Internally the Mender Server assigns a unique, unchangeable identifier to each Device called the Device ID. The Device ID does not have a directly visible relation to any Device attributes.
To ensure devices can also be uniquely recognized by humans, there is also a set of key-value pairs called Device identity. The MAC address of a network interface controller, a serial number, the eMMC CID, are all pieces of data that:
The Mender client uses the MAC address as the default Identity attribute. Once you have accepted the device, you can see it in the UI:
The Mender client allows you to define the identity attributes, which means that Mender can adapt to the identity scheme of any environment. However, Mender imposes the following requirements for device identities:
It is important to have the ability to regenerate keys if a device gets compromised, or as a recurring proactive security measure. Therefore, we do not recommend using device keys as part of an identity, as it makes the rotation or regeneration of keys over the lifetime of the device (as it in effect changes the identity) difficult.
When a device requests authentication, it includes the identity attributes. The Mender Server computes the persistent identity of the device based on these attributes.
Please refer to the client installation section to find detailed tutorial on managing Device identities.
© 2023 Northern.tech AS