Embedded Computing Conference 2019Winterthur, 3. September 2019

Michel Estermann

1

Azure IoT Edge

1. Etwas zu mir2. Was ist Edge Computing3. Was ist Azure IoT Edge4. Beurteilung und Zusammenfassung

2

Inhalt

Master of Science ETH in Informatik

Ausgebildeter Elektroniker

Seit 2008 Senior Software Engineer bei bbv Software Services AG mit Fokus auf C++ und Embedded Software.

Seit einem Jahr auch intensiv im Bereich IoT Devices

Keine professionelle, persönliche oder finanzielle Verbindungen zu Microsoft, ausser der in solchen Projekten üblichen Kommunikation mit Microsoft im Zusammenhang mit Beratung und Unterstützung bei der Planung und Umsetzung.

3

Michel Estermann

4

Internet of Things (IoT)

Device Cloud

Collect data ProcessVisualizeAnalyze/Learn• Big Data• ML

5

Internet of Things (IoT)

Device Cloud

Low CostLow PowerLimited resources

processing powermemory/storage

Scalable resourcesExpensive

Rather unreliable and slow

6

Edge Computing

Device Edge Device Cloud

(Pre-) Process Date• filter• enrich• aggregateAnalyze

Collect data Analyze/Learn• Big Data• ML

Rather unreliable and slow

Quite reliable and fast

• Reduce bandwidthSend only relevant/aggregated data

• Reduce latencyData processing is closer to the data source

• “Offline”-capabilityProcess important data without connection to the cloud(at least for some time)

• Reduce cloud resourcesCompute on the edge device instead of the cloud

7

Why Edge Computing

“The traditional model of processing and storing all data in the cloud is becoming too costly and often too slow to meet the requirements of the end user.”

Ismet Aktas, “Why edge computing for IoT?“, Bosch ConnectedWorld Blog (https://bit.ly/2GnBA21)

“Organizations that have embarked on a digital business journey have realized that a more decentralized approach is required to address digital business infrastructure requirements.As the volume and velocity of data increases, so too does the inefficiency of streaming all this information to a cloud or data center for processing.”

Santhosh Rao, Gartner. From (https://gtnr.it/2KKzd8k)

8

Why Edge Computing

“Around 10% of enterprise-generated data is created and processed outside a traditional centralized data center or cloud. By 2025, Gartner predicts this figure will reach 75%”

Gartner, Oct. 2018 (https://gtnr.it/2KKzd8k)

9

Azure IoT Edge is an Internet of Things (IoT) service that builds on top of IoT Hub. This service is meant for customers who want to analyze data on devices, or "at the edge," instead of in the cloud. By moving parts of your workload to the edge, your devices can spend less time sending messages to the cloud and react more quickly to events.

Microsoft, Azure IoT Edge documentation (https://bit.ly/2sYb1ai )

10

Azure IoT Edge

IoT Edge modules are units of execution, implemented as Docker compatible containers, that run business logic at the edge. Multiple modules can be configured to communicate with each other, creating a pipeline of data processing.

11

Azure IoT Edge

The Azure IoT Edge runtime enables custom and cloud logic on IoT Edge devices. It sits on the IoT Edge device, and performs management and communication operations.

12

Azure IoT Edge

13

Azure IoT Edge Runtime

Azure IoT Edge Runtime

Docker Container

edgeAgentedgeHub

IoT Edge security manager

Module Module Module

IoT Hub• Install and update workloads

on the device.• Maintain Azure IoT Edge

security standards on the device.

• Ensure that IoT Edge modules are always running.

• Report module health to the cloud for remote monitoring.

• Facilitate communication between

• downstream leaf devices and IoT Edgedevices.

• modules on the IoT Edge device.

• the IoT Edge device and the cloud.

14

Azure IoT Edge security manager

Details at https://bit.ly/2L2wOpR

15

Azure IoT Edge Runtime

Azure IoT Edge Runtime

Docker Container

edgeAgentedgeHub

IoT Edge security manager

Module Module Module

IoT Hub

The IoT Edge hub acts as a local proxy for IoT Hub by exposing the same protocol endpoints as IoT Hub. This consistency means that clients(whether devices or modules) can connect to the IoT Edge runtime just as they would to IoT Hub.

16

IoT Edge Hub

IoT Edge hub forwards authentication requests to IoT Hub when a device first tries to connect. After the first connection is established, security information is cached locally by IoT Edge hub. Subsequent connections from that device are allowed without having to authenticate to the cloud.

17

IoT Edge Hub

IoT Edge hub takes logical connections from clients like modules or leaf devices and combines them for a single physical connection to the cloud.

Clients think they have their own connection to the cloud even though they are all being sent over the same connection.

18

IoT Edge Hub

IoT Edge hub can determine whether it's connected to IoT Hub. If the connection is lost, IoT Edge hub saves messages or twin updates locally. Once a connection is reestablished, it syncs all the data. The location used for this temporary cache is determined by a property of the IoT Edge hub’s module twin. The size of the cache is not capped and will grow as long as the device has storage capacity.

19

IoT Edge Hub

IoT Edge hub facilitates module to module communication. Using IoT Edge hub as a message broker keeps modules independent from each other. Modules only need to specify the inputs on which they accept messages and the outputs to which they write messages.

20

IoT Edge Hub

The solution developer specifies rules that determine how IoT Edge hub passes messages between modules. Routing rules are defined in the cloud and pushed down to IoT Edge hub in its device twin.

21

IoT Edge Hub

The IoT Edge agent is responsible for instantiating modules, ensuring that they continue to run, and reporting the status of the modules back to IoT Hub.The IoT Edge security daemon starts the IoT Edge agent on device startup. IoT Edge Agent is responsible for downloading the deployment manifest from the cloud and maintaining the desired state of configuration of the edge device. It pulls all the container images from registries and runs them based on the predefined configuration.

22

IoT Edge Agent

An IoT Edge automatic deployment assigns IoT Edge module images to run as instances on a targeted set of IoT Edge devices. It works by configuring an IoT Edge deployment manifest to include a list of modules with the corresponding initialization parameters. A deployment can be assigned to a single device (based on Device ID) or to a group of devices (based on tags).

23

Deployment

A deployment manifest is a JSON document that describes the modules to be configured on the targeted IoT Edge devices. It contains the configuration metadata for all the modules, including the required system modules (specifically the IoT Edge agent and IoT Edge hub). The configuration metadata for each module includes: • Version • Type• Status (for example, running or stopped) • Restart policy• Image and container registry• Routes for data input and output

24

Deployment manifest

• Edge Runtime already handles a lot you otherwise have to implement yourself• Device provisioning using DPS (if you have a TPM)• Offline capability, e.g. cached messages• Re-Connection (MQTT, AMQP, WS), Authentication

• Automatic deployment targeting single devices or device groups• Allows for customer specific deployments and staged deployment

(dev, test, prod)• Open-Source• The same Azure IoT Hub SDK for module development as for device

development (SKD for .NET, Java, Node.js, Python & C)25

Reasons to consider Azure IoT Edge

• Requires Docker (Moby)• Limitation of modules (Raspberry Pi ~4 incl. edgeAgent & edgeHub)• Deep Docker Know-How required (accessing data/devices on host)

• Azure specific solution (Vendor Lock)• Maturity (public release Summer 2018)

• New features every 2-3 month• Documentation not always up-to-date for newest features• MQTT supported, but no custom topics possible• Some limitations (see next slide)

26

Reasons NOT to consider Azure IoT Edge

• No cloud to edge device message functionality• No Direct-Method call to Edge Device functionality, only Direct-Method

call to Edge Module.• Device twin can not be read from modules. However there is a module

twin.• No support for authentication with X.509 certificates yet.• Auto Device Provisioning using the Azure Device Provisioning Service

only supported with a Trusted Platform Module (TPM)• Only downstream devices with symmetric key authentication can connect

through IoT Edge gateways. X.509 certificate authorities and X.509 self-signed certificates are not currently supported.

27

Limitations

Supported in newer versions (> 1.0.6)

• Azure Iot Edge is a promising open source edge computing solution for Microsoft’s Azure IoT Platform.

• Released in Summer 2018 and under active development.

29

Wrap Up

30

• Azure Iot Edge is a promising open source edge computing solution for Microsoft’s Azure IoT Platform.

• Released in Summer 2018 and under active development• Works on Linux and Windows• AMQP, MQTT and AMQP, MQTT over Websocket supported• Use of a Trusted Platform Module (TPM) on the Edge device

is recommended

31

Wrap Up

• Mostly well documented and a lot of tutorials to get started• Works quite stable, but problems can be difficult to analyze:

• Many components: security daemon, edgeHub, edgeAgentand own modules (docker).

• Well integrated into Visual Studio Code• Azure IoT Edge Extension• Azure IoT Hub Toolkit

• Well integrated into Azure DevOps services (CI/CD)

32

Development

• Industrial grade hardware for Edge Devices is expensive• E.g. Dell Edge Gateway 300x starting from 472.50 CHF

(Intel E3805 Prozessor, 1,33 GHz (1 MB L2-Cache); 2 GB DDR3L, 1.067 MHz; 8 GB eMMC-Storage)

• Provisioning solution must include Leaf and Edge Devices• A sound update and maintenance solution for the Edge Device is

required:• OS, edge runtime and docker update• Status reporting, logging• Troubleshooting, system recovery

• Edge Devices are hot targets for cyberattacks

33

Important to note

34

bbv Software Services AGBlumenrain 106002 Luzernwww.bbv.ch

michel.estermann@bbv.chTelefon +41 41 429 01 47www.bbv.ch

Michel Estermann | Software Engineer