We're moving our Azure IoT Edge devices from manual provisioning to DPS with symmetric key. One of the modules deployed to our devices needs to manage the Device Twin - we have been using this for state properties that persist across updates to modules. To connect to the device twin, I've been creating a DeviceClient from connection string which is loaded as an environment variable on a per device basis. This is using the C SDK.
Now I want to request the device credentials during provisioning so that the symmetric key is the only secret pre installed on the device.
A number of posts suggest that this isn't possible with best practices, most succinctly:
Access IoT Edge Device Twin from Edge Module when using X.509 Authentication
Is this still the case? If so, what is the intended use for the device twin on IoT Edge, if user modules aren't supposed to access it in a production setting?
A number of posts suggest that this isn't possible with best practices, most succinctly: Access IoT Edge Device Twin from Edge Module when using X.509 Authentication. Is this still the case?
This is still the case. Modules accessing device twin information is not supported or recommended. There are other ways to achieve what is desired - like one you described in your comment.
what is the intended use for the device twin on IoT Edge, if user modules aren't supposed to access it in a production setting?
The use case for device twins in IoT Edge is ADM deployments.
You create a deployment manifest and then define which devices it applies to based on tags in the device twin.
Ref: Understand IoT Edge automatic deployments for single devices or at scale
Related
I want to secure the connection between the devices and the IoT Edge Device to the secure for example my app running on the iPad access the IoT Edge Device at http://: but I want to access it over https. I am new to IoT, How can I achieve it?
You could run a proxy module like outlined here: https://github.com/Azure/iotedge/tree/master/edge-modules/edgehub-proxy
I have implemented Azure IoT edge transparent gateway use case and was able to register/provision my leaf device through DPS(x509).
But I want to register my leaf device on IoT Hub through IoT edge as my leaf devices doesn't have any Internet connection thus they can't access IoT Hub interface.
Or I'm open for other solutions too for my use case.
Right now IoT Edge does not support proxying DPS requests. you would need to provision your device "manually"
We have a gateway device(not running IoT edge runtime). We want to connect multiple BLE or Zigbee sensors to the gateway and provision/register them through our gateway device to IoT Central as different devices using group symmetric key approach.
We have seen multiple sample codes for the provisioning and registering the devices using group symmetric key to generate device-specific SAS key. But these don't have an approach for handling multiple device clients after registering and connecting to IoT Central
python sdk provisioning with group symmetric key
iot_central_python_sample
After connecting the device we need to use device client of the SDK to send telemetry and receive commands to/from IoT Central.
Consider if we want to use the same code for multiple sensors, we need to have multiple device clients(threads) running.
Please suggest a better approach to handle multiple devices for sending telemetry and receiving commands to/from IoT Central
This might help with your use case: https://github.com/Larouex/IoTCNanoBLE33
Resource only return following object and not connection string which I need to call Direct methods on device.
[{"id":"585302d5-f4c9-4248-bb50-482657c028ba","spaceId":"b27f5aa2-ba06-4ffa-9750-b4a3655a6096","type":"IotHub","isExternallyCreated":false,"status":"Running","lastUpdatedUtc":"2019-02-21T10:22:00.0456407","properties":{"iothubUrl":"ih-46de7654-b8c5-4ddc-9e50-b455d36d4146-1.azure-devices.net"},"instanceNum":1}]
The connectionString can only be retrieved from the devices endpoint.
GET https://{{instanceName}}.{{regionName}}.azuresmartspaces.net/management/api/v1.0/devices?includes=ConnectionString
In the early preview version of Digital Twins Command and Control is not available.
Currently Azure Digital Twins doesn't support command & control to devices. You can get the device connection string but you cannot get the IoT Hub's connection string to issue commands (or device twins).
Moving forward we have heard a lot of feedback from customers that they want/need to send commands and in the next set of updates to Digital Twins we are looking at how to enable this. Stay tuned as we will have updates later in 2019. Thanks for the interest & question.
I am creating a few function app samples and one use case is updating software for a device on the international space station. Anyone know what protocol is used?
Azure IoT Hub supports three protocols: AMQP, MQTT, and HTTPs.
Choose AMQP or MQTT except for the device only support HTTPs.
Choose AMQP if that require connecting multiple devices over the same TLS connection.
Choose MQTT if the device has limited resources (for example, less than 1-MB RAM) because it has a smaller footprint than the AMQP libraries.
It depends on your concern.
Reference - choose a communication protocol
I'm assuming your devices are connected through IoT Hub.
You can follow the device management patterns: https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-device-management-overview
Specifically: Firmware Update. Which should be similar to updating software.
Device Twin should be used for IoT devices regarding management since devices can't guarantee "always online" connection. In the case of device twin, a state cache is stored in IoT Hub, when the device reconnects it can retrieve the updated state from cloud and update the device accordingly.