Mender 3.2 release: Provision devices to Azure IoT Hub

Today Mender 3.2 is released!

Mender 3.2 adds support for Azure IoT Hub through several integrations. Most notably, Mender can now provision devices to your Azure IoT Hub so your device applications are ready to send and receive application data. This avoids the hassle of key generation and management for your Azure IoT applications.

These integrations are available in all Mender plans.

What is Azure IoT Hub used for?

Microsoft has a broad cloud offering through Azure, with a variety of use cases covered.

Feedback from Mender users shows that Azure IoT Hub is the Azure service most used in IoT projects today. It is the core of Azure’s IoT offering. This is a service used to connect IoT applications to the cloud in order to 1) configure the applications (bi-directionally) and 2) send telemetry data. We will use an example to illustrate its usage.

The company NewSwitchesInc decides to develop a smart light switch. It has a normal light switch button on the wall in the building. In addition there is a mobile app offered to turn the light on and off which requires that the wall switch and the mobile switch stay synchronized. NewSwitchesInc uses Azure IoT Hub (in particular, its Device Twin) to synchronize the state of the light (on or off) between the light switch on the wall and the mobile app. Azure IoT Hub offers APIs both for the IoT device and mobile application to 1) see and 2) change the state of the light (on or off). Technically, the Device Twin is a JSON document with “desired” (user set) and “reported” (from device) properties, where the light state (on or off) is one such property.

Separately, the light switch reports the current room temperature so that the manufacturer can analyze this data to check if light switches have reduced lifetime in higher-temperature rooms, in order to plan its future designs. This is reported as telemetry, separate from the Device Twin.

Hopefully this example highlights the typical use cases; the point is that IoT applications (such as a software light switch) can be configured through several interfaces and send telemetry data.

The value of Mender integrating with Azure IoT Hub

Let us assume you are using Azure IoT Hub for IoT application telemetry and Mender to deploy OTA firmware and software updates, which is the typical situation for many Mender users today.

Mender and Azure have been completely separate from each other, but you still need to connect every device to both to achieve the described use-cases.

First off, this means provisioning and managing separate key materials on the device itself, as well as making sure the device is created in both services. If this registration process has some (partial) failures, it can create severe issues over time because either the device would not be able to send application data, and/or not be able to receive OTA updates. The ideal situation is you register the device once in a single system and ensure it is kept synchronized, even when rotating keys.

Secondly, you want one place to look up and control information about the device and its application. Where do you go? Mender users would use Mender but it did not have all the information about a device, such as the Azure Device ID or Device Twin. You could build an internal homegrown system that “glues” information from Azure IoT and Mender together, offering a single place of registration and device information, but this is not ideal. You end up spending your time developing and maintaining infrastructure instead of focusing your time and energy on product development, which is why you bought these services in the first place.

To solve this problem, Mender 3.2 enables Mender users to provision and manage credentials and device information directly in Mender. From now on Mender takes care of synchronizing it with Azure IoT Hub and the device.

Provision devices to Azure IoT Hub

The first challenge when starting to use Azure IoT Hub is device provisioning. You will need to figure out which type of credentials you want to use, generate the keys and then somehow transfer these keys to each device. This is OK to do as a manual process for development or testing purposes, but there is a bigger challenge in scaling this up in a secure manner, especially since device credentials need to be unique.

Mender 3.2 solves this problem for you, since you can integrate your Azure IoT Hub into Mender and Mender will manage your devices in Azure IoT Hub, by using Mender’s already-existing secure channel to the device.

When a new device is accepted in Mender, the Mender server will automatically create the same device in your Azure IoT Hub, by generating a new symmetric key for the device.

With the Mender Configure add-on, Mender will also distribute the symmetric key for Azure IoT Hub to the device, so it is ready-to-use. Device applications using Azure IoT Hub can use the key and start sending data immediately.

Mender will continue to manage the device life-cycle and synchronize this to Azure IoT Hub. For example, if the device becomes Rejected in Mender, Mender will Disable it in Azure IoT Hub. This means less maintenance and API integration, as you only need to manage the device life-cycle in one place: the Mender server.

Manage Device Twins in Mender

Mender contains inventory information about every device, for example IP address, geo-location and software versions installed. The primary uses for this in Mender is grouping of devices, e.g. by time zone, and troubleshooting single devices.

However, when using Azure IoT Hub, there is additional information available about each device – but in a separate system. This again creates the issue of managing information in multiple sources. For example, in order to deploy an urgent security update to the application with Mender, you might need to configure it to accept all updates immediately through a property in it’s Device Twin. But that would mean you’ll need to log into Azure IoT Hub and find the same device there first. This is very cumbersome and error prone.

To address this issue with disparate sources of information, Mender 3.2 introduces a second integration to manage Azure Device Twins directly in the Mender UI (and APIs). This makes all the information about the device available in a single place: the Mender server.

The Mender server synchronizes the Device Twin to Azure IoT Hub and from there it is delivered to the device, as shown in the diagram below.

The Device Twin is available right under the device details in the Mender UI.

When there are support cases or issues with devices, there is no longer any need to look up information from different sources which will save valuable operational and debugging time.

In most cases, it is intended that the desired and reported properties of a Device Twin synchronizes eventually. This is why Mender also shows a diff interface for any differences between them so it is easy to identify properties and values that are not (yet) synchronized and thus discover any issues that may need attention.

Sign up with Azure

If you already have an Azure account you can now use it to sign up to hosted Mender.

This makes creating a Mender account seamless and avoids the need for yet-another username and password to track.

Try the new features

Here are some pages with more information to get you started with the new features of Mender 3.2:

• Get started - The best place to do a quick test of the new release from scratch. Sign up for a new Free trial and all features and add-ons are available for 12 months for free.
• Azure partner page - Overview, videos and technical tutorials for how the integrations work and how to set it up.
• Azure IoT Hub in Mender docs - More in-depth information on how the integrations work, including architecture.

Support for your board

With an active open source community supporting a large number of different hardware and operating systems and growing every day, Mender has quickly become the trusted choice by some of the world’s most respected brands.

If you are getting started with OTA updates, or do not have time to integrate the Mender client with your board for robust A/B system updates, there are several resources available to you!

You can get a full overview of types of hardware and operating system support in the Device Support documentation.

The Board Integrations category in Mender Hub is a community site to contribute, reuse and maintain Mender board integrations.

We are also happy to help with consulting services to enable verified Mender support for your board!

Share your feedback

We appreciate your general feedback on Mender, be it positive or need for improvement, in the Mender Hub General Discussions forum. Your continued feedback ensures Mender will meet your needs even better in the future!

If you believe you have encountered a bug, please submit your report at the Mender JIRA issue tracker.

We hope you enjoy the new features and are looking forward to hearing from you!