BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage News Microsoft Azure IoT Hub Device Provisioning Service Hits General Availability

Microsoft Azure IoT Hub Device Provisioning Service Hits General Availability

This item in japanese

Bookmarks

Microsoft recently announced that the Azure IoT Hub Device Provisioning Service has become generally available. The service had previously been in public preview for a few months with customers, and the release adds new functionality and additional language support.

The service is part of the IoT architecture in Microsoft Azure, and Microsoft claims it is designed to provide a zero-touch solution for provisioning large numbers of IoT devices in the field without needing human intervention.

In the announcement, Nicole Berdy, a senior program manager for IoT Hub, noted:

The Device Provisioning Process was designed with the challenges of the supply chain in mind, providing the infrastructure needed to provision millions of devices in a secure and scalable manner.

A typical IoT device provisioning process may include adding a connection string to a device at the point of manufacture so that when the device is deployed it can start sending messages immediately. However, this creates a problem with security and scale since each device must have a unique connection string created and applied prior to deployment.

With the Azure IoT Hub Device Provisioning Service (DPS) the process flow happens differently.

Image source: https://azure.microsoft.com/en-au/blog/azure-iot-hub-device-provisioning-service-is-generally-available/

First, a manufacturer adds device enrolment information to an instance of the DPS in the Azure Portal. At this point, when a device is created and prepared at the factory it is setup with the endpoint of the DPS service.

Once the device is activated, the process happens without any intervention:

  1. The device contacts the service passing device identification information to prove its identity.
  2. Once validated using a registration identifier and a key, the service registers the device with an IoT Hub and creates a device’s desired twin state that contains the initial configuration information for the device.
  3. IoT Hub returns the device’s ID to the DPS.
  4. The DPS returns IoT Hub connection information to the device.
  5. The device communicates directly with the IoT Hub and gets the desired state configuration from the IoT Hub.

At this point, the device can communicate normally. The DPS supports the same protocols as supported by Azure IoT Hub, namely HTTP, AMQP, MQTT, AMQP over web sockets and MQTT over web sockets.

Development is supported through SDKs for both devices and service side operations with SDKs available for C, C#, Java, Node, and Python. The SDKs are available to download on GitHub and there are quick start tutorials to help get started with the service.

An important part of an IoT solution is ensuring that devices and communications are secure. To achieve this, the DPS currently supports two device identification mechanisms:

  1. X.509 certificate exchange for a certificate that is created and installed on the device during manufacturing.
  2. Extraction of the public portion of a Trusted Platform Module (TPM) endorsement key from the installed TPM device. A TPM is a dedicated microprocessor that secures hardware and is an international standard.

An Azure IoT Hub Device Provisioning Service can be connected to many instances of Azure IoT Hub allowing the service to assign devices across many IoT Hubs that can exist in different regions, allowing for geo-location of devices or load balancing, and across different Azure subscriptions allowing support for multiple customers or environments.

The service costs $0.10 per 1,000 operations from 1 February 2018, and full documentation is available on the Microsoft Azure documentation site.

Rate this Article

Adoption
Style

BT