Soracom Krypton, our secure provisioning service, supports Azure IoT Hub Device Provisioning Service (hereafter referred to as DPS) as a bootstrap partner. In this blog, we will show you how to register a device to Azure IoT Hub as Azure IoT Edge using Krypton.
In this blog, we will link out to documentation for a more detailed procedure for registering a device to Azure IoT Hub using Soracom Krypton, and focus on introducing an additional procedure for registering as Azure IoT Edge.
One of the critical challenges in IoT is authentication between devices and cloud services. For example, if you want to send data from your device to Azure IoT Hub securely, the device needs to be authenticated. How should credentials such as certificates be distributed to devices? If you have only one device, you can connect your PC directly to it and distribute the certification manually – but what if you have 100 or 1000 devices?
Soracom Krypton can be used to distribute credentials to devices securely and efficiently.
First, you will need to install Azure IoT Edge on your devices based on Microsoft’s documentation. We will discuss how to edit the IoT Edge configuration file and check that the operation is carried out in later steps.
Follow the procedures outlined in the user documentation to set up Azure and Soracom, then set up your IoT devices and Soracom IoT SIM. In this scenario, our IoT devices use Soracom Onyx LTE USB modem.
When registering as an Azure IoT Edge device, set “IoT Edge Device” to “True” on the “Add an enrollment group to the DPS” section.
In this step, we will register the device to Azure IoT Hub as an Azure IoT Edge device. The process for executing the Soracom Krypton API has been documented here, and the following APIs will be executed sequentially.
- registerAzureIotDevice: Registers a device to Azure IoT Hub
- getAzureIotDeviceRegistrationStatus: Gets authentication information for a registered Azure IoT Hub device
You will connect to Azure IoT Hub based on the authentication information retrieved in the second API above. When connecting as an Azure IoT Edge device, it is necessary to create an Azure IoT Edge configuration file (config.toml) based on the obtained authentication information.
When registering an Azure IoT Edge device this way, Krypton executes the API for registration to DPS on behalf of the device. Then, the device connects directly to Azure IoT Hub using the certificate retrieved by Krypton’s getAzureIotDeviceRegistrationStatus API. Therefore, the “source” property of “[provisioning]” specified in config.toml, the Azure IoT Edge configuration file, will be “manual”. Note that the “source” is not “dps” because the device is not directly linked to the DPS.
[provisioning] source = "manual" # Specify the value of host in the getAzureIotDeviceRegistrationStatus API response iothub_hostname = "IOTHUB_HOSTNAME" # Specify the value of deviceId in the getAzureIotDeviceRegistrationStatus API response device_id = "DEVICE_ID" [provisioning.authentication] method = "x509" # Save the certificate value in the getAzureIotDeviceRegistrationStatus API response to a file and specify the file path. identity_cert = "file:///<path to device cert>" # Save the privateKey value in the getAzureIotDeviceRegistrationStatus API response to a file and specify the file path. identity_pk = "file:///<path to private cert>"
Finally, let’s verify that Azure IoT Edge is working properly with Azure IoT Hub on the device. First, we’ll make sure that the contents of the configuration file are reflected in the IoT Edge.
sudo iotedge config apply
Next, based on the Microsoft document, deploy the module to Azure IoT Edge, check the runtime operation of Azure IoT Edge, and confirm that the deployed module is working. Provisioning is successful if the Azure IoT Edge runs fine and the edgeAgent module’s
Runtime Status is displayed as
As you can see, Soracom Krypton can be used to easily register devices to Azure IoT Hub as an Azure IoT Edge device. Using the process detailed above, you can automate the initial kitting of a device and get your deployment up and running quickly and efficiently.