We are in the early stages of planning an IoT project.
One issue we are struggling with is how our Internet based server can access each unit of our IoT project and deploy code updates, messages ... etc.
I'm concerned about this because, of course, each IoT unit is within it's own WiFi network which is closed by design.
How does our server, an essential part of our setup, call all it's 'children' within their respective closed networks?
It sounds like you should be looking for a complete IoT device management platform - there are too many complicated aspects of scalability, security, provisioning and firmware update for this to be a sensible thing to try and develop in house from scratch. Make sure you pick a platform which uses open standards.
To answer your question more directly, each endpoint generally opens a TLS secured connection to a cloud server (using something like CoAP, LWM2M or MQTT depending on the purpose of the connection), so connections are almost always initiated from the endpoint. Only with IPv6 or particularly specicfic use cases are you likely to have the cloud initiating the connection without any assistance from the endpoint.
One good way to access devices scattered around in private networks is using MQTT for communication. In MQTT server publishes messages on topics and devices can subscribe to them and thus get notified when new content arrives to the topic.
There are solutions available around the web, you either pick one or implement your own.
Main idea is to make a topic for eg 'firmware updates' and either the link or the packet itself comes as response. MQTT messages for marking message read makes the update happen only once.
