Forward messages from Cloud MQTT broker to Azure IOT Hub - azure

I want to Forward messages from Cloud MQTT broker to Azure IOT Hub. I need the settings examples to create the bridge for multiple devices which can be accessible with Shared access key of IOT Hub rather than SAS for specific device. and can we use the single bridge for multiple devices or it needs single bridge for each device?

Note that IoT Hub is not a full-featured MQTT broker and does not support all the behaviors specified in the MQTT v3.1.1 standard.
A device can use the MQTT protocol to connect to an IoT hub using any of the following options:
Libraries in the Azure IoT SDKs.
The MQTT protocol directly.
can we use the single bridge for multiple devices or it needs single
bridge for each device?
AFAIK, Using the same connection string is not supported and you will see unexpected errors. Only one device can use the same connection string at a time. For example if you have two devices connecting with the same ID, then it would be difficult to identify where to send messages. You can use Modules Instead.
To answer your specific query, If your business scenario requires only sending a telemetry data (D2C messages), you can use a connection less device protocol such as the https using the REST API, with a sasToken for authorization header.
Also, see Using the MQTT protocol directly (as a device)

Related

How to disable Cloud initiated connection to Azure IoT Edge device?

I'm looking into Azure IoT Hub and IoT Edge to understand capabilities and potential use cases roughly. One of the projects I had worked in the past had a strict requirement to disable cloud initiated contact and make things to work based on device initiated polling. For example, when certain settings are changed on the device management portal or new firmware is made available, rather than pushing this down to the devices, each device would become aware of this by polling periodically.
I have no control over this requirement but if that project is to be moved to Azure IoT, I'm certain that the same is going to be requested. Is there an easy way to achieve this with Azure?
I thought about tempering with the network access of the relevant containers but would this lead to the IoT hub going crazy and trying to communicate with 'unresponsive' devices continuously and flag all these failed attempts?
There are two parts to this quest: connections, and messages.
Connections
As far as connections are concerned, one of the security principles of IoT Hub is that the device is responsible for setting up the connection. Azure IoT devices by default do not accept incoming connections. The device sets up an AMQP or MQTT connection with IoT Hub, which will then allow bi-directional communication.
An exception to this is the HTTPS connection, if you use that method, the device will poll IoT Hub for new messages.
Messages
When the bi-directional connection is initiated from the device, this allows the device and IoT Hub to send messages to each other. For a non-edge device, if you don't use the SDK and write your (for instance MQTT) code yourself, you can decide not to listen to any of the incoming messages. You won't subscribe to topics like direct methods and twin updates and only look for them when you want.
For IoT Edge devices, bi-directional communication is handled by the Edge Hub. So your other containers (modules) don't talk to the cloud directly.
That leaves the Edge Agent, which also deals with outgoing connections only, it reports the status of the modules to the cloud.
In the comment of your question, you mention that the requirement is that the cloud can't initiate a connection with the device. In short, that doesn't happen, IoT Hub isn't designed that way.

Connect to Azure IOT hub using TCP protocol with ESP8266 No os device

I have a ESP8266 device with No OS which can communicate using TCP/IP protocol. On Azure I am not able to find a way to connect this device directly to IOT hub. Could you please provide some help or sample code to make it happen.
Azure IoT Hub supports MQTT, AMQP, and HTTP. If you want to use another protocol you need to create a gateway, a middle-man that will bridge the traffic. Microsoft provides a free one on GitHub.
https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-protocol-gateway

Azure IoT hub simple publish-subcribe communication

I’m new to Microsoft’s Azure IoT Hub and MQTT/AMQP communication in general and I am trying to establish simple communication between my raspberry pi and a Ubunutu VM running on my computer. I intended on using my pi by as a client to publish messages to a service running on my VM that simply echoes the message contents to std out. After reading all the literature on the Azure website/github page I’m having trouble figuring out the best way to do this. Is it possible to host a service on your local network? Are the iotHub service client samples on the SDK meant to be used as services or as clients intended to communicate with existing services on Azure (SQL databases, webserver, etc)? I was able to send messages to my IoT Hub portal with azure-iot-sdk-c/iothub_client/samples/iothub_client_sample_mqtt.c sample but couldn’t figure out where to include the topic my message was getting published to. I would really appreciate any help/input.
Thanks
The Azure IoT device SDKs are meant to build device applications that will connect and communicate with the Azure IoT Hub service which lives in the Azure Cloud.
The Azure IoT service SDKs are meant to build applications that will be used to configure, monitor and interact with an instance of the Azure IoT Hub service running in the Azure Cloud.
If you are looking for a simple solution for establishing a local device to device or device to server communication leveraging MQTT, you can look into MQTT broker solutions out there.
Now if you want to leverage an IoT Cloud to manage devices, easily secure and authenticate them, upload telemetry to the Cloud at a high throughput and take advantage of advanced analytics services in the Cloud (Big Data, Machine Learning,...), then Azure IoT Hub is for you.
Azure IoT Hub is just a message channel, and it does not handle messages.
For device side (raspberry pi), you use a device SDK to send D2C messages with MQTT, and it works. For service side (Ubuntu VM), you need Event Hub SDK to receive D2C messages sent by raspberry pi (Why Event Hub? https://blogs.msdn.microsoft.com/zhqqitest/2017/03/18/do-not-make-it-a-mess-why-therere-so-many-endpoints-in-iot-hub/).
Also, IoT Hub supports MQTT on device side ONLY, that is to say, you cannot connect to IoT Hub with MQTT on service side (Ubuntu VM), but you need AMQP.
You may have another question, then what is the AMQP topic to listen for D2C messages on service side? It's /<compatibleName>/ConsumerGroups/<ConsumerGroups>/Partitions/<PartitionID>.
compatibleName: IoT Hub Event Hub-compatible name (what a mess :-S), you can find it from Azure portal (Endpoints – Built-in endpoints – Events)
ConsumerGroups: You can find it from Azure portal, $Default by default
PartitionID: Partition ID, you can get it when you connect to the Event Hub with AMQP, it's a number, ususally start from 0
If you don't want to call AMQP directly, you can simply use Event Hub SDK on Ubuntu VM with IoT Hub connection string (NOT Event Hub-compatible endpoint or Event Hub-compatible name, the Event Hub SDK will do that for you).

Azure IoT Hub anti-spoofing

Just read this thread
What I am still asking myself though is whether the IoT Hub does detect that there are multiple active connections that use the same deviceid and credentials?
This could be the case if an attacker would steal the device auth key or the SAS token.
The anti-spoofing property ConnectionDeviceGenerationId does not seem to be used for this since:
generationId - An IoT hub-generated, case-sensitive string up to 128 characters long. This value is used to distinguish devices with the same deviceId, when they have been deleted and re-created.
What I am still asking myself though is whether the IoT Hub does
detect that there are multiple active connections that use the same
deviceid and credentials?
For AMQP and HTTP, when sending Device-To-Cloud messages,multiple active connections using the same device id are able to work properly. But when receiving Cloud-To-Device messages it doesn't work.
But for MQTT, IoT Hub only supports one active MQTT connection per device. Any new MQTT connection on behalf of the same device ID causes IoT Hub to drop the existing connection.
Update:
IoT Hub allows devices to use MQTT, MQTT over WebSockets, AMQP, AMQP over WebSockets, and HTTP protocols for device-side communications. The following table provides the high-level recommendations for your choice of protocol:
MQTT(MQTT over WebSocket)
Use on all devices that do not require to connect multiple devices (each with its own per-device credentials) over the same TLS connection.
AMQP (AMQP over WebSocket)
Use on field and cloud gateways to take advantage of connection multiplexing across devices.
HTTP
Use for devices that cannot support other protocols.

MQTT broker in Azure cloud

I have a backend device with MQTT client connected to opensource MQTT broker (Mosquitto). On the other hand I have many frontend devices (PC, Tablet, Mobile) with GUI application also connected to the broker. So here Mosquitto works as a communication point between backend device and frontend devices and just forwards messages between them. Sometimes amount of data transferred can be quite high (e.g. 1 MB / min).
One backend device + many frontend devices is one installation. I need to prepare infrastructure for thousands of such installations working simultaneously. So my service needs to be very scallable. My company uses Azure cloud solutions, so I've started learning of this solution and I must admit that I am a little bit confused. I've read that I need to use IoT Hub, but it would need MQTT Gateway to be able to speak with MQTT devices. On the other hand, if I understand it well, the Gateway needs to be running on some VM, so here I lose scalability of my solution. Am I right? Now if I will need to support 100k or 500k devices then I will need another VM? One more thing is that I need to integrate all of this with some webservice (for management of backend and frontend devices), so I need some connection between webservice and the MQTT broker...
Before I started to play with Azure, I imagined, that I will simply start an MQTT broker service and magically it will be highly scallable and will be able to provide service for thousands of devices.
Can anybody explain me how to bite that?
Azure IoT Hub now talks MQTT natively. A protocol gateway is no longer required.
https://azure.microsoft.com/en-us/documentation/articles/iot-hub-mqtt-support/
This is going to help you a lot if you've just spent the last hour trying to form the MQTT username and password:
https://github.com/Azure/azure-content/blob/master/articles/iot-hub/iot-hub-devguide.md#example
Example:
Username (DeviceId is case sensitive): iothubname.azure-devices.net/DeviceId
Password (Generate SAS with Device Explorer): SharedAccessSignature sr=iothubname.azure-devices.net%2fdevices%2fDeviceId&sig=kPszxZZZZZZZZZZZZZZZZZAhLT%2bV7o%3d&se=1487709501
Tested with Paho and MQTT.fx on Windows. I could not make it authenticate with mosquitto, and i've put in reasonable effort, even tried using stunnel just in case mosquitto's TLS support wasn't cutting it. Mosquitto probably doesn't handle the long password correctly or something along those lines. It throws an authentication error. Escaping % and & didn't help.
If someone gets Mosquitto to work with Azure IoT Hub, please open my eyes.
...and someone did (Thank you Timothy in the comments)
Mosquitto_pub works, I verified by monitoring with Device Explorer Twin. Example:
mosquitto_pub -h IOTHubACMxxx.azure-devices.net
-p 8883
--cafile "C:\Users\jlaird\Documents\dev\azureca.crt"
-t devices/eACM1/messages/events/
-m "john says hello to azure from mosquitto"
-i eACM1
-u IOTHubACMxxx.azure-devices.net/eACM1/?api-version=2018-06-30
-P "SharedAccessSignature sr=IOTHubACMxxx.azure-devices.net&sig=obfuscate&se=1593013589&skn=device"
Today there isn't an official support for MQTT protocol in Azure but only the public preview of IoT Hub that supports AMQP and HTTP.
To connect MQTT devices to the IoT Hub, Microsoft provides a "framework" named IoT Protocol Gateway (https://github.com/Azure/azure-iot-protocol-gateway) that executes a protocol translation between MQTT and AMQP.
The IoT Protocol Gateway can be installed on premise or in the cloud as an Azure Worker Role. In the second scenario you have the scalability offered by Azure and related to worker role instances.
This solution is absolutely new due to the short life of IoT Hub (still in public preview) and the IoT Protocol Gateway itself.
Your first solution is based on using a third-party MQTT broker (like mosquitto) that you should install in a VM. AFAIK mosquitto doesn't support clustering like HiveMQ broker (see another reply here : Cluster forming with Mosquitto broker).
Last thing about the connection between your web service and the MQTT broker.
In this case the web service should translate calls to him (from front end) to published message on the MQTT broker using an MQTT client that you need to include inside the web service itself.
Even if using AWS, the following link could be useful too :
https://groups.google.com/forum/#!topic/mqtt/19jqofoPLro
Paolo.

Resources