Introduction to the IoT Edge SDK, part 4

We have already made great progress understanding and using the Azure Gateway SDK.

What do we have right now? We can send telemetry data from multiple ‘offline’ devices and accept commands from the IoT Hub.

The data we send is well-formatted JSON so we are good to go.

But I am a bit worried. While reading all documentation regarding the transformation from Azure Gateway SDK towards the IoT Edge SDK, it is clear that multiple types of messages are sent to the IoT Hub. For example, I can imagine that a Stream Analytics module generates other data.

And let’s look at a more ‘close to earth’ example. The gateway itself is a potential device too! But I do not want to mix data coming from the gateway and from sensor devices.

Of course, we recently got the ability to route messages using the message sent. But what about using the properties? This keeps the message content clean.

Will this be working?

Continue reading “Introduction to the IoT Edge SDK, part 4”

Introduction to the IoT Edge SDK, part 3

In the previous blogs of this series, you have been introduced to the Module architecture of the IoT Edge SDK. In my last blog, we have sent data to the IoT Hub.

But the IoTHub has more capabilities for devices. Think of ‘device twins’, ‘direct methods’ and ‘message to device’. Are these supported too?

At this moment, the IoTHub module supports commands, messages to devices, coming from the IoT Hub.

Let’s see what we have to do to get this working.

Continue reading “Introduction to the IoT Edge SDK, part 3”

Introduction to the IoT Edge SDK, part 2

Running logic on the Edge is not that hard, as we have seen in my previous blog. You have been introduced to modules, the gateway configuration and the broker/runtime.

But these were just two modules. Now it’s time to put some data into the Azure IoT Hub.

If we look at the modules provided by Microsoft, we can do the job already. What we need are the following, already available modules:

  1. simulated_device.dll, to generate simulated data
  2. identity_map.dll, it holds a list of device names and private key combinations so the data of devices can be sent securely to the IoT Hub
  3. iothub.dll, to make contact with the IoT Hub and pass data in name of devices

Yes, there are some limitations to these modules but for now, it’s good enough. Let get started.

Continue reading “Introduction to the IoT Edge SDK, part 2”

Introduction to the IoT Edge SDK, part 1

When the Azure IoT Platform is referenced, in most cases the devices connecting to the IoT Hub are capable of communicating directly on the internet using Wifi etc. But there are many cases where devices are not capable of reaching out to an IoT Hub.

For example, these devices lack the ability to communicate using the internet (but use eg. Bluetooth or I2C instead). Or these devices are capable of communicating eg. REST but simply disconnected from the internet. Or they can only reach their own platform (eg. LORA).

In these cases, you need a mediator, a gateway. It sits between the two parties and passes data back and forth.

Microsoft provides for these cases the IoT Edge SDK, formally known as the Azure IoT Gateway SDK.

This SDK makes it possible to run a service which makes it possible to connect devices to the Azure IoT Hub using a series of modules.

But the name change (from ‘gateway to ‘iot edge’) is not without reason. The Edge SDK has extended logic and is currently in preview. The additions to come will make it possible to run logic on-premise (according to the website: Enable real-time decisions, Perform edge analytics, Run artificial intelligence at the edge, etc.). This is promising!

But I have experienced the usage of the Gateway SDK as a challenge. The SDK supports many development platforms and documentation is scattered. So it’s hard to find a good starting point.

We will start with the Gateway SDK. I want to make the usage of this SDK as easy as possible.

Continue reading “Introduction to the IoT Edge SDK, part 1”

Not for the restless, HTTP access to the Azure IoT Hub

The Azure IoT Hub is accessible using multiple protocols. You can use MQTT, AMQP and HTTP. It’s even possible to run MQTT and AMQP over HTTP using web sockets (in case your firewall is closed).

This week, I had to connect a device to the IoT Hub running its own propriety runtime environment. The only way to communicate was HTTP.

Luckily, still HTTP is supported but communication works a bit different compared to using the IoT Hub SDK’s which Microsoft is offering.

Yes, at first it seems easy to just make a POST or GET to a REST endpoint. But looking at the security, just providing the Device connection string is not enough. You have to extract an SAS (Shared Access Signature) token first.

Let’s see how you can use REST.

Continue reading “Not for the restless, HTTP access to the Azure IoT Hub”

Distributing IoTHub credentials using TPM

I bet, most of the time you have seen Azure IoT demos or most of the time you have programmed an IoT Uwp app yourself, you hard coded device credentials for the IoT hub. Yes, I’m guilty too 🙂

And this is, of course, a bad practice.

Not only, there is a risk these credentials are shared by checking them in into your version control system (like public Git). But it’s also inconvenient because, for each device running that production code, you will have to alter the credentials in the code and deploy again.

We could use configuration files. But this is still worthless in perspective of distribution.

We would like to pass the credentials to known devices separately, apart from the applications. We want to use a second channel. And this is possible with the current Windows IoT Core infrastructure.

All we need is a TPM. This is a Trusted Platform Module:

Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor, which is a dedicated microcontroller designed to secure hardware by integrating cryptographic keys into devices. TPM’s technical specification was written by a computer industry consortium called Trusted Computing Group (TCG). International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) standardized the specification as ISO/IEC 11889 in 2009.[1]

Why do we need it? Microsoft provides a separate mechanism to write credentials into the module which acts like a vault.

In this example, we will look at Windows 10 Core running on a Raspberry Pi. And we will use IoT Hub device credentials stored in a TPM.

Continue reading “Distributing IoTHub credentials using TPM”

Azure Functions as watchdog for missing telemetry or devices

Once you are working with the Azure IoT platform, there comes a moment where you want to add notifications.

In a previous blog, we looked at how to send notifications when telemetry values did not match certain ranges. Although this is great, there are even more cases where we want notifications.

Here I am referring to watchdog functionality. When no telemetry is arriving anymore or devices are disconnected, the complete IoT platform is not working as designed. So we want to be informed when something fails.

In this blog, we will build a simple watchdog using Azure Functions.

Continue reading “Azure Functions as watchdog for missing telemetry or devices”