iot-resources

The purpose of this solution is to deploy resources necessary for an IoT Solution

PreRequisites

Requires the use of direnv.

Requires the use of Azure CLI.

Requires the use of OpenSSL.

Related Repositories

iot-resources - Deploying IoT Resources and x509 Management
iot-cluster-iac - Kubernetes Cluster for running Simulators (Option 1)
iot-swarm-iac - Docker Swarm Cluster for running Simulators (Option 2)
iot-device-edge - Simple Edge Testing
iot-device-js - Simple Device Testing (NodeJS)
iot-device-net - Simple Device Testing (C#)
iot-consumer-net - Simple Event Processor (C#)
iot-control-js - Simple Control Testing

Provision the Azure Resources

This script will generate the following resources in Azure.

Key Vault
Storage Account
IoT Hub
Device Provisioning Service
Log Analytics
Application Insights
Stream Analytics
Time Series Insights

# Provision the ARM Resources
./provision.sh

The script creates an .envrc file to set environment variables used in creating the x509 certs.

# Azure Resources
export VAULT="<key_vault>"
export HUB="<iot_hub>"
export DPS="<iot_dps>"
export DPS_GROUP="<resource_group>"

# Certificate Authority
export ORGANIZATION="<organization>"
export ROOT_CA_PASSWORD="<password>"
export INT_CA_PASSWORD="<password>"

The default ORGANIZATION name is testonly. These files have the reference to the organization.

.envrc
root_ca.dnf
intermediate_ca.dnf

Create and Upload the Root CA and Intermediate Certificates

This script initializes a Root and Intermediate CA for use.

Creates x509 Certificates and Authorities in ./src/pki
Upload the Certificates, Keys, and Passwords used to the KeyVault.
Uploads and Validates the Root and Intermediate CA certificates to the IoT Hub.
Uploads and Validates the Root and Intermediate CA certificates to the IoT DPS.

# Initializes a Root and Intermediate CA for use.
./init-ca.sh

Creating and Storing Device Certificates

This script creates device certificates for use.

Creates an iot hub identity using a self signed certificate.
Creates device certificates signed by the Intermediate CA
Creates edge certificates signed by the Intermediate CA
Creates leaf certificates signed by the Intermediate CA

# Usage            <type>  <name>
./device-cert.sh   self    self-signed-device
./device-cert.sh   device  device  deploy (optional)
./device-cert.sh   edge    edge
EDGE_GATEWAY="edge" ./device-cert.sh   leaf    leaf

Spin up Multiple Containers

Devices

COUNT=1
until [ $COUNT -gt 10 ]; do
./device-cert.sh device device$COUNT deploy
let COUNT+=1
done

Downstream Devices

COUNT=1
until [ $COUNT -gt 10 ]; do
EDGE_GATEWAY="edge" ./device-cert.sh leaf leaf$COUNT deploy
let COUNT+=1
done

danielscholl / iot-resources