>> In this new episode of
The Internet of Things Show,
we're going to show you how
to provision and configure
an IoT Edge device
with zero touch.
Basically, not doing anything
else than just plugging it in,
and Emmanuel is here to
demo that and tell us about
IoT Edge which is now a GA.
Thanks for watching the IoT Show.
Emmanuel is here today to talk to
us about the latest in IoT Edge.
IoT Edge just went GA today,
and we're glad to
share with you some of
the insights of what's new
in there. Hey, Emmanuel.
>> Yeah.
>> How are you?
>> Pretty good. How are you?
>> Good. Are you tired?
>> A little bit.
>> Your shift has
just done, right?
>> Yeah.
>> So, IoT Edge is
GA, meaning what?
>> Meaning that it's
ready for production.
That's really the main message.
So in GA, what we're
adding is a lot of
security features,
lots of developer
features as well to
make it easier to have
more repeatable and
scriptable developments
and deployments through
CICD for instance.
>> Okay.
>> Also bootstrappings and
showing the vision that
we have for partners
which is a first step towards
enabling module marketplace
of IoT Edge modules.
>> So a bunch of features
are actually making
IoT Edge not just generally
available but also
enterprise-ready, right?
>> Yes, yes, and a lot of
new features inside SDK,
more language supported as well.
So, really a lot of
features are coming in
with the Edge device.
>> Coming together, awesome.
You came today with a demo,
so we have a Raspberry Pi here.
>> Yeah.
>> It has this weird thing
that comes out of that.
>> It's called TPM.
>> It's a TPM because the Pi
doesn't have it by default.
But for the demos,
we want to show.
So basically, what is it used
for in our case right here?
>> So, TPM is
a hardware security device
that is made to protect secrets.
So it can protect
secrets within the hardware
so that you put
a secret in there and even
if you have access to
the device for
an unlimited period of time,
you can't get back to secret if
you're not authorized to get it.
>> Okay, got it. So, yeah.
A safe way to store your
keys for getting your home.
>> So, keys are
perfect example of what you
want to put in your TPM.
>> Okay. So, we have
IoT Edge in there,
so that's the GA version.
So it has a new form
factor, I would say.
The runtime used to be
a Python application while
the bootstrap is
a Python application.
So that's a daemon
in Linux, right?
>> Yeah. So, we've completely
rewritten this bootstrapping
Python script,
and now it's running as
two pieces actually.
A daemon that is always
on and listening
for comments to react to
a DPS flow for instance,
but also the other
component is HSM,
so Hardware Security Manager,
that abstracts the HSM or
TPM types of devices to
interface with them.
>> Okay. So you're going
to show us some demo of
that flow of
provisioning a device.
>> Yeah.
>> This one comes with
just this security,
how do we call that?
Like the IoT Edge
secure agent run,
what is it called
exactly right now?
>> A security manager.
>> A security manager.
>> It's an Edge security manager.
>> Okay. So, that's
the only thing that's in there.
There's a TPM and it has
the security manager.
>> So essentially, IoT Edge
daemon has been deployed,
so HSM leaves as
well which makes
the Edge security manager.
>> It's not connected.
>> It's not connected.
So before you connect,
what I've done is I went to
DPS in the portal
and I've created an enrollment
for this device.
It's an individual enrollment
to support this TPM chip.
So, during the
enrollment creation
that I've done just before,
what I've done is
put the copy-paste
endorsement key of this TPM,
flagged it as an Edge device,
and gave link to my IoT Hub.
Last thing I've done was adding
a tag to identify this device
as a group of
other devices so that it's
easier for me to manage and
configures those types of
devices at scale later on.
>> Yes. So basically,
gets as soon as
it's provisioned via a DPS,
it's going to get a tag in
the Twin that will allow
me to, in that case,
I think you've been
doing something was
the deployments on the
IoT Hub side of things.
>> Yes. So that's
what the DPS side,
and what I've also
done is in my IoT Hub,
so today there's no device
connected to this IoT Hub,
but what I've done
is already set up
an Edge deployment with
the tags that we were
just mentioning earlier.
It's a ObjectRecognition tag.
So, this deployment is targeting
all Edge devices that had
this tag ObjectRecognition.
>> Okay.
>> So this is the new
automatic deployment service
that is always ongoing.
>> So each time, there's
a new IoT Edge device
that's going to
come to the specific tag
in the Twin,
it's going to get that
deployment sent to it, right?
>> Exactly, yeah. So it
takes care for you of
when the device become invisible.
>> Okay. So you have
a set of modules already.
>> I've got a set of
modules already set up.
So what these deployments tells
all those Edge devices that
meets the target condition
is to deploy all those workloads
to these Edge devices.
>> Now?
>> Yeah, let's try
it, let's try it.
>> Let's have this red cable.
>> Okay.
>> Boom, it's on.
So it's going to
start Rasp Pi in on that.
It's connect to the Wi-Fi.
So, what you might
want to do is actually
maybe you can SSH into
device once it's connected.
>> Yeah.
>> We see still no devices there.
>> Still no devices there.
I can refresh just to make
sure there's still no device.
It's SSH into the device.
>> Super secure password.
>> Super secure password.
>> Okay.
>> Okay. So now,
what we can do is look at
the logs of the Edge daemon.
>> Okay. Yeah. So it's
starting automatically boots
because it's a daemon.
>> Yeah, it's already started.
>> We needed the -f
so that way you have.
Okay, cool. What we're seeing?
>> So let's see, what we're
seeing is the daemon started.
It started there as
a network, as well.
>> We see here there's
a config.yaml file,
so what is that file
for in the device?
>> So this file is where
you will say how you want
to provision your device
if you want to do
a manual provisioning or
an automatic
provisioning using DPS,
and this is also where you
mention there's a version of
the IoT Edge agents
that you want to
deploy on your device.
>> Okay.
>> Yeah, and if you do
manual provisioning,
this is where you give
your connection string to
your IoT Hub and
also parameters to get
the connection result back.
>> So we see that
the secure agent is actually now
connecting to DPS and starting
specific registration with
the data from the YAML,
and actually got a device ID
so we should see.
>> Got a device ID from the Hub.
>> So we should see
this device ID in that portal.
>> Let's see back in
the portal. Let's refresh.
>> Okay. Nice.
>> Here is the device.
>> It says module's count five,
so that means that it already has
its configuration from IoT Hub.
>> Yeah. So what happened is so
IoT Hub with this deployment
found this device,
and so it pushed
a deployment manifest with
those five modules as soon
as it found the device.
So now, this manifest has been
pushed to the Edge device,
and so that tells
the Edge device to
start fetching
all those workloads.
>> Got it. So basically,
we should see the five of them
and populating DisplayModule,
camera-capture.
>> Yeah. So camera-capture
is an example
of one of the workload that
was referencing to the manifest.
>> Awesome. Then we send it,
that device will be running
and has its module
does its thing.
>> Yeah.
>> So that's interesting
because I could
just plug that in,
it had a vanilla piece of code,
nothing in there,
no modules, no nothing,
and got connected automatically
to IoT Hub through DPS,
and now it's been in
provision or configured,
got its module,
installed the modules,
run the module, and now
it has a functionality.
>> Yeah, and that's
really what you
need when you want
to go to production.
You want to be able
to configure your devices
before sending them to the field,
and then as soon as
they're ready to be
used in the field,
just bring them up and all the
cloud takes care of
everything else.
>> Awesome. Then from there on,
this is a production device,
it's in production,
you can leverage the new
enterprise-ready features,
CICD and so on, to do your
maintenance on these devices.
>> Yeah, you could use
your CICD to set a date.
So as you do
full request and you make
changes to your code,
you can set those same kind
of automatic configuration to
maybe on your first changes in
your first ring target like
five or six test devices,
and then go to a bigger ring
as you move up branches,
and in the end target eventually
all the devices at
scale in production.
>> Awesome. Thanks, Emmanuel.
So IoT Edge is now a GA
with this new features,
and we just saw
DPS zero touch provisioning
and configuration of
an IoT Edge device.
You need a red cable, though.
>> Thanks, Emmanuel.
See you soon.
>> Yeah. Thanks, Olivier.
>> Thanks, guys.
