Navigating the HTML5 Digital Signage Operating System Ecosystem
A guide to security, TCO and industry trends
Seen by users as falling under the Internet of Things, digital signage, like the overall IoT, challenges us to develop solutions which demonstrate increased awareness of total solution security while still delivering 21st century consumer-driven experiences. High profile security events have pushed device security to the forefront for users. Low-power, HTML5 digital signage devices can deliver a simple consumer interface and increased device security with a low total cost of ownership. This article will examine digital signage industry trends and give some goal posts to guide product development and solution selection in this changing environment.
“…a remarkable number of installed devices have a fixed Android version and no capability of receiving security patches.”
Where the Winds are Blowing
Trends in software development, new low-power hardware trends and customer product selections are clear—HTML5 based digital signage is a permanent solution option that will continue to be an increasing percentage of deployments (Figure 1).
Responding to the trend towards low-cost Android/Chrome OS players and associated customer demand, many digital signage Content Management System (CMS) vendors have “traditional” and HTML5 signage authoring and distribution offerings as a part of their product portfolio. As vendors decide where to invest in their platforms, we see increasing investment in HTML5 platforms over other platforms. That investment choice is a consequence of limited resources and customer demands for inexpensive players. At the same time, HTML5 players have gained greater ability to play rich, interactive content as low-power process performance increases, allowing economies of scale.
With HTML5 as a common platform, hardware selection for displaying the content can focus on performance and platform characteristics rather than delving into the minutiae of a traditional signage implementation.
Key Operating Systems in the Ecosystem
The most common operating systems available are Google Android and Chrome OS, Windows Embedded Standard (and the newer Windows IoT Enterprise), and Linux. Although a recent addition without a significant install base, Windows 10 IoT Core Pro will be discussed as a disruptive new operating system option.
Some suggested criteria for evaluating devices and platforms:
Can the device receive security updates and application patches after deployment?
- How long will the device/OS/Platform receive security updates?
- Are the devices able to be managed en masse?
- Is it easy to make project-specific customizations to the firmware, configuration, and branding of the device?
- Does the device have hardcoded/hidden device management credentials?
- Will the device pass a corporate customer’s vulnerability scanning requirements?
- How long is the hardware available for? Will it still be available after the RFP or bid is accepted by a customer and during the lifetime of the deployment?
Next, it will be helpful to examine these questions within the context of common operating solutions offerings.
Google Android-based devices tend to come as low-cost, fanless, ARM processor based hardware. The primary pain point in initial platforms was a lack of management features, un-patchable and insecure systems, and short lifecycle hardware. While there are vendors that have devices that can be patched in the field, a remarkable number of installed devices have a fixed Android version and no capability of receiving security patches. The key differences between Google Android and Linux and exact definitions of these terms is a topic for a separate article due to the complexity of terms and number of flavors.
However, there are Linux-based devices available in the marketplace. Most are not marketed as such. For HTML5-based players, marketing material emphasizes device and platform capabilities over the traditional “speeds and feeds” of processor type, amount of memory, video adapter and OS. These solutions should be evaluated individually based on the principles in this article or your own developed selection criteria.
Google Chrome OS devices address several Android OS pain points by delivering product and security updates every six weeks. However, the frequent updates come at the price of having to continuously test for compatibility issues with your CMS platform and content. Although the built-in management solution has an open API and is easy to use, it does have a yearly per device cost associated with it. That annual cost can be a significant addition to the total cost of ownership of these devices over a typical three-year lifespan. These devices also typically suffer from shorter device lifetimes.
The Microsoft Windows Embedded operating system can support HTML5 digital signage applications. However, the additional hardware cost to support Windows, combined with the need to configure and maintain unused, but present components tends to make this operating system non-competitive for HTML5 deployments when compared against other solutions.
Microsoft Windows 10 IoT Core is a newer, low-cost embedded operating system designed for a variety of smaller footprint devices. The OS maintains Universal Windows Platform (UWP) app compatibility that is a common feature of all Windows 10 OS SKUs, but consumes minimal resources while supporting a single foreground app.
Windows 10 IoT Core positively addresses several concerns, as previously mentioned, with key features:
- 10 years of hardware vendor independent security patching
- Single app focus
- Supports at-rest disk encryption
- Open management options utilizing OMA DM standard
One Windows 10 IoT Core OS deficiency is that few CMS vendors have UWP-based applications or the desire to support another platform to host their content. We decided to bootstrap this process by developing two components in our Now Micro IoT Player solution: A UWP HTML5 application host and a lightweight management agent that communicates to the Now Micro Portal. While not all users will want to use these components, we provide them to flesh the solution out into a drop-in replacement for an Android or Chrome OS solution. Figure 2 illustrates the complete solution, sans hardware:
While Windows 10 IoT Core is a newer and not widely deployed offering, we feel it will have a strong place in this market as customers become critical of vendor security postures and gain deployment experiences.
Wrapping It All Up
By understanding what is driving the industry towards an ecosystem where HTML5-based digital signage platforms are ubiquitous, participants can find solutions that meet their level of security risk appetite, level of automation, openness and manageability, allowing them to focus on the portion of the ecosystem they excel at. While individual solutions don’t always fit into the broad stroke descriptions of this article, understanding what questions to ask and how to evaluate HTML5 digital signage platforms is key to navigating this rapidly changing and expanding marketplace.
Bernard Carter is the Director of Product Development and Operations for Now Micro, which is a member of the Digital Signage Federation, the only independent, not-for-profit trade organization serving the digital signage industry. The DSF supports and promotes the common business interests of worldwide digital signage, interactive technologies, and digital out-of-home network industries. Carter has extensive background in IT infrastructure in education and Fortune 500 corporate with an emphasis on process automation, platform security, and software development.