How IoT Hub works
Azure IoT Hub is the main Azure PaaS (Platform as a Service) which enables bidirectional communications between IoT devices and a cloud solution. IoT Hub is the starting point for any IoT solution, and it implements some essential functions that are common to IoT deployments. These include networking, compute, storage capabilities and security. We describe these features below.
Protocols supported: IoT Hub allows devices to use the following protocols for device-side communications: MQTT, MQTT over WebSockets, AMQP, AMQP over WebSockets and HTTPS
Device Identity Registry: IoT Hub maintains an identity registry. The identity registry stores information about the devices and modules permitted to connect to the IoT Hub. An identity registry entry for the device or module must exist before the entity can connect to the IoT Hub. A device or module must also authenticate with the IoT Hub based on credentials stored in the identity registry.
Authentication: Azure IoT Hub grants access to endpoints by verifying a token against the shared access policies and identity registry security credentials. You can use any X.509 certificate to authenticate a device with IoT Hub. Supported certificates include an existing X.509 certificate; CA-signed X.509 certificate; a self-generated and self-signed X-509 certificate.
Device twins: Device twins are JSON documents that store device state information, including metadata, configurations, and conditions. Azure IoT Hub maintains a device twin for each device that you connect to IoT Hub. Device twins store device-related information that Device and back ends can use to synchronize device conditions and configuration.
Endpoints that IoT Hub exposes: For each device in the identity registry, IoT Hub exposes a set of endpoints: Send device-to-cloud messages; Receive cloud-to-device messages; Initiate file uploads; Retrieve and update device twin properties; Receive direct method requests. IoT Hub currently supports the following Azure services as additional (custom) endpoints: Azure Storage containers, Event Hubs, Service Bus Queues, Service Bus Topics.
Provisioning devices with Azure IoT Hub Device Provisioning Service: The IoT Hub Device Provisioning Service is a helper service for IoT Hub. The device provisioning service enables zero-touch, just-in-time provisioning to the right IoT Hub without requiring human intervention, allowing the customers to provision millions of devices in a secure and scalable manner.
The telemetry function is the essential component of the IoT Hub. The telemetry function involves recording and transmitting values received by an IoT device. However, IoT Hub is much more than the basic telemetry function. The scaling feature of the IoT Hub allows you to ramp up (or down) the scope of the solution. The ability to scale a solution depends on two considerations: the features you plan to use and the amount of data you plan to move daily. Once you plan to deploy devices at scale, you need to manage these devices. The provisioning function of IoT hub enables you to manage devices across the lifecycle of a device. Provisioning also establishes the security protocols for the device, its access rights, and privileges. The security requirements can be seen as part of a security function, which manages the per-device authentication and access requirements with multiple authentication types. Based on the security functions, the routing function determines the message flow and the recipients of the message. Finally, you can connect to external devices natively using the SDK functionality and integrate with other services using the service integration functionality.
If you consider the scenario outlined before about solution developers working with multiple sensors in the city – the prototype would have started with a basic telemetry function. But to deploy citywide – many more elements are needed. These include the ability to deploy and provision devices at scale, implement device-level security and ensure message level routing. Due to the diversity of devices in a city, the ability to connect natively using an SDK will expand the user base of the solution. In the absence of the functionality from IoT Hub, the solution would be hard to deploy beyond a basic telemetry function.