Getting started with IoT: how to connect, secure, and manage your “things”
The Internet of Things (IoT) is one of the go-to solutions for executives looking for more and better insights about their business. Collectively, IoT is made up of a network of devices and sensors, otherwise known as things, which connect to a company’s network and the cloud by various means. These devices generate data about the organization and its operations, and stream it to data stores and apps where it can be analyzed and acted upon. The resulting insights enable organizations to take action in response to something that has already happened, or which is expected to.
But the value of the data an IoT solution generates depends largely on how effectively you deploy and manage the devices. In addition to their breadth of form factors (from an incredibly small footprint to the size of a manufacturing assembly line), devices also have numerous capabilities and can be controlled at a minute scale. Once installed, they’re designed to perform their jobs without having to be physically touched again. Some operating characteristics may include:
- Automatic operation
- Limited power
- Limited connectivity
- Difficult to access
- Only accessible through the backend
- Susceptible to being tampered with by the public
- Managed by special protocols
To help connect devices to an IoT solution, Microsoft Azure IoT provides three distinct, but inter-related, technologies:
- The Azure IoT Hub: the gateway through which all data passes on its way to a data store, business application, or other destination.
- Azure IoT Edge: a runtime that helps connect devices to Azure IoT Hub and enables the running of services such as AI and data analysis on the device itself.
- Azure IoT Hub Device Provisioning Service: a service which simplifies the provisioning of devices to Azure IoT Hub, making it possible to establish a connection between the device and the hub without any human intervention.
You can either choose from a list of devices in the Azure IoT device catalog, or use your own devices and connect them using a variety of Azure IoT Software Development Kits for C, Python, Node, Java or C#/.NET.
Securing your devices
Given their frequently remote and public locations, devices are especially vulnerable to attack. And the access they can provide to extensive pools of additional data makes them potentially lucrative targets. To help secure the devices and data, Azure IoT Hub supports a variety of device identification mechanisms, including security tokens and x.509 certificates that are self-signed or issued by a certificate authority.
X.509 certificates simplify supply chain logistics by using cryptographic chains of trust to validate each device, rather than requiring that you manage the security of numerous private keys.
The Azure IoT Hub takes a different approach with securing back-end applications and only uses shared access policies.
Provisioning your devices
In an Azure IoT application, the device lifecycle starts by its provisioning: in order to securely connect and authenticate with Azure IoT Hub, the device needs an identity and needs to have its credentials onboard. The provisioning of devices can be done manually (creating the identity in the hub and putting the unique credentials on the device). For a one-hub solution, manual provisioning makes sense. However, for solutions deployed in multiple regions, or multi-tenancy solutions, the scalability and automation capabilities of the Device Provisioning Service (DPS) has powerful advantages.
To get started with provisioning:
- Create an account on Azure Portal
- Select Create a Resource on the Azure Portal home page (under the Internet of Things tab) and select IoT Hub
- Select Create a Resource a second time and search the IoT Marketplace for Device Provisioning Service (visit the DPS quickstart guide for more information)
- Establish a connection between your two resources (IoT Hub and DPS) by clicking on All Resources and selecting the DPS you configured, select Linked IoT Hubs on the DPS summary blade and click the + Add button at the top, in the Add link to IoT hub portal blade select either the current subscription or enter the name for another subscription and select it from the dropdown, then click Save (see these step-by-step instructions for more information)
- Create device enrollments in DPS. Once the device turns on and goes through provisioning, DPS will automatically create the device identities in IoT Hub
Once DPS is setup, you must flash all your devices with a firmware that will connect to DPS, and provide a piece of information about its identity that DPS will recognize, such as a unique piece of info from a TPM. Once the device requests provisioning and proves its identify, DPS will then create the device Identity in IOT Hub, and send its credentials to the device. Stored credentials can be used by the device to connect to the assigned IoT Hub.
Managing your devices
With your devices secured and provisioned, now comes the job of managing your devices—e.g., reboots, factory resets, configuration, firmware updates, and reporting progress and status—as well as monitoring the data streams to identify and extract insights. A critical element in this process is how you manage all the metadata associated with your devices, including information about what each device is as well as how you want the device to be configured vs how the device reports itself as configured. IoT Hub gives you the ability to manage this information across all your devices via a digital representation of the device called the device twin.
Device twins are incredibly useful in managing the IoT devices spread across your company. They can be used to:
- Monitor a device’s configuration data for early detection of potential malware attacks.
- Monitor data on the performance of a device, or group of devices, across the company and complete remote maintenance to avoid system outages.
- Perform widespread installation and upgrades of sensors across a security networks to maintain surveillance
You can also target a set of devices based on shared characteristics in order to send a scoped message, apply a configuration or schedule a software update, all using the device twin.
At first glance, IoT may still seem like a foreign concept compared to other technologies in your stack, but you will find many familiar tools and resources.
Learn more about building out your IoT capabilities and see how easy it is to get started with your first deployment. Download the Azure IoT developer guide and explore how to provision, secure, and manage devices with Azure IoT Hub.
Source: IoT