Overview of the Azure IoT Hub service
Welcome to Azure IoT Hub. This article provides an overview of Azure IoT Hub and describes why you should use this service to implement an Internet of Things (IoT) solution. Azure IoT Hub is a fully managed service that enables reliable and secure bidirectional communications between millions of IoT devices and a solution back end. Azure IoT Hub:
- Provides multiple device-to-cloud and cloud-to-device communication options. These options include one-way messaging, file transfer, and request-reply methods.
- Provides built-in declarative message routing to other Azure services.
- Provides a queryable store for device metadata and synchronized state information.
- Enables secure communications and access control using per-device security keys or X.509 certificates.
- Provides extensive monitoring for device connectivity and device identity management events.
- Includes device libraries for the most popular languages and platforms.
The article Comparison of IoT Hub and Event Hubs describes the key differences between these two services and highlights the advantages of using IoT Hub in your IoT solutions.
For more information on how Azure and IoT Hub help secure your IoT solution, see Internet of Things security from the ground up.
For an in-depth discussion of IoT architecture, see the Microsoft Azure IoT Reference Architecture.
IoT device-connectivity challenges
IoT Hub and the device libraries help you to meet the challenges of how to reliably and securely connect devices to the solution back end. IoT devices:
- Are often embedded systems with no human operator.
- Can be in remote locations, where physical access is expensive.
- May only be reachable through the solution back end.
- May have limited power and processing resources.
- May have intermittent, slow, or expensive network connectivity.
- May need to use proprietary, custom, or industry-specific application protocols.
- Can be created using a large set of popular hardware and software platforms.
In addition to the requirements above, any IoT solution must also deliver scale, security, and reliability. The resulting set of connectivity requirements is hard and time-consuming to implement when you use traditional technologies, such as web containers and messaging brokers.
Why use Azure IoT Hub?
Azure IoT Hub offers a rich set of device-to-cloud and cloud-to-device communication options. Additionally, Azure IoT Hub addresses the challenges that come with reliably and securely connecting to devices in the following ways:
Device twins. Using Device twins, you can store, synchronize, and query device metadata and state information. Device twins are JSON documents that store device state information like metadata, configurations, and conditions. IoT Hub maintains a device twin for each device that you connect to IoT Hub.
Per-device authentication and secure connectivity. You can provision each device with its own security key to enable it to connect to IoT Hub. The IoT Hub identity registry stores device identities and keys in a solution. A solution back end can add individual devices to allow or deny lists to enable complete control over device access.
Route device-to-cloud messages to Azure services based on declarative rules. IoT Hub enables you to define message routes based on routing rules to control where your hub sends device-to-cloud messages. Routing rules do not require you to write any code, and can take the place of custom post-ingestion message dispatchers.
Integrate IoT Hub events into your business applications. IoT Hub integrates with Azure Event Grid. Use this integration to configure other Azure services or third-party applications to listen for IoT Hub events. Azure Event Grid enables you to react quickly to critical events in a reliable, scalable, and secure manner.
Monitoring of device connectivity operations. You can receive detailed operation logs about device identity management operations and device connectivity events. This monitoring capability enables your IoT solution to identify connectivity issues. Use these logs to identify devices that provide wrong credentials, send messages too frequently, or reject all cloud-to-device messages.
IoT protocols and extensibility. If your solution cannot use the device libraries, IoT Hub exposes a public protocol that enables devices to natively use the MQTT v3.1.1, HTTPS 1.1, or AMQP 1.0 protocols. You can also extend IoT Hub to support custom protocols by:
Scale. Azure IoT Hub scales to millions of simultaneously connected devices and millions of events per second.
Device provisioning. The IoT Hub Device Provisioning Service is a helper service for IoT Hub that enables zero-touch, just-in-time device provisioning to the right IoT hub without requiring human intervention, enabling you to provision millions of devices in a secure and scalable manner.
A protocol gateway performs protocol translation, for example MQTT to AMQP.
A field gateway can:
- Run analytics on the edge.
- Make time-sensitive decisions to reduce latency.
- Provide device management services.
- Enforce security and privacy constraints.
- Perform protocol translation.
Both gateway types act as intermediaries between your devices and your IoT Hub.
A field gateway differs from a simple traffic routing device (such as a network address translation device or firewall) because it typically performs an active role in managing access and information flow in your solution.
A solution may include both protocol and field gateways.
How does IoT Hub work?
Azure IoT Hub implements the service-assisted communication pattern to mediate the interactions between your devices and your solution back end. The intent of the pattern is to establish trustworthy, bidirectional communication paths between a control system, such as IoT Hub, and special-purpose devices in untrusted physical space. The pattern establishes the following principles:
Security takes precedence over all other capabilities.
Devices do not accept unsolicited network information. A device establishes all connections and routes in an outbound-only fashion. For a device to receive a command from the solution back end, the device must regularly initiate a connection to check for any pending commands to process.
Devices should only connect to or establish routes to well-known services they are peered with, such as IoT Hub.
The communication path between the device and the service or gateway is secured at the application protocol layer.
System-level authorization and authentication are based on per-device identities. They make access credentials and permissions nearly instantly revocable.
For devices that connect sporadically due to power or connectivity concerns, bidirectional communication works by holding commands and notifications until a device connects to receive them. IoT Hub maintains device-specific queues for the commands it sends.
Application payload data is secured separately for protected transit through gateways to a particular service.
The mobile industry has used the service-assisted communication pattern to implement push notification services such as Windows Push Notification Services, Google Cloud Messaging, and Apple Push Notification Service.
IoT Hub is supported over ExpressRoute's public peering path.
To get started writing some code and running some samples, see the Get started with IoT Hub tutorial.
To learn how to send messages from a device and receive them from IoT Hub, as well as how to configure message routes, see Send and receive messages with IoT Hub.
To learn how IoT Hub enables standards-based device management for you to remotely manage, configure, and update your devices, see Overview of device management with IoT Hub.
To implement client applications on a wide variety of device hardware platforms and operating systems, you can use the Azure IoT device SDKs. The device SDKs include libraries that facilitate sending telemetry to an IoT hub and receiving cloud-to-device messages. When you use the device SDKs, you can choose from various network protocols to communicate with IoT Hub. To learn more, see the information about device SDKs.