Azure IoT Edge on Ubuntu VM

Testing IoT Edge at scale has some practical challenges. Where do you get all the hardware from if you want to test on two, or five, or twenty, or more devices?

The Azure cloud provides a simple solution: just spin up a bunch of Virtual Machines each running the IoT Edge Runtime. As long as you can provide the VMs access to simulated sensors instead of physical sensors, you are good to go.

Let’s dive a little bit deeper into the preconfigured VM that Microsoft recommends for these situations.

It starts with creating the right VM in Azure.

Microsoft provides several VMs. You can of course start a vanilla VM with the Operating System of your choice and put the IoT Edge Runtime on top of it.

But Microsoft already provides a Ubuntu VM with IoT Edge pre-installed. Check out the Marketplace:

Select “Azure IoT Edge on Ubuntu”. This will start a wizard in which we have to make a few changes.

By default, Ubuntu Server 16.04 LTS is installed on a host with size B1ms:

You can change the size, there are several options:

As you can see, there is even a size comparable to a Raspberry PI for a very low price per month (these prices are just for comparison).

Note: I do not recommend this B1ls size, though. The stability for IoT Edge was not as expected (modules failed to load on startup, etc.). Please, first test your solution before you proceed with the B1ls.

Next, you have to provide credentials to login. You can either go for a password or SSH public key.

The SSH seems more secure for public accessible SSH ports.

In my case, I went for the name/password combination because I do not support SSH access on my VM. I simply do not want to have any inbound ports open:

Otherwise, if you still choose to support SSH on the VM, this is the dialog:

But, as said, this will open an inbound port, the well known SSH port, so you must expect many brute force attacks on your IP address daily!

This is because enabling SSH will also enable the public inbound port under the Networking tab:

So if you select SSH, this is how it is shown in the Azure portal after creation:

Note: When you install Azure Security Center for IoT, you can expect the first brute force attack warnings within hours.

Next, it is recommended to set the Auto-shutdown options. You can find this option under the Management tab. If you only run your device during office hours, you can easily double the size of your VM (with a higher price tag) and still end up with a lower bill:

With these adjustments, you create your VM. After just a few minutes, the VM is created:

The IoT Edge runtime is running, but we can not control the Edge solution yet because we still have to provide the IoT Edge connection string!

How do we add this connection string? If we do not support SSH, how do we interact with VM otherwise?

Well, the Azure portal provides terminal access to your VM using the Serial console. It runs within the security context of your Azure portal subscription:

Just click on the console window and a prompt will appear. Now enter the name and password to login into the VM.

Normally, you should first open the config.yaml in the /etc/iotedge folder. In this file you then enter the connection string. After saving, you should restart the iot edge runtime to make use of the new setting…

But you can also use this easy shell script:

sudo /etc/iotedge/ "[your device connection string]"

This will accomplish the same, it will add the connection string in the config.yaml:

I have configured the IoT Edge to run the default temperature simulation. After adding the connection string using the script, my IoT Edge runs as expected:

The modules are running and the messages are sent.

Extra console features

The console has some extra features to make life a bit more interesting. I like the simple reboot option:

This just reboots the Operating System and is not as intrusive as restarting the VM. Therefor is saves some time.

It’s also possible to send Non-Maskable Interrupts:

Updating the OS

After the VM was installed, I was seeing this messages regarding updating/upgrading the VM:

The 186 packages can be updated with:

sudo apt-get update
sudo apt-get upgrade // Restart required

In my case, I had to restart the VM. After that, the number of packages to update dropped to 24. I brought it further back to zero using this command:

sudo apt-get dist-upgrade


It is also possible to upgrade to the newer Ubuntu version 18.04.2 LTS. You have to run:

sudo do-release-upgrade

I also tried this ‘do-release-upgrade’. All possible updates have to be installed in advance! (see previous paragraph)

Note: Only upgrade to Ubuntu 18.04 if there is a real need for it. It will take a lot of time (depending on the size of your VM) and will expose you to some script merge conflict. Perhaps starting with a VM running Ubuntu 18.04 from the start is smarter…


The Azure IoT Edge on Ubuntu VM delivers as promised. The extra script for the config.yaml changes is a nice touch.

If you can automate the construction of these VMs, you get yourselves a nice platform for testing Azure IoT Edge at scale.

As shown, it is not recommended not needed to open inbound (SSH) ports for management. This can done within the Azure portal. Alternatively, check out the new Azure Bastion features.

In my next blog, I show how to enroll IoT Edge devices at scale using symmetric keys in the Device Provisioning Service.

2 gedachten over “Azure IoT Edge on Ubuntu VM

Reacties zijn gesloten.