is fully writable inside the container. Writing to the flash should be minimized to extend the life of the flash. Running a container in non-persistent mode will extract a clean filesystem each time the container is run. Non-persistent filesystems are based in RAM and will be lost when the container is stopped. This means an external actor can't compromise security on the DAL device as each time the container is run, it starts from a clean state.
The status of Digi Containers can be viewed under the Metrics tab for the device in Digi RM or using the SCI commands of Digi Remote Manager’s API.
The datapoints shown under the Metrics tab can be monitored and alerted on for any changes in state by setting up an Alert condition in Digi Remote Manager. See this documentation for more details on setting up alerts and receiving notifications.
Implementing containers-as-a-service via Lightweight Linux Containers provides users of DAL OS-based Digi routers a securely environment develop, distribute, and run custom programs or python applications. For more details on utilizing containers on DAL OS devices, refer to the Container-as-a-Service user guide.