Great to hear that you’re considering Eclipse hawkBit in your use case and sorry for the delay in responding.
Some general words to start with: hawkBit is a domain independent back-end solution for software updates. Hence, it is not a full-blown device management, nor does it provide client-side implementations.
Having said this, I still think that it will cover most of your requirements.
Device Management Requirements:
Atomic Upgrade
The update package structure (Distribution Set (DS) containing multiple Software Modules (SM), containing multiple artefacts) and the definition of different DS or SM types, allows to create Atomic upgrades from a back-end perspective. However,
your client would need to understand this meta information and perform the upgrade respectively.
Restore to previous working version when upgrade fails
I’d consider this a client-specific requirement, which is not addressed by hawkBit
Query Current Installed versions
hawkBit keeps track of the full update/version history of a device. Therefore, it is possible to e.g. query the currently installed or assigned update package.
Group Devices by Account/Customer
hawkBit allows grouping of devices in varies ways. You could ever use ’tags’ or make use of target meta data, to filter for devices of a certain account/customer.
Upgrades based on pre-determined schedule per Device group and/or Device
It is possible to specify a ‘Maintenance Window’ to indicate to the device to install the update in a certain timeframe.
Auto-resolution of dependencies and downloads from repository
An operator has to upload the artefacts to hawkBit and bundle all required artefacts into a SM or DS. Once assigned to the device, it can download these artefacts from hawkBit.
Downloading further dependencies from a 3rd party repository is not provided by hawkBit, but could be part of the client-implementation.
Upgrades via intermediate proxy installed in given facility when all devices cannot be connected to Internet
From a back-end perspective hawkBit supports this. However, hawkBit does not provide such a gateway implementation to be used on this proxy.
Stop/Restart impacted applications and micro-services
I’m not 100% sure what you mean by this.
Security (e.g. Digital Signature based) – Authentication
hawkBit supports different auth mechanism, among that is certificate-based authentication. However, you would need to provide a proxy in front of hawkBit for validation.
Support for Test setup, validation and test environments
There is support by the community. However, since this is an open source project, it is always limited to the availability of its members and no guarantees or SLAs can be given.