In my previous articles on the azure IoT series, we have learned about the Azure IoT Hub and Device Provisioning Service (DPS). If you have not read my previous articles about Azure device provisioning service yet, then please read them using the following link
- How To Create Azure Device Provisioning Service
- How To Create Azure IoT Hub
- Understanding The Azure IoT Hub Device Provisioning Service
- Introduction To Azure IoT Hub
As explained in the previous articles IoT devices to the IoT hub can be connected in two ways that are either using Device Provisioning Service (DPS) or directly to the IoT hub, So let's learn how to enroll the IoT devices with Device Provisioning Service (DPS).
What is Device Enrollment?
Device enrollment is the process of adding the pre-configured IoT devices details on Azure device provisioning service and connect to the IoT hub on-demand or based on the requirement without any human intervention.
Now let's learn step by step how to enroll the IoT devices
After login into the azure portal Find the device provisioning service which we have created in the How To Create Azure Device Provisioning Service or if you haven't created then please follow the steps shown in the article and create it. Hope you have DPS services on the portal, Now find the option manage enrollments as shown in the following image
Device Provisioning Service (DPS) provide the following two concepts,
- Individual Enrollment
- Group Enrollment
What is Individual Enrollment?
What is Attestation Mechanism?
The attestation Mechanism is the process of cross verifying the enrolled device identity during the device registration on IoT Hub, Device Provisioning Service supports the following attestation mechanism
Device Enrollment Using X.509X.509 certificate is the security certificate which includes the authentication details about the device, these certificates can be provided by a device manufacturer which they can buy from the authorized certificate provider such as CA. For development and testing purposes we can create the x.509 certificate by using the tools like PowerShell or Openssl etc. I will show in the separate article how to generate an x.509 certificates.
After uploading the certificate provide the following optional details
IoT Hub Device Id
Provide the Device Id name which is the unique per x.509 certificate, This is optional, if you do not provide the device Id then registration id becomes the deviceid on Azure IoT hub
IoT Edge Device
Choose between true or false which indicates if its true then its as edge device else its an IoT device
Device Allocation Policy
This chosen policy decides how IoT device allocate to the IoT Hub, you can read my previous article on same to understand the details about the device allocation policies
Choose IoT Hub
DPS linked with multiple IoT Hubs, you can choose on which IoT hub device should register or you can let it decide by device allocation policy
Device Re-Provisioning Policy
There may be a requirement to re-provision the device, so during this process, it allows whether to keep the previous data or not.
Initial Device Twin State
The initial device twin allows storing the custom properties about the device or whatever you want. mostly device twin used to keep the device-related information such as the path of device upgrade package file or client details etc.
This option allows enabling to disable the enrollment entry
Now providing the all above details click on save, after successfully creating the enrollment entry the following notification will be shown
In the preceding image, you see the registration id as my device which is come from the certificate common name (CN).
Device Enrollment Using Symmetric KeyNow choose the symmetric key attestation mechanism from the dropdown list and check on auto-generated keys as shown in the following image
Now providing the all above details click on save, now go to our created device provisioning service (DPS) instance and see the created enrollment entry as follows
I hope this article is useful to understand how to enroll the device using azure device provisioning service with X.509 certificate. In this series of Azure IoT, next, we will learn about the enrollment group of devices.