Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The Azure Internet of Things (IoT) is a collection of Microsoft-managed cloud services, edge components, and SDKs that let you connect, monitor, and control your IoT devices at scale. In simpler terms, an IoT solution is made up of IoT devices that communicate with cloud services.
A key decision when you design an IoT solution is whether to use a cloud-based or edge-based solution:
- In a cloud-based solution, your IoT devices connect directly to the cloud where their messages are processed and analyzed. You monitor and control your devices directly from the cloud.
- In an edge-based solution, your IoT devices connect to an edge environment that processes their messages before forwarding them to the cloud for storage and analysis. You typically monitor and control your devices from the cloud, through the edge runtime environment. It's also possible to monitor and control your devices directly from the edge.
The following sections give a high-level view of the components in typical cloud-based and edge-based IoT solutions. This article focuses on the key groups of components: devices, IoT cloud services, edge runtime environment, other cloud services, and solution-wide concerns. Other articles in this section provide more detail on each of these components.
Cloud-based solution
A cloud-based solution is an integrated set of IoT devices, components, and services, that addresses a business need and that connects devices directly to the cloud. An example of a cloud-based solution is a fleet of delivery trucks that send sensor data to the cloud for analysis and visualization:
You can build cloud-based solutions with services such as IoT Hub, Device Provisioning Service, and Azure Digital Twins.
Edge-based solution
An edge-based solution is an integrated set of IoT devices, components, and services, that meets a business need and that connects devices to nearby edge services. An example of an edge-based solution is a factory where your industrial IoT devices connect to on-premises services because either:
- The devices communicate using local network protocols such as OPC UA.
- Security concerns mean that you mustn't connect the devices directly to the public internet.
An edge-based solution can still forward data from your devices to the cloud for further processing such as analysis and visualization:
You can build edge-based solutions with Azure IoT Operations or Azure IoT Edge. Azure IoT Operations is a new offering that follows Microsoft's adaptive cloud approach to integrate cloud and edge components.
Devices and connectivity
Both cloud-based and edge-based solutions have devices that collect data from which you want to derive business insights. The following sections describe the devices in an IoT solution, and how they connect to the cloud.
IoT device categories
It's helpful to categorize IoT devices as follows:
Device category 1: Devices that connect directly to the cloud. This category includes devices that connect to cloud services such as IoT Hub using standard protocols such as HTTP, MQTT, or AMQP. These devices aren't relevant in edge-based solutions such as Azure IoT Operations.
Device category 2: Devices that connect to the cloud through an edge-based proxy or gateway. Examples in this category include devices that:
- Connect indirectly to the cloud through the MQTT broker in Azure IoT Operations.
- Connect indirectly to IoT Hub through an IoT Edge gateway.
Device category 3: These devices connect to an edge-based runtime through a connector that enables the devices to use a specific protocol. For example, an OPC UA server and its attached devices connect through a connector for OPC UA. These devices aren't relevant in cloud-based solutions such as Azure IoT Hub.
The following diagram shows the relationships between the device categories and the cloud services in a cloud-based solution:
The following diagram shows the relationships between the device categories and the edge runtime in an edge-based solution:
For simplicity, the previous diagrams show only data flows to the cloud or edge run time. Many solutions enable command and control scenarios where the cloud or edge runtime sends commands to the devices. For example, a cloud service might send a command to an ONVIF compliant camera to zoom in.
IoT devices
IoT devices in categories 1 and 2 are typically made up of a circuit board with sensors that collect data. Category 1 IoT devices connect directly to the internet and category 2 devices rely on a local gateway for connectivity to the cloud. The following items are examples of category 1 and 2 IoT devices:
- A pressure sensor on a remote oil pump.
- Temperature and humidity sensors in an air-conditioning unit.
- An accelerometer in an elevator.
- Presence sensors in a room.
Category 3 devices are physical devices in your environment that you want to monitor and control. These devices might:
- Have built-in firmware provided by the manufacturer that implements a standard protocol such as ONVIF.
- Be servers, with attached assets, that implement industrial protocols such as OPC UA.
The following are examples of category 3 devices:
- Robotic arms and conveyor belts.
- Industrial CNC machines, lathes, saws, and drills.
- Medical diagnostic imaging machines.
- Security video cameras.
- Programmable logic controllers.
There's a wide variety of devices available from different manufacturers to build your solution. For prototyping a microprocessor device, you can use a device such as a Raspberry Pi. The Raspberry Pi lets you attach many different types of sensor. For prototyping a microcontroller device, use devices such as the ESPRESSIF ESP32, or STMicroelectronics B-L475E-IOT01A Discovery kit to IoT Hub. These boards typically have built-in sensors, such as temperature and accelerometer sensors.
Microsoft provides open-source Device SDKs that you can use to build the apps that run on your devices.
To learn more about the devices in your IoT solution, see IoT device development.
Device connectivity
Typically, IoT devices send data from their attached sensors to cloud services in your solution. However, other types of communication are possible such as a cloud service sending commands to your devices. The following are examples of device-to-cloud and cloud-to-device communication:
- A mobile refrigeration truck sends temperature every 5 minutes to an IoT Hub.
- A cloud service sends a command to a device to change the frequency at which it sends sensor data to help diagnose a problem.
The IoT Device SDKs and IoT Hub support common communication protocols such as HTTP, MQTT, and AMQP for device-to-cloud and cloud-to-device communication. In some scenarios, you might need a gateway to connect your IoT devices to your cloud services.
IoT devices have different characteristics when compared to other clients such as browsers and mobile apps. Specifically, IoT devices:
- Are often embedded systems with no human operator.
- Can be deployed in remote locations, where physical access is expensive.
- Might only be reachable through the solution back end.
- Might have limited power and processing resources.
- Might have intermittent, slow, or expensive network connectivity.
- Might need to use proprietary, custom, or industry-specific application protocols.
The device SDKs help you address the challenges of connecting devices securely and reliably to your cloud services.
To learn more about device connectivity and gateways, see IoT device connectivity and infrastructure.
Connectivity in an edge-based solution
In an edge-based solution, IoT devices connect to an edge environment that processes their messages before forwarding them to the cloud for storage and analysis. Devices might use network communication protocols and standards such as:
- OPC UA in industrial environments.
- ONVIF for managing and monitoring video devices.
- MQTT as a standard messaging protocol for IoT devices.
In the edge-based solution diagram shown previously, the southbound connectors represent the protocols and standards that devices use to connect to the edge environment.
To learn more about processing messages sent from your devices, see Message processing in an IoT solution.
Device comparisons
The following table summarizes current options for devices and connectivity:
| Current offerings (GA) | Cloud-based solution | Edge-based solution |
|---|---|---|
| Connected object types | Category 1 and 2 IoT devices | Category 2 and 3 IoT devices |
| Device connectivity protocols | HTTP, AMQP, MQTT v3.1.1 | Azure IoT Edge enables HTTP, AMQP, MQTT v3.1.1, and MQTT v5. Azure IoT Operations enables MQTT v3.1.1, and MQTT v5 for category 2 devices, connectors enable other protocols such as OPC UA, ONVIF, SQL, and REST for category 3 devices. Custom connectors are possible. |
| Device implementation | Microsoft Azure IoT device SDKs and embedded device SDKs | Category 2 devices can use any MQTT library to connect to the MQTT broker. Category 3 devices typically come with standard firmware. |
| Device management | IoT DPS, Device Update, IoT Central | In Azure IoT Operations, use Azure Device Registry. Use Akri to enable automated device discovery with native protocols. In IoT Edge, use IoT DPS for large-scale device management. |
Services and applications
In a cloud-based solution, IoT-specific cloud services provide the infrastructure to connect, monitor, and control your devices. In an edge-based solution, the edge runtime environment hosts the services to connect, monitor, and control your devices. Other cloud services provide generic services such as storage, analysis, and visualizations to your solution.
IoT cloud services
In a cloud-based IoT solution, the IoT cloud services typically:
- Receive sensor data at scale from your devices, and determine how to process and store that data.
- Send commands from the cloud to specific devices.
- Provision devices and control which devices can connect to your infrastructure.
- Control the state of your devices and monitor their activities.
- Manage the firmware installed on your devices.
For example, in a remote monitoring solution for an oil pumping station, the services use sensor data from the pumps to identify anomalous behavior. When a cloud service identifies an anomaly, it can automatically send a command to the device to take a corrective action. This process implements an automated feedback loop between the device and the cloud that greatly increases the solution efficiency.
To learn more about key concepts around managing and controlling devices, see IoT device management and control.
Edge runtime
In an edge-based IoT solution, the on-premises services hosted in the edge runtime environment typically:
- Manage the connectivity to your devices through the southbound connectors
- Receive data at scale from your devices, and determine where to route the messages for further processing.
- Forward commands from the cloud to specific devices.
- Perform some local message processing. In Azure IoT Operations, this processing takes place in the northbound connectors
Other cloud services
Both cloud-based and edge-based solutions can use other cloud services to provide more functionality to your solution. For example, you can use:
- Azure storage services to store collected data.
- Azure Stream Analytics to process sensor data in real time.
- Azure Functions to respond to device events.
- Azure Logic Apps to automate business processes.
- Azure Machine Learning to add machine learning and AI models to your solution.
- Microsoft Fabric to store and analyze sensor data.
- Microsoft Power BI to visualize sensor data.
To learn more, see:
IoT services comparisons
The following table summarizes current service and edge application options:
| Current offerings (GA) | Cloud-based solution | Edge-based solution |
|---|---|---|
| Services | IoT Hub, IoT DPS, IoT Hub Device Update, Azure Digital Twins | Azure IoT Operations, with Azure Device Registry. You can also use IoT Edge. |
| Edge applications options | None | With Azure IoT Operations, you can use DAPR (distributed application runtime apps). With IoT Edge, you can use IoT Edge modules. |
Deployment comparisons
The following table summarizes current deployment options:
| Current offerings (GA) | Cloud-based solution | Edge-based solution |
|---|---|---|
| Topology | Devices connect directly to cloud messaging services such as IoT Hub. Managed in the cloud using Azure Resource Manager (ARM) or IoT Hub service SDKs. | Azure IoT Operations provides a way to connect devices to an on-premises Kubernetes cluster. Devices connect to the Azure IoT Operations MQTT broker, either directly over standard networking protocols, or through intermediate devices. Managed in the cloud using Azure Arc-enabled services. You can also use IoT Edge. IoT Edge is a device-focused runtime that enables you to deploy, run, and monitor containerized Linux workloads at the edge, bringing analytics closer to your devices for faster insights and offline decision-making. IoT Edge is a feature of IoT Hub. |
| Infrastructure | Cloud services like IoT Hub, and standard computing devices that contain a CPU/MPU, or constrained and embedded devices that contain an MCU. | Azure IoT Operations, which runs on a Kubernetes cluster, and devices that connect to the cluster. You can also use IoT Edge, which runs on a gateway device like a Raspberry Pi or an industrial PC, and devices that connect to the gateway device. Devices that connect to Azure IoT Operations or IoT Edge, can include standard computing devices that contain a CPU/MPU, or constrained and embedded devices that contain an MCU. |
Solution-wide concerns
Any IoT solution must address the following solution-wide concerns:
- Solution management including deployment and monitoring.
- Security including physical security, authentication, authorization, and encryption.
- Scalability, high availability, and disaster recovery for all the components in your solution.
Solution management
The adaptive cloud approach unifies siloed teams, distributed sites, and disparate systems into a single operations, security, application, and data model. This approach enables you to use the same cloud and AI technologies to manage and monitor edge-based, cloud-based, and hybrid IoT solutions.
Solutions based on IoT Hub, IoT Central, and IoT Edge offer limited support for an adaptive cloud approach. Although IoT Hub, IoT Central, and IoT Edge instances are themselves Azure resources, they don't natively expose capabilities, such as device management and data transformation, as resources you can manage as standard Azure resources.
In contrast, solutions based on Azure IoT Operations provide a unified management experience for all the components in your solution. Azure IoT Operations uses Azure Arc-enabled services to manage and monitor your edge-based solution as if it were a cloud-based solution. For example, devices and data transformations running on the edge are exposed as cloud resources in Azure. This approach enables you to use standard Azure technologies to manage and monitor your entire edge-based solution.
Security comparisons
The following table summarizes current security options:
| Current offerings (GA) | Cloud-based solution | Edge-based solution |
|---|---|---|
| Authentication | Shared Access Signatures (SAS), X.509 | Azure IoT Operations uses User-assigned and system-assigned managed identities, Service Account Tokens (SAT), SAS and X.509 for on-cluster authentication. IoT Edge uses certificate-based authentication. |
| Authorization | Proprietary within current service offerings like IoT Hub | Azure IoT Operations uses Microsoft Entra ID identity for role-based access control (RBAC). IoT Edge uses a proprietary authorization scheme that communicates with IoT Hub but handles authorization locally. |
Next steps
Suggested next steps to explore Azure IoT further include:
- IoT device development
- Message processing in an IoT solution
- Manage your IoT solution
- Choose an Azure IoT service
To learn more about Azure IoT architectures, see: