Using BalenaCloud only as "Deployment System"

is it possible to cut the connection to the devices such that an ssh access and the logging part is disabled?
We only want use balena as deployment system to deliver and update our apps.

Hi there, yes it is possible, you can disable the VPN and the logging, see https://www.balena.io/docs/reference/supervisor/bandwidth-reduction/ for more information.

Hi, ok I see. That means there is only a connection for deploying new updates?

Yes, the supervisor will poll the API for updates periodically and pull new releases if there are any, otherwise this will happen in a push-based approach if the VPN is on.

nice.
Can that also be controlled at the device side? In our scenario we have two parties envolved. One party is resoponsible to bring updates to the services, they should only have access to the devices when necessary. The party that uses that Edge Device and there services should control whether BalenaCloud can access the device or not. Is that possible?

If you disable VPN and logging, then the first party won’t really have direct access to the device anyway, they will just push new releases, and the device will pull it whenever it polls the balenaCloud API (the poll period is configurable). You mean the second party should decide when the update should happen as well? How will this second party control that? Will they have access to the balenaCloud dashboard as well? Will the device have some interface to trigger an update, for example?

The “second party” should decide when updates should be triggered and they should have no access to the balenaCloud. The “first party” only should have access to the BalenaCloud and should not have access to the devices and the logs.

Yeah that sounds doable as well. You can use https://www.balena.io/docs/learn/deploy/release-strategy/release-policy/#pin-device-to-a-release from the device itself, so you will have some screen where the second party will trigger an update, that will pin the device to a certain release (latest one, or whatever the user selected), and the device will update itself on the next poll I believe.

ok thanks. But the configuration you mentioned here can only be done on BalenaCloud side right?
[https://www.balena.io/docs/reference/supervisor/bandwidth-reduction/]

The configuration variables can also be modified from the device itself