How to disable Cloud initiated connection to Azure IoT Edge device?

0
votes

I'm looking into Azure IoT Hub and IoT Edge to understand capabilities and potential use cases roughly. One of the projects I had worked in the past had a strict requirement to disable cloud initiated contact and make things to work based on device initiated polling. For example, when certain settings are changed on the device management portal or new firmware is made available, rather than pushing this down to the devices, each device would become aware of this by polling periodically.

I have no control over this requirement but if that project is to be moved to Azure IoT, I'm certain that the same is going to be requested. Is there an easy way to achieve this with Azure?

I thought about tempering with the network access of the relevant containers but would this lead to the IoT hub going crazy and trying to communicate with 'unresponsive' devices continuously and flag all these failed attempts?

1
azureazure-iot-edgeazure-iot-hub-device-management
Is the requirement specifically about not sending messages from the cloud side? Or is the requirement that the cloud platform can't initiate a connection with the device? The latter is a design principle of Azure IoT and doesn't happen.Matthijs van der Veer
Yes, it is the latter. So, do you mean Azure doesn't notify the devices of config changes, available firmware etc and devices find this out themselves, correct?abdus_salam
I've explained it in more detail in my answer.Matthijs van der Veer

1 Answers

1
votes

There are two parts to this quest: connections, and messages.

Connections

As far as connections are concerned, one of the security principles of IoT Hub is that the device is responsible for setting up the connection. Azure IoT devices by default do not accept incoming connections. The device sets up an AMQP or MQTT connection with IoT Hub, which will then allow bi-directional communication. An exception to this is the HTTPS connection, if you use that method, the device will poll IoT Hub for new messages.

Messages

When the bi-directional connection is initiated from the device, this allows the device and IoT Hub to send messages to each other. For a non-edge device, if you don't use the SDK and write your (for instance MQTT) code yourself, you can decide not to listen to any of the incoming messages. You won't subscribe to topics like direct methods and twin updates and only look for them when you want. For IoT Edge devices, bi-directional communication is handled by the Edge Hub. So your other containers (modules) don't talk to the cloud directly. That leaves the Edge Agent, which also deals with outgoing connections only, it reports the status of the modules to the cloud.

In the comment of your question, you mention that the requirement is that the cloud can't initiate a connection with the device. In short, that doesn't happen, IoT Hub isn't designed that way.