| Line 1: |
Line 1: |
| − |
| |
| | <b>Azure IoT Hub</b> is an open and flexible cloud platform that supports open-source SDKs and multiple protocols. | | <b>Azure IoT Hub</b> is an open and flexible cloud platform that supports open-source SDKs and multiple protocols. |
| | | | |
| Line 88: |
Line 87: |
| | </ul> | | </ul> |
| | | | |
| − | ==Configuring Azure IoT Hub on RutOS== | + | ==Configuring RUTX Azure IoT Hub== |
| − | To configure an Azure IoT Hub instance on a RUT device, it is essential to first install the Azure IoT Hub package via the package manager.
| |
| | <ul> | | <ul> |
| − | <li>To install required package, please on the router WebUI, navigate '''System > Package Manager''' and install Azure IoT Hub package </li> | + | <li>First open router WebUI, go to '''System > Package Manager''' and install Azure IoT Hub package </li> |
| − | [[File:Azure RutOSconf 1.png|border|class=tlt-border]] | + | [[File:Networking_rutx_configuration_examples_package_manager_v1.png|border|class=tlt-border]] |
| − | </ul>
| |
| − | Now navigate to ''' Services > Cloud solutions > Azure IoT Hub''' and add a new instance. In the pop-up window, you will notice two different connection types available:
| |
| − | <ul> <li> Shared Access signature (SAS) key </li>
| |
| − | <li> Device Provisioning Service (DPS) </li> </ul>
| |
| − | In this article, we will demonstrate the configuration steps for both connection types.
| |
| − | ===SAS key connection type configuration===
| |
| − | Configuring Azure IoT Hub using the SAS key connection type is quite simple and straightforward. Please follow these three steps:
| |
| − | <div>1. Make sure to enable the instance by pressing '''Enable''' button </div>
| |
| − | <div>2. Paste previously copied '''Connection String'''</div>
| |
| − | <div>3. Press '''Save & Apply''' button </div>
| |
| − | [[File:Azure RutOSconf 2.2.png|border|class=tlt-border]]
| |
| − | </ul>
| |
| − | After the instance is correctly configured, you will be able to see the connection status on the Azure IoT Hub page of the WebUI. A green dot indicates that the connection is successful.
| |
| − | [[File:Azure RutOSconf 3.png|border|class=tlt-border]]
| |
| − | Additionally, you can check the connection status through the router command line by executing the following command:
| |
| − | ubus call azure.1 get_connection_status
| |
| − | Upon executing this command, you will see its output. If the connection is successful, you will see the following output:
| |
| − | [[File:Azure RutOSconf 4.png|border|class=tlt-border]]
| |
| | | | |
| − | If you are able to see that the connection status is succesfully and authorized it means that connection is established using SAS key connection type. Now, lets move foward with configuration of Device Provisioning Service (DPS) connection type.
| + | <li>Now navigate to ''' Services > Cloud solutions > Azure IoT Hub''' </li> |
| | + | <div>1. Select Enable '''Azure IoT Hub monitoring'''</div> |
| | + | <div>2. Paste previously copied Connection String (For this test we leave other values as default)</div> |
| | + | <div>3. Select what kind of information you want to send to Azure IoT Hub</div> |
| | + | <div>4. Press '''Save''' </div> |
| | + | [[File:Networking_rutx_configuration_examples_azure_iot_hub_v1.png|border|class=tlt-border]] |
| | | | |
| − | ===Device Provisioning Service (DPS) configuration===
| |
| − | One of the primary features of DPS is its capability to dynamically manage multiple device identities. This service manages the device identity creation process using mechanisms called attestations. There are two such mechanisms:
| |
| − | <ul>
| |
| − | <li> 1. X.509 </li>
| |
| − | <li> 2. Symmetric keys </li>
| |
| | </ul> | | </ul> |
| − | ====DPS X.509 mechanism====
| |
| − | The first mechanism utilizes X.509 certificates. Each DPS service includes one or more services known as enrollment groups, which handle this task. Each enrollment group is configured to function with a specific IoT Hub, considering there may be multiple IoT Hubs. At the DPS, the root CA certificate needs to be registered. Additionally, each enrollment group should have one or more intermediate CAs that are signed by the root CA. Each RUT device must have a unique certificate signed by an intermediate CA. This certificate contains additional information, such as the subject ID field, which will serve as the device identity name on the IoT Hub. Now, let's delve into an actual example of configuring such a service.
| |
| − |
| |
| − | <ul>
| |
| − | <div> 1. The initial step is to generate certificates. You can refer to the Microsoft guide to generate the required certificates successfully. The Microsoft guide can be found here: https://learn.microsoft.com/en-us/azure/iot-dps/tutorial-custom-hsm-enrollment-group-x509?pivots=programming-language-ansi-c#create-a-root-ca-certificate
| |
| − | The required certificates and keys:
| |
| − | <li> Root CA certificate </li>
| |
| − | <li> Intermediate CA certificate </li>
| |
| − | <li> Devices certificates </li>
| |
| − |
| |
| − | Please ensure to carefully follow the Microsoft guide to create certificates, making sure not to miss any steps as they are all crucial.
| |
| − |
| |
| − | Following the Microsoft guide, after creating the Root CA certificate, you will notice that it is named "Azure IoT Hub CA Cert Test Only".
| |
| − | [[File:Azure RutOSconf 5.png|border|class=tlt-border]]
| |
| − | After creating the root CA certificate, an intermediate CA certificate must be generated. Upon inspecting this certificate, you should notice that it is issued by the "Azure IoT Hub CA Cert Test Only", as seen previously.
| |
| − | [[File:Azure RutOSconf 6.png|border|class=tlt-border]]
| |
| − | After successfully creating the intermediate CA certificate, proceed with creating the device certificate and signing it using the intermediate authority. It's crucial to note that the subject field will be the name of the newly registered identity on the IoT Hub page. If you are following the provided Microsoft guide, you can observe "device-01" name, remember it as it will be used in later configurations steps.
| |
| − | [[File:Azure RutOSconf 7.png|border|class=tlt-border]]
| |
| − |
| |
| − | Finally, we append the root CA, intermediate CA, and device certificates into one certificate chain. If you are following the guide, the "device-01-full-chain.cert.pem" file will be created. Later, we will upload this file to the RUT device WebUI page.
| |
| − | </div>
| |
| − | <div>
| |
| − | 2. After successfully generating the certificates, return to the Azure portal page and navigate to your Azure IoT Hub Device Provisioning Service (DPS) page. From there, proceed to the certificate page and upload the root CA file.
| |
| − | [[File:Azure RutOSconf 8.png|border|class=tlt-border]]
| |
| − | </div>
| |
| − |
| |
| − | 3. Next, navigate to the "Manage Enrollments" page to register the intermediate CA and target our IoT Hub service instance.
| |
| − |
| |
| − | [[File:Azure RutOSconf 9.1.png|border|class=tlt-border]]
| |
| − | [[File:Azure RutOSconf 10.png|border|class=tlt-border]]
| |
| − |
| |
| − | 4. The final step is to return to the RUT device WebUI and navigate to '''Services -> Cloud Solutions -> Azure IoT Hub''' page to create a new configuration instance. In the configuration pop-up window, please follow these steps:
| |
| − | 4.1 Set connection type as a '''Device Provisioning Service (DPS)''';
| |
| − | 4.2 Enter '''ID Scope''' of your DPS service page on Azure;
| |
| − | 4.3 Specify the '''Registration ID'''. Remember the "device-01" one? If you followed the Microsoft guide step by step, you need to enter "device-01" in the "Registration ID" field.
| |
| − | 4.4 Lastly, upload the certificate chain file and the private key file.
| |
| − |
| |
| − | With all the required values in place, the configuration pop-up window should resemble the screenshot below:
| |
| − |
| |
| − | [[File:Azure RutOSconf 11.png|border|class=tlt-border]]
| |
| − |
| |
| − | After a couple of seconds, you will be able to observe the status of your configured instance in the Azure IoT Hub page on the router WebUI.
| |
| − |
| |
| − | [[File:Azure RutOSconf 12.png|border|class=tlt-border]]
| |
| − |
| |
| − | The device successfully connects to the Azure IoT Hub.
| |
| − |
| |
| − | ====DPS Symmetric key mechanism====
| |
| − | The Symmetric key mechanism configuration is more straightforward. To configure it, first, go back to the Azure portal, navigate to your DPS service page, and create a new enrollment group with the Symmetric key attestation mechanism.
| |
| − |
| |
| − | [[File:Azure RutOSconf 13.png|border|class=tlt-border]]
| |
| − |
| |
| − | Inspecting the newly created enrollment group will reveal some keys. The primary key will be used to derive each individual device identity. This can be done using a simple script, which is available in the following Microsoft guide.: https://learn.microsoft.com/en-us/azure/iot-dps/how-to-legacy-device-symm-key?tabs=linux&%3Bpivots=programming-language-ansi-c&pivots=programming-language-ansi-c#derive-a-device-key
| |
| − |
| |
| − | In the script, you will notice a couple of important variables: KEY and REG_ID. In the KEY field, you must specify the primary key, which can be obtained from the newly created enrollment group.
| |
| − |
| |
| − | [[File:Azure RutOSconf 14.1.png|border|class=tlt-border]]
| |
| − |
| |
| − | In the REG_ID field, you can specify any name you want. Upon executing the script, a shared access key will be created. Please copy this key, as we will need it in the following steps.
| |
| − |
| |
| − | [[File:Azure_RutOSconf_15.png|border|class=tlt-border]]
| |
| − |
| |
| − | After executing the script, go back to the RUT device Services -> Cloud Solutions -> Azure IoT Hub configurations page and add a new instance. In the configuration window, select DPS connection type and Symmetric Key connection type.
| |
| − |
| |
| − | <ul>
| |
| − | <li> In the "ID scope" field, specify your Azure DPS service ID. </li>
| |
| − | <li> In the "Registration ID" field, enter the "REG_ID" value you specified in the script. For example, "wiki-newly-generated-device". </li>
| |
| − | <li>In the "Symmetric key" field, enter the "SharedAccessKey" obtained from the script execution. </li>
| |
| − | </ul>
| |
| − | If you are following this guide, your configuration window should look similar to the screenshot below.
| |
| − | [[File:Azure_RutOSconf_16.png|border|class=tlt-border]]
| |
| − | Don't forget to press the Save & Apply button! A few seconds after saving the configuration, you should be able to observe that the device successfully connects to Azure.
| |
| − | [[File:Azure_RutOSconf_17.png|border|class=tlt-border]]
| |
| − | Moreover, we can return to the IoT Hub services in the Azure portal and check the device list. There, we will see that the DPS service has created a new device identity, named the same as what we specified in the "REG_ID" field in the script earlier.
| |
| − | [[File:Azure_RutOSconf_18.png|border|class=tlt-border]]
| |
| − | If you see that the connection is successful on the router WebUI page and the newly created device appears in the Azure IoT Hub device list, it means that you have configured everything correctly.
| |
| − |
| |
| − | </ul>
| |
| − |
| |
| | ==Checking if Data reaches Azure IoT Hub== | | ==Checking if Data reaches Azure IoT Hub== |
| | <ul> | | <ul> |