Today we are excited to announce the Edge Device Image Builder Public Preview.
Edge Device Image Builder (EDIB) is a tool, in the form of a desktop application, that assists device builders and OEMs of all levels by providing a guided experience to build secure and customized Windows IoT Enterprise LTSC 2021 device images.
Benefits of Using Edge Device Image Builder:
Build Secure Devices
EDIB assists users with building secure devices and takes the guesswork out of configuring a secure image with recommended Windows Security Baseline, Attack Surface Reduction Rules, Encryption at Rest, Application Control and Edge Secured-Core image configuration. EDIB provides users with a competitive advantage in an ecosystem with ever increasing demand for security as a value proposition.
Easily create Azure Connected Devices
The tool offers a path to make devices that are born Azure-ready, by exposing Azure Service value directly to device builders and OEMs at product development time and enabling pre-installation and configuration of Azure service endpoints, such as Azure IoT Edge for Linux on Windows.
Build more reliable devices
EDIB provides feedback throughout the end-to-end image building experience to ensure first time quality and reliability of an image configuration. First, EDIB ensures users are set up for success by validating the necessary pre-requisite collaterals and tooling. Throughout image customization steps, EDIB validates if various configurations and inputs are valid. Prior to starting an image build, EDIB also helps users validate and correct common image configuration issues.
Easy to Use
EDIB provides a rapid 30 minute-to-device-configuration value, with documentation support to understand the breadth of Windows IoT Enterprise OS features that can be enabled with a click of a button in the tool. EDIB improves engineering efficacy by guiding users to configure and lockdown their device correctly. This helps to minimize errors and unwanted system notifications on highly visible IoT devices in public spaces.
Build Process – How Does It Work?
First an image recipe is defined either from the guided user experience (UX) offered in EDIB, or by authoring directly to an image configuration manifest. This image recipe tells EDIB exactly how to customize the image:
- OS Configurations: optional features, policies, language and locale settings, and quality updates
- Device builder and OEM collaterals: drivers, applications, and OEM support information,
- Device lockdown configurations: pre-configured user accounts, shell customization, out-of-box experience, unbranded boot, keyboard filters, Unified Write Filter, and Custom Logon configurations
Once an image recipe is defined, EDIB autonomously builds, customizes, and produces a deployable image, removing guesswork and complexity from the user. The user can initiate the build process and monitor progress either directly in the EDIB tool or programmatically through a set of APIs. Once the build process starts, EDIB will translate the recipe into a set of supported customization endpoints, and drive the image build process within a Hyper-V VM. The VM removes the need for technicians to manually interact with a physical reference device to complete this process, as imaging often requires specific ordering and multiple boots to apply all configuration correctly.
EDIB will produce a deployable WIM image. Users have the option of creating a bootable USB thumb drive in EDIB, containing the output WIM image. This USB stick can be used to boot onto a test device to continue on-device customization or testing tasks. Once image testing is completed, the USB stick can also be used to deploy to devices on the manufacturing line. For large scale lab or manufacturing line deployment scenarios, the deployable WIM image produced by EDIB, once validated, can be bulk deployed over network onto devices using DISM commands.
Get Started Quickly with Provided Templates
To help device builders get started with EDIB quickly, the tool comes with ready-made templates to provide users with a baseline on how to create their desired device type such as, “Open”, “Closed”, and “Edge Secured-core”.
- The Open device template is made for device builders who configure the initial image and then pass an unlocked device onto their customers who will then create their own experiences via applications, drivers, branding etc.
- The Closed device template is made for device builders who will lock down their devices and apply the branding, applications, and policies for their end-users.
- The Edge Secured-core template is made for device builders who would like to part-take in the Edge Secured-Core program and have their certified hardware and would like to ensure their OS has the correct security configurations enabled.
Templates are just references and have pre-selected the best practice configurations in the tool’s UX; users still have total control on adding or removing configurations as they see fit.
Want to know more or where to get started?
Start by downloading the latest release at: https://aka.ms/EDIBPublicPreviewRelease
Detailed documentation to get started is available at: https://aka.ms/EDIBDocumentation
Please reach out to your Windows IoT Distributor for support or visit our GitHub, https://aka.ms/EDIBGitHub, for additional assistance.