Azure Io T Hub and Device Provisioning Service
Azure Io. T Hub and Device Provisioning Service Rasmus Wätjen @dkrasmusw Global Azure Bootcamp – Copenhagen – 2019 -04 -26 1
Key takeaways • Azure Io. T Hub is cheap and easy to get started with data collection • Built for pre-configured devices • Can be used for PC software @dkrasmusw Global Azure Bootcamp – Copenhagen – 2019 -04 -26 2
INTRODUCING WIDEX 3
Goal • Make the initial hearing aid adjustment better and faster • Help users who are unfamiliar with advanced adjustments @dkrasmusw Global Azure Bootcamp – Copenhagen – 2019 -04 -26 4
Solution • Machine Learning Problem • How do we get the data? @dkrasmusw Global Azure Bootcamp – Copenhagen – 2019 -04 -26 5
Data ingestion • Azure Io. T Hub • • Device to Cloud and Cloud to Device communication Per device authentication Automated provisioning with Device Provisioning Service Large file upload @dkrasmusw Global Azure Bootcamp – Copenhagen – 2019 -04 -26 6
@dkrasmusw Global Azure Bootcamp – Copenhagen – 2019 -04 -26 7
Io. T Hub Device Provisioning Service • Provision devices/clients without hardcoding Io. T Hub credentials • Load balance devices across Io. T Hubs • Provision devices to nearest Hub @dkrasmusw Global Azure Bootcamp – Copenhagen – 2019 -04 -26 8
Device Provisioning Process @dkrasmusw Global Azure Bootcamp – Copenhagen – 2019 -04 -26 9
Device Attestation X. 509 CERTIFICATES @dkrasmusw TRUSTED PLATFORM MODULE Global Azure Bootcamp – Copenhagen – 2019 -04 -26 SYMMETRIC KEYS 10
Certificate Provisioning • DPS must know root CA • Clients must provide a certificate in same chain of trust Image: Yanpas, CC BY-SA 4. 0, https: //commons. wikimedia. org/w/index. php? curid=46369922 @dkrasmusw Global Azure Bootcamp – Copenhagen – 2019 -04 -26 11
How we use Io. T Hub DPS 2 1 API management Certificate Generator web app 5 Io. T Hubs Clients 4 3 Io. T Hub DPS @dkrasmusw Global Azure Bootcamp – Copenhagen – 2019 -04 -26 12
Provisioning in Io. T Hub DPS with symmetric keys 2 1 API management Key generator function 5 Io. T Hubs Clients 4 3 Io. T Hub DPS @dkrasmusw Global Azure Bootcamp – Copenhagen – 2019 -04 -26 13
Symmetric key attestation 1. Client requests hash of secret key and device ID from Azure Function Device ID Key HMAC SHA-256 2. Client transmits hash to DPS along with device ID HMAC SHA-256 Device ID 3. DPS has knowledge of secret key, and performs same has operation as step 1 Device ID Key HMAC SHA-256 4. If client provided and server generated hashes are identical, DPS can verify that client may connect Client HMAC SHA 256 @dkrasmusw DPS HMAC SHA-256 Global Azure Bootcamp – Copenhagen – 2019 -04 -26 14
IOT HUB IS SUITED FOR MORE THAN JUST IOT DEVICE MESSAGING AND TELEMETRY @dkrasmusw WITH DPS IT IS EASY AND SECURE TO PROVISION NEW CLIENTS Global Azure Bootcamp – Copenhagen – 2019 -04 -26 NOW YOU DON’T HAVE TO BECOME A CA 15
Questions? @dkrasmusw Global Azure Bootcamp – Copenhagen – 2019 -04 -26 16
• Source code • https: //github. com/rwatjen/Azure. Io. TDPSCertificates • Blog • https: //blog. rassie. dk • Rasmus Wätjen • @dkrasmusw • www. rassie. dk @dkrasmusw Global Azure Bootcamp – Copenhagen – 2019 -04 -26 17
Image credits • The Digital Artist @ pixabay • geralt @ pixabay • xresh @ pixabay • qimono @ pixabay • Microsoft • Yanpas @ Wikimedia Foundation @dkrasmusw Global Azure Bootcamp – Copenhagen – 2019 -04 -26 18
- Slides: 18