IoT Cloud Services: The Azure IoT Hub

You’ve just learned how to implement IoT devices. In this step, we’ll investigate the Azure IoT Hub and how it assists the IoT process.

Azure IoT Hub is a fully managed service that enables secure and reliable bidirectional communication between the solution back-end and a wide variety of devices. In fact, a single IoT Hub is capable of connecting millions of IoT devices and ingesting high volumes of telemetry.

The IoT Hub service:

• Provides multiple device-to-cloud and cloud-to-device communication options, including one-way messaging, file transfer, and request-reply methods.
• Provides built-in declarative message routing (one-to-one messaging or targeting specific endpoints with specific messages – contrast with a broadcast message) to other Azure services.
• Provides a queryable store for device metadata and synchronised state information. This means you can request information about devices in your IoT network and get information about the state they’re in.
• Enables secure communications and access control using per-device security keys or X.509 certificates.
• Provides extensive monitoring for device connectivity and device identity management events.
• Includes device libraries for the most popular languages and platforms.

Azure IoT Hub Identity Registry

Every IoT Hub has an identity registry that stores information about the devices that’s permitted to connect to the IoT Hub. Before a device can connect to an IoT Hub, there must be an entry for that device in the IoT Hub’s identity registry. A device must also authenticate with the IoT Hub based on credentials stored in the identity registry.

At a high level, the identity registry is a REST-capable collection of device identity resources. When you add an entry to the identity registry, IoT Hub creates a set of per-device resources in the service such as the queue that contains messages that have been transmitted from the cloud to the device.

Messaging

IoT Hub provides the following messaging primitives to communicate with a device:

• Device-to-cloud from a device to a back-end app.
• Cloud-to-device from a back-end app (service or cloud).

See the IoT Hub Messaging resource documentation for a detailed look at device-to-cloud and cloud-to-device messaging.

Service-Assisted Communication

Azure IoT Hub implements the service-assisted communication pattern to mediate the interactions between your devices and your solution back-end. The goal of service-assisted communication is to establish trustworthy, bidirectional communication paths between a control system, such as IoT Hub, and special-purpose devices that are deployed in untrusted physical space.

The pattern establishes the following principles:

• Security takes precedence over all other capabilities.
• Devices do not accept network information it has not specifically requested. A device establishes all connections and routes in an outbound-only fashion. For a device to receive a command from the solution back-end, the device must regularly initiate a connection to check for any pending commands to process.
• Devices should only connect to or establish routes to well-known services they are paired with, such as IoT Hub.
• The communication path between device and service or between device and gateway is secured at the application protocol layer (that is, the technology that handles the actual communication between the devices and services).
• System-level authorisation and authentication are based on per-device identities. They make access credentials and permissions nearly instantly revocable. This means you can prevent or allow access to a device nearly instantaneously.
• Bidirectional communication for devices that connect sporadically due to power or connectivity concerns is facilitated by holding commands and device notifications until a device connects to receive them. IoT Hub maintains device-specific queues for the commands it sends.
• Application data is secured separately for protected transmission through gateways to a particular service.

Device Connectivity

In addition to a rich set of device-to-cloud and cloud-to-device communication options, including messaging, file transfers, and request-reply methods, Azure IoT Hub addresses the device-connectivity challenges in the following ways:

• Device twins. Using device twins, you can store, synchronise, and query device metadata and state information. Device twins are JSON documents that store device state information (metadata, configurations, and conditions). IoT Hub creates and maintains a device twin for each device that you connect to IoT Hub.

• Per-device authentication and secure connectivity. You can provision each device with its own security key to enable it to connect to IoT Hub. The IoT Hub identity registry stores device identities and keys in a solution. A solution back-end can add individual devices to allow or deny lists to enable complete control over device access.
• Route device-to-cloud messages to Azure services based on declarative rules. IoT Hub enables you to define message routes based on routing rules to control where your hub sends device-to-cloud messages. Routing rules do not require you to write any code and can take the place of custom post-ingestion message dispatchers.
• Monitoring of device connectivity operations. You can receive detailed operation logs about device identity management operations and device connectivity events. This monitoring capability enables your IoT solution to identify connectivity issues, such as devices that try to connect with wrong credentials, send messages too frequently, or reject all cloud-to-device messages.
• An extensive set of device libraries. Azure IoT device SDKs are available and supported for various languages and platforms–C for many Linux distributions, Windows, and real-time operating systems. Azure IoT device SDKs also support managed languages, such as C#, Java, and JavaScript.
• IoT protocols and extensibility. If your solution cannot use the device libraries, IoT Hub exposes a public protocol that enables devices to natively use the MQTT v3.1.1, HTTP 1.1, or AMQP 1.0 protocols. You can also extend IoT Hub to provide support for custom protocols by:
  • Creating a field gateway with the Azure IoT Gateway SDK that converts your custom protocol to one of the three protocols understood by IoT Hub.
  • Customising the Azure IoT protocol gateway, an open-source component that runs in the cloud.
• Scale. Azure IoT Hub scales to millions of simultaneously connected devices and millions of events per second.

An Example Implementation

The Microsoft Azure team has put together a demo project you can explore to better understand how to implement Azure IoT Hub services into your solution. This demo shows how to use the Azure Service Fabric along with IoT Hub, Event Hubs, OWIN, and Web API. The application ingests events from the input Event Hub, processes sensor readings, and generates an alert whenever a value outside of the tolerance range is received.

Note: Working with this demo will require an Azure subscription and some technical proficiency that may be beyond what you’re ready for at this point in your coursework. However, it will be beneficial for you to review the implementation to see what’s possible using Azure IoT Hub.

As you move into more advanced topics in the rest of the courses in this ExpertTrack, you can revisit this demo to test your skills and further lock in the concepts you’re learning. You can also check out a more advanced IoT demo that uses the Observer design pattern to show how changes in one part of implementation can be broadcast and inform changes to other parts of the implementation.

In the next step, we’ll take a look at IoT hub messaging.