Written by Ronnie Quan

Overview

You will create a simulated device that sends vibration telemetry to your IoT hub. With your simulated data arriving at IoT hub, you will implement an IoT Hub Message Route and Azure Stream Analytics job that can be used to archive data.

Steps

https://raw.githubusercontent.com/MicrosoftLearning/AZ-220-Microsoft-Azure-IoT-Developer/master/Allfiles/Labs/07-Device%20Message%20Routing/Setup/lab07-setup.azcli

Upload CLI Script

When execute the CLI script, if see following error, either ignore the warning or install extension upfront.

Create IoT Hub iot-rquan - WARNING:
Comprehensive IoT functionality is available in the Azure IoT CLI Extension.
To install the extension, run: "az extension add --name azure-iot"For more info and install guide go to: https://github.com/Azure
/azure-iot-cli-extension
IOT Resources Are Created

The app simulates an IoT device that is monitoring the conveyor belt and report vibration sensor data every two seconds.

Vibration monitoring scenario requires you to create two message routes:

If you choose Managed Identity, you need to add your Stream Analytics job to the storage account’s access control list with the Storage Blob Data Contributor role.

We first create stream analytics job, and get the managed identity, then grant either data plane role or storage account control plane role to it, come back and enable using our own storage account.

Enable Managed Identity Authentication

Define input, output and query for stream analytics job, then start the job.

Define input, output and query

Three containers are present in the storage account, first two are created by stream analytics PaaS service for job definition and job run data. Our output data is in vibrationcontainer.

Now we see the vibration sensor data is sent from IOT device to IOT Hub, then to Stream Analytics, then to storage account.

Security Features

Configure storage account to selected network, do not open to all network.
https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security?tabs=azure-portal#trusted-access-based-on-system-assigned-managed-identity

https://docs.microsoft.com/en-us/azure/stream-analytics/blob-output-managed-identity

https://docs.microsoft.com/en-us/azure/stream-analytics/data-protection#configure-storage-account-for-private-data

https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Ff9be5368-9bf5-4b84-9e0a-7850da98bb46

References

All blogs are strictly personal and do not reflect the views of my employer https://www.linkedin.com/in/ronnie-q-8025987