Skip to content

Commit 497034d

Browse files
committed
Merge branch 'feb12-deviceconn' of https://github.com/kgremban/azure-docs-pr into naming-iot-overview-device-connectivity
2 parents b204038 + 4dccf43 commit 497034d

File tree

3 files changed

+3753
-11
lines changed

3 files changed

+3753
-11
lines changed

articles/iot/iot-overview-device-connectivity.md

Lines changed: 104 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -6,26 +6,54 @@ services: iot
66
author: dominicbetts
77
ms.author: dobett
88
ms.topic: overview
9-
ms.date: 02/28/2024
9+
ms.date: 02/25/2025
1010
ms.custom:
1111
- template-overview
1212
- ignite-2023
1313
# Customer intent: As a solution builder or device developer I want a high-level overview of the issues around device infrastructure and connectivity so that I can easily find relevant content.
1414
---
1515

16-
# Device infrastructure and connectivity
16+
# Asset and device infrastructure and connectivity
1717

1818
This overview introduces the key concepts around how devices connect to the cloud in a typical Azure IoT solution. The article also introduces optional infrastructure elements such as gateways and bridges. Each section includes links to content that provides further detail and guidance.
1919

20+
### [Edge-based solution](#tab/edge)
21+
22+
The following diagram shows a high-level view of the components in a typical IoT solution. This article focuses on the connectivity between the assets and the edge environment shown in the diagram:
23+
24+
<!-- Art Library Source# ConceptArt-0-000-032 -->
25+
:::image type="content" source="media/iot-overview-device-connectivity/iot-edge-connectivity-architecture.svg" alt-text="Diagram that shows the high-level IoT edge-based solution architecture highlighting device connectivity areas." border="false" lightbox="media/iot-overview-device-connectivity/iot-edge-connectivity-architecture.svg":::
26+
27+
### [Cloud-based solution](#tab/cloud)
28+
2029
IoT Central applications use the IoT Hub and the Device Provisioning Service (DPS) services internally. Therefore, the concepts in this article apply whether you're using IoT Central to explore an IoT scenario or building your solution by using IoT Hub and DPS.
2130

22-
The following diagram shows a high-level view of the components in a typical IoT solution. This article focuses on the connectivity between the devices and the IoT cloud services, including gateways and bridges, shown in the diagram.
31+
The following diagram shows a high-level view of the components in a typical IoT solution. This article focuses on the connectivity between the devices and the IoT cloud services, including gateways and bridges shown in the diagram:
32+
33+
<!-- Art Library Source# ConceptArt-0-000-032 -->
34+
:::image type="content" source="media/iot-overview-device-connectivity/iot-cloud-connectivity-architecture.svg" alt-text="Diagram that shows the high-level IoT cloud-based solution architecture highlighting device connectivity areas." border="false" lightbox="media/iot-overview-device-connectivity/iot-cloud-connectivity-architecture.svg":::
35+
36+
---
37+
38+
## Communication methods
39+
40+
### [Edge-based solution](#tab/edge)
41+
42+
To exchange data with Azure services, assets use industry standards such as:
43+
44+
- **OPC UA tags and events**. OPC UA *tags* represent data points. OPC UA *events* represent state changes. The connector for OPC UA is an Azure IoT Operations service that connects to OPC UA servers to retrieve their data and publishes it to topics in the MQTT broker. [OPC Foundation](https://opcfoundation.org/)
45+
46+
- **MQTT messaging**. MQTT allows a single broker to serve tens of thousands of clients simultaneously, with lightweight publish-subscribe topic creation and management. Many IoT devices support MQTT natively out of the box. The MQTT broker underpins the messaging layer in Azure IoT Operations and supports both MQTT v3.1.1 and MQTT v5. [MQTT](https://mqtt.org/)
47+
48+
- **ONVIF media specifications** (preview). The connector for ONVIF in Azure IoT Operations focuses on support for camera devices that implement the ONVIF profiles for basic (S) or advanced (T) video streaming. [ONVIF](https://www.onvif.org/)
49+
50+
- **Media protocols such as RTSP, RTCP, SRT, HLS, and JPEG over HTTP** (preview). The media connector makes images and video from media sources such as IP cameras available to other Azure IoT Operations components.
2351

24-
:::image type="content" source="media/iot-overview-device-connectivity/iot-architecture.svg" alt-text="Diagram that shows the high-level IoT solution architecture highlighting device connectivity areas." border="false":::
52+
Once asset data is received, Azure IoT Operations uses *data flows* to process and route data to cloud endpoints or other edge components.
2553

26-
## Primitives
54+
### [Cloud-based solution](#tab/cloud)
2755

28-
Azure IoT devices use the following primitives to exchange data with cloud services. Devices use:
56+
Azure IoT devices use the following primitives to exchange data with cloud services:
2957

3058
- *Device-to-cloud* messages to send time series telemetry to the cloud. For example, temperature data collected from a sensor attached to the device.
3159
- *Device twins* to share and synchronize state data with the cloud. For example, a device can use the device twin to report the current state of a valve it controls to the cloud and to receive a desired target temperature from the cloud.
@@ -36,7 +64,23 @@ Azure IoT devices use the following primitives to exchange data with cloud servi
3664

3765
To learn more, see [Device-to-cloud communications guidance](../iot-hub/iot-hub-devguide-d2c-guidance.md) and [Cloud-to-device communications guidance](../iot-hub/iot-hub-devguide-c2d-guidance.md).
3866

39-
## Device-facing cloud endpoints
67+
---
68+
69+
## Asset and device endpoints
70+
71+
### [Edge-based solution](#tab/edge)
72+
73+
Azure IoT Operations uses *connectors* to discover, manage, and ingress data from assets in an edge-based solution.
74+
75+
- The connector for OPC UA is a data ingress and protocol translation service that enables Azure IoT Operations to ingress data from your assets. The broker receives telemetry and events from your assets and publishes the data to topics in the MQTT broker. The broker is based on the widely used OPC UA standard.
76+
- The media connector (preview) is a service that makes media from media sources such as edge-attached cameras available to other Azure IoT Operations components.
77+
- The connector for ONVIF (preview) is a service that discovers and registers ONVIF assets such as cameras. The connector enables you to manage and control ONVIF assets such as cameras connected to your cluster.
78+
79+
When you add a connector to an Azure IoT Operations scenario, you also define an *asset endpoint* that describes the southbound edge connectivity information for one or more assets. An asset endpoint profile includes connection information like the local IP address and authentication information.
80+
81+
To learn more, see [What is asset management in Azure IoT Operations](../iot-operations/discover-manage-assets/overview-manage-assets.md).
82+
83+
### [Cloud-based solution](#tab/cloud)
4084

4185
An Azure IoT hub exposes a collection of per-device endpoints that let devices exchange data with the cloud. These endpoints include:
4286

@@ -55,16 +99,26 @@ The advantage of using DPS is that you don't need to configure all of your devic
5599

56100
To learn more about implementing automatic reconnections to endpoints, see [Manage device reconnections to create resilient applications](./concepts-manage-device-reconnections.md).
57101

58-
## Device connection strings
102+
---
103+
104+
## Authentication
105+
106+
### [Edge-based solution](#tab/edge)
107+
108+
Assets and asset endpoints in Azure IoT Operations are represented as custom resources in the Kubernetes cluster and as resources in Azure. You can use Azure role-based access control (Azure RBAC) to secure access to these resources. To learn more, see [Secure access to assets and asset endpoints](../iot-operations/discover-manage-assets/howto-secure-assets.md).
109+
110+
Asset endpoint profiles include user authentication information for accessing those endpoints. This authentication can be anonymous or username/password authentication where the values are stored as secrets in Azure Key Vault. Access to the Azure key vault is configured with a user-assigned managed identity.
111+
112+
The connector for OPC UA is an OPC UA client application that uses a single OPC UA application instance certificate for all the sessions it establishes to collect telemetry data from OPC UA servers. By default, the connector uses [cert-manager](https://cert-manager.io/) to manage its application instance certificate.
113+
114+
### [Cloud-based solution](#tab/cloud)
59115

60116
A device connection string provides a device with the information it needs to connect securely to an IoT hub. The connection string includes the following information:
61117

62118
- The hostname of the IoT hub.
63119
- The device ID registered with the IoT hub.
64120
- The security information the device needs to establish a secure connection to the IoT hub.
65121

66-
## Authentication
67-
68122
Azure IoT devices use TLS to verify the authenticity of the IoT hub or DPS endpoint they're connecting to. The device SDKs rely on the device's trusted certificate store to include the DigiCert Global Root G2 TLS certificate they currently need to establish a secure connection to the IoT hub. To learn more, see [Transport Layer Security (TLS) support in IoT Hub](../iot-hub/iot-hub-tls-support.md) and [TLS support in Azure IoT Hub Device Provisioning Service (DPS)](../iot-dps/tls-support.md).
69123

70124
Azure IoT devices can use either shared access signature (SAS) tokens or X.509 certificates to authenticate themselves to an IoT hub. X.509 certificates are recommended in a production environment. To learn more about device authentication, see:
@@ -78,10 +132,23 @@ Azure IoT devices can use either shared access signature (SAS) tokens or X.509 c
78132

79133
All data exchanged between a device and an IoT hub is encrypted.
80134

135+
---
136+
81137
To learn more about security in your IoT solution, see [Security architecture for IoT solutions](/azure/well-architected/service-guides/azure-iot-hub#security).
82138

83139
## Protocols
84140

141+
### [Edge-based solution](#tab/edge)
142+
143+
To exchange data with Azure services, assets use industry standards such as:
144+
145+
- [MQTT v3.1.1](https://docs.oasis-open.org/mqtt/mqtt/v3.1.1/mqtt-v3.1.1.html) and [MQTT v5.0](https://docs.oasis-open.org/mqtt/mqtt/v5.0/mqtt-v5.0.html)
146+
- [OPC UA](https://opcfoundation.org/)
147+
- [ONVIF](https://www.onvif.org/) (preview)
148+
- Media protocols such as RTSP, RTCP, SRT, HLS, and JPEG over HTTP (preview).
149+
150+
### [Cloud-based solution](#tab/cloud)
151+
85152
An IoT device can use one of several network protocols when it connects to an IoT Hub or DPS endpoint:
86153

87154
- [MQTT](https://docs.oasis-open.org/mqtt/mqtt/v3.1.1/mqtt-v3.1.1.pdf)
@@ -100,10 +167,26 @@ To learn more about how to choose a protocol for your devices to connect to the
100167
- [Communicate with DPS using the HTTPS protocol (symmetric keys)](../iot-dps/iot-dps-https-sym-key-support.md)
101168
- [Communicate with DPS using the HTTPS protocol (X.509)](../iot-dps/iot-dps-https-x509-support.md)
102169

103-
Industrial IoT scenarios often use the [open platform communications unified architecture (OPC UA)](https://opcfoundation.org/about/opc-technologies/opc-ua/) industry standard open interface. To enable connectivity to the Azure cloud, use Azure IoT Operations. To learn more, see [What is Azure IoT Operations?](../iot-operations/get-started/overview-iot-operations.md).
170+
---
104171

105172
## Connection patterns
106173

174+
### [Edge-based solution](#tab/edge)
175+
176+
### Connection through edge servers
177+
178+
Azure IoT Operations enables a one-to-many connection pattern at the edge. A single deployment can ingest data from multiple industrial assets at the edge, then handle communication with the cloud.
179+
180+
The OPC UA standard is built around assets connecting to servers. The connector for OPC UA is a client application that runs as a middleware service in Azure IoT Operations. The connector for OPC UA connects to OPC UA servers, lets you browse the server address space, and monitor data changes and events in connected assets. Operations teams and developers use the connector for OPC UA to streamline the task of connecting OPC UA assets to their industrial solution at the edge.
181+
182+
The media connector can process video streams (RTSP) directly from cameras. It can also access media servers where multiple cameras store their videos or images. Once the media connector connect to a single external media server, it can save, process, or route the snapshots or video streams to an edge or cloud endpoint.
183+
184+
### Isolated network connections
185+
186+
Azure IoT Operations includes the Layered Network Management (preview) service For IoT scenarios that implement isolated network environments according to [ISA-95](https://www.isa.org/standards-and-publications/isa-standards/isa-standards-committees/isa95) and [Purdue Enterprise Network Architecture](https://en.wikipedia.org/wiki/Purdue_Enterprise_Reference_Architecture) standards. The service can route network traffic from a non-internet facing layer through an internet facing layer and then to Azure.
187+
188+
### [Cloud-based solution](#tab/cloud)
189+
107190
There are two broad categories of connection patterns that IoT devices use to connect to the cloud:
108191

109192
### Persistent connections
@@ -114,6 +197,8 @@ Persistent connections are required when your solution needs *command and contro
114197

115198
Ephemeral connections are brief connections for devices to send telemetry to your IoT hub. After a device sends the telemetry, it drops the connection. The device reconnects when it has more telemetry to send. Ephemeral connections aren't suitable for command and control scenarios. A device client can use the HTTP API if all it needs to do is send telemetry.
116199

200+
---
201+
117202
## Field gateways
118203

119204
Field gateways (sometimes referred to as edge gateways) are typically deployed on-premises and close to your IoT devices. Field gateways handle communication with the cloud on behalf of your IoT devices. Field gateways can:
@@ -123,6 +208,12 @@ Field gateways (sometimes referred to as edge gateways) are typically deployed o
123208
- Filter, compress, or aggregate telemetry before sending it to the cloud.
124209
- Run logic at the edge to remove the latency associated with running logic on behalf of devices in the cloud. For example, detecting a spike in temperature and opening a valve in response.
125210

211+
### [Edge-based solution](#tab/edge)
212+
213+
As an edge-based solution, Azure IoT Operations acts as a field gateway. Using the connectors and the MQTT broker, an Azure IoT Operations deployment communicates with assets and equipment, either directly or through a server, so that they don't need their own cloud connections. Data flows provide data transformation and data contextualization capabilities before routing messages to various locations including cloud endpoints.
214+
215+
### [Cloud-based solution](#tab/cloud)
216+
126217
You can use Azure IoT Edge to deploy a field gateway to your on-premises environment. IoT Edge provides a set of features that enable you to deploy and manage field gateways at scale. IoT Edge also provides a set of modules that you can use to implement common gateway scenarios. To learn more, see [What is Azure IoT Edge?](../iot-edge/about-iot-edge.md)
127218

128219
An IoT Edge device can maintain a [persistent connection](#persistent-connections) to an IoT hub. The gateway forwards device telemetry to IoT Hub. This option enables command and control of the downstream devices connected to the IoT Edge device.
@@ -133,6 +224,8 @@ A device bridge enables devices that are connected to a non-Microsoft cloud to c
133224

134225
The open source IoT Central Device Bridge acts as a translator that forwards telemetry to an IoT Central application. To learn more, see [Azure IoT Central Device Bridge](https://github.com/Azure/iotc-device-bridge). There are non-Microsoft bridge solutions, such as [Tartabit IoT Bridge](/shows/internet-of-things-show/onboarding-constrained-devices-into-azure-using-tartabits-iot-bridge), for connecting devices to an IoT hub.
135226

227+
---
228+
136229
## Next steps
137230

138231
Now that you've seen an overview of device connectivity in Azure IoT solutions, some suggested next steps include:

0 commit comments

Comments
 (0)