MicrosoftDocs
diff --git a/‎articles/data-manager-for-agri/concepts-byol-and-credentials.md
Lines changed: 96 additions & 0 deletions b/‎articles/data-manager-for-agri/concepts-byol-and-credentials.md
Lines changed: 96 additions & 0 deletions
diff --git a/‎articles/data-manager-for-agri/concepts-ingest-sensor-data.md
Lines changed: 4 additions & 2 deletions b/‎articles/data-manager-for-agri/concepts-ingest-sensor-data.md
Lines changed: 4 additions & 2 deletions
diff --git a/‎articles/data-manager-for-agri/how-to-set-up-sensor-as-customer-and-partner.md
Lines changed: 214 additions & 0 deletions b/‎articles/data-manager-for-agri/how-to-set-up-sensor-as-customer-and-partner.md
Lines changed: 214 additions & 0 deletions
diff --git a/‎articles/data-manager-for-agri/how-to-set-up-sensors-customer.md
Lines changed: 2 additions & 2 deletions b/‎articles/data-manager-for-agri/how-to-set-up-sensors-customer.md
Lines changed: 2 additions & 2 deletions
@@ -0,0 +1,96 @@
+---
+title: Storing your license keys in Azure Data Manager for Agriculture
+description: Provides information on using third party keys 
+author: gourdsay
+ms.author: angour
+ms.service: data-manager-for-agri
+ms.topic: conceptual
+ms.date: 06/23/2023
+ms.custom: template-concept
+---
+
+# Store and use your license keys.
+
+Azure Data Manager for Agriculture supports a range of data ingress connectors to centralize your fragmented accounts. These connections require the customer to populate their credentials in a Bring Your Own License (BYOL) model, so that the data manager may retrieve data on behalf of the customer.
+
+
+> [!NOTE]
+> Microsoft Azure Data Manager for Agriculture is currently in preview. For legal terms that apply to features that are in beta, in preview, or otherwise not yet released into general availability, see the [**Supplemental Terms of Use for Microsoft Azure Previews**](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
+> Microsoft Azure Data Manager for Agriculture requires registration and is available to only approved customers and partners during the preview period. To request access to Microsoft Data Manager for Agriculture during the preview period, use this [**form**](https://aka.ms/agridatamanager).
+
+## Prerequisites
+
+To access Azure Key Vault, you need an Azure subscription. If you don't already have a subscription, create a [free account](https://azure.microsoft.com/free/) before you begin.
+
+
+## Overview
+
+In BYOL model, you're  responsible for providing your own licenses for satellite imagery and weather connector. In the vault reference model, you store your credentials as secret in a customer managed Azure Key Vault. The URI of the secret must be shared and read permissions granted to Azure Data Manager for Agriculture so that the APIs can work seamlessly. This process is a one-time setup for each connector. Our Data Manager then refers to and reads the secret from the customers’ key vault as part of the API call with no exposure of the secret.
+
+Flow diagram showing creation and sharing of credentials.
+:::image type="content" source="./media/concepts-byol-and-credentials/vault-usage-flow.png" alt-text="Screenshot showing credential sharing flow.":::
+
+The steps to use Azure Key Vault in Data Manager for Agriculture are as follows: 
+
+## Step 1: Create Key Vault 
+Customers can create a key vault or use an existing key vault to share license credentials for satellite (Sentinel Hub) and weather (IBM Weather). Customer [creates Azure Key Vault](/azure/key-vault/general/quick-create-portal) or reuses existing an existing key vault. The following properties are recommended:
+
+:::image type="content" source="./media/concepts-byol-and-credentials/create-key-vault.png" alt-text="Screenshot showing key vault properties.":::
+
+Data Manager for Agriculture is a Microsoft trusted service and supports private network key vaults in addition to publicly available key vaults. If you put your key vault behind a VNET, then you need to select the `“Allow trusted Microsoft services to bypass this firewall."`
+
+:::image type="content" source="./media/concepts-byol-and-credentials/enable-access-to-keys.png" alt-text="Screenshot showing key vault access.":::
+
+## Step 2: Store secret in Azure Key Vault
+For sharing your satellite or weather service credentials, store client secrets in a key vault, for example `ClientSecret` for `SatelliteSentinelHub` and `APIKey` for `WeatherIBM`. Customers are in control of secret name and rotation. 
+
+Refer to [this guidance](/azure/key-vault/secrets/quick-create-portal#add-a-secret-to-key-vault) to store and retrieve your secret from the vault.
+
+:::image type="content" source="./media/concepts-byol-and-credentials/store-your-credential-keys.png" alt-text="Screenshot showing storage of key values.":::
+
+## Step 3: Enable system identity 
+As a customer you have to enable system identity for your Data Manager for Agriculture instance. There are two options:
+    
+1. Via UI
+
+    :::image type="content" source="./media/concepts-byol-and-credentials/enable-system-via-ui.png" alt-text="Screenshot showing usage of UI to enable key.":::
+
+2. Via Azure Resource Manager client
+
+    ```cmd
+    armclient patch /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.AgFoodPlatform/farmBeats/{ADMA_instance_name}?api-version=2023-04-01-preview "{identity: { type: 'systemAssigned' }}
+    ``` 
+
+## Step 4: Access policy
+Add an access policy in key vault for your Data Manager for Agriculture instance.
+    
+1. Go to access policies tab in the created key vault.
+
+    :::image type="content" source="./media/concepts-byol-and-credentials/select-access-policies.png" alt-text="Screenshot showing selection of access policy.":::
+
+2. Choose Secret GET and LIST permissions.
+
+    :::image type="content" source="./media/concepts-byol-and-credentials/select-permissions.png" alt-text="Screenshot showing selection of permissions.":::
+
+3. Select the next tab, and then select Data Manager for Agriculture instance name and then select the review + create tab to create the access policy.
+
+    :::image type="content" source="./media/concepts-byol-and-credentials/access-policy-creation.png" alt-text="Screenshot showing selection create and review tab.":::
+
+## Step 5: Invoke control plane API call
+Use the [API call](/rest/api/data-manager-for-agri/controlplane-version2021-09-01-preview/farm-beats-models/create-or-update?tabs=HTTP) to specify credentials. Key vault URI/ key name/ key version can be found after creating secret as shown in the following figure.
+
+:::image type="content" source="./media/concepts-byol-and-credentials/details-key-vault.png" alt-text="Screenshot showing where key name and key version is available.":::
+
+Flow showing how Azure Data Manager for Agriculture accesses secret.
+:::image type="content" source="./media/concepts-byol-and-credentials/key-access-flow.png" alt-text="Screenshot showing how the data manager accesses credentials.":::
+
+If you disable and then re-enable system identity, then you have to delete the access policy in key vault and add it again. 
+
+## Conclusion 
+You can use your license keys safely by storing your secrets in the Azure Key Vault, enabling system identity and providing read access to our Data Manager. ISV solutions available with our Data Manager also use these credentials.
+
+You can use our data plane APIs and reference license keys in your key vault. You can also choose to override default license credentials dynamically in our data plane API calls. Our Data Manager does basic validations including checking if it can access the secret specified in credentials object or not.
+
+## Next steps
+
+* Test our APIs [here](/rest/api/data-manager-for-agri).
@@ -5,7 +5,7 @@ author: gourdsay
 ms.author: angour
 ms.service: data-manager-for-agri
 ms.topic: conceptual
-ms.date: 02/14/2023
+ms.date: 06/19/2023
 ms.custom: template-concept
 ---
 
@@ -44,6 +44,8 @@ The following diagram depicts the topology of a sensor in Azure Data Manager for
 
 ## Next steps
 
-How to [get started as a customer](./how-to-set-up-sensors-customer.md) to consume sensor data from the supported sensor partners.
+How to [get started when you push and consume sensor data](./how-to-set-up-sensor-as-customer-and-partner.md).
+
+How to [get started as a customer](./how-to-set-up-sensors-customer.md) to consume sensor data from a supported sensor partner like Davis Instruments.
 
 How to [get started as a sensor partner](./how-to-set-up-sensors-partner.md) to push sensor data into Data Manager for Agriculture Service.
@@ -0,0 +1,214 @@
+---
+title: Push and consume sensor data in Data Manager for Agriculture 
+description: Learn how to push sensor data as a provider and egress it as a customer
+author: lbethapudi
+ms.author: lbethapudi
+ms.service: data-manager-for-agri
+ms.topic: how-to
+ms.date: 06/19/2023
+ms.custom: template-how-to
+---
+# Sensor Integration as both partner and customer in Azure Data Manager for Agriculture 
+
+Follow the below steps to register as a sensor partner so that you can start pushing your data into your Data Manager for Agriculture instance.
+
+## Step 1: Enable sensor integration
+
+1. Sensor integration should be enabled before it can be initiated. This step provisions required internal Azure resources for sensor integration for Data Manager for Agriculture instance. This can be done by running following <a href="https://github.com/projectkudu/ARMClient" target=" blank">armclient</a> command.
+
+```armclient 
+armclient patch /subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.AgFoodPlatform/farmBeats/<datamanager-instance-name>?api-version=2023-04-01-preview "{properties:{sensorIntegration:{enabled:'true'}}}"
+```
+
+Sample output:
+
+```json
+{
+  "id": "/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.AgFoodPlatform/farmBeats/<datamanager-instance-name>",
+  "type": "Microsoft.AgFoodPlatform/farmBeats",
+  "sku": {
+    "name": "A0"
+  },
+  "systemData": {
+    "createdBy": "<customer-id>",
+    "createdByType": "User",
+    "createdAt": "2022-03-11T03:36:32Z",
+    "lastModifiedBy": "<customer-id>",
+    "lastModifiedByType": "User",
+    "lastModifiedAt": "2022-03-11T03:40:06Z"
+  },
+  "properties": {
+    "instanceUri": "https://<datamanager-instance-name>.farmbeats.azure.net/",
+    "provisioningState": "Succeeded",
+    "sensorIntegration": {
+      "enabled": "True",
+      "provisioningState": "**Creating**"
+    },
+    "publicNetworkAccess": "Enabled"
+  },
+  "location": "eastus",
+  "name": "myfarmbeats"
+}
+```
+
+2. The above job might take a few minutes to complete. To know the status of job, the following armclient command should be run:
+
+```armclient 
+armclient get /subscriptions/<subscription-id>/resourceGroups/<resource-group-name> /providers/Microsoft.AgFoodPlatform/farmBeats/<datamanager-instance-name>?api-version=2023-04-01-preview
+```
+
+3. To verify whether it's completed, look at the highlighted attribute. It should be updated as “Succeeded” from “Creating” in the earlier step. The attribute that indicates that the sensor integration is enabled is indicated by **provisioningState inside the sensorIntegration object**. 
+
+Sample output: 
+```json
+{
+  "id": "/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.AgFoodPlatform/farmBeats/<datamanager-instance-name>",
+  "type": "Microsoft.AgFoodPlatform/farmBeats",
+  "sku": {
+    "name": "A0"
+  },
+  "systemData": {
+    "createdBy": "<customer-id>",
+    "createdByType": "User",
+    "createdAt": "2022-03-11T03:36:32Z",
+    "lastModifiedBy": "<customer-id>",
+    "lastModifiedByType": "User",
+    "lastModifiedAt": "2022-03-11T03:40:06Z"
+  },
+  "properties": {
+    "instanceUri": "https://<customer-host-name>.farmbeats.azure.net/",
+    "provisioningState": "Succeeded",
+    "sensorIntegration": {
+      "enabled": "True",
+      "provisioningState": "**Succeeded**"
+    },
+    "publicNetworkAccess": "Enabled"
+  },
+  "tags": {
+    "usage": "<sensor-partner-id>"
+  },
+  "location": "eastus",
+  "name": "<customer-id>"
+}
+```
+Once the provisioning status for sensor integration is completed, sensor integration objects can be created. 
+
+## Step 2: Create sensor partner integration
+Create sensor partner integration step should be executed to connect customer with provider. 
+The integrationId is later used in sensor creation.
+
+API documentation: [Sensor Partner Integrations - Create Or Update](/rest/api/data-manager-for-agri/dataplane-version2022-11-01-preview/sensor-partner-integrations/create-or-update)
+
+## Step 3: Create sensor data model
+Use sensor data model to define the model of telemetry being sent. All the telemetry sent by the sensor is validated as per this data model.
+
+API documentation: [Sensor Data Models - Create Or Update](/rest/api/data-manager-for-agri/dataplane-version2022-11-01-preview/sensor-data-models/create-or-update)
+
+Sample telemetry 
+```json
+{
+	"pressure": 30.45,
+	"temperature": 28,
+	"name": "sensor-1"
+}
+```
+
+Corresponding sensor data model 
+```json
+{
+  "type": "Sensor",
+  "manufacturer": "Some sensor manufacturer",
+  "productCode": "soil m",
+  "measures": {
+    "pressure": {
+      "description": "measures soil moisture",
+      "dataType": "Double",
+      "type": "sm",
+      "unit": "Bar",
+      "properties": {
+        "abc": "def",
+        "elevation": 5
+      }
+    },
+	"temperature": {
+      "description": "measures soil temperature",
+      "dataType": "Long",
+      "type": "sm",
+      "unit": "Celsius",
+      "properties": {
+        "abc": "def",
+        "elevation": 5
+      }
+    },
+	"name": {
+      "description": "Sensor name",
+      "dataType": "String",
+      "type": "sm",
+      "unit": "none",
+      "properties": {
+        "abc": "def",
+        "elevation": 5
+      }
+    }
+  },
+  "sensorPartnerId": "sensor-partner-1",
+  "id": "sdm124",
+  "status": "new",
+  "createdDateTime": "2022-01-24T06:12:15Z",
+  "modifiedDateTime": "2022-01-24T06:12:15Z",
+  "eTag": "040158a0-0000-0700-0000-61ee433f0000",
+  "name": "my sdm for soil moisture",
+  "description": "description goes here",
+  "properties": {
+    "key1": "value1",
+    "key2": 123.45
+  }
+}
+```
+
+## Step 4: Create sensor
+Create sensor using the corresponding integration ID and sensor data model ID. DeviceId and HardwareId are optional parameters, if needed, you can use the [Devices - Create Or Update](/rest/api/data-manager-for-agri/dataplane-version2022-11-01-preview/devices/create-or-update?tabs=HTTP) to create the device.
+
+API documentation: [Sensors - Create Or Update](/rest/api/data-manager-for-agri/dataplane-version2022-11-01-preview/sensors/create-or-update?tabs=HTTP)
+
+## Step 5: Get IoTHub connection string
+Get IoTHub connection string to push sensor telemetry to the platform for the Sensor created. 
+
+API Documentation: [Sensors - Get Connection String](/rest/api/data-manager-for-agri/dataplane-version2022-11-01-preview/sensors/get-connection-string?tabs=HTTP)
+
+## Step 6: Push data using IoT Hub 
+Use [IoT Hub Device SDKs](/azure/iot-hub/iot-hub-devguide-sdks#azure-iot-hub-device-sdks) to push the telemetry using the connection string.
+
+For all sensor telemetry events, "timestamp" is a mandatory property and has to be in ISO 8601 format (YYYY-MM-DDTHH:MM:SSZ).
+
+You're now all set to start pushing sensor data for all sensors using the respective connection string provided for each sensor. However, sensor data should be sent in a JSON format as defined by Data Manager for Agriculture. Refer to the telemetry schema that follows:
+
+```json
+{
+	"timestamp": "2022-02-11T03:15:00Z",
+	"bar": 30.181,
+	"bar_absolute": 29.748,
+	"bar_trend": 0,
+	"et_day": 0.081,
+	"humidity": 55,
+	"rain_15_min": 0,
+	"rain_60_min": 0,
+	"rain_24_hr": 0,
+	"rain_day": 0,
+	"rain_rate": 0,
+	"rain_storm": 0,
+	"solar_rad": 0,
+	"temp_out": 58.8,
+	"uv_index": 0,
+	"wind_dir": 131,
+	"wind_dir_of_gust_10_min": 134,
+	"wind_gust_10_min": 0,
+	"wind_speed": 0,
+	"wind_speed_2_min": 0,
+	"wind_speed_10_min": 0
+} 
+```
+
+## Next steps
+
+* Test our APIs [here](/rest/api/data-manager-for-agri).
@@ -5,7 +5,7 @@ author: gourdsay
 ms.author: angour
 ms.service: data-manager-for-agri
 ms.topic: how-to
-ms.date: 02/14/2023
+ms.date: 06/19/2023
 ms.custom: template-how-to
 ---
 
@@ -15,7 +15,7 @@ Follow the steps to integrate with a sensor partner to enable the partner to sta
 
 ## Step 1: Identify the sensor partner app and provide consent
 
-Each sensor partner has their own multi-tenant Azure Active Directory app created and published on the Data Manager for Agriculture platform. The sensor partner supported by default on the platform is Davis Instruments(sensorPartnerId: `DavisInstruments`). However, you're free to add your own sensors by being a sensor partner yourself. Follow [these steps](./how-to-set-up-sensors-partner.md) to sign up being a sensor partner on the platform.
+Each sensor partner has their own multi-tenant Azure Active Directory app created and published on the Data Manager for Agriculture platform. The sensor partner supported by default on the platform is Davis Instruments (sensorPartnerId: `DavisInstruments`). 
 
 To start using the on-boarded sensor partners, you need to give consent to the sensor partner so that they start showing up in `App Registrations`. The steps for you to follow: