The Internet of Things (IoT) industry has continued to grow and become more pervasive in people’s everyday lives these last few years. There are MANY useful applications for IoT devices and solutions in both the consumer and industrial space. Some of the solutions we’ve become accustomed to are smart speakers, cameras, Amazon Alexa, and many more in the consumer space. There’s even been a greater increase in the use of IoT in manufacturing and industrial applications as well. While many of the concepts of building IoT solutions apply to both consumer and industrial IoT solutions, this article will focus on the enterprise / industrial side of managing IoT solutions as an Azure IoT Administrator.
What is the Internet of Things?
The Internet of Things (IoT) is a growing market that is bringing an ever increasing amount of connected devices and innovative solutions that mix compute power, sensors, and other hardware with the physical world to provide monitoring, predictive, and automation functionality across both consumer and industrial applications. On the face, IoT simply means Internet connecting compute devices to perform some kind of task, however, the modern world of IoT is much different than this original definition that is from the early 2000’s or even earlier in a time before the cloud.
The Internet of Things (IoT) is a system of interrelated computing devices, mechanical and digital machines provided with unique identifiers (UIDs) and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.Wikipedia
In the modern world of the cloud, the Internet of Things means a bit more than building a system comprised of interrelated computing devices with the ability to transfer data over a network. With the cloud, these devices are being connected to vast amounts of compute and storage capabilities in the cloud that are offering much greater analysis, prediction, and reporting features. This means that modern IoT solutions are capable of not just providing an automation layer that doesn’t require human-to-human or human-to-computer interaction, but they are also able to integrate Machine Learning (ML / AI), analytics, and real-time decision capabilities for building innovative solutions with a higher level of business value.
Components of an IoT Solution
At the highest level, all modern Internet of Things (IoT) solutions are built using devices and services that integrate both local / on-premises based components with cloud based components. The local / on-premises components are generally some combination of Devices, Gateways, and Edge compute devices. While, the cloud components used will be message hubs, storage, and enhanced compute providing analysis and machine learning (ML) capabilities.
IoT devices are the components of an Internet of Things solution that provide the integration with the physical world. These devices come in many different sizes from small microcontrollers (MCUs) to larger compute devices. Regardless of the amount of compute power the IoT device has, it’s an IoT device and not just a compute device because it is connected to some combination of sensors and/or actuators. In short, an IoT devices has connected hardware that is able to observe and/or manipulate the physical world.
In addition to being connected to other hardware, most IoT devices have a few more properties in common:
- Network connected using Wifi, Ethernet, or even Cellular (like 4G or 5G)
- Transmit sensor readings to a gateway device, or directly to the cloud
- Operate in the field, anywhere in the world, for extended periods of time without human interaction
- May be built using low powered hardware with batteries or solar power allowing the device to operate for extended periods without human interaction
- May have sensors to detect tampering to ensure device remains secure where ever it was deployed
- Able to store sensor readings and other data locally for a few hours, up to multiple days, in case network connectivity is lost, then data will be uploaded to the cloud once connectivity is restored
IoT devices may communicate directly to the cloud or an IoT gateway device. This communication of sending event data from an IoT device to the cloud is called device-to-cloud messaging. The IoT device could also receive communications from the cloud to direct it to take an action, reconfigure settings, or install firmware updates, and this method is called cloud-to-device messaging.
An IoT Gateway is a special type of device that other devices connect to and communicate with, and they sit somewhere in the network topology of the IoT solution between the “child” IoT devices connecting to it and the cloud. Gateways offer the ability to implement additional functionality that perhaps the individual IoT devices are not able to themselves. For example, an IoT Gateway is can aggregate all the sensor readings form low powered devices that don’t support encryption and then securely communicate that data up to the cloud.
There are two main types of IoT Gateways:
- Field Gateway – Serves as a connection point between the cloud and one or more devices providing functionality like event data aggregation, enhance event data with additional metadata, provide additional encryption on the data transmitted to the cloud, and others.
- Protocol Gateway – A specific type of IoT gateway that provides IoT messaging protocol translation as event data is transmitted from the IoT devices to the cloud. This is useful for when an IoT device natively communicates using a protocol not supported by the cloud. The Protocol Gateway can enable these IoT devices to be integrated into the modern IoT solution and the cloud services; rather than requiring the devices to be replaced or even limiting the ability to build an IoT solution as required by the business.
IoT Gateways, when integrated into the security trust zones and boundaries of an IoT solution, can be used to minimize the attack vectors of the IoT solution. Using an IoT Gateway in this way allows for one or more IoT devices to connect to and communicate with the IoT gateway; rather than connecting to the cloud directly. By adding network segmentation to isolate these devices to only be able to communicate with the IoT gateway, you can turn a scenario with dozens or even hundreds of devices that would otherwise connect directly to the cloud, to instead have a single IoT gateway device connect to the cloud on behalf of the individual IoT devices.
Keep in mind that IoT Gateways are not the same as Edge Gateways or Edge devices. While most Edge devices are Gateways, not all IoT Gateways are really Edge devices. IoT Edge devices provide much more compute and other capabilities, while IoT Gateways are generally more simplified components.
IoT Edge is the areas of compute within a solution that lies on the edge of the network right before communication is sent up to the cloud. This area of compute is also known as Edge Computing, or may be referred to as Fog Computing to keep with the Cloud metaphor. In an IoT solution, the Edge is where you bring down cloud capabilities in compute, storage, and processing to run on the local network closer to the IoT devices.
Running cloud compute, storage, and processing capabilities closer to IoT devices enables several enhancements to IoT solutions:
- Lower latency communication from IoT devices to compute, storage, and processing capabilities
- Ability to offer Offline mode where the solution runs in a disconnected state where the Cloud services are unreachable
- Increased security by keeping data on the local network and only sending data to the Cloud where necessary; if at all
- Integrate more advanced compute and processing capabilities (Machine Learning and Analytics) into the IoT solution that runs within the local network
There are many scenarios where IoT Edge or Edge Compute capabilities enable IoT innovations to be possible where they really weren’t possible or feasible before. The enhancements states above enable these brand new scenarios to be built and integrated with a modern IoT solution.
The many scenarios enabled by IoT Edge include (but are not limited to) the following:
- Autonomous Vehicles are able to locally run the Machine Learning models with lower latency to make driving decisions and take actions accordingly in a fast and reliable manner.
- Airlines are able to process, store, and analyze very large amounts of data, and provide real-time actions, without the need for a fast broadband Internet connection and the latency involved in communications over such a network connection available to airlines.
- Industrial equipment can be integrated in a way that IoT Edge processing is able to quickly react to changing factory and machinery conditions in order to shutdown or slow down the machinery in the effort to reduce injury or even save the lives of the operators in an automated fashion. This also enables the ability to predict when to shutdown the machinery for maintenance before much more expensive damage is done.
- Medical equipment can be built to eliminate the Network or other components from being external points of failure in critical care scenarios where losing capabilities or incurring greater latency may result in greatly jeopardizing the life of one or multiple patients.
Sure, some of these scenarios could be built previously, but the IoT Edge enables the vast resources and capabilities to be more tightly integrated with the local network components of an IoT solutions much more closely than was previously possible. This is all done without really compromising on the Cloud capabilities at hand, so you can more easily leverage the cloud, or even add more compute, storage, or analytics power than was even previously possible in an older, more traditional local network IoT model.
IoT Security Architecture
As with any infrastructure solution, there is always security designs, strategies, components, and best practices. This is no different with Internet of Things (IoT) solutions. IoT solutions consist of local devices and networking, as well cloud based compute and networking capabilities. Securing all this infrastructure is really pretty similar to what is done by many enterprises to fully secure end-user workstations, the local network, along with hybrid cloud integration for implementing enterprise identity and application usage scenarios. However, the Internet of Things solutions do have a couple more trust zones and boundaries that you’ll want to keep in mind.
The trust zones and boundaries of an IoT solution are ways of implementing network segmentation and DMZs to compartmentalize the local network while enhancing the overall security from individual groups of devices all the way up to the cloud. This way communication between different components of an IoT solution is limited to greatly reduce attack surface area if any single component of the solution were to get compromised by hackers or malware.
There are several trust zones that any well designed IoT security solution will incorporate:
- Local Zone
- Device Zone
- Field Gateway Zone
- Cloud Gateway Zone
- Gateway and Services Zone
- Remote User Zone
It’s great to know these exist, but to learn much more about the Trust Zones and Boundaries of an IoT solution’s security design, please read my “IoT Solution Trust Zones and Boundaries” article. That article will introduce you and give you an overview of the various components to think about when securing IoT solutions.
In addition to the network and connectivity of IoT devices that make up an IoT solution, the individual devices and their source code need to be secured as well. This piece of IoT security is more in the hands of IoT Developers, instead of IoT Administrators. However, innovative operating systems and cloud services like those offered by Microsoft Azure Sphere are built from the ground up to offer the ability to build more highly secured IoT solutions. This is something that the majority of IoT device hardware and platforms have traditionally struggled with, but is still achievable with other solutions.
What is Azure IoT?
Microsoft Azure includes a number of services, SDKs (software development kits), and other capabilities used for building Internet of Things (IoT) solutions. All these components are collectively referred to as “Azure IoT”. Microsoft’s goal of all these are to allow enterprises the ability to build and deploy secure, scalable IoT solutions more easily. They have been working towards this goal for a number of years by now, and have built up a large portfolio of services and capabilities that make Microsoft Azure an leader in the IoT cloud space.
- Azure IoT Central provides a Software-as-a-Service offering to accelerate the creation of IoT solutions, while reducing the burden and cost of management and development of the IoT solution.
- Azure IoT Hub is a highly scalable IoT messaging broker that can scale to billions of connected devices. It also provide the ability manage those devices securely with per-device authentication and authorization.
- Azure IoT Device Provisioning Service (DPS) provides the ability to provision and manage IoT devices connected to Azure IoT Hub at scale.
- Azure IoT Edge provides the ability to build and deploy workload capabilities to the edge of the network. This has the benefits of lower latency communication, quicker insights and actions, and offline cloud capabilities implemented at the edge, closer to the IoT devices within the solution.
- Azure Digital Twins helps build comprehensive models of physical environments including spatial intelligence graphs that model relationships and interactions between people, places, and devices. This enables you to create more intelligent queries and views of your IoT solutions rather than managing and querying disparate IoT devices and sensors.
- Azure Time Series Insights is a service that offers the ability to analyze IoT and other temporal data to gain real-time insights through rich visualizations and an interactive dashboard.
- Azure Maps offers geospatial capabilities for building location-aware applications. This service includes APIs and SDKs to add maps and other spatial analytics functionality to an IoT solution.
- Azure Sphere is a platform for building more highly secured IoT solutions. It provides a secured microcontroller (MCU) platform that incorporates a custom Linux-based operation system (Azure Sphere OS) and the Azure Sphere Security Service (AS3) in the cloud.
These are the primary services within Microsoft Azure that make up Azure IoT, and they provide IoT specific and/or related capabilities. When building an entire IoT solution using Azure IoT, you will incorporate many other Azure services on the cloud side. These additional services will include database, storage, and compute services. Also, many IoT solutions will also implement real-time event streaming and processing using services like Azure Stream Analytics and Azure Functions, as well as Machine Learning / AI prediction capabilities using Azure Machine Learning.
A common design pattern used when building a modern IoT solution (with Azure IoT or otherwise) is the Lambda Architecture pattern. The Lambda Architecture design pattern is a data processing pattern designed for Internet of Things (IoT) and other Big Data systems that need to process data in near real-time, in addition to data storage and batch processing. Once device events are ingested from thousands (or even millions) of IoT devices, the processing of the data really becomes a Big Data problem to solve, and that’s where the Lambda Architecture comes in.
At the core of the Lambda Architecture is the idea that when one or more data streams are ingested, the data will be split into two data paths. Each of these paths can receive any subset or even all the data from the input stream(s). These two paths are referred to as the Hot Path and the Cold Path.
- Hot Path – Send data off for real-time processing and analytics; such as using machine learning to identify patterns, make predictions, and trigger immediate actions and alerts.
- Cold Path – Send data off for archival storage and future batch processing at a later time.
To learn more about the Lambda Architecture, I encourage you to read my “Lambda Architecture for IoT and Big Data Systems” article.
Azure IoT Management Tools
When managing Azure resources, the Azure Portal, Azure CLI, and Azure PowerShell are the usual tools used. These tools all include the ability to create and manage Azure IoT resources.
There are several tools that can be used to create and manage various Azure resources that are used to build and manage a modern IoT solution built and integrated with Microsoft Azure:
- Azure Portal provides a graphical management portal interface for manually working with Azure resources.
- Azure CLI is a cross-platform command-line tool for managing Azure resources from macOS, Windows, and Linux machines.
- Azure PowerShell provides a suit of PowerShell cmdlets for managing Azure resources from any machine with PowerShell installed.
- Azure Cloud Shell offers an in-browser experience to easily work with both the Azure CLI and Azure PowerShell command-line tools to manage Azure resources from anywhere.
- Azure Sphere CLI is a command-line utility that supports the management of Azure Sphere elements; including devices and the Azure Sphere Security Service (AS3).
Check out the Azure CLI Kung Fu series for tips and tricks on using the Azure CLI to manage Azure resources.
Here are a few articles I’ve written recently that will help you get started using some of these tools to manage Azure IoT resources and your IoT solution:
- Azure Portal
- Azure CLI
- Azure PowerShell
- Azure Sphere
The above are just a few highlights of articles you can read about Azure IoT. The Internet of Things category within Build5Nines.com contains much more IoT related content that will help Administrators and Developers alike.
All modern IoT solutions have a number of components and concepts in common. This is also true with IoT solutions that are integrated with Azure IoT services. This article walked you through an introduction to all the key concepts you will need to know as an IoT Administrator and managing those solutions built using Azure IoT services and technologies. Now that you have an introduction, you should have a better understanding of what questions to ask, and where to go from here to learn what you need to manage any IoT solutions your enterprise may be building or already have in place.