Introduction
In our previous blogs that discussed using Azure with the TallyPoint RF-1, we focused on using Azure IoT Hub to move data to Stream Analytics where the data could be seen in Power BI or other business-focused applications. We also had a look at using the Digital Twins interface for sending configuration information to the TallyPoint reader. In this article, we will consider using the Azure Device Provisioning Service (DPS) to securely provide initial configuration to each TallyPoint reader as it is deployed in the field.
NOTE: While the information in this article specifically addresses the TallyPoint RF-1 reader, all of the functionality contained herein may also be applied to the MTI modules (such as the Spitfire RFID module) and SDK that we offer. The code that implements these features is written in Rust and Python for easy portability between platforms.
Device Provisioning
Device provisioning is the act of providing configuration information to each device in a consistent manner. As devices are placed into service, it is important to be able to configure them remotely. For example, suppose a manufacturer has multiple locations. They wish to install RFID readers at each location, but the IT department is only located at the headquarters. To avoid sending experts to a location, they simply provide instructions on how to install the reader and how to connect it to the network. From there, the IT team can fully configure the TallyPoint reader with “zero touch” enrollment.
RFID Configuration
For RFID, device configuration information may include reader antenna configuration, read power, frequency of reporting the RFID tags that are near the reader, etc. The parameters are used to tune the RFID configuration to the specific task and environment. See our article on tuning RFID parameters for your environment for details on RFID session and modulation choices. Different sets of default parameters may be configured in Azure with Enrollment Groups. These will be discussed briefly in the next section.
Azure Device Provisioning Service (DPS)
Overview
Azure provides three enrollment mechanisms for adding IoT devices to its Device Provisioning Service: TPM (hardware security), X.509 certificates and symmetric key attestation. For our example, we will use a symmetric key. You can learn more about the different mechanisms in this Azure article.
Configuring DPS on Azure
First, create a Device Provisioning Service in Azure (e.g. ‘demo-dps’), and assign it to a resource group. The latter is likely an existing resource group that you use for other Azure services. In the Overview section of the DPS that you configured (e.g. ‘demo-dps’), you will see the ID Scope. The ID Scope is used to ensure that devices are directed to the correct DPS. The TallyPoint reader uses the ID Scope as part of its registration process.
Next, select ‘Manage Enrollments’. Enrollment Groups are the primary entity that we will use to separate and categorize groups of devices within Azure. These can be organized through your planning process. They may be determined by a location or function within your organization, or a combination, thereof. It is important to note that the Enrollment Groups have an assigned IoT Hub(s), which may impact the way in which you organize the groups. With Azure DPS, you can create an initial Device Twin configuration for each unique enrollment group. This feature may also impact your design decisions. The screenshot below shows the creation of a sample enrollment group.
In addition to Enrollment Groups, you can also create individual enrollments. These work in a similar way, but are beyond the scope of this article. For a more detailed tutorial on how to configure devices with DPS, refer to this Microsoft tutorial.
TallyPoint RF-1 Azure DPS Setup
When purchasing a TallyPoint RF-1 reader (or MTI developer kit), SDG Systems provides three options for configuring DPS for the reader.
By default, TallyPoint readers use our TallyFlow software. For TallyFlow, they are configured to be a member of the default enrollment group, or an enrollment group specific to the corporation to which they belong. E.g. if Acme is our customer, we will create an Acme Enrollment Group and assign the readers to that group.
A company purchasing TallyPoint readers from SDG Systems can provide the DPS enrollment group ID Scope and Primary Key or Device Key. These are used to create unique device IDs. SDG will configure the readers accordingly. When a reader is booted for the first time, it will register with the provided Azure DPS group. If the user wishes to generate her own device keys, she can use the following commands in Azure. Note that the device name will change, based on the MAC address of the reader, and the primary key (--pk) will be your key:
$ az extension add --name azure-iot
$ az iot central device compute-device-key -d tallypoint-rf1-b827eba1b2c3 --pk 9876543210abcdefNs3aNWot/f5zB4VzHtijmyk/vX1fSBn4lynrXiMIEyno+lxZUgMcJEAGM1BsCzzjXiUviw==
The Web User Interface (WUI) on the TallyPoint reader provides the user with the ability to set the ID Scope and Device Key parameters. These will be used by the software to provision the device to the correct DPS enrollment group and IoT Hub. The TallyPoint software must be restarted for the new configuration to take effect.
Checking the results
Once a device has been enrolled and booted, you will be able to see it in Azure. You can check the enrollment status by navigating to the DPS you used, selecting “Manage enrollments” and selecting the specific enrollment group. When you see the details of the enrollment group, you will be able to select “Registration Records” (see below). The device details are available to be used as you need.
Final Notes
Azure has a lot of moving parts. It can be confusing to understand the relationship between them. Fortunately, Azure does a good job of allowing you to create those “parts” along the way. For example, if you are missing an IoT Hub or Namespace, you can usually create those as part of the process of creating the DPS.
The TallyPoint RF-1 has been created to be both secure and flexible. It can be used solely on Azure, GCP, MQTT, etc. or as a component in a comprehensive TallyFlow system. The TallyPoint runs Ubuntu Core 18 OS for enhanced security. Please contact our sales team at sales@sdgsystems.com for more information about how the TallyPoint or MTI modules will fit your application needs.
Komentar