Azure IoT Hub allows you to transform your embedded devices into the IoT devices. Azure with portal and CLI allows you to manage the lifetime of your devices, but only if you are an expert and experienced in Azure. How can your customer, for which you have developed the solution, manage the solution independently? In this session, we will start from the principles of the IoT Hub about the configuration and management of device lifetime. We will look into the APIs and tools for managing IoT Hub. We'll talk a little bit about telemetry and its meaning. Then we will start building a portal in ASP.NET to manage everything. And in the end we will talk about multitenancy and what it means to sell (from the technical side) IoT solutions to several customers.

1. DEV031 - Sviluppare un portale
per gestire la tua soluzione IoT
Hub
MARCO PARENZAN
WPC2017 1

2. @marco_parenzan
.NET, IoT and Azure Developer, Trainer and Consultant
Microsoft MVP 2017 for Azure
Book Author @ Packt, LSWR
Community Lead 1nn0va facebook.com/1nn0va

3. DEV031 - Sviluppare un portale
per gestire la tua soluzione IoT
Hub
MARCO PARENZAN
WPC2017 3

4. Agenda
•Azure for the Internet of Things
•Using CLI
•Managing Device Identities with Azure IoT Hub
•Managing Devices with Azure IoT Hub
•Handling Events with Azure Serverless
•Conclusions
WPC2017 4

5. Azure
for the Internet of Things

6. Things
IoT Pattern + Edge
Insights ActionsInsights Actions
Cloud
Gateway

7. Things
Azure “Insights & Actions”
Insights ActionsInsights Actions
Cloud
Gateway

8. Comprehensive set of offerings for IoT
Azure Time Series
Insights
Azure Machine
Learning
Azure Stream
Analytics
Cosmos DB Azure Data Lake
Azure Data Lake
Analytics
Azure HD Insight
Spark, Storm,
Kafka
Azure Event Hubs
Microsoft Flow
Azure Logic Apps
Notification Hubs
Azure Websites
Microsoft Power
BI
Azure Active
Directory
Azure IoT Hub
Azure IoT Hub
Device Provisioning
Service
Azure IoT Edge
Azure Monitor
PaaSServices&
DeviceSupport
Edge Support
Device Support
Azure IoT Device
SDK
Certified Devices
Azure Certified for
IoT
Security Program
for Azure IoT
IoT Services Data & Analytics Services Visualization & Integration Services
IoTSolutions
(PaaS)
IoTSolutions
(SaaS) Microsoft IoT Central
IoT SaaS
Microsoft Connected Field Service
Field Service SaaS
Remote Monitoring Predictive Maintenance Connected factory
Windows 10 IoT
Core
Azure IoT Suite

9. Things
The cloud gateway
Insights ActionsInsights Actions
Cloud
Gateway

10. Azure IoT Hub
Bi-directional communication Enterprise scale &
integration
End-to-End Security

11. IoT Hub messaging
IoT Hub

12. IoTHub messaging protocols
Legacy
Protocol
Low
resource
devices
Intermittent
connection
Device
location

13. Telemetry
sending,
acquiring and
measuring data
Event
State (or state
event)
Message

14. Message
Opaque
body
Application
Properties
System
Properties

15. Receiving a message as a service
guarantees
reliability and
durability handling
messages.
handles
intermittent
connectivity on the
device side.
at least once
1day (default) to 7
days
Custom
Processor, Stream
Analytics, Azure
Func

16. Limitations and Guidance
Transient
storage
50
messages
48 hours
64Kb

17. IoT Hub messaging pricing and scaling
Service instance made of units
Device messages (limit 256Kb) are billed in 4Kb chunks (0,5Kb for Free
tier)
Twins messages
(limit 8Kb) are billed
in 0,5Kb chunks

18. Things
Developing things
Insights ActionsInsights Actions
Cloud
Gateway

19. Developing things
Comprehensive set of SDK
Supporting languages
Supporting hardware
Test with FakeDevices

20. DEMO
20

21. Device has a «functional»
lifetime

22. Device has a «non functional»
lifetime

23. Using CLI

24. Azure Resource Manager
Infrastructure
as Code
Declarative
Approach
Reproducibility
Consistency
Repeatability
Disposability
Service continuity
Self-testing systems
Small changes
Version all the things

25. PowerShell
Born in 2004 with Monad project
Most complete and powerful command line experience
Not simple to learn, but not too hard
Most powerful Windows devops experience
Most powerful Azure devops experience
Now available on Linux and Mac with .NET Core

26. IoTHub Explorer
Command line experience to manage IoT Hub
npm install -g iothub-explorer (requires Node.js)
https://github.com/Azure/iothub-explorer
Pro - Specific commands:
• monitor-* (feedback/events/uploads/ops)
• Work with twins/jobs/direct-methods

27. Azure CLI 1.0 (a.k.a. Xplat CLI)
Command line experience to manage Azure Subscription
npm install -g azure-cli (requires Node.js)
https://github.com/Azure/azure-xplat-cli
Pro – ASM Support
Pro – First multiplatform devops tool
Cons – will die in favour of Azure CLI 2.0 as ASM «disappear»

28. Azure CLI 2.0
Command line experience to manage Azure Subscription
Complete rewrite
curl -L https://aka.ms/InstallAzureCli | bash (MacOsX/Linux)
pip install --user azure-cli (Windows)
(requires Python)
https://github.com/Azure/azure-cli
Pro – consistent commandline experience
Cons – only ARM support, just released, miss many services

29. DEMO
29

30. Managing Device
Indentities with Azure
IoT Hub

31. IoT Hub Endpoints

32. What is a Shared Access Policy?
Used to authorize services
Is a permission to services or devices to access some endpoints
Uses symmetric key encryption technology for token authorization
Good practice: 1 policy, 1 service

33. Service Connect Permission

34. Device Connect Permission

35. Device Registry Operations
Create
identity
Update
identity
Retrieve
identity
Delete
identity
List
identities
Export
identities
Import
identities

36. Device Registry Informations
deviceId is the name you assign to the device.
generationId is a property used to distinguish devices with the same deviceId, but that are deleted and
recreated. So the real key should be deviceId+generationid
auth contains authentication information such as the symmetric keys, that are the couple of primary and
secondary keys shared with IoTHUb used to secure each message. Those keys are stored in BASE64
format
Status, statusReason and statusUpdateTime are used to disable or enable the device and trace why
device was disabled and when. If disabled, the device cannot use its identity to access to IoTHub.
connectionState and connectionStateUpdatedTime shows if the device is connected or not. This property
is available only if you use AMQP or MQTT protocols and it is updated only every 5 minutes. So it can
contain false positives and should be used only for debugging and testing purposes. You need to
implement some sort of heartbeat functionality on your device to have a real feedback on connection
from your device.
lastActivityTime tracks the last operation on that device

37. Registry Read/Registry Write Permission

38. Transport Level Security
TCP based protocols (HTTPS, MQTT, AMQP)
Endpoints exposes certificates with public key
Automatically handled by TCP/IP stack
DEVICE IOT HUB
(TCP endpoint)
TCP Connection

39. Asymmetric Key encryption
Used to receive secure data by the parties
Couple of keys. Private keys, kept safe by
the generator of the keys, decrypt what is
encrypted by the public key,
Either self signed certificates or CA
certificates (preview)
Pro
• single point of failure
• long keys (2^10 bit+) difficult to decrypt
Cons
• can encrypt small chunks of data
Used to encrypt a symmetric key at each
communication
Encrypt( , , )=
Decrypt( , , )=

40. Symmetric Key encryption
Used to exchange secure data by
the parties
Single Key shared by the parties
Pro
• Can encrypt big blocks of data
Cons
• Unsecure if one of the parties loose the
key, multiple point of failures
Encrypt( , , )=
Decrypt( , , )=

41. Generate the symmetric key
DEVICE IOT HUB
C:>az iot device create –hub-name <hubname> --device-id <deviceId>

42. All devices have different keys
Device Registry

43. Authorization with encryption
Encrypt( , , )=

44. DEMO
44

45. Managing Devices with
Azure IoT Hub

46. IoT Hub Device Management
Device
Twin
Queries Methods
Jobs

47. Device Twin
Twin is the logical representation of the device.
It is a JSON document that stores device state information.
Information is properties that you can distinguish as tags, desired
properties, and reported properties.
The document is stored in IoT Hub, in a CosmosDb-like eventually
consistent container.
In general, all properties as just JSON properties so you can write
anything you what respecting JSON rules.
It can be patched

48. Device Twin Limitations
Properties can have a maximum depth of 5.
The size of the property values cannot be bigger that 8Kb max .
JSON types supported: boolean, number, string, object. Arrays are not
allowed
The document is updated and synchronized with device handling
optimistic concurrency.
8Kb (billing size: 16 messages)

49. Desired properties
We need to configure the device. It is not cost effective to perform locally.
Desired property is a kind of property that is configured on the twin. IoT
Hub handles the change queuing the update on the device endpoint.
So when it reconnects, it will update its state.
The maximum size of desired properties is 8Kb.

50. Reported properties
The device has a local state.
That state changes because device runs some tasks. You want to know
that.
The device can send updates on these when they change.
IoTHub receives a message from the device endpoint about the update,
and that is changed on the twin.
The maximum size of reported properties is 8Kb.

51. Tags
Desired properties and reported properties are functional for the device.
Some properties are useful only for the service and not the devices.
It’s a key/value data dictionary.

52. Querying Device Twins
FROM WHERE SELECT
GROUP
BY

53. Sample queries
Devices located in the US configured to send telemetry less often that every minute
Devices which have wifi o wired connectivity
Devices where reported and desired properties do not match
Devices group by status

54. Device Management Lifetime Operations
Reboot
Factory
Reset
Firmware
Update
Configuration
Reporting
progress and
status

55. Direct Methods
Immediate
confirmation
Two-way
data flow
MQTT
8Kb request
- 8Kb
response
MQTT

56. Demo

57. Handling Events with
Azure Serverless

58. Where storing a message
Azure SQL
Database
Azure
DocumentDb
Azure
EventHub
Azure Queue
Azure
Service Bus
Azure
Storage

59. Alternatives to process events
Stream Analytics
Event Processor
Functions

60. Comparing different ways
Data
streaming
Event
correlation
High
scalability
Single event
Performance
not critical
Custom
coding
Flexible
coding
Special
hosting
requirements
Special
performance
requirements

61. Serverless manifesto
Function are the unit of deployment and
scaling.
Scales per request Users cannot over-
or under-provision capacity.
Never pay for idle (no cold
servers/containers or their costs)
Trigger-based invocation code run
because of an event happened and has
to be handled

62. What is Azure Serverless
https://www.geekwire.com/2017/serverless-nirvana-microsoft-azure-cto-mark-russinovich-future-cloud/
https://www.geekwire.com/2017/interview-microsofts-mark-russinovich-intersection-serverless-edge-computing/

63. "Ho i dati e ora devo creare una
dashboard. Posso usare Power BI?
No grazie, fanne una tu, così ne
abbiamo completamente il controllo"

64. Demo

65. Conclusioni

66. IoT Hub Availability
Highly available (Service Fabric-based)
Single Region
Registry Import/Export (manual)

67. Group devices and control access
according to your organization's
needs
Securely authenticate devices,
on-board for management
and provision for service
Provide updates, configuration & applications
to assign the purpose of each device
Monitor device inventory,
health & security while
providing proactive
remediation of issues
Replace or decommission
devices after failure, upgrade
cycle or service lifetime
IoT Device Lifecycle
PLAN
PROVISI
ON
CONFIG
URE
MONI
TOR
RETIRE

68. IoT Hub Device Provisioning
Devices are automatically and securely connected to the IoT Hub service
and provisioned with initial configuration
A single device provisioning tenant can provide service for multiple IoT
hubs (in multiple regions)
Customers provide rules and logic to assure the right device is attached to
the right IoT solution (and associated IoT Hub endpoint)
Device provisioning ability is extensible with support for several types of
identity attestation patterns

69. Device Provisioning Service Setup
Devices already have the URI for
the device provisioning service at
first boot
Device provisioning service already
knows about the IoT hubs to which it
can connect
Device provisioning service already
knows the type of identity attestation
it is using, including connection info
for each
IoT Hub
Device registry
(ID/key and metadata)
Device
IoT Hub device provisioning service
Distribution rules
IoT Hub
Device registry
(ID/key and metadata)
Enrollment list

70. 70

72. Benefici attesi dall’Industria 4.0

73. Q&A Domande e risposte
WPC2017 73
Marco Parenzan – 1nn0va
marco [dot] parenzan [at] 1nn0va [dot] it
Twitter: @marco_parenzan
AZURE MVP, 1nn0va Community Lead, Trainer and Consultant on
.NET, Azure and IT

74. Corsi
consigliati
• MOC535 (replaces 534)
WPC2017 74

75. Contatti
OverNet Education
Info@OverNetEducation.it
www.OverNetEducation.it
Rozzano (MI) +39 02 365738
Bologna +39 051 269911
www.wpc-overneteducation.it
ROZZANO (MI) – BOLOGNA
ROMA – NAPOLI – GENOVA
TORINO
WPC2017 75