In IoT, while data protection concerns still exist they mainly extend further into the physical world and most often geographically dispersed at large scale with heavy reliance on battery and wireless connectivity. Therefore, it inherently becomes harder to securely manage IoT devices as compared to other environments such as servers, laptops and desktops that are locally deployed. To ensure security of devices, they must be updated frequently with the latest software and security patches. Software updated remotely if implemented poorly can provide additional attack vectors to already existing device vulnerabilities.
IoT cloud platforms offer a broad range of service offerings to ingest, analyze and integrate data generated by devices into business applications. Azure IoT Hub is a hosted service in the cloud that acts as a central message hub for communication between applications and its attached devices. You can connect millions of devices and their backend solutions reliably and securely.
Mender 3.2 allows to automate the inclusion of new devices into your Azure IoT Hub account having a simpler provisioning workflow by adding them into Mender. The devices added to Mender automatically provisioned and authenticated with Azure IoT Hub.
Requirements
What follows in this section is a tutorial explaining how to integrate Azure IoT Hub with Mender. In order to follow this tutorial step-by-step you will need to have the prerequisites. Please keep in mind that you can use other devices and configurations but you will need to tweak them by yourself.
Prerequisites
A Mender account
If you don’t have an active Mender account, you can try Mender for Free. Sign up and connect up to 10 devices free for 12 months – no credit card required.
A Microsoft Azure account
If you don’t have a Microsoft Azure account, you can create one for free following this Microsoft website. There is a free trial for Azure, and Azure IoT Hub also has a free tier which you can take a look at this website for more information. They also offer a welcome credit that you can use for testing purposes.
A Raspberry Pi
You can use a Raspberry Pi 3 (Model B or B+) or 4, in this tutorial I will use a Raspberry Pi 4 Model B. Also, get a SD Card of at least 8 GB.
Initial setup
Let’s configure our RaspberryPi with Mender
Just follow this quick start guide provided in the official’s Mender documentation and you will be ready to go. Just follow from Step 1 to 6. We are going to run step 7 later on this tutorial so keep the tab open.
Creating your Azure IoT Hub instance
CLI Approach
You only need to run the commands below. Please be aware these ones are based on their docs:
- Enable the Azure IoT Hub
$ az extension add --upgrade --name azure-iot
- Create a resource group. Change for MenderResourceGroup your favorite name
$ az group create --name MenderResourceGroup --location eastus
- Create an IoT Hub you can change the name. In this example we set it as MenderIoTHub
$ az iot hub create --resource-group MenderResourceGroup --name MenderIoTHub
Web Approach
You can follow this step by step tutorial full of images and just ignore the Register a new device in the IoT hub section as we are going to start the automation from this point.
Configuring the automatic device provisioning from Mender to Azure IoT Hub
Getting the connection-string from Azure CLI
You can grab your connection string as follows:
$ az iot hub connection-string show --hub-name MenderIoTHub
The output will look like this
HostName=MenderIoTHub.azure-devices.net;SharedAccessKeyName=iothubowner;SharedAccessKey=<alphanumericKey>0=
Getting the connection-string from Azure IoT Hub webpage
Using the Azure’s Web interface, you only need to get the connection-string as described in here.
You will need to Click on the left panel Shared access policies under the Security settings, then in the iothubowner policy and finally to copy the value from the Primary connection string.
Adding the connection-string to your Mender server
First go to the upper right corner and click on your username and then on Settings. On the left panel click on Integrations and then click on Add a new integration.
Select the Azure IoT Hub option.
And paste in the input the connection string you got from IoT Hub. Then click on SAVE.
Mender provisions the devices in Azure IoT Hub - as a result of this operation, Azure device connection string is retrieved by Mender server.
Testing the integration
In this example, you can see that we have 2 devices already in the pending state.
As soon as you accept one of them, it will become part of your fleet in Mender and it will get added to your devices in the IoT Hub automatically. Notice how the Id given to the device in Mender represents also the name given in Azure IoT Hub.
You can add as many devices as needed. In the following image you will realize we added one more device that is another Raspberry Pi 3. Also this one is running a Yocto-based image. You can learn how to develop Yocto-based images following this tutorial.
Please notice that after provisioning the device by using Mender, devices will acquire their unique symmetric key needed for work properly in the Azure IoT Hub environment.
As a side comment, if a device gets rejected in Mender, it is automatically set to disabled state in Azure IoT Hub. If the device gets decommissioned, it is automatically deleted from Azure IoT Hub.
Conclusion
Combining Mender and Azure IoT Hub provides with a secure device lifecycle management through single pane of glass with the following key integration benefits:
- Reduce user operational complexity to provision devices
- Prevent having to compromise on security by keeping devices updated with Mender while seamlessly integrating them with Azure solutions
- Capability to correlate analytics from Azure with past software update deployments from Mender
To watch a video on this integration and learn more, visit Mender-Azure IoT Hub partner page. Get more support by joining the Mender Hub open source community.