Supporting Azure Defender for IoT agent on IoT Edge device

More than two years ago, I wrote a blog post about introducing Azure cloud security on the Edge.

This, now labeled the ‘classic’ version of Azure IoT Security, was based on AuditD and filled an important need: getting insight into the security of IoT devices.

Though, as with many things, the world moves on.

Microsoft reconsidered the solution and decided to spice it up a little bit.

They now offer a new edition supporting both an agent-based and an agent-less solution.

If you are interested (and you are when you own large networks with many devices!) in the agent-less solution, please check out this great demonstration on the Internet of Things show.

This agent-less solution is especially powerful in large solutions with many devices on the network:

The architecture for Defender for IoT.

You just install this Azure Defender for IoT ‘sensor’ device within the network and it starts inspecting that network for possible threats based on deep-packet inspection and updated threat-analysis logic coming from Microsoft.

In contrast, Here is shown how the current agent-based solution is rolled out:

As seen in the picture an agent, running as a daemon process on your (Linux) host (Azure RTOS is supported too), checks for possible vulnerabilities and passes it on to the cloud, to an IoT Hub.

There, the situation (and possible threats) is visualized in the Azure Defender for IoT portal panes.

When I checked out the documentation, I also expected support for Azure IoT Edge… but it seems there is no Azure IoT Edge Docker module support.

It only describes running that solution based on a daemon. This daemon is just a process that is secured using Azure IoT Device Module Identity credentials.

The identity is a separate security key apart from the Azure IoT device runtime security keys.

So, do we need to register a second Azure IoT Device, deployed side-by-side to an Azure IoT Device just to have the host secured?

Or, how can we integrate this daemon in a device running Azure IoT Edge?

Doorgaan met het lezen van “Supporting Azure Defender for IoT agent on IoT Edge device”

Cloud IoT dashboards using Grafana with Azure IoT

Azure IoT offers a great solution for connecting IoT devices to the cloud and communicating with them in a secure way and in a two-way fashion: D2C and C2D.

Once you start ingesting telemetry you probably, at some point, want to represent the data in some kind of dashboarding.

This can either be a custom dashboard that gives you the most flexible way to represent the data. I have shown how to do this with Blazor. Or, you could choose PowerBI which is a well-known and productive tool used by many Data Scientists already.

Recently, our team invested some time in building dashboards using Grafana.

With Grafana you can create, explore and share all of your data through beautiful, flexible dashboards.

Azure supports Grafana in various ways in the Azure Marketplace.

Update: Please check out the recent Managed Grafana offering. Here, Grafana is offered as PaaS solution instead of IaaS, seen in this post.

For this blog post, I selected the official Grafana template which is hosted in a single VM:

The telemetry is ingested by an IoT Hub and send to a SQL Azure database using Azure Stream Analytics.

As you will see, this is quite an elaborate solution due to all the Azure resources being used.

Still, the solution is quite straightforward and certainly interesting if you are already familiar with Grafana.

Doorgaan met het lezen van “Cloud IoT dashboards using Grafana with Azure IoT”

Reference NuGet packages on GitHub Package Registry in Azure IoT Edge module

NuGet packages are a beautiful addition to your .Net development environment so you can add third-party libraries to your projects with ease.

For .NET (including .NET Core), the Microsoft-supported mechanism for sharing code is NuGet, which defines how packages for .NET are created, hosted, and consumed, and provides the tools for each of those roles.

Making use of a (privately hosted) NuGet feed is also the perfect way to distribute and version your own libraries within your company projects. Then, these libraries are only accessible by you and your friends.

Due to the fact, Azure IoT Edge modules are just docker containers, you can not simply reference other projects in the same solution. This is because of the separate docker container build and push mechanism outside the scope of the projects/solution.

Recently, I did some projects using (private) GitHub repositories to both generate, host, and consume NuGet packages.

Let’s check out how this works.

Doorgaan met het lezen van “Reference NuGet packages on GitHub Package Registry in Azure IoT Edge module”

Can an Azure IoT Edge container be deployed in the cloud?

In the last couple of years, I wrote several blog posts about deploying standard, generic (third-party) Docker container or custom docker containers on the Azure IoT Edge.

Why? Because we can!

Azure IoT Edge is a great container delivery solution for docker containers and can be used in non-IoT-related solutions too.

I agree this is a little bit awkward. Azure IoT Edge has this relationship with IoT. Can we ignore the Internet of Things part?

Yes, we are able to control containers remotely. And as a bonus, IoT related telemetry can be gathered and IoT related logic can be excuted.

So, more generally, we see most of the times this deployment of a mix of both IoT-related modules and generic, but still IoT-related (third-party), modules.

Still, the magic of deploying whatever you want is a big surprise.

The same goes for the opposite idea. Can we roll out IoT Edge modules in the cloud, without the confinements of Azure IoT Edge?

This is an interesting question.

Doorgaan met het lezen van “Can an Azure IoT Edge container be deployed in the cloud?”