You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# Customer intent: As a solution builder or device developer I want a high-level overview of the issues around device infrastructure and connectivity so that I can easily find relevant content.
14
14
---
15
15
16
-
# Device infrastructure and connectivity
16
+
# Asset and device infrastructure and connectivity
17
17
18
18
This overview introduces the key concepts around how devices connect to the cloud in a typical Azure IoT solution. The article also introduces optional infrastructure elements such as gateways and bridges. Each section includes links to content that provides further detail and guidance.
19
19
20
+
### [Edge-based solution](#tab/edge)
21
+
22
+
The following diagram shows a high-level view of the components in a typical IoT solution. This article focuses on the connectivity between the assets and the edge environment shown in the diagram:
23
+
24
+
<!-- Art Library Source# ConceptArt-0-000-032 -->
25
+
:::image type="content" source="media/iot-overview-device-connectivity/iot-edge-connectivity-architecture.svg" alt-text="Diagram that shows the high-level IoT edge-based solution architecture highlighting device connectivity areas." border="false" lightbox="media/iot-overview-device-connectivity/iot-edge-connectivity-architecture.svg":::
26
+
27
+
### [Cloud-based solution](#tab/cloud)
28
+
20
29
IoT Central applications use the IoT Hub and the Device Provisioning Service (DPS) services internally. Therefore, the concepts in this article apply whether you're using IoT Central to explore an IoT scenario or building your solution by using IoT Hub and DPS.
21
30
22
-
The following diagram shows a high-level view of the components in a typical IoT solution. This article focuses on the connectivity between the devices and the IoT cloud services, including gateways and bridges, shown in the diagram.
31
+
The following diagram shows a high-level view of the components in a typical IoT solution. This article focuses on the connectivity between the devices and the IoT cloud services, including gateways and bridges shown in the diagram:
32
+
33
+
<!-- Art Library Source# ConceptArt-0-000-032 -->
34
+
:::image type="content" source="media/iot-overview-device-connectivity/iot-cloud-connectivity-architecture.svg" alt-text="Diagram that shows the high-level IoT cloud-based solution architecture highlighting device connectivity areas." border="false" lightbox="media/iot-overview-device-connectivity/iot-cloud-connectivity-architecture.svg":::
35
+
36
+
---
37
+
38
+
## Communication methods
39
+
40
+
### [Edge-based solution](#tab/edge)
41
+
42
+
To exchange data with Azure services, assets use industry standards such as:
43
+
44
+
-**OPC UA tags and events**. OPC UA *tags* represent data points. OPC UA *events* represent state changes. The connector for OPC UA is an Azure IoT Operations service that connects to OPC UA servers to retrieve their data and publishes it to topics in the MQTT broker. [OPC Foundation](https://opcfoundation.org/)
45
+
46
+
-**MQTT messaging**. MQTT allows a single broker to serve tens of thousands of clients simultaneously, with lightweight publish-subscribe topic creation and management. Many IoT devices support MQTT natively out of the box. The MQTT broker underpins the messaging layer in Azure IoT Operations and supports both MQTT v3.1.1 and MQTT v5. [MQTT](https://mqtt.org/)
47
+
48
+
-**ONVIF media specifications** (preview). The connector for ONVIF in Azure IoT Operations focuses on support for camera devices that implement the ONVIF profiles for basic (S) or advanced (T) video streaming. [ONVIF](https://www.onvif.org/)
49
+
50
+
-**Media protocols such as RTSP, RTCP, SRT, HLS, and JPEG over HTTP** (preview). The media connector makes images and video from media sources such as IP cameras available to other Azure IoT Operations components.
23
51
24
-
:::image type="content" source="media/iot-overview-device-connectivity/iot-architecture.svg" alt-text="Diagram that shows the high-level IoT solution architecture highlighting device connectivity areas." border="false":::
52
+
Once asset data is received, Azure IoT Operations uses *data flows* to process and route data to cloud endpoints or other edge components.
25
53
26
-
##Primitives
54
+
### [Cloud-based solution](#tab/cloud)
27
55
28
-
Azure IoT devices use the following primitives to exchange data with cloud services. Devices use:
56
+
Azure IoT devices use the following primitives to exchange data with cloud services:
29
57
30
58
-*Device-to-cloud* messages to send time series telemetry to the cloud. For example, temperature data collected from a sensor attached to the device.
31
59
-*Device twins* to share and synchronize state data with the cloud. For example, a device can use the device twin to report the current state of a valve it controls to the cloud and to receive a desired target temperature from the cloud.
@@ -36,7 +64,23 @@ Azure IoT devices use the following primitives to exchange data with cloud servi
36
64
37
65
To learn more, see [Device-to-cloud communications guidance](../iot-hub/iot-hub-devguide-d2c-guidance.md) and [Cloud-to-device communications guidance](../iot-hub/iot-hub-devguide-c2d-guidance.md).
38
66
39
-
## Device-facing cloud endpoints
67
+
---
68
+
69
+
## Asset and device endpoints
70
+
71
+
### [Edge-based solution](#tab/edge)
72
+
73
+
Azure IoT Operations uses *connectors* to discover, manage, and ingress data from assets in an edge-based solution.
74
+
75
+
- The connector for OPC UA is a data ingress and protocol translation service that enables Azure IoT Operations to ingress data from your assets. The broker receives telemetry and events from your assets and publishes the data to topics in the MQTT broker. The broker is based on the widely used OPC UA standard.
76
+
- The media connector (preview) is a service that makes media from media sources such as edge-attached cameras available to other Azure IoT Operations components.
77
+
- The connector for ONVIF (preview) is a service that discovers and registers ONVIF assets such as cameras. The connector enables you to manage and control ONVIF assets such as cameras connected to your cluster.
78
+
79
+
When you add a connector to an Azure IoT Operations scenario, you also define an *asset endpoint* that describes the southbound edge connectivity information for one or more assets. An asset endpoint profile includes connection information like the local IP address and authentication information.
80
+
81
+
To learn more, see [What is asset management in Azure IoT Operations](../iot-operations/discover-manage-assets/overview-manage-assets.md).
82
+
83
+
### [Cloud-based solution](#tab/cloud)
40
84
41
85
An Azure IoT hub exposes a collection of per-device endpoints that let devices exchange data with the cloud. These endpoints include:
42
86
@@ -55,16 +99,26 @@ The advantage of using DPS is that you don't need to configure all of your devic
55
99
56
100
To learn more about implementing automatic reconnections to endpoints, see [Manage device reconnections to create resilient applications](./concepts-manage-device-reconnections.md).
57
101
58
-
## Device connection strings
102
+
---
103
+
104
+
## Authentication
105
+
106
+
### [Edge-based solution](#tab/edge)
107
+
108
+
Assets and asset endpoints in Azure IoT Operations are represented as custom resources in the Kubernetes cluster and as resources in Azure. You can use Azure role-based access control (Azure RBAC) to secure access to these resources. To learn more, see [Secure access to assets and asset endpoints](../iot-operations/discover-manage-assets/howto-secure-assets.md).
109
+
110
+
Asset endpoint profiles include user authentication information for accessing those endpoints. This authentication can be anonymous or username/password authentication where the values are stored as secrets in Azure Key Vault. Access to the Azure key vault is configured with a user-assigned managed identity.
111
+
112
+
The connector for OPC UA is an OPC UA client application that uses a single OPC UA application instance certificate for all the sessions it establishes to collect telemetry data from OPC UA servers. By default, the connector uses [cert-manager](https://cert-manager.io/) to manage its application instance certificate.
113
+
114
+
### [Cloud-based solution](#tab/cloud)
59
115
60
116
A device connection string provides a device with the information it needs to connect securely to an IoT hub. The connection string includes the following information:
61
117
62
118
- The hostname of the IoT hub.
63
119
- The device ID registered with the IoT hub.
64
120
- The security information the device needs to establish a secure connection to the IoT hub.
65
121
66
-
## Authentication
67
-
68
122
Azure IoT devices use TLS to verify the authenticity of the IoT hub or DPS endpoint they're connecting to. The device SDKs rely on the device's trusted certificate store to include the DigiCert Global Root G2 TLS certificate they currently need to establish a secure connection to the IoT hub. To learn more, see [Transport Layer Security (TLS) support in IoT Hub](../iot-hub/iot-hub-tls-support.md) and [TLS support in Azure IoT Hub Device Provisioning Service (DPS)](../iot-dps/tls-support.md).
69
123
70
124
Azure IoT devices can use either shared access signature (SAS) tokens or X.509 certificates to authenticate themselves to an IoT hub. X.509 certificates are recommended in a production environment. To learn more about device authentication, see:
@@ -78,10 +132,23 @@ Azure IoT devices can use either shared access signature (SAS) tokens or X.509 c
78
132
79
133
All data exchanged between a device and an IoT hub is encrypted.
80
134
135
+
---
136
+
81
137
To learn more about security in your IoT solution, see [Security architecture for IoT solutions](/azure/well-architected/service-guides/azure-iot-hub#security).
82
138
83
139
## Protocols
84
140
141
+
### [Edge-based solution](#tab/edge)
142
+
143
+
To exchange data with Azure services, assets use industry standards such as:
144
+
145
+
-[MQTT v3.1.1](https://docs.oasis-open.org/mqtt/mqtt/v3.1.1/mqtt-v3.1.1.html) and [MQTT v5.0](https://docs.oasis-open.org/mqtt/mqtt/v5.0/mqtt-v5.0.html)
146
+
-[OPC UA](https://opcfoundation.org/)
147
+
-[ONVIF](https://www.onvif.org/) (preview)
148
+
- Media protocols such as RTSP, RTCP, SRT, HLS, and JPEG over HTTP (preview).
149
+
150
+
### [Cloud-based solution](#tab/cloud)
151
+
85
152
An IoT device can use one of several network protocols when it connects to an IoT Hub or DPS endpoint:
@@ -100,10 +167,26 @@ To learn more about how to choose a protocol for your devices to connect to the
100
167
-[Communicate with DPS using the HTTPS protocol (symmetric keys)](../iot-dps/iot-dps-https-sym-key-support.md)
101
168
-[Communicate with DPS using the HTTPS protocol (X.509)](../iot-dps/iot-dps-https-x509-support.md)
102
169
103
-
Industrial IoT scenarios often use the [open platform communications unified architecture (OPC UA)](https://opcfoundation.org/about/opc-technologies/opc-ua/) industry standard open interface. To enable connectivity to the Azure cloud, use Azure IoT Operations. To learn more, see [What is Azure IoT Operations?](../iot-operations/get-started/overview-iot-operations.md).
170
+
---
104
171
105
172
## Connection patterns
106
173
174
+
### [Edge-based solution](#tab/edge)
175
+
176
+
### Connection through edge servers
177
+
178
+
Azure IoT Operations enables a one-to-many connection pattern at the edge. A single deployment can ingest data from multiple industrial assets at the edge, then handle communication with the cloud.
179
+
180
+
The OPC UA standard is built around assets connecting to servers. The connector for OPC UA is a client application that runs as a middleware service in Azure IoT Operations. The connector for OPC UA connects to OPC UA servers, lets you browse the server address space, and monitor data changes and events in connected assets. Operations teams and developers use the connector for OPC UA to streamline the task of connecting OPC UA assets to their industrial solution at the edge.
181
+
182
+
The media connector can process video streams (RTSP) directly from cameras. It can also access media servers where multiple cameras store their videos or images. Once the media connector connect to a single external media server, it can save, process, or route the snapshots or video streams to an edge or cloud endpoint.
183
+
184
+
### Isolated network connections
185
+
186
+
Azure IoT Operations includes the Layered Network Management (preview) service For IoT scenarios that implement isolated network environments according to [ISA-95](https://www.isa.org/standards-and-publications/isa-standards/isa-standards-committees/isa95) and [Purdue Enterprise Network Architecture](https://en.wikipedia.org/wiki/Purdue_Enterprise_Reference_Architecture) standards. The service can route network traffic from a non-internet facing layer through an internet facing layer and then to Azure.
187
+
188
+
### [Cloud-based solution](#tab/cloud)
189
+
107
190
There are two broad categories of connection patterns that IoT devices use to connect to the cloud:
108
191
109
192
### Persistent connections
@@ -114,6 +197,8 @@ Persistent connections are required when your solution needs *command and contro
114
197
115
198
Ephemeral connections are brief connections for devices to send telemetry to your IoT hub. After a device sends the telemetry, it drops the connection. The device reconnects when it has more telemetry to send. Ephemeral connections aren't suitable for command and control scenarios. A device client can use the HTTP API if all it needs to do is send telemetry.
116
199
200
+
---
201
+
117
202
## Field gateways
118
203
119
204
Field gateways (sometimes referred to as edge gateways) are typically deployed on-premises and close to your IoT devices. Field gateways handle communication with the cloud on behalf of your IoT devices. Field gateways can:
@@ -123,6 +208,12 @@ Field gateways (sometimes referred to as edge gateways) are typically deployed o
123
208
- Filter, compress, or aggregate telemetry before sending it to the cloud.
124
209
- Run logic at the edge to remove the latency associated with running logic on behalf of devices in the cloud. For example, detecting a spike in temperature and opening a valve in response.
125
210
211
+
### [Edge-based solution](#tab/edge)
212
+
213
+
As an edge-based solution, Azure IoT Operations acts as a field gateway. Using the connectors and the MQTT broker, an Azure IoT Operations deployment communicates with assets and equipment, either directly or through a server, so that they don't need their own cloud connections. Data flows provide data transformation and data contextualization capabilities before routing messages to various locations including cloud endpoints.
214
+
215
+
### [Cloud-based solution](#tab/cloud)
216
+
126
217
You can use Azure IoT Edge to deploy a field gateway to your on-premises environment. IoT Edge provides a set of features that enable you to deploy and manage field gateways at scale. IoT Edge also provides a set of modules that you can use to implement common gateway scenarios. To learn more, see [What is Azure IoT Edge?](../iot-edge/about-iot-edge.md)
127
218
128
219
An IoT Edge device can maintain a [persistent connection](#persistent-connections) to an IoT hub. The gateway forwards device telemetry to IoT Hub. This option enables command and control of the downstream devices connected to the IoT Edge device.
@@ -133,6 +224,8 @@ A device bridge enables devices that are connected to a non-Microsoft cloud to c
133
224
134
225
The open source IoT Central Device Bridge acts as a translator that forwards telemetry to an IoT Central application. To learn more, see [Azure IoT Central Device Bridge](https://github.com/Azure/iotc-device-bridge). There are non-Microsoft bridge solutions, such as [Tartabit IoT Bridge](/shows/internet-of-things-show/onboarding-constrained-devices-into-azure-using-tartabits-iot-bridge), for connecting devices to an IoT hub.
135
226
227
+
---
228
+
136
229
## Next steps
137
230
138
231
Now that you've seen an overview of device connectivity in Azure IoT solutions, some suggested next steps include:
0 commit comments