Azure IoT Edge – ready for enterprise-grade, scaled deployment



in this new episode of the Internet's things show we're going to show you how to provision and configure an IT edge device with Xero touch basically not doing anything else than just plug it in and the manual is here to come – to tell us about that demo that and tell us about IOT edge which is now g8 thanks for watching the IOT show Emmanuel is here today to talk to us about the latest in IOT edge ith just when GA today and we're glad to share with you some of the insights of what's new in there hey yeah oh yeah pretty good how are you are you tired a little bit so I th is GA meaning meaning what I think that it's really for production that is the main message it so in the DVD is what we're having is a lot of security features lots of developer features as well to make it easier to have more beautiful repeatable and scriptable developments okay and deployments through CI CD for instance and also like boots trappings and showing the vision that we have for partners with like a first step towards enabling a module market phase of ith modules bunch of features were actually making IITs not just generally available but also enterprise ready right yes yes and a lot of new features in the game all done good supported as well so really a lot of features are coming in and you came today with the demo so we have a Raspberry Pi here yeah it has this weird thing that comes out of that I'll go GPM it's a TPM yeah right because the pipe doesn't have it by default but for the demos we want to show so basically what is it used for it right in in our kids right here so GPM is a hardware security device that is a made to protect secrets so it can protect secrets with with with the out where so that you put a secret in there and even if you have access to the device for an unlimited period of time you can't get back the secret if you if you are not authorized to to get it okay got it so yeah a safe way to store your keys so he's a perfect example of what you want to put in a yeah okay so we have ith in there so that's the GA version so it has a new form factor I would say the runtime used to be a Python application while the bootstrap was a Python application so now it's a demon in Linux yeah right so we've completely rewritten this bootstrapping Python script and now it's running as a as two pieces actually a demon yeah that is always on and listening for commands to react to dps flow for instance okay but also the other component is HSN so hardware security manager okay that abstracts the HSM or TPM types of devices to into interface with them okay so you're going to show us some demo on that flow of provisioning a device yeah this one comes with just is security how do we call that like the ith secure agent runs what is it called exactly right now as a security manager a security major security manager okay and so this that's the only thing that's in there right it has a TPM yeah and it has the security manager right so essentially ith demon has been deployed and the HSM libs as well yeah which makes the edge security manager and it's not connected the before not acted and so before you connect what I've done is I went to DPS yeah in the portal and I've created an enrollment for this device okay it's an individual enrollment to support this TPM chip and so during the enrollment creation that I have done just before what I've done is is put a copy base as an endorsement key of this TPM okay flagged it as an edge device okay gave link to my IT hub and the last thing I've done was adding a tag to identify this this device as a group of other devices okay so that it's easier for me to manage and configure those types of devices at scale later on yes basically it gets as soon as it's provisioned by a DPS is gonna get a tag in between that will allow me to in that case I think you've been doing something with the deployments on the edge side of things yeah on the IT Help side of things so that for the DPS side and what I've also done is in my IOT hub so today there's no device connected to society huh yeah but what I've done is already set up next deployment okay with the tags that we were just mentioning earlier the object recognition tag okay and so this deployment is targeting all edge devices that has this tag object recognition okay and so this is a new like automatic deployment service okay as that is always ongoing and so each time there's a new device ith device that's going to come with that specific tag in the twin it's gonna get that deployment sent to it right exactly okay so it takes care for you of when the device are becoming visible yeah don't we get a set of modules and I've got a set of modules already set up and so what these deployments tells all those edge devices that meets the target condition is to deploy all those workloads to these edge devices now yeah that's right but yet it's the red cable okay it's on so it's gonna start raspbian on that it's going to connect to the Wi-Fi yeah so what you might want to do is actually maybe you can SSH into the device once it's connected yeah and we see still no devices there surprises refresh dish to make sure it's a device that's association to the device it's super secure password super secure password okay okay and so now what we can do is look at the logs of HTML okay yes is starting at romantically at boots because it's a demon yeah it's already started that way yeah okay so let's see what we're seeing the demon started it started to the network you see where there's a conflict that yeah move file so what does that file for device so this file is is where you will say how you want to push in your device if you want to do manual provisioning or automatic provisioning using –happy yes okay and this is also where you mentioned there's a version of the ith agent that you want to have deployed on your on your eyes okay yeah and if you do manual provisioning this is where you give your connection string to your IT herb and and all the parameters to get the connection so we see that the secure agent is actually now connecting to dps and starting a specific registration with the data from the yam oh yeah and oh actually got a device ID so we should see what a device ID from the herb so we should see this one back in suppose oh let's refresh okay nice yeah and it says modules count five so that means that it already has its configuration from IT hell yeah so what happened is so high tier this deployment found his device and it pushed deployment manifest with those five modules as soon as it found the device and so now this manifest has been pushed to the edge device okay so that tells the edge device to start fetching all those workloads got it and so basically we should see the five of them and yes yeah populating yeah display our modules temperature is an example of one of the workload that was the reference into the manifest also and then then what's in it like device will be running and has its module does it thing yeah so that's that's interesting cuz well I could just plug that in it had a vanilla piece of code nothing in there no modules no nothing and got connected automatically to achieve through DPS yes and now he has in his been and provisional or configured got its module installed the modules run the module and I'll as a functionality yeah and that's really what you need when you want to go to production right is you you you want to be able to configure your devices before sending them to the field and then as soon as they they're ready to be used in the film just powering them up and all the cloud takes care of everything else awesome and then from from there on this is a production device it's in production you can leverage the new enterprise ready features the ICD and so on to do your maintenance on these devices yeah you could you could you could use your CI CD to set up gate so as you do pull requests and you make changes to your code you can set the same kind of automatic configuration and to maybe on the on your first changes in your first ring target like five or six test devices and then go to bigger ring when as you move up branches and in the end target eventually all the other vices at scale in production awesome thanks to many also ith is now GA was his new features and just so DPS provisioning like zero touch zero and configuration of an ith device you know just like that you need a red cable though guys

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *