Reputation: 788
How to disable Cloud initiated connection to Azure IoT Edge device?
I'm looking into Azure IoT Hub and IoT Edge to understand capabilities and potential use cases roughly. One of the projects I had worked in the past had a strict requirement to disable cloud initiated contact and make things to work based on device initiated polling. For example, when certain settings are changed on the device management portal or new firmware is made available, rather than pushing this down to the devices, each device would become aware of this by polling periodically.
I have no control over this requirement but if that project is to be moved to Azure IoT, I'm certain that the same is going to be requested. Is there an easy way to achieve this with Azure?
I thought about tempering with the network access of the relevant containers but would this lead to the IoT hub going crazy and trying to communicate with 'unresponsive' devices continuously and flag all these failed attempts?
Upvotes: 0
Views: 241
Answers (1)
Reputation: 4085
There are two parts to this quest: connections, and messages.
Connections
As far as connections are concerned, one of the security principles of IoT Hub is that the device is responsible for setting up the connection. Azure IoT devices by default do not accept incoming connections. The device sets up an AMQP or MQTT connection with IoT Hub, which will then allow bi-directional communication. An exception to this is the HTTPS connection, if you use that method, the device will poll IoT Hub for new messages.
Messages
When the bi-directional connection is initiated from the device, this allows the device and IoT Hub to send messages to each other. For a non-edge device, if you don't use the SDK and write your (for instance MQTT) code yourself, you can decide not to listen to any of the incoming messages. You won't subscribe to topics like direct methods and twin updates and only look for them when you want. For IoT Edge devices, bi-directional communication is handled by the Edge Hub. So your other containers (modules) don't talk to the cloud directly. That leaves the Edge Agent, which also deals with outgoing connections only, it reports the status of the modules to the cloud.
In the comment of your question, you mention that the requirement is that the cloud can't initiate a connection with the device. In short, that doesn't happen, IoT Hub isn't designed that way.
Upvotes: 1
Related Questions
- Azure IotHub download edge device configuration
- Azure IoT Edge stop a module programmatically
- How can I connect a real device only accepting MQTT / TCP connection to azure IoT hub?
- Create a IoT Edge device with C#
- Delete registered devices with IoT
- azure iot-hub device twin remove desired properties
- Azure Iot Hub: Revoke device session
- Devices reconnect to Azure IoT Hub every 65 minutes
- 417 - This device has an empty configuration for the edge agent?