您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

快速入门:使用 C# 代理应用程序通过 IoT 中心设备流实现 SSH 和 RDP 方案(预览)Quickstart: Enable SSH and RDP over an IoT Hub device stream by using a C# proxy application (preview)

Microsoft Azure IoT 中心目前支持设备流作为预览版功能Microsoft Azure IoT Hub currently supports device streams as a preview feature.

服务和设备应用程序可以使用 IoT 中心设备流以安全且防火墙友好的方式进行通信。IoT Hub device streams allow service and device applications to communicate in a secure and firewall-friendly manner. 本快速入门指南涉及两个 C# 应用程序,在其中,可以使用通过 IoT 中心建立的设备流发送客户端-服务器应用程序流量(例如安全外壳 [SSH] 和远程桌面协议 [RDP])。This quickstart guide involves two C# applications that enable client-server application traffic (such as Secure Shell [SSH] and Remote Desktop Protocol [RDP] to be sent over a device stream that's established through an IoT hub. 有关设置概述,请参阅适用于 SSH 或 RDP 的本地代理应用程序示例For an overview of the setup, see Local proxy application sample for SSH or RDP.

本文先介绍 SSH 的设置(使用端口 22),然后介绍如何修改 RDP 的设置端口。This article first describes the setup for SSH (using port 22) and then describes how to modify the setup's port for RDP. 由于设备流不区分应用程序和协议,因此,可以修改同一示例来适应其他类型的应用程序流量。Because device streams are application- and protocol-agnostic, the same sample can be modified to accommodate other types of application traffic. 这种修改通常只涉及到将通信端口更改为目标应用程序所用的端口。This modification usually involves only changing the communication port to the one that's used by the intended application.

工作原理How it works

下图演示了本示例中的设备本地和服务本地代理应用程序如何在 SSH 客户端与 SSH 守护程序进程之间实现端到端的连接。The following figure illustrates how the device-local and service-local proxy applications in this sample enable end-to-end connectivity between the SSH client and SSH daemon processes. 此处假设守护程序在设备本地代理应用程序所在的同一台设备上运行。Here, we assume that the daemon is running on the same device as the device-local proxy application.

本地代理应用程序设置

  1. 服务本地代理应用程序连接到 IoT 中心,并向目标设备发起设备流。The service-local proxy application connects to the IoT hub and initiates a device stream to the target device.

  2. 设备本地代理应用程序完成流发起握手,并通过 IoT 中心的流式处理终结点与服务端建立端到端的流式处理隧道。The device-local proxy application completes the stream initiation handshake and establishes an end-to-end streaming tunnel through the IoT hub's streaming endpoint to the service side.

  3. 设备本地代理应用程序连接到在设备上侦听端口 22 的 SSH 守护程序。The device-local proxy application connects to the SSH daemon that's listening on port 22 on the device. 可按“运行设备本地代理应用程序”部分中所述对此设置进行配置。This setting is configurable, as described in the "Run the device-local proxy application" section.

  4. 服务本地代理应用程序通过侦听指定的端口(在本例中为端口 2222),等待用户建立新的 SSH 连接。The service-local proxy application waits for new SSH connections from a user by listening on a designated port, which in this case is port 2222. 可按“运行服务本地代理应用程序”部分中所述对此设置进行配置。This setting is configurable, as described in the "Run the service-local proxy application" section. 当用户通过 SSH 客户端连接时,该隧道使 SSH 应用程序流量可在 SSH 客户端与服务器应用程序之间进行传输。When the user connects via the SSH client, the tunnel enables SSH application traffic to be transferred between the SSH client and server application.

备注

通过设备流发送的 SSH 流量将通过 IoT 中心的流式处理终结点以隧道方式进行传输,而不是直接在服务与设备之间发送。SSH traffic that's sent over a device stream is tunneled through the IoT hub's streaming endpoint rather than sent directly between service and device. 有关详细信息,请参阅使用 IoT 中心设备流的好处For more information, see the benefits of using Iot Hub device streams.

使用 Azure Cloud ShellUse Azure Cloud Shell

Azure 托管 Azure Cloud Shell(一个可通过浏览器使用的交互式 shell 环境)。Azure hosts Azure Cloud Shell, an interactive shell environment that you can use through your browser. 通过 Cloud Shell 可以将 bashPowerShell 与 Azure 服务配合使用。Cloud Shell lets you use either bash or PowerShell to work with Azure services. 可以使用 Azure Cloud Shell 预安装的命令来运行本文中的代码,而不必在本地环境中安装任何内容。You can use the Cloud Shell pre-installed commands to run the code in this article without having to install anything on your local environment.

若要启动 Azure Cloud Shell,请执行以下操作:To launch Azure Cloud Shell:

选项Option 示例/链接Example/Link
选择代码块右上角的“试用”。 Select Try It in the upper-right corner of a code block. 选择“试用” 不会自动将代码复制到 Cloud Shell。Selecting Try It doesn't automatically copy the code to Cloud Shell. Azure Cloud Shell 的“试用”示例
转到 https://shell.azure.com 或选择“启动 Cloud Shell” 按钮可在浏览器中打开 Cloud Shell。Go to https://shell.azure.com or select the Launch Cloud Shell button to open Cloud Shell in your browser. 在新窗口中启动 Cloud ShellLaunch Cloud Shell in a new window
选择 Azure 门户右上方菜单栏中的“Cloud Shell” 按钮。Select the Cloud Shell button on the top-right menu bar in the Azure portal. Azure 门户中的“Cloud Shell”按钮

若要在 Azure Cloud Shell 中运行本文中的代码,请执行以下操作:To run the code in this article in Azure Cloud Shell:

  1. 启动 Cloud Shell。Launch Cloud Shell.
  2. 选择代码块上的“复制”按钮 以复制代码。Select the Copy button on a code block to copy the code.
  3. 在 Windows 和 Linux 上使用 Ctrl+Shift+V 将代码粘贴到 Cloud Shell 会话中,或在 macOS 上使用 Cmd+Shift+V 将代码粘贴到 Cloud Shell 会话中。Paste the code into the Cloud Shell session with Ctrl+Shift+V on Windows and Linux, or Cmd+Shift+V on macOS.
  4. Enter 运行此代码。Press Enter to run the code.

如果还没有 Azure 订阅,可以在开始前创建一个免费帐户If you don’t have an Azure subscription, create a free account before you begin.

先决条件Prerequisites

  • 目前仅以下区域中创建的 IoT 中心支持设备流预览:The preview of device streams is currently supported only for IoT hubs that are created in the following regions:

    • 美国中部Central US
    • 美国中部 EUAPCentral US EUAP
  • 本快速入门中运行的两个示例应用程序是使用 C# 编写的。The two sample applications that you run in this quickstart are written by using C#. 开发计算机上需要有 .NET Core SDK 2.1.0 或更高版本。You need the .NET Core SDK 2.1.0 or later on your development machine.

    可以从 .NET 下载适用于多个平台的 .NET Core SDKYou can download the .NET Core SDK for multiple platforms from .NET.

  • 使用以下命令验证开发计算机上 C# 的当前版本:Verify the current version of C# on your development machine by using the following command:

    dotnet --version
    
  • 运行以下命令将用于 Azure CLI 的 Azure IoT 扩展添加到 Cloud Shell 实例。Run the following command to add the Azure IoT Extension for Azure CLI to your Cloud Shell instance. IOT 扩展会将 IoT 中心、IoT Edge 和 IoT 设备预配服务 (DPS) 特定的命令添加到 Azure CLI。The IOT Extension adds IoT Hub, IoT Edge, and IoT Device Provisioning Service (DPS)-specific commands to the Azure CLI.

    az extension add --name azure-cli-iot-ext
    
  • 下载示例 C# 项目并解压缩 ZIP 存档。Download the sample C# project, and extract the ZIP archive.

创建 IoT 中心Create an IoT hub

本部分介绍如何使用 Azure 门户创建 IoT 中心。This section describes how to create an IoT hub by using the Azure portal.

  1. 登录到 Azure 门户Sign in to the Azure portal.

  2. 选择“创建资源”,然后选择“物联网”。 Select Create a resource, and then select Internet of Things.

  3. 在右侧的列表中选择“IoT 中心”。 In the list at the right, select Iot Hub. 此时会打开用于创建 IoT 中心的第一个页面。The first page for creating an IoT hub opens.

    在 Azure 门户中创建 IoT 中心

    填写字段:Fill in the fields:

    a.a. 在“订阅”下拉列表中,选择要用于 IoT 中心的订阅。 In the Subscription drop-down list, select the subscription to use for your IoT hub.

    b.b. 对于“资源组”,请执行以下操作之一: For Resource Group, do either of the following:

    • 若要创建新的资源组,请选择“新建”,然后输入所需的名称 。To create a new resource group, select Create new and enter the name you want to use.

    • 若要使用现有资源组,请选择“使用现有项”,然后在下拉列表中选择该资源组。 To use an existing resource group, select Use existing and then, in the drop-down list, select the resource group.

      有关详细信息,请参阅管理 Azure 资源管理器资源组For more information, see Manage Azure Resource Manager resource groups.

    c.c. 在“区域”下拉列表中,选择要在其中创建中心的区域。 In the Region drop-down list, select the region in which you want your hub to be located. 选择支持 IoT 中心设备流预览版的区域:“美国中部”或“美国中部 EUAP”。 Select a region that supports the IoT Hub device streams preview, either Central US or Central US EUAP.

    d.d. 在“IoT 中心名称”框中,输入 IoT 中心的名称。 In the IoT Hub Name box, enter the name for your IoT hub. 该名称必须全局唯一。The name must be globally unique. 如果输入的名称可用,会显示一个绿色复选标记。If the name you enter is available, a green check mark appears.

    重要

    由于 IoT 中心将作为 DNS 终结点公开可发现,因此请务必避免在命名它时输入任何敏感信息或个人身份信息。Because the IoT hub will be publicly discoverable as a DNS endpoint, be sure to avoid entering any sensitive or personally identifiable information when you name it.

  4. 若要继续创建 IoT 中心,请选择“下一步: 大小和规模”。To continue creating your IoT hub, select Next: Size and scale.

    使用 Azure 门户为新的 IoT 中心设置大小和规模

    在此窗格中,可以接受默认设置并选择底部的“查看 + 创建”。 In this pane, you can accept the default settings and select Review + create at the bottom. 请考虑以下选项:Consider the following options:

    • 在“定价和规模层”下拉列表中,选择一个标准层(“S1”、“S2”或“S3”),或选择“F1: 免费层”。In the Pricing and scale tier drop-down list, select one of the standard tiers (S1, S2, or S3) or F1: Free tier. 也可根据队列大小以及预期在中心会出现的非流式处理工作负荷(例如遥测消息)完成该选择。This choice can also be guided by the size of your fleet and the non-streaming workloads that you expect in your hub (for example, telemetry messages). 例如,免费层适用于测试和评估。For example, the free tier is intended for testing and evaluation. 它允许 500 台设备连接到 IoT 中心,并且每天最多传输 8,000 条信息。It allows 500 devices to be connected to the IoT hub and up to 8,000 messages per day. 每个 Azure 订阅可以在免费层中创建一个 IoT 中心。Each Azure subscription can create one IoT hub in the free tier.

    • 对于“IoT 中心单元数”: 此项选择取决于中心内预期会出现的非流式处理工作负荷。For Number of IoT Hub units: This choice depends on non-streaming workload you expect in your hub. 暂时可以选择“1”。You can select 1 for now.

    有关层选项的详细信息,请参阅选择适当的 IoT 中心层For more information about tier options, see Choose the right IoT hub tier.

  5. 若要检查所做的选择,请选择“查看+创建”选项卡。 此时会打开如下所示的窗格:To review your choices, select the Review + create tab. The pane that opens is similar to the following:

    用于创建新 IoT 中心的信息

  6. 若要创建新的 IoT 中心,请选择“创建” 。To create your new IoT hub, select Create. 该过程需要花费几分钟时间。The process takes a few minutes.

注册设备Register a device

必须先将设备注册到 IoT 中心,然后该设备才能进行连接。A device must be registered with your IoT hub before it can connect. 在本快速入门中,你将使用 Azure Cloud Shell 来注册模拟设备。In this quickstart, you use Azure Cloud Shell to register a simulated device.

  1. 若要创建设备标识,请在 Cloud Shell 中运行以下命令:To create the device identity, run the following command in Cloud Shell:

    备注

    • 请将 YourIoTHubName 占位符替换为你为 IoT 中心选择的名称。Replace the YourIoTHubName placeholder with the name you choose for your IoT hub.
    • 如示例中所示使用 MyDeviceUse MyDevice, as shown. 它是为注册的设备提供的名称。It's the name given for the registered device. 如果为设备选择其他名称,请在本文中从头至尾使用该名称,并在运行示例应用程序之前在其中更新设备名称。If you choose a different name for your device, use that name throughout this article, and update the device name in the sample applications before you run them.
    az iot hub device-identity create --hub-name YourIoTHubName --device-id MyDevice
    
  2. 若要获取刚刚注册的设备的设备连接字符串,请在 Cloud Shell 中运行以下命令:To get the device connection string for the device that you just registered, run the following commands in Cloud Shell:

    备注

    请将 YourIoTHubName 占位符替换为你为 IoT 中心选择的名称。Replace the YourIoTHubName placeholder with the name you choose for your IoT hub.

    az iot hub device-identity show-connection-string --hub-name YourIoTHubName --device-id MyDevice --output table
    

    请记下设备连接字符串,稍后需要在本快速入门中用到它。Note the device connection string for later use in this quickstart. 如以下示例所示:It looks like the following example:

    HostName={YourIoTHubName}.azure-devices.net;DeviceId=MyDevice;SharedAccessKey={YourSharedAccessKey}

  3. 为了连接到 IoT 中心并建立设备流,还需要使用 IoT 中心的服务连接字符串启用服务端应用程序。 To connect to your IoT hub and establish a device stream, you also need the service connection string from your IoT hub to enable the service-side application. 以下命令检索 IoT 中心的此值:The following command retrieves this value for your IoT hub:

    备注

    请将 YourIoTHubName 占位符替换为你为 IoT 中心选择的名称。Replace the YourIoTHubName placeholder with the name you choose for your IoT hub.

    az iot hub show-connection-string --policy-name service --name YourIoTHubName
    

    请记下返回的值,因为稍后要在本快速入门中用到它。Note the returned value for later use in this quickstart. 如以下示例所示:It looks like the following example:

    "HostName={YourIoTHubName}.azure-devices.net;SharedAccessKeyName=service;SharedAccessKey={YourSharedAccessKey}"

使用 SSH 通过设备流连接到设备SSH to a device via device streams

在此部分,请建立一个端到端的流,通过隧道来传输 SSH 流量。In this section, you establish an end-to-end stream to tunnel SSH traffic.

运行设备本地代理应用程序Run the device-local proxy application

转到解压缩的项目文件夹中的 device-streams-proxy/device 目录。Go to the device-streams-proxy/device directory in your unzipped project folder. 请保留以下信息:Keep the following information handy:

参数名称Argument name 参数值Argument value
deviceConnectionString 前面创建的设备的连接字符串。The connection string of the device that you created earlier.
targetServiceHostName SSH 服务器侦听的 IP 地址。The IP address where the SSH server listens. 如果设备本地代理应用程序在此 IP 地址中运行,则此地址为 localhostThe address would be localhost if it were the same IP where the device-local proxy application is running.
targetServicePort 应用程序协议使用的端口(默认情况下,对于 SSH 连接,此端口为端口 22)。The port that's used by your application protocol (for SSH, by default, this would be port 22).

按如下所示编译并运行代码:Compile and run the code as follows:

cd ./iot-hub/Quickstarts/device-streams-proxy/device/

# Build the application
dotnet build

# Run the application
# In Linux or macOS
dotnet run $deviceConnectionString localhost 22

# In Windows
dotnet run %deviceConnectionString% localhost 22

运行服务本地代理应用程序Run the service-local proxy application

导航到解压缩的项目文件夹中的 device-streams-proxy/serviceNavigate to device-streams-proxy/service in your unzipped project folder. 需要准备好以下信息:You will need the following information handy:

参数名称Parameter name 参数值Parameter value
iotHubConnectionString IoT 中心的服务连接字符串。The service connection string of your IoT Hub.
deviceId 前面创建的设备标识符。The identifier of the device you created earlier.
localPortNumber SSH 客户端要连接到的本地端口。A local port that your SSH client will connect to. 本示例使用端口 2222,但也可以使用其他任意端口号。We use port 2222 in this sample, but you could use other arbitrary numbers.

按如下所示编译并运行代码:Compile and run the code as follows:

cd ./iot-hub/Quickstarts/device-streams-proxy/service/

# Build the application
dotnet build

# Run the application
# In Linux or macOS
dotnet run $serviceConnectionString MyDevice 2222

# In Windows
dotnet run %serviceConnectionString% MyDevice 2222

运行 SSH 客户端Run the SSH client

现在,请使用 SSH 客户端应用程序并连接到端口 2222 上的服务本地代理应用程序(而不要直接连接到 SSH 守护程序)。Now use your SSH client application and connect to service-local proxy application on port 2222 (instead of the SSH daemon directly).

ssh <username>@localhost -p 2222

此时,SSH 登录窗口会提示输入凭据。At this point, the SSH sign-in window prompts you to enter your credentials.

服务端中的控制台输出(服务本地代理应用程序侦听端口 2222):Console output on the service side (the service-local proxy application listens on port 2222):

服务本地代理应用程序输出

通过 IP_address:22 连接到 SSH 守护程序的设备本地代理应用程序中的控制台输出:Console output on the device-local proxy application, which connects to the SSH daemon at IP_address:22:

设备本地代理应用程序输出

SSH 客户端应用程序的控制台输出。Console output of the SSH client application. SSH 客户端通过连接到服务本地代理应用程序侦听的端口 22 来与 SSH 守护程序通信:The SSH client communicates to the SSH daemon by connecting to port 22, which the service-local proxy application is listening on:

SSH 客户端应用程序输出

使用 RDP 通过设备流连接到设备RDP to a device via device streams

RDP 的设置与 SSH 的设置(如上所述)非常类似。The setup for RDP is very similar to the setup for SSH (described above). 我们只需改用 RDP 目标 IP 和端口 3389,并使用 RDP 客户端(而不是 SSH 客户端)。You use the RDP destination IP and port 3389 instead and use the RDP client (instead of the SSH client).

运行设备本地代理应用程序 (RDP)Run the device-local proxy application (RDP)

转到解压缩的项目文件夹中的 device-streams-proxy/device 目录。Go to the device-streams-proxy/device directory in your unzipped project folder. 请保留以下信息:Keep the following information handy:

参数名称Argument name 参数值Argument value
DeviceConnectionString 前面创建的设备的连接字符串。The connection string of the device that you created earlier.
targetServiceHostName 运行 RDP 服务器的主机名或 IP 地址。The hostname or IP address where RDP server runs. 如果设备本地代理应用程序在此 IP 地址中运行,则此地址为 localhostThe address would be localhost if it were the same IP where the device-local proxy application is running.
targetServicePort 应用程序协议使用的端口(默认情况下,对于 RDP 连接,此端口为端口 3389)。The port used by your application protocol (for RDP, by default, this would be port 3389).

按如下所示编译并运行代码:Compile and run the code as follows:

cd ./iot-hub/Quickstarts/device-streams-proxy/device

# Run the application
# In Linux or macOS
dotnet run $DeviceConnectionString localhost 3389

# In Windows
dotnet run %DeviceConnectionString% localhost 3389

运行服务本地代理应用程序 (RDP)Run the service-local proxy application (RDP)

导航到解压缩的项目文件夹中的 device-streams-proxy/serviceNavigate to device-streams-proxy/service in your unzipped project folder. 需要准备好以下信息:You will need the following information handy:

参数名称Parameter name 参数值Parameter value
iotHubConnectionString IoT 中心的服务连接字符串。The service connection string of your IoT Hub.
deviceId 前面创建的设备标识符。The identifier of the device you created earlier.
localPortNumber SSH 客户端要连接到的本地端口。A local port that your SSH client will connect to. 本示例使用端口 2222,但可以修改为其他任意端口号。We use port 2222 in this sample, but you could modify this to other arbitrary numbers.

按如下所示编译并运行代码:Compile and run the code as follows:

cd ./iot-hub/Quickstarts/device-streams-proxy/service/

# Build the application
dotnet build

# Run the application
# In Linux or macOS
dotnet run $serviceConnectionString MyDevice 2222

# In Windows
dotnet run %serviceConnectionString% MyDevice 2222

运行 RDP 客户端Run RDP client

现在,请使用 RDP 客户端应用程序并连接到端口 2222(这是前面选择的任意可用端口)上的服务本地代理应用程序。Now use your RDP client application and connect to the service-local proxy application on port 2222 (this was an arbitrary available port that you chose earlier).

RDP 将连接到服务本地代理应用程序

清理资源Clean up resources

如果你打算继续学习下一篇建议的文章,可以保留并重复使用已创建的资源。If you plan to continue to the next recommended article, you can keep and reuse the resources you've already created.

否则,可以删除本文中创建的 Azure 资源,以避免产生费用。Otherwise, to avoid charges, you can delete the Azure resources that you created in this article.

重要

删除资源组的操作不可逆。Deleting a resource group is irreversible. 资源组以及包含在其中的所有资源将被永久删除。The resource group and all the resources contained in it are permanently deleted. 请确保不要意外删除错误的资源组或资源。Make sure that you don't accidentally delete the wrong resource group or resources. 如果在现有的包含要保留资源的资源组中创建了 IoT 中心,请只删除 IoT 中心资源本身,而不要删除资源组。If you created the IoT hub inside an existing resource group that contains resources that you want to keep, delete only the IoT hub resource itself, not the resource group.

若要按名称删除资源组,请执行以下操作:To delete a resource group by name:

  1. 登录到 Azure 门户,然后选择“资源组”。 Sign in to the Azure portal, and then select Resource groups.

  2. 在“按名称筛选”框中,输入包含你的 IoT 中心的资源组的名称。 In the Filter by name box, enter the name of the resource group that contains your IoT hub.

  3. 在结果列表中你的资源组的右侧,选择 ( ... ),然后选择“删除资源组” 。In the result list, to the right of your resource group, select the ellipsis (...), and then select Delete resource group.

    “删除资源组”按钮

  4. 若要确认删除该资源组,请重新输入资源组名称,然后选择“删除”。 To confirm the deletion of the resource group, reenter the resource group name, and then select Delete. 片刻之后,将会删除该资源组及其包含的所有资源。After a few moments, the resource group and all its contained resources are deleted.

后续步骤Next steps

在本快速入门中,我们设置了一个 IoT 中心、注册了一个设备、部署了用于通过 IoT 中心建立设备流的设备本地和服务本地代理程序,并已使用代理应用程序通过隧道传输了 SSH 或 RDP 流量。In this quickstart, you've set up an IoT hub, registered a device, deployed device-local and service-local proxy applications to establish a device stream through the IoT hub, and used the proxy applications to tunnel SSH or RDP traffic. 相同的模式可以适应其他客户端-服务器协议,其中的服务器(例如 SSH 守护程序)在设备上运行。The same paradigm can accommodate other client-server protocols, where the server runs on the device (for example, the SSH daemon).

若要详细了解设备流,请参阅:To learn more about device streams, see: