I am writing a service for device provisioning on Azure IoT hub, So I came across Azure Device provisioning service which include TPM, X.509 certificate and symmetric key based provisioning mechanism. My Question is which one will be more cost effective when we go out there with real device?
2 Answers
It's hard for me to answer this question since I don't know how much your own service cost, but the pricing for Device Provisioning Service is available here and you can do some calculation based on the number of devices/operations you expect in production.
I find myself eligible to answer this questions as I had to make this decision myself couple of months back.
Azure DPS is very affordable service offering almost all renowned methods of attestation (TPM, X.509, Symmetric Keys). Regardless of which attestation method you use, the cost is same.
Azure DPS charge is per operation based. If you are checking the provisioning status, that's one operation. If you are requesting provision, that's another operation.
So, if you are just checking for provisioning status on device startup, that's just one operation on each device boot.
If you are requesting provisioning from the service, it can take, say 6 operations. But that needs to be done only once in a while, if device gets deprovisioned, certificates are updated or device twin properties are updated.
So, I think it is affordable compared to the human cost involved in developing another reliable service from scratch with offering of all these attestation methods.