Manage your devices with Azure IoT...and more
Download as PPTX, PDF0 likes157 views
The document outlines the management of IoT devices through Azure IoT, detailing aspects such as device provisioning, configuration, and the use of Azure IoT Hub and Edge for efficient device management and data processing. It covers best practices for interactive controls, telemetry, and compliance, as well as the significance of Azure Sphere for enhanced security. Additionally, it discusses server-side processing options and emphasizes the importance of scalability, security, and efficient event handling in IoT architectures.
Manage your devices with Azure IoT...and more
- 1. Gestire devices per l'Internet of Things con Azure IoT MARCO PARENZAN WPC2018 1
- 2. Agenda • Device Management with Azure IoT Hub • Azure Device Provisioning Service • Azure IoT Edge • Server side processing WPC2018 2
- 3. Device Management with Azure IoT Hub
- 5. Connect a device for… • Telemetry • Data flows in one direction from the device to other systems for conveying status changes in the device itself • Inquiries • Requests from the device looking to gather required information or asking to initiate activities • Commands • Commands from other systems sent to a device (or a group of devices) to perform specific activities expecting a result from the command execution, or at least a status for that • Notifications • Information flows in one direction from other systems to a device (or a group of devices) for conveying status changes
- 6. Device Management • Device Provisioning • Device Configuration • Invoke a task on the device • Invoke a task on many devices • Query for your asset • Generalize drivers for multiple version support
- 8. IoT Hub Device Management • Device Provisioning • Automatic device registration including, management enrollment and initial configuration • Device Twin • Synchronize the device condition and configuration between cloud and device • Methods • Perform interactive actions (e.g command &control) on devices • Jobs • Broadcast and schedule device twin changes and methods at scale • Queries • Dynamic reporting across device twin and jobs to attest device status and health • Patterns, Libraries, & Implementations • Get started quickly with the most essential operations supporting a diverse set of platforms
- 9. Device app Back end Azure IoT Device Twin Device twin Properties Desired Reported Tags Organize ConfigureImplement Configuration Update Conditions Attest Compliance Query and Events
- 10. Learnings over the years • DON’T use a C2D Message for device configuration • TTL will never be long enough. • DON’T use a Direct Method for device configuration • Direct methods are interactive (request/response). • DO use Device Twin Desired Properties for configuration • DO use Direct Methods for remediation • DO use Device Reported Properties for config compliance
- 11. DEMO
- 13. Answer these IoT questions… • How will you connect your devices? • How will you securely identify and enroll your devices? • How do you scale enrollment for many devices?
- 14. What is provisioning? Registration Configuration Provisioning
- 16. Group devices and control access according to your organization's needs Securely authenticate devices, on-board for management and provision for service Monitor device inventory, health & security while providing proactive remediation of issues Replace or decommission devices after failure, upgrade cycle or service lifetime Manage devices at scale Provide updates, configuration & applications to assign the purpose of each device PLAN PROVISION CONFIGURE MONITOR RETIRE
- 17. Introducing: IoT Hub Device Provisioning Devices are automatically and securely connected to the IoT Hub service and provisioned with initial configuration A single device provisioning tenant can provide service for multiple IoT hubs (in multiple regions) Customers provide rules and logic to assure the right device is attached to the right IoT solution (and associated IoT Hub endpoint) Device provisioning ability is extensible with support for several types of identity attestation patterns
- 18. Setup • Devices already have the URI for the device provisioning service at first boot • Device provisioning service already knows about the IoT hubs to which it can connect • Device provisioning service already knows the type of identity attestation it is using, including connection info for each
- 19. IoT Hub Device registry (ID/key and metadata) Device IoT Hub device provisioning service Distribution rules IoT Hub Device registry (ID/key and metadata) Enrollment list Using an enrollment list
- 20. DEMO
- 21. Azure IoT Edge
- 22. Why Azure IoT Edge? • Because not everything is on the cloud • Latency • Control • Pre-processing • Because there are also the devices... • ...or the gateway • Commercial/Industrual/Ruggered • Look at Azure IoT Certified
- 23. Azure IoT Edge • It’s a device! • Gives a structure to the edge client • Based on docker «philosophy» • You need to build a container image • You need a container registry
- 24. Azure IoT Edge Design Principles • Secure • Provides a secure connection to the Azure IoT Edge, update software/firmware/configuration remotely, collect state and telemetry and monitor security of the device • Cloud managed • Enables rich management of Azure IoT Edge from Azure provide a complete solution instead of just an SDK • Cross-platform • Enables Azure IoT Edge to target the most popular edge operating systems, such as Windows and Linux • Portable • Enables Dev/Test of edge workloads in the cloud with later deployment to the edge as part of a continuous integration / continuous deployment pipeline • Extensible • Enables seamless deployment of advanced capabilities such as AI from Microsoft, and any third party, today and tomorrow
- 25. Azure IoT Edge «Edge» Architecture
- 26. Modules • It’s a pipeline • Custom modules • C#/.NET Core • JavaScript • Standard! • Functions • Stream Analytics • ML
- 27. Concepts – Edge Runtime • Edge Runtime provides fundamental services • Security • Multiplexing • Store and forward (Offline) • Management for devices otherwise isolated from internet
- 28. DEMO
- 30. Which services for (IoT) events processing? • Azure Functions • Stream Analytics • EventProcessorHost
- 31. Azure Function • Good for low ingestion • Moving over EventGrid will improve performances • No event correlation • Durable Functions not for this... • EventGrid will change, but it’s not the same
- 32. Stream Analytics • Great semantics • Hyperscale • But • Not cost effective in the mid-low • No SQL friendly • Difficult to test • Slow to start • shooting fish in a barrel (equivalente di «sparare a un topo con un cannone») • Just to make time window aggregation
- 33. EventProcessorHost • Where it is? • How does it scale with EventProcessorHost? • EventHub is «a queue» (not really, but Receive exists!)
- 34. Summer testing of... • Experimenting with IoT protocols directly (AMQP and MQTT) by the device • Consuming EventHub with AMQP protocol directly • Consuming Redis with raw protocol • Want to experiment containers • No more VMs for workers • Never liked WebJobs for that • No functions…Event Grid destiny…
- 36. “Serverless Streaming At Scale with Cosmos DB” by Davide Mauri • October 9th, 2018 after my thought... • https://medium.com/@mauridb/serverless-streaming-at- scale-with-cosmos-db-e0e26cacd27d • «…But if you don’t need time-aware features, like Hopping or Tumbling Window, complex data processing capabilities, like stream joining, aggregates of streams and the likes, a more lightweight solution can be an option….”
- 37. Containers • Containers = Love • IaaS = Hate • AKS .... Love? • Serious Answer • Containers are the futurepresent • I don’t implement an AKS cluster in a proposed solution, not PaaS • Only if already existing or requested • Service Fabric is the same
- 38. Great news • Azure Container Instances • AKS as a Service (PaaS) • Not completly equivalent with AKS • No orchestrator • Fits well for a fixed partition-based model (one container instance per partition)
- 41. Replacing Stream Analytics Event Processing Hopping Window Accumulating Events in windows Releasing Windows Persisting Windows
- 42. Event Processing • Accessing EventHub API (also for IoT Hub) • Using AMQPLite lib • also Microsoft.Azure.EventHub • But no Microsoft Azure.EventHub.Processor
- 43. Hopping Window • Fixed size time window • Overlapping window • Extreme condition: zero overlapTumbling Window • Class for window identification
- 44. Accumulating events in windows • Collections • High availability? • Redis! • Using Lists
- 45. Releasing data as time windows • How long windows stay in memory? • SA uses the notion of «unordered events» • No time critical • Example 15minutes windowafter 20+ minutes • How? • Redis caching expiration!
- 46. Persisting Time Windows • Direct SQL pressure? No! • Using queues • Then a worker can off load queue and store in SQL • In the demo it’s just a thread, but it can be another container...
- 47. Hyper-scaling • All these steps can be implemented in different containers (and probably SA does the same ) • And remember that you can replicate it for each partition
- 48. Building an event processor • .NET Core • ASP.NET Core • IHostedService • Make it observable (at least in testing) • MVC • SignalR
- 49. DEMO
- 50. Azure Container Instances (ACI) Easily run containers without managing servers Now GA! Containers as a primitive billed per second Secure applications with hypervisor isolation Run containers without managing servers
- 51. Service Fabric Dedicated Azure clusters Service Fabric Cluster Bring your own infrastructure Service Fabric Standalone On-premisesAny cloud Dev machine Dedicated Service Fabric Mesh Fully managed by Azure Serverless
- 53. Conclusions?
- 54. Driving Security Innovation: 7 Properties of Device Security • Well understood security principles and practices • Device security rooted in hardware, but guarded with secure, evolving software https://aka.ms/7principles
- 55. What is Azure Sphere? • A new Azure Sphere OS secured by Microsoft for the devices 10-year lifetime to create a trustworthy platform for new IoT experiences • The Azure Sphere Security Service guards every Azure Sphere device; it brokers trust for device-to-device and device-to-cloud communication, detects emerging threats, and renews device security. • A new Azure Sphere class of MCUs, from silicon partners, with built-in Microsoft security technology provide connectivity and a dependable hardware root of trust
- 56. Q&A • Domande e risposte WPC2018 56
- 57. Contatti • OverNet Education • Info@OverNetEducation.it • www.OverNetEducation.it • Rozzano (MI)+39 02 365738 • Bologna +39 051 269911 • www.wpc-overneteducation.it ROZZANO (MI) BOLOGNA ROMA GENOVA TORINO NAPOLI WPC2018 57