Microsoft Azure support

[coderbyheart]

Previously: bifravst/bifravst#29

Service Equivalents

Porting the AWS-based implementation to
Microsoft Azure (Azure) means finding the
equivalent services:

Feature	AWS	Azure
MQTT Broker	IoT Core	IoT Hub, Event Grid
Historical Data Analysis	Athena	Data Explorer ¹ - Synapse Analytics ² Cosmos DB ³ (minimum price per month: ~24 USD)
Website Hosting	CloudFront + S3	Blob Storage
CI/CD	CodeBuild + CodePipeline	ARM with GitHub Actions
User Authentication	Cognito	Active Directory B2C
Infrastructure as Code	CDK	Resource Manager Templates

¹ The minimum price for Azure Data Explore per month is around $220.

Resources

• Azure IoT Monitoring example
• Microsoft Azure IoT SDK for Node.js
• Create IoT Hub and Device to Cloud Consumer Group
• Microsoft Identity Platform: Single-page applications
• Build Nodejs APIs using Serverless on Azure - Simona Cotin
• How to Deploy your Azure Function Automatically with ARM template (4 different ways)
• How to Deploy your Azure Functions Faster and Easily with Zip Push
• Improving the TypeScript support in Azure Functions
• Moving from Lambda to Azure Functions (6 Part Series)
• Work with Azure functions locally
• Course: Create serverless applications
• Azure IoT reference architecture:
  The reference architecture looks good, in my experience FOTA is a critical
  component, which is not covered in that architecture (although mentioned in
  the User management section). Guides for this
  exist already.
  The sample implementation does not
  follow this architecture (it omits the Active Directory part) and is basically
  a giant TODO list, it hasn't been updated in over a year, no CI/CD tests
  ensure that this implementation actually works. Deployment is a barely
  document multi-step process
  (this is just for one sub-component, the HotPath),
  and seems to depend on VS Code. Finally, both architectures seem to target
  business internal deployments, use of Active Directory suggests, that it's
  assumed that this will be deployed alongside an existing organization's AD to
  allow employees (pre-known users) access to the solution. This is not suitable
  for the architecture I want: It should implement a B2C solution, where user
  sign up and have access to their devices. This also works for internal
  deployments, but the key is to have a separate user directory, that's why I am
  using Active Directory B2C as an authentication provider for the SPA.
• Azure FOTA Tutorial is still the current reference template for implementing FOTA
  • new ADU schema: https://docs.microsoft.com/en-us/azure/iot-hub-device-update/device-update-plug-and-play

Notes

• Authentication in Browser:
  msal
  is recommended, but not yet supported by the @azure/arm-* packages:
  [Service Bus] Support AAD authentication in Browser Azure/azure-sdk-for-js#2556 (comment),
  use ms-rest-browserauth
  instead:
  Example
• Authenticate using
  Azure Active Directory B2C
  • What is Azure Active Directory B2C?
  • Single-Page Application built on MSAL.js with Azure AD B2C
    • GatsbyJS: Deploying to Azure
  • Adding Azure AD B2C Authentication to Azure Functions
  • Using Managed Service Identity (MSI) with an Azure App Service or an Azure Function
• nRF91 can now connect to Azure: https://devzone.nordicsemi.com/support/242278
• Synapse Analytics
  • Query JSON files using SQL on-demand (preview) in Azure Synapse Analytics
  • Quickstart: Use Synapse Studio (preview)
• End-to-end tests (Add end-to-end tests bifravst/azure#23)
  • need a different issuer URL: https://bifravstprod.b2clogin.com/bifravstprod.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1_developer (https://twitter.com/coderbyheart/status/1291049057109061638)
• IoT Hub needs to be S1 scale tier (NOK 220.83 / IoT Hub Unit) for support of Azure IoT Device Update
• How to set up an Azure Device Update for IoT instance: https://docs.microsoft.com/en-us/azure/iot-hub-device-update/create-device-update-account
  • The messaging happening for downloading and applying a FOTA amounts to 12KB of JSON.

Features

taken from
the AWS implementation's features

• Look into
  Azure Resource Manager
  to set up all resources
• Look into App Service Static Web Apps
• add role assignment (azure functions need to access IoT hub) to ARM
• remember to use B2C web app in website authentication (client id, and
  Issuer URL:
  https://bifravstwebsite.azurewebsites.net/.auth/login/aad/callback)
• Connect a Cat Tracker
• └ Generate a certificate and connect
• Device: Update Shadow
• └ Publish device information to desired state
• Update Device Configuration
• └ Update the device configuration as a user
• How to retrieve config object only (2304 byte size limit!)
• Read Device Shadow
• └ Read reported and desired state as user
• Query Data
• └ Query historical data
• List cats
• ├ list cats
• ├ view a cat
• ├ name/rename a cat
• └ assign a picture to a cat
• Device Firmware Upgrade over the air
• ├ Create a new firmware upgraded as a user
• ├ Fetch the job as a device and mark as in progress
• ├ describe the job
• └ cancel the job
• Device: Batch Data
• ├ Devices can publish batch data
• └ Query the historical gps data
• Delete cats
• └ Delete the certificate
• Delete a user
• Uninstall
• Docs: Running the App & Deploying
• nRF Cloud Location services
• Azure Device Update for IoT Hub support #340

End-to-end tests

• Feature: Register a new account
• └ Scenario: Sign up
• ├ Scenario: Initially the user should not have policies
• └ Scenario: Self-assign the policy
• Feature: Connect a Cat Tracker
• └ Scenario: Generate a certificate and connect
• Feature: Device: Update Shadow
• └ Scenario: Publish device information to reported state
• Feature: Update Device Configuration
• └ Scenario: Update the device configuration as a user
• Feature: Read Device Shadow
• └ Scenario: Read reported and desired state as user
• Feature: Query Data
• └ Scenario: Query historical data
• Feature: List cats
• └ Scenario: The user should be able to list cats
• Feature: Device Firmware Upgrade over the air
• ├ Scenario: Create a new firmware upgraded as a user
• ├ Scenario: Fetch the job as a device and mark as in progress
• ├ Scenario: describe the job
• ├ Scenario: cancel the job
• └ Scenario: delete the job
• Feature: Device: Messages
• ├ Scenario: Devices publishes that a button was pressed
• └ Scenario: Query the message data
• Feature: Device: Batch Data
• ├ Scenario: Devices can publish batch data
• └ Scenario: Query the historical gps data
• Feature: Cell Geolocation Publish API
• ├ Scenario: Provide cell geolocation
• └ Scenario: Query a cell
• Feature: Cell Geolocation API
• ├ Scenario: Device enters a cell
• ├ Scenario: Device acquires a GPS fix
• ├ Scenario: Query a cell: first time
• └ Scenario: Query a cell
• Feature: Delete cats
• └ Scenario: Delete the certificate
• Feature: Delete a user
• └ Scenario: un-assign the IoT policy