Today we are excited to announce the Edge Device Image Builder Public Preview.
Edge Device Image Builder (EDIB) is a tool, in the form of a desktop application, that assists device builders and OEMs of all levels by providing a guided experience to build secure and customized Windows IoT Enterprise LTSC 2021 device images.
EDIB assists users with building secure devices and takes the guesswork out of configuring a secure image with recommended Windows Security Baseline, Attack Surface Reduction Rules, Encryption at Rest, Application Control and Edge Secured-Core image configuration. EDIB provides users with a competitive advantage in an ecosystem with ever increasing demand for security as a value proposition.
The tool offers a path to make devices that are born Azure-ready, by exposing Azure Service value directly to device builders and OEMs at product development time and enabling pre-installation and configuration of Azure service endpoints, such as Azure IoT Edge for Linux on Windows.
EDIB provides feedback throughout the end-to-end image building experience to ensure first time quality and reliability of an image configuration. First, EDIB ensures users are set up for success by validating the necessary pre-requisite collaterals and tooling. Throughout image customization steps, EDIB validates if various configurations and inputs are valid. Prior to starting an image build, EDIB also helps users validate and correct common image configuration issues.
EDIB provides a rapid 30 minute-to-device-configuration value, with documentation support to understand the breadth of Windows IoT Enterprise OS features that can be enabled with a click of a button in the tool. EDIB improves engineering efficacy by guiding users to configure and lockdown their device correctly. This helps to minimize errors and unwanted system notifications on highly visible IoT devices in public spaces.
First an image recipe is defined either from the guided user experience (UX) offered in EDIB, or by authoring directly to an image configuration manifest. This image recipe tells EDIB exactly how to customize the image:
Once an image recipe is defined, EDIB autonomously builds, customizes, and produces a deployable image, removing guesswork and complexity from the user. The user can initiate the build process and monitor progress either directly in the EDIB tool or programmatically through a set of APIs. Once the build process starts, EDIB will translate the recipe into a set of supported customization endpoints, and drive the image build process within a Hyper-V VM. The VM removes the need for technicians to manually interact with a physical reference device to complete this process, as imaging often requires specific ordering and multiple boots to apply all configuration correctly.
EDIB will produce a deployable WIM image. Users have the option of creating a bootable USB thumb drive in EDIB, containing the output WIM image. This USB stick can be used to boot onto a test device to continue on-device customization or testing tasks. Once image testing is completed, the USB stick can also be used to deploy to devices on the manufacturing line. For large scale lab or manufacturing line deployment scenarios, the deployable WIM image produced by EDIB, once validated, can be bulk deployed over network onto devices using DISM commands.
To help device builders get started with EDIB quickly, the tool comes with ready-made templates to provide users with a baseline on how to create their desired device type such as, “Open”, “Closed”, and “Edge Secured-core”.
Templates are just references and have pre-selected the best practice configurations in the tool’s UX; users still have total control on adding or removing configurations as they see fit.
Start by downloading the latest release at: https://aka.ms/EDIBPublicPreviewRelease
Detailed documentation to get started is available at: https://aka.ms/EDIBDocumentation
Please reach out to your Windows IoT Distributor for support or visit our GitHub, https://aka.ms/EDIBGitHub, for additional assistance.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.