- Using Device Provisioning Service then Azure IoT Hub
- Directly to the Azure IoT hub
What is Device Enrollment?
Device enrollment is the process of adding the pre-configured IoT devices details on Azure device provisioning service and connect to the IoT hub on-demand or based on the requirement without any human intervention.Now let's learn step by step how to enroll the IoT devices
Step 1: Login To Azure Portal
After login into the azure portal, find the device provisioning service which we have created in the How To Create Azure Device Provisioning Service article or if you haven't created it, then please follow the steps shown in the article and create it. I hope you have DPS services on the portal. Now find the option to manage enrollments as shown in the following image.
Device Provisioning Service (DPS) provide the following two concepts,
- Individual Enrollment
- Group Enrollment
What is Individual Enrollment?
Step 2: Navigate To Azure Device Provisioning Service Instance
After clicking on the Add individual enrollment button, the following screen will get appeared as shown in the step 3.
Step 3: Provide Enrollment Details and X.509 Certificate
As shown in the preceding image, we need some details to create the enrollment entry,
- Attestation Mechanism
- Primary Certificate
- Secondary certificate
- IoT Hub Device Id
- IoT Edge Device
- Device Allocation Policy
- Choose IoT Hub
- Device Re-Provisioning
- Device Twin State
- Enable Entry
What is Attestation Mechanism?
The attestation Mechanism is the process of cross verifying the enrolled device identity during the device registration on IoT Hub, Device Provisioning Service supports the following attestation mechanism
- X.509
- TPM
- SymetricKey
Device Enrollment Using X.509
The X.509 is the security certificate which includes the authentication details about the device. These certificates can be provided by a device manufacturer which they can buy from the authorized certificate provider such as CA. For development and testing purposes we can create the X.509 certificate by using the tools like PowerShell or OpenSSl etc. I will show in a separate article how to generate the X.509 certificates.After uploading the certificate provide the following optional details
IoT Hub Device Id
Provide the Device Id name which is unique per X.509 certificate. This is optional, if you do not provide the device Id, then the registration id becomes the deviceId on the Azure IoT hub.
IoT Edge Device
Choose between true or false, which indicates if it's true, then it's an edge device, else it's an IoT device.
Device Allocation Policy
This chosen policy decides how IoT devices allocate to the IoT Hub, you can read my previous article to understand the details about the device allocation policies.
Choose IoT Hub
Device Re-Provisioning Policy
There may be a requirement to re-provision the device, so during this process, it allows whether to keep the previous data or not.
Initial Device Twin State
The initial device twin allows storing the custom properties about the device or whatever you want. Mostly, the device twin is used to keep the device-related information such as the path of the device upgrade package file or client details etc.
Example,
{ "tags": {}, "properties": { "desired": { "devicetype": "waterflow", "client": "www.compilemode.com" } } }
This option allows enabling to disable the enrollment entry.
Now go to our created device provisioning service (DPS) instance and see the created enrollment entry as follows.
Device Enrollment Using Symmetric Key
Now choose the symmetric key attestation mechanism from the dropdown list and check on auto-generated keys as shown in the following image.Now providing all the above details, click on the save, now go to our created device provisioning service (DPS) instance and see the created enrollment entry as follows.
Summary
I hope this article is useful to understand how to provision X.509 device using the Azure device provisioning service.
Post a Comment