I need to connect some sensors to an Azure IoT Edge Runtime via MQTT.
I read here:How an IoT Edge device can be used as a gateway , that in the "Transparent" Pattern, devices who hold their own IoT Hub device identity can communicate directly with Azure IoT Edge via MQTT.
I am still in the planning phase and don't have the sensors (or Iot Hub devices) at the moment so I couldn't really start testing directly. I wanted to know if all devices/sensors can hold their IoT Hub device identity and if there are any hardware requirements in order to do so?
Thank you very much in advance!
In the transparent gateway case, the requirements for devices / sensors are the same as if the device would connect directly to an IOTHub using its identity. That is, if the device or sensor supports to Azure IOTHub via MQTT, it should work through the transparent gateway. When configuring the device, instead of using a connection string for the Azure IOTHub itself, you'd use a connection string that references the local Edge gateway.
There are 3 basic steps to take in the transparent gateway scenario - the article you linked steps into them, but I'll add in some color for 2 and 3.
Set up the gateway for connectivity from the downstream devices & routing to the upstream IOTHub. This article has good details.
For each device, create an identity in Azure IOTHub, using the device's unique ID (for example, device EUI for a lorawan sensor) as the IOTHub DeviceId, and set up auth per this article. This step is where you determine the Edge gateway connection string.
Connect the downstream device to the gateway device and start sending messages. That's this article. This is obviously dependent on the device itself and the operating code/configs (whether a 3rd party black box type device or something running your own code).
Related
I am working on a project based on the azure sphere kit where I want to control a motor from a web application. I managed to send the command to the iot hub and the build in monitor shows that the message is received by the iot hub. Now, my question is: How can I forward this message to the board? I have to mention that this is my first experience with the iot-hub so please dont judge me if it is a stupid question.:) Here is the confirmation that the message is received by the iothub
If you want to communicate with your Azure Sphere from Azure IoT Hub, you're talking about Cloud-to-device communication. There are three different ways to do this communication:
Direct Methods
Device Twin Desired Properties
Cloud-to-device (C2D) messages
Microsoft documented them here. This document also lists the different considerations for each of the three methods.
To forward the IoT Hub message that you mentioned in your question, a good start would be to write an Azure Function that listens to the IoT Hub output and send that to the device using one of the three methods above. You can find an example for the Azure Function IoT Hub trigger here
Adding few more detailed options in this scenario to the above responses.
Scenario 1: You may be interested in configuring your devices from your back-end service(s) as your web application. To synchronize state information between a device and an IoT hub, you use device twins. A desired property is set by a back-end application and read by a device. A reported property is set by a device and read by a back-end application. A tag is set by a back-end application and is never sent to a device. You use tags to organize your devices. Long-running commands intended to put the device into a certain desired state. For example, set the telemetry send interval to 30 minutes. This completes your E2E state synchronization scenario : Web-Application<=>IoT Device, Ref Link
Question: How can I forward this message to the board?
Scenario 2: You may be interested in direct method to control a device connected to your IoT hub. You can use direct methods to remotely change the behavior of devices connected to your IoT hub. Commands that require immediate confirmation, such as turning on a fan.
Requirements:
-->IoT Device: To receive the direct method calls, the applications running on IoT Device connect to a device-specific endpoint on your IoT hub.
HostName={YourIoTHubName}.azure-devices.net;DeviceId=MyNodeDevice;SharedAccessKey={YourSharedAccessKey}
-->Web-Application: To call a direct method on a device, your Web application connects to service-side endpoint on your IoT hub.
HostName={YourIoTHubName}.azure-devices.net;SharedAccessKeyName=service;SharedAccessKey={YourSharedAccessKey}
Direct Method calls: Points to be noted. Please visit the link: detailed comparison of the various cloud-to-device communication options.
The maximum direct method payload size is 128 KB.
Disconnected devices are not contacted. The solution back end is notified that the device is not connected.
Ref Link
If you need further help in this matter, please comment in the below section and we will be happy to help you on this forum.
How do you add IOT Central credentials to a device (device id, scope id) - do you even need to do this?
In the following video a plugin and play device is just powered on, and then it is visible in IOT Central.
https://www.youtube.com/watch?v=rzTw1_AuxdQ
I don't understand how this works, as if no IOT Central specific credentials are added, wouldn't this device be available to everyone in their IOT central environments?
As this isn't the case, I presume these to be added to the device (somehow?)
You can find a summary of the options for connecting a device to IoT Central here.
This article illustrates the process with a specific device.
The recommendation for a production environment is to use X.509 certificates - you install a root or intermediate certificate into IoT Central and then configure your devices with leaf certificates generated from the root or intermediate cert.
You can also use SAS keys - you can use a group key to generate multiple device keys than you can use in a connection string.
As Matthijs mentioned, Plug and Play means that a device can be automatically associated with a device template so that a device can start sending data that IoT Central understands as soon as it connects.
You do need to add something to the device before you connect it. How this works differs per device, but the process involves generating an SAS key or leaf certificate. The picture below explains the general steps that are taken. In the case of Plug And Play, step 5 becomes obsolete because the device communicates its capability model and is automatically associated.
I have a Raspberry Pi running Windows IOT Core, which has been provisioned to an Azure IOT Hub. I'm writing a UWP app and I want to send messages to the IOT Hub, which I think I need Microsoft.Azure.Devices.Client.DeviceClient to do. DeviceClient needs a connection string, which I can hardcode in the app for testing.
How do I:
Check if the device the app is running on is provisioned to an IOT Hub?
Get the connection string for the IOT Hub?
I can't know this information at compile time, and I don't want to rebuild my application for every device/deployment.
Microsoft.Azure.Devices.Client.DeviceClient is IoT Hub Device SDKs. It is used to send telemetry to your IoT hub, and optionally receive messages, job, method, or twin updates from your IoT hub. But if you want to get the connection string for the IoT Hub and check if the device is provisioned to an IoT Hub, you need to use IoT Hub Service SDKs. It enables you to build backend applications to manage your IoT hub, and optionally send messages, schedule jobs, invoke direct methods, or send desired property updates to your IoT devices or modules. But you also need to set the DeviceId and iot hub connection string in your app.
It is not recommended to generated the connection string in device client end. The sdk supports UWP app to run on Windows IoT Core.
I think you might want to try to check out the UWP Bridge. It is a WinRT library that can be used to connect to the Device Agent and read the connection string from the TPM.
You can build the DMBridgeComponent library from the azure-client-tools repo on GitHub (https://github.com/ms-iot/azure-client-tools) and then reference it from your UWP app.
Then, to read your connection string you just need the following code:
using DMBridgeComponent;
...
var tpm = new TpmBridge();
// Get connection string from TPM
var slotNumberValue = 0;
var connectionString = tpm.GetConnectionString(slotNumberValue, 36000);
Set the slotNumberValue to whatever slot you used when you provisioned your device. It is usually 0 by default.
There is more information here (https://github.com/ms-iot/azure-client-tools/blob/master/docs/device-agent/uwp-bridge.md). That's where I found the sample code.
I am building an IoT solution based on devices that are not programmable (3rd party devices).
I can just configure the server they must connect to and I have the messaging (sending messages and receiving commands).
What is the best way to integrate them in an Azure IoT Solution (IoT Hub) ?
It looks like we can use Azure IoT Edge as Gateway (https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/iot-edge/iot-edge-as-gateway.md) in a "Identity translation" pattern, but I still not figure out how to do it.
I also find Azure IoT Protocol Gateway (https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-protocol-gateway) that seems to do the job but it is not sufficiently clear for me what to do.
Thanks in advance for your help.
The question is which protocols your devices support and how configurable your devices are. For instance you might be able to talk MQTT directly to the IoT Hub without using the SDK: https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-mqtt-support#using-the-mqtt-protocol-directly-as-a-device
Same is possible for HTTP using the REST API directly: https://learn.microsoft.com/en-us/rest/api/iothub/device
If neither is an option then yes, you need some kind of gateway - like in the examples which you linked.
In order to send messages to the Azure IoT Hub, you first need to register the devices to the IoT Hub registry, though how can you make the devices register its' ID by themselves in a safe way?
My intention of this question is about the security problem.
I am thinking of implementing them on apps such as Androids, iOS, etc. which will be used by many users.
If you give those devices a read/write permission to the registry (which the shared access key is stored in the app), there will be a risk that a malicious user finds out the shared access key and use it to abuse the system.
Are there any other solutions besides preparing a public server that provides a function to register a device and give them back the per-device access key? Or, shouldn't I use the IoT Hub and find another service?
If you want users to be able to register their own devices with your IoT hub, you should create a separate service that can be called from the device and that returns a key. The service should register the device with IoT Hub and provide some logic that limits the number of devices that any user can register.
This is the approach taken in the MyDriving sample solution here that allows users to register their phones as devices connected to an IoT hub.
You can create multiple keys, so using the way Azure Storage works - have a primary and a secondary.