Integrate Azure DPS into existing device firmware or port to PnP first? RRS feed

  • Question

  • Hi!

    I have prepared a ESP32-based device with a connection to an Azure IoT Hub. The current implementation is in a crude alpha version due to severe time constraints during development.

    Now, however, I need to prepare the device for provisioning. We've determined that Azure DPS is the sensible solution in this case, but I'm stuck with somewhat of a dilemma when trying to choose the next steps. Most of what I've read about implementing DPS assumes the device is set up with Azure PnP. The other documentation I find seem to be very much oriented around the DPS-IoT Hub section, and not so much about the device side implementation.

    In essence, the question here is:

    Should I try to implement DPS into my existing solution? If so, which of the many examples should I look into for help in the implementation?

    Or should I put in a bit more effort and try to port my earlier implementation over to a PnP solution? What are some important things to keep in mind in that case?

    Wednesday, May 13, 2020 1:54 PM

All replies

  • Hi RobinGjolstad,

    Thanks for reaching out to us!.

    Could you please share the two documents link which you have referred ?

    Could you please let us know how many devices your solution is targeting provision (single or bulk)?

    What kind of attestation mechanism (X.509, TPM, or Symmetric Key) are you willing to use?

    Please let us know more details to help you further in this matter.

    Thanks & Regards ^Satish Boddu -MSFT Azure CXP Community

    Thursday, May 14, 2020 1:53 AM
  • Hi!

    I haven't quite managed to return to the documents I've read earlier, but I've started working on 




    These should hopefully give me something of a clearer picture of what to expect.

    I'll be doing a few single devices at first as a demo and to get devices available to others, but the end goal is bulk provisioning.

    We've targeted using X.509 for attestation, but if another solution is better suited, please give me any suggestions.



    Thursday, May 14, 2020 3:01 PM
  • Hi Robin,

    Thanks for the information.

    Below are the three types of device attestation which Azure DPS supports:

    • TPM Attestation
    1.             Linux
    2.             Windows

    Please note that the device attestation using a TPM or X.509 certificates is more secure, and should be used for more stringent security requirements.

    To understand at a high level please visit the Azure blog on IoT device authentication options to learn more on Pros & Cons of each security method.

    Please do 'Mark as answer' if you see a response as helpful, this would help other community members as well.

    Thanks & Regards ^Satish Boddu -MSFT Azure CXP Community

    Monday, May 18, 2020 2:20 AM
  • Hello Robin,

    Just checking back, please let us know if you need further help.

    Thanks & Regards ^Satish Boddu -MSFT Azure CXP Community

    Thursday, May 21, 2020 3:05 AM
  • Hi Satish,

    Thanks for giving me some more information on the different authentication options. We'll most likely be using X.509 for our solution.

    One last thing I haven't quite figured out yet, though I haven't had a lot of time to look into it, is how to properly integrate DPS into an existing solution. I haven't yet worked my way through both quickstart guides, but I've tried examining the provided examples in the azure-iot-sdk-c, but I can't quite determine which of one is relevant.

    Another question remains though; Does it make any sense to port my existing solution over to the PnP framework? Would that perhaps make implementation of provisioning and firmware updates easier?

    I seem to recall reading something about adding features to the PnP framework being quite simple, but it requires some kind of framework rebuild. Would that interfere with existing "external" code?



    Friday, May 22, 2020 7:10 AM
  • Hello Robin,

    Thanks for the info,

    Could you please let us know few more things about the said existing IoT system.

    How complex is the existing IoT system without DPS ? (Few devices or Many devices)

    Regarding 'Porting Existing system to PnP', I will get back you on this soon.

    Thanks & Regards ^Satish Boddu -MSFT Azure CXP Community

    Friday, May 22, 2020 11:06 PM
  • Hi Satish,

    For now, while in development, the existing in IoT system is as simple as it can get;

    Create device in an IoT Hub -> Add device connection string to code before compilation -> Continuously send data. 

    There's no "proper" provisioning system right now. Everything is done manually for a few devices. 

    As for "porting", existing sensor-reading is implemented quite similar to the PnP-templates, but I'm quite curious about how the PnP rebuilding handles existing implementations. Do "extra" files remain untouched? Does [projectname]_impl.c get completely overwritten on rebuild?

    EDIT: I suppose I should mention that the target device is an ESP32. The quickstarts for simulated devices have worked excellently, but the ESP samples are not quite so forgiving.  

    EDIT 2: I've tried using the samples for ESP, but there are some significant issues with them. I'm not sure if it's relevant for you, but since it's the Azure SDK causing issues, I thought it would be a good idea mentioning it here as well. 

    Link to the relevant Github issue: https://github.com/Azure-Samples/ESP-Samples/issues/7

    Thanks again for your help,


    • Edited by RobinGjolstad Tuesday, May 26, 2020 7:53 AM Added information about ESP sample compilation issues.
    Monday, May 25, 2020 8:14 AM
  • Hello Robin,

    Sorry for the delay in responding, thanks for sharing the info on target device ESP32, I am currently checking the information on porting existing systems to PnP, please stay tuned to this thread.

    Thanks & Regards ^Satish Boddu -MSFT Azure CXP Community

    Thursday, May 28, 2020 4:59 PM