NB-IoT & LwM2M-based device management is a fundamental dilemma to be solved usually at the prototyping stage.
Engineers and business leaders are often faced with a critical build versus buy decision. Open-source components, such as the Eclipse Leshan project, frequently serve as the initial testing ground. They are highly accessible and provide a solid starting point for early-stage prototyping or proof-of-concept environments.
However, as projects mature and scale, transitioning from a handful of lab devices to hundreds of thousands of business-critical assets deployed globally, the operational, security, and business requirements shift dramatically.
Building a production-ready platform on top of an open-source foundation requires significant additional engineering effort, encompassing security, scalability, operational tooling, integration, and long-term maintenance.
Drawing from our extensive market experience and real-world customer deployments, we explore why abandoning the patchy open-source DIY route in favor of commercial, enterprise-grade LwM2M platforms like AVSystem's Coiote IoT Device Management can elevate your prototyping capabilities.
The allure and the trap of Open Source
At the very beginning, the prototyping phase begins with a desire to maintain control and minimize upfront software licensing costs.
Using open source can appear attractive and cost-favourable at first, but it usually means you must build many critical capabilities around the core OSS server.
Take the case of Elvaco, a global leader in smart metering solutions. To support low-power devices, they initially decided to build their own open-source-based solution. However, after eight months of dedicated development utilizing three internal specialists, the company pivoted to seek a ready-made commercial solution. The primary reasons for this strategic shift were a lack of internal resources to develop and maintain their own platform, and a pressing need to refocus their efforts on their core products and competencies rather than platform development.
This scenario is common. Open-source solutions typically provide only a foundation around the LwM2M protocol. To make them viable for mass deployment, engineering teams must build critical adjacent features, including:
- User management and Single Sign-On (SSO).
- Monitoring, alerting, and operational tooling.
- Security hardening and upgrade processes.
- Complex integration layers and REST APIs for external systems.
In front of the stakeholders, this translates directly to added time, cost, and delivery risk.
Ultimately, you need the data and device controlling, provided by a reliable, standardized pipeline.
The intricacies are an afterthought. A crucial one, but your Time-to-Market comes first.
The scale of Day-2 operations
Deployments in industries like utility metering, logistics, or industrial equipment are long-lived and operationally demanding. Over the lifetime of a fleet, organizations require reliable remote management, secure firmware updates, and controlled rollout mechanisms.
Large-scale Firmware Updates
Managing Firmware Over-the-Air campaigns is essential when dealing with hundreds of thousands or millions of field devices.
Coiote IoT DM is specifically built for these large-scale campaign management operations, a feature not readily available out-of-the-box with open-source alternatives.
Real-world network resilience
Large networks create challenges rarely seen in a lab: connection surges, constrained bandwidth, regional failures, and strict uptime expectations. Traxens, a company monitoring global shipping containers, faces severe connectivity constraints while devices are at sea, requiring highly optimized data transmission. Coiote IoT DM is built to handle these real-world demands with modern deployment architectures and operational safeguards that are difficult and expensive to reproduce in-house.
Security, compliance, and the risk of dependency
For utility and enterprise environments, security is not optional. Customers increasingly need strong governance, auditability, vulnerability management, and readiness for evolving cybersecurity regulations. Assa Abloy, managing a vast portfolio of access control systems, specifically highlighted the need to comply with the EU Cyber Resilience Act, requiring the ability to execute rapid, fleet-wide security updates.
Relying on community-driven open source for critical security infrastructure carries inherent risks. The Leshan community itself has identified several external risks regarding its dependencies:
- Maintainer bottlenecks: Leshan relies heavily on the Californium library for CoAP(S) endpoints, which has been identified as having only one active committer with limited unpaid capacity.
- Stagnant security evolution: There is limited maintainer capacity for DTLS-related development within the Scandium dependency, and DTLS 1.3 is not planned in the current dependency path.
In contrast, a commercial platform provides a much stronger foundation.
AVSystem maintains an in-house CoAP stack, supports multiple DTLS stacks built for production security operations, and is an ISO 27001 certified organization.
This shifts the burden of regulatory compliance and vulnerability management away from the customer and onto a dedicated vendor.
Faster Time to Market and business focus
By opting for a comprehensive platform, companies accelerate their time to market.
- Elvaco cited faster time to market as a key advantage after abandoning their internal open-source project.
- Vaisala, providing precise environmental and weather monitoring, needed a reliable LwM2M backend to power their forecasting models for winter road maintenance. The reliability of Coiote, and the fact that it supported both cloud and crucial on-premise deployments out of the box proved to be valuable enablers in their operation.
Avoiding vendor lock-in while enabling enterprise scalability
One of the primary concerns for organizations adopting IoT is vendor lock-in.
The open standard nature of LwM2M resonates very well with customers for exactly this reason.
Choosing a commercial LwM2M platform does not mean sacrificing the freedom of open standards.
Quite the opposite: AVSystem is an active participant in OMA and LwM2M standardization activities.
You gain the interoperability of the standard, allowing to connect devices from diverse manufacturers, while benefiting from the enterprise-grade features, 24/7 commercial support, and clear product roadmaps that open-source communities simply cannot guarantee.
Though open-source solutions like Leshan provide an excellent sandbox for learning and initial prototyping, the hidden costs of scaling become rapidly apparent in production. The gaps in open-source offerings may translate into higher risk, longer time to market, and increased total cost of ownership.
Choosing a commercial but interoperable solution like Coiote IoT DM allows teams to stop building infrastructure and start focusing on meter rollouts, predictive maintenance, and ultimate business outcomes.
For long-lived fleets, the crucial matter is the performance, security, and manageability for the next decades.