How to start with Azure IOT

19 06 2016

If you are a newbie to Azure or Azure IOT, you are certainly questioning yourself how to get into this new environment most efficiently.
Well, I just had to do this myself and here are the learnings!

As a prerequisite it would be great to be familiar with writing code and doing architectures for enterprise solutions, because Azure solutions are not so different per se. They only leverage new building blocks and occasionally have specialties emerging of their new type of infrastructure.

For a start it is good to have a look at the Azure IOT templates Microsoft is offering (currently for remote monitoring and predictive maintenance). With the templates, one should especially focus on the architecture, which is something that provides great insight into how Azure IOT solutions work and should be created.
However, I have found the implementation to be state of the art from an enterprise perspective, which means it really is very generic, but the bad thing about this approach for newbies is that due to lack of documentation it makes it very time-consuming to understand, what really is  going on in the solution. This is especially true, if you want to hook in to extend it!
In addition, I experienced some nasty PowerShell versioning issues using the deployment scripts for the templates. Not really fun.

 

Football goalman on the stadium field

Due this, I recommend to approach Azure IOT with the normal Azure documentation having the template architectures in mind. If you are doing a first POC or similar based on this, you may not create the most clean and generic architecture, but you will end up with a first solution to your problem you fully comprehend and that was fun to create!

Why? Well, because the general Azure documentation on the services used for Azure IOT is easy to understand and has great samples, which are fun to reuse in your own code.

So – do not loose time. I really liked how Azure IOT Hub compensates schema changes in e.g. telemetry messages (which normally break classical solutions!) and the flexibility as well as the potential of Stream Jobs / Web Jobs, which could be a killer feature in any of your next solutions.

Winking smile

Alexander

PS:
Yes sorry, it is European Soccer Championships over here currently! Therefore the soccer goalkeeper image, that has absolutely nothing to do with this entry’s content!





Something is moving with – Azure Stack!

4 02 2016

Yes, I know, two posts in a row on the same topic.

server room-90389_640

But hey, this is great technology for enterprises. So – please do not be shy and join Jeffrey Snover as he tells and shows a little bit more on where the journey is heading:

https://channel9.msdn.com/Shows/Mechanics/An-early-look-at-Azure-Stack-and-what-it-means-for-IT-with-Jeffrey-Snover

Looks very promising.

Enjoy!

Alexander





Azure Stack – The Game Changer

8 01 2016

While having a “Cloud First, Mobile First” strategy makes a lot of sense, especially in consumer related projects, this approach is problematic in quite a few industrial and professional embedded scenarios.

Why?

Well, as a company you might not have connectivity for all your devices everywhere due to infrastructure/cost reasons or security/high-availability considerations.
In these scenarios one currently is quite left alone today by large SW vendors, with what was considered legacy datacenter technology.
However, some smart people at Microsoft have thought about this and have found a great solution!

skyscraper-418189_1280

What, if You could use Cloud (Azure) technology on-premises just as in the Cloud and maybe even transparently roam between the two just as required? Sounds good?
If that raises some interest with you, have a look at Azure Stack. Jeffrey Snover, aka the father of PowerShell, introduces the newest version of this game changing technology in his current blog post.

I consider this great news for all solution architects that have to cope with real world scenarios, which never are Cloud-only or datacenter-only!

Great work Azure Stack team! Keep it up, I am eagerly waiting for more to come.🙂

 

Alexander





A very Happy New Year!

4 01 2016

to all readers of my blog!

Fotolia_51907532_XS

May the new year bring peace, freedom and happiness to all of You!

🙂

 

All the best

Alexander





Windows Phone 8.1 VPN-Trigger for MDM managed devices

3 12 2015

Well, let us start with the bad news first:

do not work on WP 8.1!

Why? – Well, I do not know and I really tried hard!😦

 

Computer problem

 

However, you should specify the DNS Suffix *.companyintranet.com as well as the corresponding IP-Range (e.g. 10.0.0.1/8) in any case in your MDM VPN profile, to enable VPN split tunnels (this means: Intranet traffic goes through tunnel, all the other traffic through normal network connection), which does work!

To trigger a VPN connection, using an MDM deployed “automatic” VPN Profile, you can use PIDs, which e.g. can be found  here: https://msdn.microsoft.com/en-us/library/dn602089.aspx, or Product Family Names (PFNs, e.g. from package manifest, if you have a LOB app).
Generally VPN triggers do only work on “automatic” profiles!

PIDs only work with older WP8.0 or built-in apps (well, except for triggering IE, which does not work at all and that seems to be a bug).
If you have newer apps (e.g. based on Universal Windows Platform – UWP), only PFNs will work as triggers. Therefore, PFNs are the way to go forward.

Fotolia_61026517_XS

Another trigger approach are IP-Range based triggers. If you call an IP-address in the intranet range specified ( 10.0.0.1/8 in our example) from an app,  a VPN Tunnel is launched. An interesting thing is that the phone does not care, if the address really exists. So calling any of the addresses within the range from an app, will open a VPN Tunnel.

I nearly forgot DNS shortnames, such as http://my . This way to trigger a connection  does work, but is not really often used, at least by my customers.

 

Happy Tunneling!

Alexander





Windows Phone 8.1 Enterprise Services and Certificates

29 11 2015

Windows Phone 8.1 has some great enterprise features and is one of the most secure phones in the market.
However, there are some things to consider, if You want to use these devices in an MDM managed enterpise service (VPN/Wi-Fi) scenario.
One of these things are device certificates: Quite a few companies use several dedicated certificates to access enterprise services like VPN and Wi-Fi. This approach does not work with WP 8.1 phones, because they expect only a single device certificate per device and company root CA, not service specific ones.
Of course, you could roll-out a variety of different SCEP certificates via an MDM system, but the cert-picker on the phone will not automatically select the fitting certificate for a service, because it always chooses the first device cert from your company CA, it finds in the cert store!
This will naturally not always be the suiting one, which causes trouble accessing the service.

This behavior is by design and seems to be annoying at the first glance, but it is, if you think about it from an architectural perspective, much cleaner than the different certs for different services approach. A device certificate should only be used to authenticate the device and user against enterprise services, the related user / device rights should be stored in the directory services of your company.
Using this approach, rights management is much more transparent for administrators and not dependent on the possession of a certain service certificate. In addition, managing a single certificate is much less effort than multiple per device.

 

Alexander





Too hot to go out? – Check this!

16 07 2015

Summer can be cruel. At first it seems to be cold and rainy all days and as soon as it gets nice, temperatures ramp up for new records. Nature has become completely digital – on or off and much too little in-between.

Well, do not yield yourself to despair and see what my friends form Pluralsight have prepared for You.
They know how to cope with digital problems!

image

 

Camp Pluralsight is a 6 week campaign with weekly challenges and prizes. Get access to 36 free IT, dev and creative courses. It is open to everyone including current subscribers.

Weekly challenges and prizes:

  • Week 1: complete 2 PS courses for a chance to win an Apple Watch
  • Week 2: watch at least 200 minutes for a chance to win a $500 ThinkGeek gift certificate
  • Week 3: share Camp Pluralsight on Twitter get a chance to win a Surface Pro 3
  • Week 4: complete a pop culture assessment get a chance to win a Xbox One + Kinect
  • Week 5: complete a Code School course get a chance to win a Sharp 55” Smart TV
  • Week 6: watch a Pluralsight webinar get a chance to win an Alienware X51 gaming desktop

Weekly second and third prizes are annual Pluralsight and Code School subscriptions.

Complete at least 2 of the challenges above and you are entered into the grand prize drawing for:

1. Trip to Silicon Valley Comic Con

2. 2 year Pluralsight subscription

3. Han Solo mini-fridge

 Lighthouse. Westkapelle, Netherlands

Summer Camp – nearly as nice as being on the beach!

😉

Alexander

 

Btw.:
Did I recommend watching my Pluralsight State Machine, Mobile Security and Windows Embedded Standard courses?
Have a look at them and have great fun!