Today we're announcing the public preview of the Azure IoT Hub Device Provisioning Service! The Device Provisioning Service is new service that works with Azure IoT Hub to enable customers to configure zero-touch device provisioning to their IoT hub. With the Device Provisioning Service, you can provision millions of devices in a secure and scalable manner, automating a process that has historically been time and resource intensive for manufacturers and companies managing volumes of connected devices. The Device Provisioning Service is the only cloud service to provide complete automated provisioning, including both registering the device to the cloud as well as configuring the device. Device Provisioning Service is available in East US, West Europe, and Southeast Asia starting today, and eventually will be available globally.
Without a provisioning service, connecting devices to Azure IoT Hub requires manual work. Each device needs a unique identity to enable per-device access revocation in case the device is compromised. Doing this manually works for very few devices, but at IoT scale, you have to individually place connection credentials on each of millions of devices.
A naïve way to go about solving the connection problem is to hardcode IoT Hub connection information in the device at manufacture time, but this only works in some scenarios. In many cases, complete provisioning requires information that was not available when the device was manufactured, such as who purchased the device or what the device is to be used for.
Even once the device is connected it still needs to be configured with its desired twin state and software and/or firmware updates. This is yet more work to account for when planning device deployments.
This is where the Device Provisioning Service saves customers a lot of time, helping get devices configured automatically during registration to IoT Hub. Device Provisioning Service contains all the information needed to provision a device, and the information can easily be updated later in the supply chain without having to unbox and re-flash the device.
Here are some of the provisioning scenarios the Device Provisioning Service enables:
Zero-touch provisioning to a single IoT solution without requiring hardcoded IoT Hub connection information in the factory (initial setup).
Automatically configuring devices based on solution-specific needs.
Load balancing devices across multiple hubs.
Connecting devices to their owner’s IoT solution based on sales transaction data (multitenancy).
Connecting devices to a particular IoT solution depending on use-case (solution isolation).
Connecting a device to the IoT hub with the nearest geo-location.
Re-provisioning based on a change in the device such as a change in ownership or location.
All these scenarios are achievable today through the Device Provisioning Service using the same basic flow:
Device Provisioning Service works best with devices using Hardware Security Modules (HSMs) to securely store their keys. HSMs provide the maximum amount of security for key storage, and the updated device SDK makes it incredibly easy to establish a root of trust between the device and the cloud using an HSM. Microsoft has partnerships with several HSM manufacturers, and you can read about the partnerships and HSM options we have on the Azure blog. Even if your device is incapable of using an HSM, it can still connect to Device Provisioning Service. You can learn about how to use a simulated TPM or a software-based x509 certificate here.
Learn more about all the technical concepts involved in device provisioning.
Azure IoT is committed to offering you services which take the pain out of deploying and managing an IoT solution in a secure, reliable way. You can create your own Device Provisioning Service on the Azure portal, and you can check out the device SDK on GitHub. Learn all about the Device Provisioning Service and how to use it in the documentation center. We would love to get your feedback on secure device registration (that's the point of the preview!), so please continue to submit your suggestions through the Azure IoT User Voice forum.
Quelle: Azure
Published by