mqtt-qs and other changes

Author: Venkata Yaddanapudi

articles/event-grid/media/mqtt-publish-and-subscribe-portal/mqttx-app-client1-configuration-1.png

@@ -13,45 +13,61 @@ Key terms relevant for Event Grid namespace and MQTT resources are explained.
 
 ## Namespace
 
-An Event Grid namespace is a declarative space that provides a scope to all the nested resources or subresources such as topics, certificates, clients, client groups, topic spaces, permission bindings.  It gives you a unique FQDN.  
+An Event Grid namespace is a declarative space that provides a scope to all the nested resources or subresources such as topics, certificates, clients, client groups, topic spaces, permission bindings.  
 
-Namespace is a tracked resource with 'tags' and a 'location' properties, and once created can be found on resources.azure.com.  
+| Resource   | Protocol supported |
+| :--- | :---: |
+| Namespace topics | HTTP |
+| Topic Spaces | MQTT |
+| Clients | MQTT |
+| Client Groups | MQTT |
+| CA Certificates | MQTT |
+| Permission bindings | MQTT |
 
 Using the namespace, you can organize the subresources into logical groups and manage them as a single unit in your Azure subscription.  Deleting a namespace deletes all the subresources encompassed within the namespace.
 
+It gives you a unique FQDN.  A Namespace exposes two endpoints:
+
+- An HTTP endpoint to support general messaging requirements using Namespace Topics.
+- An MQTT endpoint for IoT messaging or solutions that use MQTT.
+  
+A Namespace also provides DNS-integrated network endpoints and a range of access control and network integration management features such as IP ingress filtering and private links. It's also the container of managed identities used for all contained resources that use them.
+
+Namespace is a tracked resource with 'tags' and a 'location' properties, and once created can be found on resources.azure.com.  
+
 The name of the namespace can be 3-50 characters long.  It can include alphanumeric, and hyphen(-), and no spaces.  The name needs to be unique per region.
 
 ## Client
 
-Client is a device or an application that can publish and/or subscribe MQTT messages.
+Client is a device or an application that can publish and/or subscribe MQTT messages.  For more information about client configuration, see [MQTT clients](mqtt-clients.md).
 
 ## Certificate / Cert
 
-Certificate is a form of asymmetric credential. They're a combination of a public key from an asymmetric keypair and a set of metadata describing the valid uses of the keypair. If the keypair of the issuer is the same keypair as the certificate, the certificate is said to be "self-signed". Third-party certificate issuers are sometimes called Certificate Authorities (CA).
+Certificate is a form of asymmetric credential. They're a combination of a public key from an asymmetric keypair and a set of metadata describing the valid uses of the keypair. If the keypair of the issuer is the same keypair as the certificate, the certificate is said to be "self-signed". Third-party certificate issuers are sometimes called Certificate Authorities (CA).  For more information about client authentication, see [MQTT client authentication](mqtt-client-authentication.md).
 
 ## Client attributes
 
-Client attributes represent a set of key-value pairs that provide descriptive information about the client. Client attributes are used in creating client groups and as variables in Topic Templates. For example, client type is an attribute that provides the client's type.
+Client attributes represent a set of key-value pairs that provide descriptive information about the client. Client attributes are used in creating client groups and as variables in Topic Templates. For example, client type is an attribute that provides the client's type.  For more information about client configuration, see [MQTT clients](mqtt-clients.md).
 
 ## Client group
 
-Client group is a collection of clients.  Clients can be grouped together using common client attribute(s). Client groups can be given permissions to publish and/or subscribe to a specific topic space.
+Client group is a collection of clients.  Clients can be grouped together using common client attribute(s). Client groups can be given permissions to publish and/or subscribe to a specific topic space.  For more information about client groups configuration, see [MQTT client groups](mqtt-client-groups.md).
 
 ## Topic space
 
-Topic space is a set of topic templates. It's used to simplify access control management by enabling you to grant publish or subscribe access to a group of topics at once instead of individual topics.
+Topic space is a set of topic templates. It's used to simplify access control management by enabling you to grant publish or subscribe access to a group of topics at once instead of individual topics.  For more information about topic spaces configuration, see [MQTT topic spaces](mqtt-topic-spaces.md).
 
 ## Topic filter
 
 An MQTT topic filter is an MQTT topic that can include wildcards for one or more of its segments, allowing it to match multiple MQTT topics. It's used to simplify subscriptions declarations as one topic filter can match multiple topics.
 
 ## Topic template
 
-Topic templates are an extension of the topic filter that supports variables. It's used for fine-grained access control within a client group. 
+Topic templates are an extension of the topic filter that supports variables. It's used for fine-grained access control within a client group.
 
 ## Permission bindings
 
-A Permission Binding grants access to a specific client group to either publish or subscribe on a specific topic space.
+A Permission Binding grants access to a specific client group to either publish or subscribe on a specific topic space.  For more information about permission bindings, see [MQTT access control](mqtt-access-control.md).
 
 ## Throughput units
 

articles/event-grid/media/mqtt-publish-and-subscribe-portal/mqttx-app-client2-configuration-1.png

@@ -63,8 +63,9 @@ Save the Namespace object in namespace.json file in resources folder.
     "properties": {
         "inputSchema": "CloudEventSchemaV1_0",
         "topicSpacesConfiguration": {
-            "state": "Enabled",
-        }
+            "state": "Enabled"
+        },
+        "isZoneRedundant": true
     },
     "location": "{Add region name}"
 }
@@ -85,22 +86,21 @@ Store the client object in client1.json file.  Update the allowedThumbprints fie
 
 ```json
 {
-    "properties": {
-        "state": "Enabled",
-        "authenticationName": “client1-authnID", 
-        "clientCertificateAuthentication": {
-            "allowedThumbprints": [
-                "{Your client 1 certificate thumbprint}"
-            ]
-        }
+    "state": "Enabled",
+    "authenticationName": "client1-authnID", 
+    "clientCertificateAuthentication": {
+        "validationScheme": "ThumbprintMatch",
+        "allowedThumbprints": [
+            "{Your client 1 certificate thumbprint}"
+        ]
     }
 }
 ```
 
 Use the az resource command to create the first client.  Update the command with your subscription ID, Resource group ID, and a Namespace name.
 
 ```azurecli-interactive
-az resource create --resource-type Microsoft.EventGrid/namespaces/clients --id /subscriptions/{Subscription ID}/resourceGroups/{Resource Group}/providers/Microsoft.EventGrid/namespaces/{Namespace Name}/clients/{Client Name} --is-full-object --api-version 2023-06-01-preview --properties @./resources/client1.json
+az resource create --resource-type Microsoft.EventGrid/namespaces/clients --id /subscriptions/{Subscription ID}/resourceGroups/{Resource Group}/providers/Microsoft.EventGrid/namespaces/{Namespace Name}/clients/{Client Name} --api-version 2023-06-01-preview --properties @./resources/client1.json
 ```
 
 > [!NOTE]
@@ -113,18 +113,16 @@ Store the below object in topicspace.json file.
 
 ```json
 { 
-    "properties": {
-        "topicTemplates": [
-            "contosotopics/topic1"
-        ]
-    }
+    "topicTemplates": [
+        "contosotopics/topic1"
+    ]
 }
 ```
 
 Use the az resource command to create the topic space.  Update the command with your subscription ID, Resource group ID, namespace name, and a topic space name.
 
 ```azurecli-interactive
-az resource create --resource-type Microsoft.EventGrid/namespaces/topicSpaces --id /subscriptions/{Subscription ID}/resourceGroups/{Resource Group}/providers/Microsoft.EventGrid/namespaces/{Namespace Name}/topicSpaces/{Topic Space Name} --is-full-object --api-version 2023-06-01-preview --properties @./resources/topicspace.json
+az resource create --resource-type Microsoft.EventGrid/namespaces/topicSpaces --id /subscriptions/{Subscription ID}/resourceGroups/{Resource Group}/providers/Microsoft.EventGrid/namespaces/{Namespace Name}/topicSpaces/{Topic Space Name} --api-version 2023-06-01-preview --properties @./resources/topicspace.json
 ```
 
 ## Create PermissionBindings
@@ -133,11 +131,9 @@ Store the first permission binding object in permissionbinding1.json file.  Repl
 
 ```json
 {
-    "properties": {
-        "clientGroupName": "$all",
-        "permission": "Publisher”,
-        "topicSpaceName": "{Your topicspace name}"
-    }
+    "clientGroupName": "$all",
+    "permission": "Publisher",
+    "topicSpaceName": "{Your topicspace name}"
 }
 ```
 
@@ -151,11 +147,9 @@ Store the second permission binding object in permissionbinding2.json file.  Rep
 
 ```json
 {
-    "properties": {
-        "clientGroupName": "$all",
-        "permission": "Subscriber”,
-        "topicSpaceName": "{Your topicspace name}"
-    }
+    "clientGroupName": "$all",
+    "permission": "Subscriber",
+    "topicSpaceName": "{Your topicspace name}"
 }
 ```
 
@@ -177,6 +171,9 @@ You need to install the MQTTnet package (version 4.1.4.563) from NuGet to run th
 
 **Sample C# code to connect a client, publish/subscribe MQTT message on a topic**
 
+> [!IMPORTANT]
+> Please update the client certificate and key pem file paths depending on location of your client certificate files.  Also, ensure the client authentication name, topic information match with your configuration.
+
 ```csharp
 using MQTTnet.Client;
 using MQTTnet;
@@ -193,7 +190,8 @@ var mqttClient = new MqttFactory().CreateMqttClient();
 
 var connAck = await mqttClient!.ConnectAsync(new MqttClientOptionsBuilder()
     .WithTcpServer(hostname, 8883)
-    .WithClientId(clientId).WithCredentials(“client1-authnID”, "")  //use client authentication name in the username
+    .WithClientId(clientId)
+    .WithCredentials("client1-authnID", "")  //use client authentication name in the username
     .WithTls(new MqttClientOptionsBuilderTlsParameters()
     {
         UseTls = true,

articles/event-grid/media/mqtt-support/mqtt-maximum-session-expiry-configuration.png

@@ -123,27 +123,30 @@ If you don't already have a certificate, you can create a sample certificate usi
 1. For publish / subscribe MQTT messages, you can use any of your favorite tools.  For demonstration purpose, publish / subscribe is shown using MQTTX app, which can be downloaded from https://mqttx.app/.
 
     :::image type="content" source="./media/mqtt-publish-and-subscribe-portal/mqttx-app-add-client.png" alt-text="Screenshot showing MQTTX app left rail to add new client.":::
-2. Configure client1 with  
+
+1. Configure client1 with  
     - Name as client-name-1 (this value can be anything)
     - Client ID as client1-sessionID1 (Client ID in CONNECT packet is used to identify the session ID for the client connection)
     - Username as client1-authnID (Username must match the client authentication name in client metadata)
-3. Update the host name to MQTT hostname from the Overview page of the namespace.
+
+1. Update the host name to MQTT hostname from the Overview page of the namespace.
 
     :::image type="content" source="./media/mqtt-publish-and-subscribe-portal/event-grid-namespace-overview.png" alt-text="Screenshot showing Event Grid namespace overview page, which has MQTT hostname.":::
 
-4. Toggle SSL/TLS to ON.
-5. You can leave the SSL Secure ON.
-6. Select Certificate as Self signed.
-7. Provide the path to client.cer.pem file for Client Certificate File.
-8. Provide the path to client.key.pem file for Client key file.
-9. Rest of the settings can be left with predefined default values.
+1. Update the port to 8883
+1. Toggle SSL/TLS to ON.
+1. Toggle SSL Secure to ON, to ensure service certificate validation.
+1. Select Certificate as Self signed.
+1. Provide the path to client.cer.pem file for Client Certificate File.
+1. Provide the path to client.key.pem file for Client key file.
+1. Rest of the settings can be left with predefined default values.
 
     :::image type="content" source="./media/mqtt-publish-and-subscribe-portal/mqttx-app-client1-configuration-1.png" alt-text="Screenshot showing client 1 configuration part 1 on MQTTX app.":::
 
     :::image type="content" source="./media/mqtt-publish-and-subscribe-portal/mqttx-app-client1-configuration-2.png" alt-text="Screenshot showing client 1 configuration part 2 on MQTTX app.":::
 
-10. Select Connect to connect the client to the Event Grid MQTT service.
-11. Repeat the above steps to connect the second client “client2”, with corresponding authentication information as shown.
+1. Select Connect to connect the client to the Event Grid MQTT service.
+1. Repeat the above steps to connect the second client “client2”, with corresponding authentication information as shown.
 
     :::image type="content" source="./media/mqtt-publish-and-subscribe-portal/mqttx-app-client2-configuration-1.png" alt-text="Screenshot showing client 2 configuration part 1 on MQTTX app.":::
 

articles/event-grid/mqtt-event-grid-namespace-terminology.md

@@ -71,7 +71,8 @@ az eventgrid event-subscription create --name contosoEventSubscription \
         "topicSpacesConfiguration": {
             "state": "Enabled",
             "routeTopicResourceId": "/subscriptions/{Subscription ID}/resourceGroups/{Resource Group ID}/providers/Microsoft.EventGrid/topics/{EG Custom Topic Name}"
-        }
+        },
+        "isZoneRedundant": true
     },
     "location": "{region name}"
 }