Azure Security Center for IoT on the Edge

During the last Microsoft Build event this year, Microsoft announced support for IoT devices in their Azure Security Center.

This is a potentially interesting solution for checking all your IoT devices for security issues and a centralized way to react to these issues. There are both recommendations and imminent alerts to respond to:

 

It is advertised like this:

“Azure Security Center for IoT provides visibility into the security posture and state of your Azure IoT solution – from devices to applications”

This is a promising solution for the S of security in IoT (yes, there is no security in IoT 🙂 ).

Azure Security Center for IoT is currently in public preview but we can already try out its functionality.

ASC for IoT is presented in the Azure portal as being part of the IoT Hub. There’s a thirty days trial, I have not calculated the costs yet but you can try it out for yourself here.

There is a free tier but the standard tier is much more interesting. We will see that eg. the security event collection is very powerful:

In this blog, we check out How we can combine Azure Security Center for IoT with IoT Edge. This seems surprisingly easy.

Continue reading “Azure Security Center for IoT on the Edge” →

Connection a cheap ESP8266 to Azure IoT Central

IoT Central supports multiple devices at this moment if you start a new IoT Central application:

• Raspberry Pi
• MXChip Developer kit
• Windows 10 IoT Core device

But what if you have other types of devices you want to connect?

Luckily, Microsoft offers help in the form of a GitHub repository. These you find the source code for the devices shown above and several other devices.

This repository is a great way if you want to start connecting with IoT Central with:

• ESP32
• ESP8266
• MBED OS 5.X+ basic example
• HTTP Only

If your device is not shown at the top of this list, you can fall back on HTTP only as long as your device is capable of executing REST calls.

In this blog, we check how well the cheapest device is supported. This is the ESP8266. You can get an ESP8266 for less than three dollars so this is a fun and easy way to start using IoT Central.

Continue reading “Connection a cheap ESP8266 to Azure IoT Central” →

It only takes five simple steps to secure your secrets in Azure Functions

As seen in my last blog, we occasionally need to address secrets in Azure Function code. It’s too easy to just copy and paste for example connection strings or passwords in the source code but then you risk exposing your secrets to anyone who can access the code.

It takes only five steps to secure these secrets using an access policy. Let’s fix a common example using the Azure Key vault.

Continue reading “It only takes five simple steps to secure your secrets in Azure Functions” →

Manipulate IoT Edge Module twin using an Azure Function

We use IoT Central a lot for demonstration purposes. It provides an IoT Dashboard for your IoT devices on a SaaS level. It brings speed into the projects and we can have good discussions about usability with customers.

Recently, I had to add some buttons in IoT Central to manipulate an IoT Edge device. At this moment, IoT Central is not supporting IoT Edge devices but it can be done with a simple trick. So displaying information is not that hard. But sending module twin changes back to the IoT edge is not simply done.

In this blog, I show how to program IoT Edge module twin updates using c#. I use Azure Functions to make this code reachable from other sources like IoT Central.

Continue reading “Manipulate IoT Edge Module twin using an Azure Function” →

Connecting simple devices to IoT Central

Once you start collecting data in an IoT solution, you will need some kind of dashboard to represent the raw or aggregated data.

IoT projects typically start as a POC to validate IoT scenarios. When the POC success, a pilot project is started to check scalability, monitoring, maintainability, etc.

Microsoft provides multiple solutions for these various scenarios. The most lightweight solution is IoT Central.

“Experience the simplicity of SaaS for IoT (Internet of Things), with no cloud expertise required—Azure IoT Central is a fully managed global IoT SaaS (software-as-a-service) solution that makes it easy to connect, monitor, and manage your IoT assets at scale. Bring your connected products to market faster while staying focused on your customers.”

You can start with a 7-day trial or with pay-as-you-go. This last option is free if you limit yourself to 5 actual or simulated devices.

At this moment, Microsoft has examples for the Raspberry Pi, the MX Chip IoT Devkit and Windows 10 IoT Core.

But what if you want to connect your own device? Is this simple to do too?

Let’s check this out.

Continue reading “Connecting simple devices to IoT Central” →

One Azure IoT accelerator to rule them all

The family of Azure IoT resources is very diverse. If you know what you are doing and have developers available you can have a great time with the many PaaS cloud resources.

If you have devices which need internet connectivity but you have no developers, you can check out IoT Central, the SaaS IoT solution.

Recently, Microsoft announced a very powerful integration with other leading IoT Platforms like SAP Leonardo and PTC Thingworx. Both can connect directly with the Azure IoT Hub, the cloud gateway. This opens a broad range of integration opportunities.

And last but not least, you can start with prebuild verticals, Azure IoT accelerators, formerly known as Azure IoT suites. If you have developers available but you do not want to start from scratch, check them out. You can deploy a typical accelerator in 15 minutes to see how they behave. And the smart thing is, all the code behind the logic is available for free on Github.

The most known accelerators are:

• Remote Monitoring (version two is based on microservices)
• Connected Factory (support OPC-UA protocol)
• Predictive Maintenance

But there are also third-party accelerators.

If you are a developer or architect, it’s time well spend checking them out!

Remote monitoring

The remote monitoring is a good starting point, it has a lot of out-of-the-box features:

In one of our current projects, we were looking for a rule engine. And while playing with the demo of the Remote Monitoring Accelerator, we stumbled on one.

The picture shown above is not really helping to explain how this rule engine works and you can try to read about it or check out the code on GitHub.

The features of this rules engine are both simple and powerful:

• Define rules for alarms or even actions as JSON files in blob storage
• Bind rules to groups of devices (defined as CSV file in blob storage)
• Rules can react to ‘instant’ messages using Javascript comparisons
• Rules can react to time windows aggregations using Javascript comparisons

And the best feature is that the rules engine is based on Azure Stream Analytics. Therefore it’s modular and it can be separated and reused completely in your own solution.

In this blog, we will see how it’s done.

Continue reading “One Azure IoT accelerator to rule them all” →

Event Hub alerts, great for detecting drops in connectivity

If we look at the Azure IoT Reference Architecture we see how streaming data is the heart of the IoT platform:

Data arrives at the IoT Hub and can be routed to any Azure resource using eg. the IoT Hub routing, Stream Analytics jobs and Event Hubs.

This gives us the maximum flexibility to divide the data into three major data streams or storage:

1. Hot path – Event, Alert, Conditions
2. Warm path – aggregated data, data for reporting
3. Cold path – the raw data, mainly untouched and available in large quantities; great for data scientists

But there is an often unseen, even ignored forth stream. And that is the stream of data for monitoring.

In my earlier blogs, I wrote several times hoe heartbeats en watchdogs can tell the story about the quality of the data. And I have shown how eg. Azure Functions and notification services can improve the insights about the quality of the communication.

Today I want to add a little gem to that list.

Let’s check out Monitoring Alerts in Event Hubs. It’s part of the overall Monitoring service in Azure.

Continue reading “Event Hub alerts, great for detecting drops in connectivity” →