Case Study
How Mesh Systems Became Eaton's Most Trusted IoT Partner
A Four-Year Story of Security, Scale, and Embedded Expertise
Engagement Duration: 4+ Years
Focus Areas: IoT Platform Engineering, Device Security, OTA Firmware Updates, PKI Infrastructure
THE CHALLENGE
Eaton, a global power management company, was scaling its connected product portfolio under the Brightlayer platform, a major strategic initiative to bring intelligent, cloud-connected capabilities to its industrial and electrical products.Â
As Eaton expanded its IoT footprint, the technical demands grew equally complex: devices needed to be securely provisioned at manufacturing, protected from unauthorized firmware modification, reliably updated in the field, and seamlessly integrated across multiple software platforms.
Eaton needed more than a contractor. They needed a partner who could operate at the intersection of embedded systems, cloud connectivity, and enterprise security. Most importantly, they needed a partner who could stay deeply embedded for the long haul.
SUBJECT MATTER EXPERTS
Why Mesh Systems Was the Clear-Cut Choice
Mesh Systems brought a rare combination:Â
- Deep ecosystem expertise
- A team at the forefront of emerging IoT technologies
- A genuine commitment to customer success as a strategic partner, not just a project vendor.
When Eaton was evaluating how to advance its IoT security posture, Mesh’s existing Microsoft relationship was a decisive factor. As Eaton’s infrastructure was built on Azure, Mesh’s familiarity with the Azure IoT ecosystem, including early access and production implementation of newly available services, meant Eaton didn’t have to wait for the market to catch up.
Over four years, that relationship has compounded: Mesh engineers are credentialed within Eaton’s environment, fluent in its MQTT architecture, provisioning workflows, telemetry pipelines, and digital twin implementation. That depth of institutional knowledge accelerates every engagement and reduces risk in ways no new vendor can match.
IOT EXCELLENCE
WORK COMPLETED
Secure Boot: CL7B Platform
One of the most technically demanding security challenges in connected hardware is ensuring that a device runs only code that its manufacturer has explicitly authorized.Â
For Eaton’s CL7B product, Mesh implemented secure boot, a hardware-enforced mechanism that cryptographically validates firmware before execution.
The result: only Eaton-signed code can run on the device. Malicious reprogramming, unauthorized firmware injection, and supply chain tampering are effectively prevented at the lowest level of the stack.
Eaton recognized the value immediately. The solution has since been evaluated for platformization across additional product lines, turning a single-product implementation into a potential enterprise security standard.
PKI & Device Identity Infrastructure
For connected devices, identity is everything. Without a verifiable, tamper-resistant identity, there is no foundation for secure communication, no way to authenticate telemetry, and no defense against spoofing or man-in-the-middle attacks.
Mesh designed and deployed a PKI system for Eaton that provisions each device with a unique cryptographic “birth certificate” at the point of manufacturing. This serves as the root of trust for the device’s operational lifecycle — used to continuously request short-lived operational certificates that authenticate all encrypted device-to-cloud communication, ensuring only known, authorized devices can connect to Eaton’s IoT Hub.
Short-lived operational certificates mean credentials cycle in days rather than years. Even if a device is compromised, the attacker’s window closes quickly.
Mesh deployed this across three distinct Eaton platforms — BLRV2 (FreeRTOS-based), BLRV3 (Zephyr-based), and EdgeX — each with its own architectural constraints, demonstrating both the technical depth Mesh brings and Eaton’s confidence in scaling these capabilities further.
Azure Device Provisioning Service (DPS): Secure, Automated Onboarding
Manually provisioning connected devices at scale is operationally untenable and introduces security gaps. Mesh implemented Azure Device Provisioning Service (DPS) for Eaton, enabling devices to automatically, securely authenticate and register with IoT Hub at first boot without manual intervention.
This created a scalable, repeatable onboarding process aligned with enterprise security requirements. It also laid the architectural foundation for Eaton’s broader device lifecycle management strategy.
Azure Device Update (ADU): OTA Firmware Management
An unpatched device is a vulnerable device. Mesh implemented over-the-air (OTA) firmware update capabilities for Eaton, including Azure Device Update, a service Mesh was among the first teams to deploy in a production environment following its general availability.
That early adoption wasn’t accidental. It was the direct result of Mesh’s frontline Microsoft partnership and its organizational commitment to staying at the leading edge of the IoT ecosystem. Eaton benefited from production-ready OTA infrastructure without waiting for the broader market to mature around the technology.
The OTA capability enables Eaton to push validated firmware updates remotely at scale, minimize field service requirements, and respond rapidly to emerging security vulnerabilities. This is a critical capability for any enterprise managing large fleets of connected devices.
IoT Platform Engineering: BLRV2 & BLRV3 Evolution
Beneath the feature-level work, Mesh has been a core engineering contributor to the evolution of Eaton’s IoT connectivity platforms. This includes resolving significant threading and reliability issues, rewriting critical portions of the IoT connectivity stack, and contributing deeply to the ongoing maturation of both BLRV2 and BLRV3.
Why this matters: This is the kind of foundational engineering investment that determines whether a platform scales reliably and it reflects the embedded partnership that Mesh and Eaton have built over four years.
"We knew that going to Mesh Systems would greatly accelerate our project. A team that has done it before can always do it faster than someone who hasn't. We had a good idea of our requirements, but there were unknowns we hadn't considered. The architecture review before kicking off saved a lot of time during the project.
During the first 25% of the project, the Mesh team discovered that to implement the desired features, we needed to upgrade to the latest version of a particular Microsoft component. This prerequisite was unknown to us. If we had done it ourselves, we likely wouldn't have realized this until the end of the six-month project, potentially causing significant delays."
Director Digital Hardware Enablement at Eaton
Why Mesh Systems Was the Perfect Partner
The most important thing Mesh brings to Eaton isn’t any single implementation. It’s continuity.
In an industry where hardware and embedded partners often cycle in and out, Mesh has remained a consistent presence across Eaton product groups for four years. That means engineers who already understand the codebase, the architecture, and the organizational context. It means no ramp-up time, no re-explaining platform history, no starting from scratch.
When Eaton needs to move quickly on, whether it’s a security implementation, a platform upgrade, or a new product integration, Mesh is ready on day one. That’s not a feature. That’s a competitive advantage.
Our dedication to delivering innovative, reliable, and scalable IoT solutions made us the perfect partner for Eaton, driving success in their connected product initiatives and setting the stage for future growth and innovation.