Introduction to the IoT Edge SDK, part 2

Running logic on the Edge is not that hard, as we have seen in my previous blog. You have been introduced to modules, the gateway configuration and the broker/runtime.

But these were just two modules. Now it’s time to put some data into the Azure IoT Hub.

If we look at the modules provided by Microsoft, we can do the job already. What we need are the following, already available modules:

  1. simulated_device.dll, to generate simulated data
  2. identity_map.dll, it holds a list of device names and private key combinations so the data of devices can be sent securely to the IoT Hub
  3. iothub.dll, to make contact with the IoT Hub and pass data in name of devices

Yes, there are some limitations to these modules but for now, it’s good enough. Let get started.

Continue reading “Introduction to the IoT Edge SDK, part 2”


Introduction to the IoT Edge SDK, part 1

When the Azure IoT Platform is referenced, in most cases the devices connecting to the IoT Hub are capable of communicating directly on the internet using Wifi etc. But there are many cases where devices are not capable of reaching out to an IoT Hub.

For example, these devices lack the ability to communicate using the internet (but use eg. Bluetooth or I2C instead). Or these devices are capable of communicating eg. REST but simply disconnected from the internet. Or they can only reach their own platform (eg. LORA).

In these cases, you need a mediator, a gateway. It sits between the two parties and passes data back and forth.

Microsoft provides for these cases the IoT Edge SDK, formally known as the Azure IoT Gateway SDK.

This SDK makes it possible to run a service which makes it possible to connect devices to the Azure IoT Hub using a series of modules.

But the name change (from ‘gateway to ‘iot edge’) is not without reason. The Edge SDK has extended logic and is currently in preview. The additions to come will make it possible to run logic on-premise (according to the website: Enable real-time decisions, Perform edge analytics, Run artificial intelligence at the edge, etc.). This is promising!

But I have experienced the usage of the Gateway SDK as a challenge. The SDK supports many development platforms and documentation is scattered. So it’s hard to find a good starting point.

We will start with the Gateway SDK. I want to make the usage of this SDK as easy as possible.

Continue reading “Introduction to the IoT Edge SDK, part 1”

Not for the restless, HTTP access to the Azure IoT Hub

The Azure IoT Hub is accessible using multiple protocols. You can use MQTT, AMQP and HTTP. It’s even possible to run MQTT and AMQP over HTTP using web sockets (in case your firewall is closed).

This week, I had to connect a device to the IoT Hub running its own propriety runtime environment. The only way to communicate was HTTP.

Luckily, still HTTP is supported but communication works a bit different compared to using the IoT Hub SDK’s which Microsoft is offering.

Yes, at first it seems easy to just make a POST or GET to a REST endpoint. But looking at the security, just providing the Device connection string is not enough. You have to extract an SAS (Shared Access Signature) token first.

Let’s see how you can use REST.

Continue reading “Not for the restless, HTTP access to the Azure IoT Hub”

Distributing IoTHub credentials using TPM

I bet, most of the time you have seen Azure IoT demos or most of the time you have programmed an IoT Uwp app yourself, you hard coded device credentials for the IoT hub. Yes, I’m guilty too 🙂

And this is, of course, a bad practice.

Not only, there is a risk these credentials are shared by checking them in into your version control system (like public Git). But it’s also inconvenient because, for each device running that production code, you will have to alter the credentials in the code and deploy again.

We could use configuration files. But this is still worthless in perspective of distribution.

We would like to pass the credentials to known devices separately, apart from the applications. We want to use a second channel. And this is possible with the current Windows IoT Core infrastructure.

All we need is a TPM. This is a Trusted Platform Module:

Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor, which is a dedicated microcontroller designed to secure hardware by integrating cryptographic keys into devices. TPM’s technical specification was written by a computer industry consortium called Trusted Computing Group (TCG). International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) standardized the specification as ISO/IEC 11889 in 2009.[1]

Why do we need it? Microsoft provides a separate mechanism to write credentials into the module which acts like a vault.

In this example, we will look at Windows 10 Core running on a Raspberry Pi. And we will use IoT Hub device credentials stored in a TPM.

Continue reading “Distributing IoTHub credentials using TPM”

Azure Functions as watchdog for missing telemetry or devices

Once you are working with the Azure IoT platform, there comes a moment where you want to add notifications.

In a previous blog, we looked at how to send notifications when telemetry values did not match certain ranges. Although this is great, there are even more cases where we want notifications.

Here I am referring to watchdog functionality. When no telemetry is arriving anymore or devices are disconnected, the complete IoT platform is not working as designed. So we want to be informed when something fails.

In this blog, we will build a simple watchdog using Azure Functions.

Continue reading “Azure Functions as watchdog for missing telemetry or devices”

The only thing standing between IoT Hub and Functions are Consumers groups

Traditionally, when telemetry arrived at an Azure IoT Hub, it was a rule of thumb to pass it to a Stream Analytics job. But when routing was introduced in the IoT Hub, it became possible to push the telemetry directly into an EventHub or a Service Bus too.

I still favor the many possibilities of the Stream Analytics job, working with temporal and geospatial data eg. is so much easier that way.

But I can configure a lot of other, new Azure resources after the Event Hub or the Service Bus.

For example, IoT Hub routing to an Event Hub makes it possible to pass telemetry to Azure Functions (using the EventHubTrigger). This opens a whole new world of Azure opportunities using only an EventHub in this case! But it can be done even simpler…

Continue reading “The only thing standing between IoT Hub and Functions are Consumers groups”

Test the protocol availability of your Azure IoT Hub

Yesterday I discovered this little gem on Github. This NodeJS tool is advertised as:

“This tool is provided to help diagnose issues with a device connecting to Azure IoT Hubs.”

What it basically does, is calling your IoT Hub and trying to make a connection using Ping, AMQP, AMQP-WS, HTTPS and MQTT. It just checks the availability.

This is the outcome of a typical call:

I can think of calling your service once or more times every day, to check the availability.

What do I have to do for this to get it running?

Continue reading “Test the protocol availability of your Azure IoT Hub”