How does Ferry work with Azure
Below we provide a walkthrough of how Ferry interacts with your Azure account given the permissions you granted in the connection step above.
Creation of a Workspace
When you create a Workspace in Ferry, Ferry provisions a set of Azure resources on your behalf so that you can create & deploy your custom software applications to your devices.
On the Workspace details screen, you can see all the cloud resources that Ferry provisions for you.
For edge deployments, Ferry auto-provisions:
IoT Hub: this is the core cloud resource for IoT devices. It manages devices, configuration, deployments and message routing to and from devices, as well as other Azure cloud resources. You can find out more information here (opens in a new tab).
IoT Hub Device Provisioning Service: this manages certificates & enrolments of your devices. Ferry auto-links your IoT Hub to this resource. You can find out more information here (opens in a new tab).
Certificates: Ferry creates X.509 certificates for you when you create an Organization, Workspace and Node Groups as well as your devices (i.e. Nodes). Ferry ensures that appropriate chains of trust are created between certificates for enhanced security and for identification of devices in your Azure account. Certificates can be found in the IoT Hub Device Provisioning Service. You can find out more information here (opens in a new tab).
Storage Account: all code for your software applications are stored in Azure Blob Storage so you keep control of your IP at all times. Ferry auto-provisions a Storage Account for this purpose. You can find out more information here (opens in a new tab).
Container Registry: Azure IoT Edge uses containerized Docker images when deploying to devices. When you want to deploy an application, Ferry will build the relevant Docker image for you and store it in your Container Registry. You can find out more information here (opens in a new tab).
Your IoT Hub that is auto-provisioned by Ferry comes with an in-built Azure Event Hub. This allows your IoT Hub to retain messages and also allows you to therefore use the IoT Hub with other Azure cloud resources (such as Stream Analytics) for further processing of data in the cloud. The in-built Event Hub that is provisioned with your IoT Hub comes with the default setting of four partitions and up to 24 hours of message retention
Optional: Azure IoT Hub also allows linking of additional Event Hubs if required. Choosing this option will mean that the IoT Hub will route messages to this specific Event Hub, and if there are failures with the routing (i.e. due to query issues), then the in-built Event Hub will be the fallback option. When Ferry provisions this step, it creates two resources in your Azure account for you:
Event Namespace: this is a resource for a cluster of Event Hubs. You can find out more information here (opens in a new tab).
Event Hub: this is the core cloud resource which serves as a data streaming and event ingestion service. Ferry automatically configures your Event Hub with all the required policies to be able to connect to your IoT Hub so that any data that the IoT Hub receives is forwarded to the Event Hub. Find out more here (opens in a new tab).
Creation of Node Groups and Nodes
When you create a Node Group in Ferry, Ferry manages the X.509 certificate creation, and enrolment of the Node Group with the IoT Hub Device Provisioning Service for you. At this stage, Ferry will also securely auto-provision the relevant container registry credentials linking the Node Group to the Container Registry for deployments. Ferry sets up an Azure deployment within the IoT Hub when a Node Group is created, and manages versions of that deployment for you as create, update and deploy your Ferry applications.
Ferry tags your Azure deployments with the Node Group ID which is how you can identify which deployments refer to which Node Group.
When you add a Node to Ferry, it is not created in Azure until it is registered with the IoT Hub Device Provisioning Service.
Registering a Node
Registering a Node with Ferry via your Azure account involves Ferry securely creating X.509 certificates with a full chain of trust to its Node Group, Workspace and Organization. This allows the device to communicate securely with your IoT Hub and IoT Hub Device Provisioning Service.
When you create a Node in Ferry, it is given a one-time token for registration. When you register a Node you pass the token in the registration command, and Ferry provisions one-time session access credentials for the device to be able to request a security certificate directly from Ferry. The device can then use that certificate for future communication with your Azure cloud account for deployments & more!
If you would like to use your own Certificate Authority to provision certificates across Ferry, please contact us here, and we can support that requirement.
Creating Components and Component Versions
When you create Components and Component Versions in Ferry, Ferry manages the required synchronizations with your Azure account.
All code that you write for a Ferry Component is stored in your Storage Account that Ferry auto-provisions for you. This means that you keep control of all your IP at all times. You can find all your component code in your Azure Blob Storage with the following file path:
{workspace_identifier}/components/{component_name}/{component_version}/{src}/{file_path}
Azure IoT Edge uses Docker exclusively to containerize applications that can then be deployed. When you publish a Component Version in Ferry, Ferry will automatically build a Docker image for your application. The Docker images are stored in your Azure Container Registry that you can access.
Creating Deployments
Ferry provides a fully streamlined and automated way to manage deployments in Azure IoT Edge. Managing deployments with Azure IoT Edge can be complicated without Ferry. Updating or changing components (called ‘modules’ in Azure) for a Azure deployment requires careful configuration of the deployment. Errors can easily overwrite a device’s configuration, leading to data loss and downtime. For example, forgetting to include a component in a deployment’s configuration will lead to the device removing it from its Docker runtime!
Additionally, to be able to successfully deploy applications via Azure IoT Edge, multiple Azure cloud resources need to be created and carefully configured (see “Creation of a Workspace above”). Ferry auto-provisions and configures all the necessary Azure cloud resources for you so that deployments are simple & easy to manage.
Ferry also ensures that each Node can only ever have one version of a Component irrespective of the deployments it is to receive. This is to ensure that there are no conflicting versions of a component on a device. Without Ferry, Azure would only take the component with the latest created date (assuming the same priority), which means you could have redundant components on devices which eats into bandwidth, memory and compute power. Ferry’s Smart Deployment features remove these difficulties for you.