You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This article provides an overview of the options available to you for installing and provisioning IoT Edge on your devices.
17
-
18
-
This article provides a look at all of the options for your IoT Edge solution and helps you:
16
+
This article provides an overview of the options available for installing and provisioning IoT Edge on your devices. The article provides a look at all of the options for your IoT Edge solution and helps you:
19
17
20
18
*[Choose a platform](#choose-a-platform)
21
19
*[Choose how to provision your devices](#choose-how-to-provision-your-devices)
@@ -29,7 +27,6 @@ If you know what type of platform, provisioning, and authentication options you
29
27
30
28
If you want more information about how to choose the right option for you, continue through this article to learn more.
31
29
32
-
33
30
|| Linux containers on Linux hosts | Linux containers on Windows hosts |
@@ -41,39 +38,39 @@ If you're not already familiar with IoT Edge terminology, review some key concep
41
38
42
39
**IoT Edge runtime**: The [IoT Edge runtime](iot-edge-runtime.md) is a collection of programs that turn a device into an IoT Edge device. Collectively, the IoT Edge runtime components enable IoT Edge devices to run your IoT Edge modules.
43
40
44
-
**Provisioning**: Each IoT Edge device must be provisioned. Provisioning is a two-step process. The first step is registering the device in an IoT hub, which creates a cloud identity that the device uses to establish the connection to its hub. The second step is configuring the device with its cloud identity. Provisioning can be done manually on a per-device basis, or it can be done at scale using the [IoT Hub Device Provisioning Service](../iot-dps/about-iot-dps.md).
41
+
**Provisioning**: You must provision each IoT Edge device. Provisioning is a two-step process. The first step is registering the device in an IoT hub, which creates a cloud identity that the device uses to establish the connection to its hub. The second step is configuring the device with its cloud identity. You can manually provision a device or use the [IoT Hub Device Provisioning Service](../iot-dps/about-iot-dps.md) to provision devices at scale.
45
42
46
-
**Authentication**: Your IoT Edge devices need to verify its identity when it connects to IoT Hub. You can choose which authentication method to use, like symmetric key passwords, certificate thumbprints, or trusted platform modules (TPMs).
43
+
**Authentication**: Your IoT Edge devices need to verify their identity when they connect to IoT Hub. Choose an authentication method, such as symmetric key passwords, certificate thumbprints, or trusted platform modules (TPMs).
47
44
48
45
## Choose a platform
49
46
50
-
Platform options are referred to by the container operating system and the host operating system. The container operating system is the operating system used inside your IoT Edge runtime and module containers. The host operating system is the operating system of the device the IoT Edge runtime containers and modules are running on.
47
+
Platform options are referred to by the container operating system and the host operating system. The container operating system is the operating system used inside your IoT Edge runtime and module containers. The host operating system is the operating system of the device the IoT Edge runtime containers and modules run on.
51
48
52
-
There are three platform options for your IoT Edge devices.
49
+
Your IoT Edge devices have three platform options.
53
50
54
-
***Linux containers on Linux hosts**: Run Linux-based IoT Edge containers directly on a Linux host. Throughout the IoT Edge docs, you also see this option referred to as **Linux** and **Linux containers** for simplicity.
51
+
***Linux containers on Linux hosts**: Run Linux-based IoT Edge containers directly on a Linux host. Throughout the IoT Edge documentation, you see this option referred to as **Linux** and **Linux containers** for simplicity.
55
52
56
-
***Linux containers on Windows hosts**: Run Linux-based IoT Edge containers in a Linux virtual machine on a Windows host. Throughout the IoT Edge docs, you also see this option referred to as **Linux on Windows**, **IoT Edge for Linux on Windows**, and **EFLOW**.
53
+
***Linux containers on Windows hosts**: Run Linux-based IoT Edge containers in a Linux virtual machine on a Windows host. Throughout the IoT Edge documentation, you see this option referred to as **Linux on Windows**, **IoT Edge for Linux on Windows**, and **EFLOW**.
57
54
58
-
***Windows containers on Windows hosts**: Run Windows-based IoT Edge containers directly on a Windows host. Throughout the IoT Edge docs, you also see this option referred to as **Windows** and **Windows containers** for simplicity.
55
+
***Windows containers on Windows hosts**: Run Windows-based IoT Edge containers directly on a Windows host. Throughout the IoT Edge documentation, you see this option referred to as **Windows** and **Windows containers** for simplicity.
59
56
60
-
For the latest information about which operating systems are currently supported for production scenarios, see the [Operating systems](support.md#operating-systems) section of [Azure IoT Edge supported platforms](support.md).
57
+
For the latest information about which operating systems support production scenarios, see the [Operating systems](support.md#operating-systems) section of [Azure IoT Edge supported platforms](support.md).
61
58
62
59
### Linux containers on Linux
63
60
64
-
For Linux devices, the IoT Edge runtime is installed directly on the host device.
61
+
For Linux devices, you install the IoT Edge runtime directly on the host device.
65
62
66
-
IoT Edge supports X64, ARM32, and ARM64 Linux devices. Microsoft provides official installation packages for various operating systems.
63
+
IoT Edge supports x64, ARM32, and ARM64 Linux devices. Microsoft provides official installation packages for various operating systems.
67
64
68
65
### Linux containers on Windows
69
66
70
-
IoT Edge for Linux on Windows hosts a Linux virtual machine on your Windows device. The virtual machine comes prebuilt with the IoT Edge runtime and updates are managed through Microsoft Update.
67
+
IoT Edge for Linux on Windows hosts a Linux virtual machine on your Windows device. The virtual machine comes prebuilt with the IoT Edge runtime, and Microsoft Update manages updates.
71
68
72
69
IoT Edge for Linux on Windows is the recommended way to run IoT Edge on Windows devices. To learn more, see [What is Azure IoT Edge for Linux on Windows](iot-edge-for-linux-on-windows.md).
73
70
74
71
### Windows containers on Windows
75
72
76
-
IoT Edge version 1.2 or later doesn't support Windows containers. Windows containers aren't supported beyond version 1.1.
73
+
IoT Edge version 1.2 and later doesn't support Windows containers. Windows containers support ends with version 1.1.
77
74
78
75
## Choose how to provision your devices
79
76
@@ -91,45 +88,45 @@ Using single device provisioning, you need to manually enter provisioning inform
91
88
92
89
### Devices at scale
93
90
94
-
Provisioning devices at scale refers to provisioning one or more IoT Edge devices with the assistance of the [IoT Hub Device Provisioning Service](../iot-dps/about-iot-dps.md). You see provisioning at scale also referred to as**autoprovisioning**.
91
+
Provisioning devices at scale means provisioning one or more IoT Edge devices using the [IoT Hub Device Provisioning Service](../iot-dps/about-iot-dps.md). You can also call this process**autoprovisioning**.
95
92
96
-
If your IoT Edge solution requires more than one device, autoprovisioning using DPS saves you the effort of manually entering provisioning information into the configuration files of each device. This automated model can be scaled to millions of IoT Edge devices.
93
+
If your IoT Edge solution needs more than one device, autoprovisioning using DPS saves you from manually entering provisioning information into the configuration files of each device. You can use this automated model to scale to millions of IoT Edge devices.
97
94
98
-
You can secure your IoT Edge solution with the authentication method of your choice. **Symmetric key**, **X.509 certificates**, and**trusted platform module (TPM) attestation** authentication methods are available for provisioning devices at scale. You can read more about those options in the [Choose an authentication method](#choose-an-authentication-method) section.
95
+
You can secure your IoT Edge solution using the authentication method that best fits your needs. For provisioning devices at scale, you can use the **symmetric key**, **X.509 certificates**, or**trusted platform module (TPM) attestation** authentication methods. For more information about these options, see the [Choose an authentication method](#choose-an-authentication-method) section.
99
96
100
-
To learn more about the features of DPS, see the [Features of the Device Provisioning Service](../iot-dps/about-iot-dps.md#features-of-the-device-provisioning-service) section of [What is Azure IoT Hub Device Provisioning Service?](../iot-dps/about-iot-dps.md)
97
+
To learn more about the features of DPS, see the [Features of the Device Provisioning Service](../iot-dps/about-iot-dps.md#features-of-the-device-provisioning-service) section of [What is Azure IoT Hub Device Provisioning Service?](../iot-dps/about-iot-dps.md).
101
98
102
99
## Choose an authentication method
103
100
104
101
### X.509 certificate attestation
105
102
106
-
Using X.509 certificates as an attestation mechanism is the recommended way to scale production and simplify device provisioning. Typically, X.509 certificates are arranged in a certificate chain of trust. Starting with a self-signed or trusted root certificate, each certificate in the chain signs the next lower certificate. This pattern creates a delegated chain of trust from the root certificate down through each intermediate certificate to the final downstream device certificate installed on a device.
103
+
Use X.509 certificates as an attestation mechanism to scale production and simplify device provisioning. Typically, X.509 certificates are arranged in a certificate chain of trust. Starting with a self-signed or trusted root certificate, each certificate in the chain signs the next lower certificate. This pattern creates a delegated chain of trust from the root certificate down through each intermediate certificate to the final downstream device certificate installed on a device.
107
104
108
-
You create two X.509 identity certificates and place them on the device. When you create a new device identity in IoT Hub, you provide thumbprints from both certificates. When the device authenticates to IoT Hub, it presents one certificate and IoT Hub verifies that the certificate matches its thumbprint. The X.509 keys on the device should be stored in a Hardware Security Module (HSM). For example, PKCS#11 modules, ATECC, dTPM, etc.
105
+
You create two X.509 identity certificates and place them on the device. When you create a new device identity in IoT Hub, you provide thumbprints from both certificates. When the device authenticates to IoT Hub, it presents one certificate and IoT Hub verifies that the certificate matches its thumbprint. The X.509 keys on the device should be stored in a Hardware Security Module (HSM). For example, PKCS#11 modules, ATECC, dTPM, and similar technologies.
109
106
110
-
This authentication method is more secure than symmetric keys and supports group enrollments that provide a simplified management experience for a high number of devices. This authentication method is recommended for production scenarios.
107
+
This authentication method is more secure than symmetric keys and supports group enrollments that provide a simplified management experience for a high number of devices. Use this authentication method for production scenarios.
111
108
112
109
### Trusted platform module (TPM) attestation
113
110
114
-
Using TPM attestation is a method for device provisioning that uses authentication features in both software and hardware. Each TPM chip uses a unique endorsement key to verify its authenticity.
111
+
Use TPM attestation as a method for device provisioning that uses authentication features in both software and hardware. Each TPM chip uses a unique endorsement key to verify its authenticity.
115
112
116
-
TPM attestation is only available for provisioning at scale with DPS, and only supports individual enrollments not group enrollments. Group enrollments aren't available because of the device-specific nature of TPM.
113
+
TPM attestation is only available for provisioning at scale with DPS, and it only supports individual enrollments, not group enrollments. Group enrollments aren't available because of the device-specific nature of TPM.
117
114
118
115
TPM 2.0 is required when you use TPM attestation with the device provisioning service.
119
116
120
117
This authentication method is more secure than symmetric keys and is recommended for production scenarios.
121
118
122
-
### Symmetric keys attestation
119
+
### Symmetric key attestation
123
120
124
-
Symmetric key attestation is a simple approach to authenticating a device. This attestation method represents a "Hello world" experience for developers who are new to device provisioning, or don't have strict security requirements.
121
+
Symmetric key attestation is a simple approach to authenticating a device. This attestation method provides a "Hello world" experience for developers who are new to device provisioning or don't have strict security requirements.
125
122
126
-
When you create a new device identity in IoT Hub, the service creates two keys. You place one of the keys on the device, and it presents the key to IoT Hub when authenticating.
123
+
When you create a new device identity in IoT Hub, the service creates two keys. You place one of the keys on the device, and the device presents the key to IoT Hub when authenticating.
127
124
128
125
This authentication method is faster to get started but not as secure. Device provisioning using a TPM or X.509 certificates is more secure and should be used for solutions with more stringent security requirements.
129
126
130
127
## Next steps
131
128
132
-
You can use the table of contents to navigate to the appropriate end-to-end guide for creating an IoT Edge device for your IoT Edge solution's platform, provisioning, and authentication requirements.
129
+
Use the table of contents to navigate to the appropriate end-to-end guide for creating an IoT Edge device for your IoT Edge solution's platform, provisioning, and authentication requirements.
133
130
134
131
You can also use the following links to go to the relevant article.
135
132
@@ -158,4 +155,3 @@ You can also use the following links to go to the relevant article.
158
155
*[Create and provision IoT Edge for Linux on Windows devices at scale using X.509 certificates](how-to-provision-devices-at-scale-linux-on-windows-x509.md)
159
156
*[Create and provision an IoT Edge for Linux on Windows device at scale by using a TPM](how-to-provision-devices-at-scale-linux-on-windows-tpm.md)
160
157
*[Create and provision IoT Edge for Linux on Windows devices at scale using symmetric keys](how-to-provision-devices-at-scale-linux-on-windows-symmetric.md)
0 commit comments