Azure IOT Hub Device “Suspension”

2
votes

Given an Azure IOT Hub with many thousands of connected devices. Given that some subset of the devices have some combination of software and hardware issues such that they are flooding IOT Hub with (bad) traffic.

How do we "suspend" or otherwise mark a specific device or device(s), without removal from the Device Registry, such that the IOT Hub SDK client library (in our case, https://github.com/Azure/azure-iot-sdk-node/tree/master/device) will return an error locally on the device?

The idea would be that we'd want to freeze traffic coming out of the device(s) until we decided to allow it again.

2
node.jsazureazure-iot-hubazure-iot-sdk
What have you tried? This seems like a very broad architecture question that heavily depends on your implementationAvery
you can temporary disable a device using a service-facing endpoint.Roman Kiss
@RomanKiss I'd not heard of this. Can you point me to doc or the API name, powershell cmdet, etc. for more info.Howard Hoffman
@RomanKiss Are you suggesting calling (say from C#) Microsoft.Azure.Devicdes.RegistryManager.UpdateDevice() and passing DeviceStatus.Disabled for Device.DeviceStatus?Howard Hoffman
@HowardHoffman Have a look at the Azure IoT Hub REST API such as Device Api - Put Device docs.microsoft.com/en-us/rest/api/iothub/deviceapi/putdevice where property 'status' can be changed to 'disabled' (now is automatically 'enabled'). Note, that the 'primaryKey' and 'secondaryKey' must be the same, otherwise will be regenerated for new values.Roman Kiss

2 Answers

1
votes

The following screen snippet shows an example for disable a device using the REST Api - Put Device:

enter image description here Note, that the above picture is from the Azure IoT Hub Tester tool.

0
votes

The idea would be that we'd want to freeze traffic coming out of the device(s) until we decided to allow it again.

I pretty sure you know this, but I just want to clarify that disabling the device does not 'freeze traffic coming out of the device' - the device will still knock on Hub's door and when the device is disabled the hub will just not process the data.

The official documentation states that disabling devices is for when 'If, for any reason, you think a device is compromised or has become unauthorized' which seems to fit your scenario.

It's worth pointing out that depending on your provisioning setup the device could be allowed to register under a different device id and keep sending data.

BTW. The UI path to disable is portal.azure.com -> IoT Hub -> Iot Device -> find device -> Disable ![enter image description here