Azure Steam Analytics

Written by Ronnie Quan

Overview

You will create a simulated device that sends vibration telemetry to your IoT hub. With your simulated data arriving at IoT hub, you will implement an IoT Hub Message Route and Azure Stream Analytics job that can be used to archive data.

Steps

  • Create IOT Hub

https://raw.githubusercontent.com/MicrosoftLearning/AZ-220-Microsoft-Azure-IoT-Developer/master/Allfiles/Labs/07-Device%20Message%20Routing/Setup/lab07-setup.azcli

When execute the CLI script, if see following error, either ignore the warning or install extension upfront.

Create IoT Hub iot-rquan - WARNING:
Comprehensive IoT functionality is available in the Azure IoT CLI Extension.
To install the extension, run: "az extension add --name azure-iot"For more info and install guide go to: https://github.com/Azure
/azure-iot-cli-extension
  • C# Simulator Code

The app simulates an IoT device that is monitoring the conveyor belt and report vibration sensor data every two seconds.

  • Message Route for IOT Solution

Vibration monitoring scenario requires you to create two message routes:

  • the first route will be to an Azure Blob storage location for data archiving
  • the second route will be to an Azure Stream Analytics job for real-time analysis
  • Azure Stream Analytics Job

If you choose Managed Identity, you need to add your Stream Analytics job to the storage account’s access control list with the Storage Blob Data Contributor role.

We first create stream analytics job, and get the managed identity, then grant either data plane role or storage account control plane role to it, come back and enable using our own storage account.

Define input, output and query for stream analytics job, then start the job.

Three containers are present in the storage account, first two are created by stream analytics PaaS service for job definition and job run data. Our output data is in vibrationcontainer.

Now we see the vibration sensor data is sent from IOT device to IOT Hub, then to Stream Analytics, then to storage account.

Security Features

  • Storage Account Firewall

Configure storage account to selected network, do not open to all network.
https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security?tabs=azure-portal#trusted-access-based-on-system-assigned-managed-identity

  • Managed Identity

https://docs.microsoft.com/en-us/azure/stream-analytics/blob-output-managed-identity

  • Use Your Own Storage

https://docs.microsoft.com/en-us/azure/stream-analytics/data-protection#configure-storage-account-for-private-data

  • Resource Logs

https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Ff9be5368-9bf5-4b84-9e0a-7850da98bb46

References