Handling relais measurements with Modbus

I recently had to measure the number of products passing a light emitting sensor. I got this Photo Electric switch E3JK-DS30M1 which has a relais to indicate if something is reflecting the infrared light it emits or not.

The schema is pretty simple:

You just attach 24V DC to the BLUE (-) and BROWN (+) wires. Then the sensor device behaves like a relais where the WHITE and BLACK wires resemble the ‘normally open’ state. The WHITE and GREY wires are used for the ‘normally closed’ state.

I tested the relais with my multimeter (set to Ohm). The relais was truly indicating objects passing by the beam of the photo electric switch.

The measuring distance can differ. My device has a range from 5 to 40 centimeters (it is adjustable with a potentiometer). But white and shiny objects reflect the beam better than dark objects. And do not hold the sensor directly into the sun, you get a lot of false readings!

I used an Advantech Wise 4012E IO module to measure the state of the relais. Let’s check out the settings.

Doorgaan met het lezen van “Handling relais measurements with Modbus”

Connecting simple devices to IoT Central

Once you start collecting data in an IoT solution, you will need some kind of dashboard to represent the raw or aggregated data.

IoT projects typically start as a POC to validate IoT scenarios. When the POC success, a pilot project is started to check scalability, monitoring, maintainability, etc.

Microsoft provides multiple solutions for these various scenarios. The most lightweight solution is IoT Central.

Experience the simplicity of SaaS for IoT (Internet of Things), with no cloud expertise required—Azure IoT Central is a fully managed global IoT SaaS (software-as-a-service) solution that makes it easy to connect, monitor, and manage your IoT assets at scale. Bring your connected products to market faster while staying focused on your customers.”

You can start with a 7-day trial or with pay-as-you-go. This last option is free if you limit yourself to 5 actual or simulated devices.

At this moment, Microsoft has examples for the Raspberry Pi, the MX Chip IoT Devkit and Windows 10 IoT Core.

But what if you want to connect your own device? Is this simple to do too?

Let’s check this out.

Doorgaan met het lezen van “Connecting simple devices to IoT Central”

A new batch of OPCPublisher direct methods

Recently, Microsoft put some real effort into updating the OPCPublisher project. This application/IoT Edge Module ingests telemetry from an OPC-UA Server.

I already wrote two blogs about it: Getting started with OPC-UA on Azure IoT Edge and Managing nodes from the cloud in the OPC-UA Publisher Edge. The seconds one showed how to connect to the OPCPublisher as an IoT Edge module using DirectMethods.

New methods have arrived, this time we get information about the module itself.

Let’s check them out.

Doorgaan met het lezen van “A new batch of OPCPublisher direct methods”

Adding offline capabilities to your IoT Edge device

Azure IoT Edge makes it possible to send messages to your IoT Hub using the extremely flexible IoT Edge runtime and modules.

The runtime also supports temporary offline capabilities in case the IoT Hub is unreachable.

Currently, runtime 1.0.5 is available which makes it possible to set a custom location (folder) in which messages are stored before they are sent to the IoTHub.

Let’s see how this turns out.

Doorgaan met het lezen van “Adding offline capabilities to your IoT Edge device”

Integrating SQLite in Azure IoT Edge for local storage

Microsoft has opened the Azure Marketplace for IoT Edge modules. This makes it easy to find and install IoT Edge modules into your own IoT Edge devices.

At this moment a dozen or more modules are available:

We see a few well-known modules from Microsoft which support SQL Server, Modbus, OPC-UA or the Temperature sensor simulation.

One of these modules is supporting SQLite.

What is SQLite?

According to the homepage, SQLite is an in-process library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine. The code for SQLite is in the public domain and is thus free for use for any purpose, commercial or private. SQLite is the most widely deployed database in the world with more applications than we can count, including several high-profile projects.

What does the module do?

This IoT Edge module is capable of accessing SQLite databases locally.

Microsoft says:

“Using this module, developers can build Azure IoT Edge solutions with the capability to access SQLite databases. The SQLite module is an Azure IoT Edge module, capable of executing SQL queries sent from other modules, and return the result to the senders or to the Azure IoT Hub via the Edge framework. Developers can modify the module tailoring to any scenario.”

The module is open source and both documentation and source code are put on GitHub.

Why should we use this module?

In the past, I checked out the SQL Server IoT module to persist IoT messages locally.

This SQLite module has a few advantages which you will like:

  • It’s lightweight
  • It’s based on a public domain framework
  • It’s integrated with the routing of IoT Edge

For me, that last item, we can integrate the module directly in the routing is interested.

So let’s check out how we can use it.

Doorgaan met het lezen van “Integrating SQLite in Azure IoT Edge for local storage”

Custom IoT Hub assignment in Device Provisioning Service

In my previous blog, I have shown how to provision a device using a real TPM using the Device Provisioning Service (DPS).

Once you are able to provision your IoT devices to the Azure IoT Platform using a DPS, a whole new world of possibilities opens up for you.

Before, you registered your device to one IoTHub. To change it, you had to go to the device and fix it. But now you are able to make a choice between multiple IoT Hubs within the cloud, dynamically!

But what strategy are you going to use?

Microsoft provides three standard strategies out of the box:

  1. Lowest latency (select the nearest IoT Hub)
  2. Evenly weighted distribution (select the IoT Hub with the least amount of devices)
  3. Static configuration (just select one yourself. This is the situation as before)

But there is a new strategy which is very flexible:

This fourth strategy makes use of a custom Azure Function which you can write yourself.

You could, for instance, access a database and read some data before you make the decision to which IoTHub you assign this device.

Let’s see how we can build a custom function ourselves and get the most out of it.

Doorgaan met het lezen van “Custom IoT Hub assignment in Device Provisioning Service”

Provision your IoT Edge device using a TPM

IoT Devices need a secure connection, the reason is obvious. It all starts with a secure connection between a device in the field and the Cloud platform.

Microsoft provides a secure connection for devices to the IoT Hub in three ways:

  • Symmetric keys
  • Certificates
  • Support for a Trusted Platform Module (TPM)

We are interested in how to get our connection secured using the TPM.

A TPM is “an international standard for a secure cryptoprocessor”. It can generate private keys and expose the public keys related to them. So it somewhat behaves like a set of certificates but now as a physical device.

If somebody tries to physically compromise the chip to retrieve a private key, it should break thus destroying the chip and its content. You can buy TPM chips (eg. for a Raspberry PI) but it’s better to have it already attached to your PC’s motherboard. The chip acts as an identity and you do not want to see it being unplugged.

My Advantech UNO 2372G has a TPM 2.0 chip already built in. The same goes for a few laptops I have. Keep in mind that older versions of this security chip (like the TPM 1.2) are not supported by Microsoft.

Symmetric keys and certificates are supported by the Azure IoT Hub. We need another service, the Azure Device Provisioning Service to provision a device using the TPM and get access to an IoT Hub of your choice.

How does it work?

The Device Provisioning Service acts as a broker between provisioned devices and one or more IoTHubs.

The following picture shows the ‘dance’ a registered device has to perform if it wants to contact an IoT Hub (example taken from the documentation):

  1. Device manufacturer adds the device registration information to the enrollment list in the Azure portal.
  2. Device contacts the provisioning service endpoint set at the factory. The device passes the identifying information to the provisioning service to prove its identity.
  3. The provisioning service validates the identity of the device by validating the registration ID and key against the enrollment list entry using either a nonce challenge (Trusted Platform Module) or standard X.509 verification (X.509).
  4. The provisioning service registers the device with an IoT hub and populates the device’s desired twin state.
  5. The IoT hub returns device ID information to the provisioning service.
  6. The provisioning service returns the IoT hub connection information to the device. The device can now start sending data directly to the IoT hub.
  7. The device connects to IoT hub.
  8. The device gets the desired state from its device twin in IoT hub.

Note: Keep in mind, this dance can only start after a device is registered at the DPS. There must be a trust relationship between the device (with a TPM) and Device Provisioning Service first.

Why should we use a TPM?

Every example starts with symmetric keys. Are symmetric keys not enough?

All three available ways to secure a device are great but only certificates and a TPM are recommended to be used in production. The problem with symmetric keys is that replacing those keys is hard, you need to change it on the device itself. And you need to transport the new key to the device (on a USB stick?) so you are a bit vulnerable then.

Using a TPM (and a DPS) helps in two ways:

  1. When the security token behind the secure connection with an IoT Hub expires, the device itself simple asks for a new token by connecting to the DPS. There is no need for extra work to be done.
  2. The DPS has knowledge about one or more IoTHubs. So depending on rules you have set, the DPS routes the device to the right IoT Hub. Imagine a device on a ship going around the world and always connects to the nearest IoTHub for the best connection (lowest lag). You can also program rules yourself using Azure Functions.

Note: If you want to make use of a DPS with Azure IoT Edge, only a TPM is supported at this moment (2018Q4).

How to register your IoT Edge device

So we need an IoT Edge device like a Raspberry Pi with a TPM on top of it or an industrial PC like the Advantech Uno 2372G with a TPM built in.

At this point, the IoT Edge documentation get’s a bit fussy. All examples I found until now are referring to the use of a TPM emulator, not an actual TPM.

In this blog, I will show you how you can register using a DPS.

Doorgaan met het lezen van “Provision your IoT Edge device using a TPM”