Azure IoT Hub

The Azure IoT Hub sample shows the communication of an Internet-connected device with an Azure IoT Hub instance. This sample uses the Azure IoT Hub library to communicate with the IoT hub and the Azure FOTA library to provide firmware over-the-air (FOTA) functionality.

Cellular connectivity is supported on the nRF91 Series SiPs, while Wi-Fi® connectivity is supported on the nRF52 or nRF53 Series SoCs hosting the nRF70 Series Wi-Fi companion ICs.

The sample uses the connection manager that provides a common connectivity API for LTE and Wi-Fi stacks.

Requirements 

The sample supports the following development kits:

Hardware platforms	PCA	Board name	Build target
nRF9161 DK	PCA10153	nrf9161dk_nrf9161	`nrf9161dk_nrf9161_ns`
nRF9160 DK	PCA10090	nrf9160dk_nrf9160	`nrf9160dk_nrf9160_ns`
nRF9151 DK	PCA10171	nrf9151dk_nrf9151	`nrf9151dk_nrf9151_ns`
nRF7002 DK	PCA10143	nrf7002dk_nrf5340	`nrf7002dk_nrf5340_cpuapp_ns`

When built for an _ns build target, the sample is configured to compile and run as a non-secure application with Cortex-M Security Extensions enabled. Therefore, it automatically includes Trusted Firmware-M that prepares the required peripherals and secure services to be available for the application.

Overview 

The sample supports the direct connection of an IoT device that is already registered to an Azure IoT Hub instance. Alternatively, it supports the provisioning of the device using Azure IoT Hub Device Provisioning Service (DPS) to an IoT hub. See the documentation on Azure IoT Hub library for more information.

The sample periodically publishes telemetry messages (events) to the connected Azure IoT Hub instance. By default, telemetry messages are sent every 20 seconds. To configure the default interval, set the device twin property desired.telemetryInterval, which will be interpreted by the sample as seconds. Here is an example of a telemetry message:

{
  "temperature": 25.2,
  "timestamp": 151325
}

In a telemetry message, temperature is a value between 25.0 and 25.9, and timestamp is the uptime of the device in milliseconds.

The sample has implemented the handling of Azure IoT Hub direct method with the name led. If the device receives a direct method invocation with the name led and payload 1 or 0, LED 1 on the device is turned on or off, depending on the payload. On Thingy:91, the LED turns red if the payload is 1.

Firmware update 

The sample subscribes to incoming Azure IOT Hub device twin messages that contain the firmware update information. By default, the device twin document is requested upon connecting to the IoT hub. Thus, any existing firmware information in the desired property will be parsed. See Azure FOTA for more details on the content of the firmware information in the device twin.

Note

This sample requires a file server instance that hosts the new firmware image. The Azure FOTA library does not require a specific host, but it has been tested using Azure Blob Storage.

Configuration 

See Configuring and building an application for information about how to permanently or temporarily change the configuration.

Setup 

For the sample to work as intended, you must set up and configure an Azure IoT Hub instance. See Setup and configuration for information on creating an Azure IoT Hub instance and Additional configuration for additional information on the configuration options that are available. Also, for a successful TLS connection to the Azure IoT Hub instance, the device needs to have credentials provisioned. If you want to test FOTA, ensure that also the required credentials for the file server are provisioned and the CONFIG_AZURE_FOTA_SEC_TAG Kconfig option is set accordingly. See Setup and configuration for information on provisioning the credentials.

Configuring Wi-Fi access point credentials 

This sample uses the Wi-Fi credentials library to manage Wi-Fi credentials. Before the sample can connect to a Wi-Fi network, you must configure at least one credential set.

Once you have flashed your device with this sample, connect to your device’s UART interface and add credentials using the following command:

wifi_cred add NetworkSSID SecurityMode (OPEN, WPA2-PSK, WPA2-PSK-SHA256, WPA3-SAE) NetworkPassword

Where NetworkSSID is replaced with the SSID of the Wi-Fi access point you want your device to connect to, and NetworkPassword is its password. If you are not sure which security mode to use, enable the CONFIG_NET_L2_WIFI_SHELL Kconfig option and use the wifi scan command to display a list of all accessible networks along with their corresponding security modes. Then either reboot the device or use the wifi_cred auto_connect command to manually trigger a connection attempt.

From now on, these credentials will be automatically used when the configured network is reachable.

When building as firmware image for a non-secure build target, the Wi-Fi credentials backend will be set to PSA using TF-M.

See the Wi-Fi: Shell sample document for more details on the wifi_cred command.

Wi-Fi static credential options

If you want to configure the credentials statically, set the CONFIG_WIFI_CREDENTIALS_STATIC Kconfig option to y.

Important

Do not use static credentials in production environments.

Other options for statically configuring your Wi-Fi credentials:

CONFIG_WIFI_CREDENTIALS_STATIC - This option enables static Wi-Fi configuration.
CONFIG_WIFI_CREDENTIALS_STATIC_SSID - Wi-Fi SSID.
CONFIG_WIFI_CREDENTIALS_STATIC_PASSWORD - Wi-Fi password.
CONFIG_WIFI_CREDENTIALS_STATIC_TYPE_OPEN - Wi-Fi network uses no password.
CONFIG_WIFI_CREDENTIALS_STATIC_TYPE_PSK - Wi-Fi network uses a password and PSK security (default).
CONFIG_WIFI_CREDENTIALS_STATIC_TYPE_PSK_SHA256 - Wi-Fi network uses a password and PSK-256 security.
CONFIG_WIFI_CREDENTIALS_STATIC_TYPE_SAE - Wi-Fi network uses a password and SAE security.

Additional configuration 

Check and configure the following library options that are used by the sample:

CONFIG_AZURE_IOT_HUB_DEVICE_ID - Sets the Azure IoT Hub device ID. Alternatively, the device ID can be provided at run time.
CONFIG_AZURE_IOT_HUB_HOSTNAME - Sets the Azure IoT Hub host name. If DPS is used, the sample assumes that the IoT hub host name is unknown, and the configuration is ignored. The configuration can also be omitted and the hostname provided at run time.

If DPS is used, use the Kconfig fragment found in the overlay-dps.conf file and change the desired configurations there. As an example, the following compiles with DPS for the nRF9160 DK:

west build -p -b nrf9160dk_nrf9160_ns -- -DEXTRA_CONF_FILE=overlay-dps.conf

CONFIG_AZURE_IOT_HUB_DPS - Enables Azure IoT Hub DPS.
CONFIG_AZURE_IOT_HUB_DPS_REG_ID - Sets the Azure IoT Hub DPS registration ID. It can be provided at run time. By default, the sample uses the device ID as the registration ID and sets it at run time.
CONFIG_AZURE_IOT_HUB_DPS_ID_SCOPE - Sets the DPS ID scope of the Azure IoT Hub. This can be provided at run time.

For FOTA, check and configure the following library Kconfig options:

CONFIG_AZURE_FOTA_APP_VERSION - Defines the application version string. Indicates the current firmware version on the development kit.
CONFIG_AZURE_FOTA_APP_VERSION_AUTO - Automatically generates the application version. If enabled, CONFIG_AZURE_FOTA_APP_VERSION is ignored.
CONFIG_AZURE_FOTA_TLS - Enables HTTPS for downloads. By default, TLS is enabled and currently, the transport protocol must be configured at compile time.
CONFIG_AZURE_FOTA_SEC_TAG - Sets the security tag for TLS credentials when using HTTPS as the transport layer. See Setup and configuration for more details.
CONFIG_AZURE_IOT_HUB_HOSTNAME - Sets the Azure IoT Hub host name. If DPS is used, the sample assumes that the IoT hub host name is unknown, and the configuration is ignored.
CONFIG_AZURE_IOT_HUB_DEVICE_ID - Specifies the device ID, which is used when connecting to Azure IoT Hub.
CONFIG_AZURE_IOT_HUB_DPS_REG_ID - Specifies the device registration ID used for DPS.

Note

The sample sets the option CONFIG_MQTT_KEEPALIVE to the maximum allowed value, 1767 seconds (29.45 minutes) as specified by Azure IoT Hub. This is to limit the IP traffic between the device and the Azure IoT Hub message broker for supporting a low power sample. In certain LTE networks, the NAT timeout can be considerably lower than 1767 seconds. As a recommendation, and to prevent the likelihood of getting disconnected unexpectedly, set the option CONFIG_MQTT_KEEPALIVE to the lowest timeout limit (Maximum allowed MQTT keepalive and NAT timeout).

Sending traces over UART on an nRF91 Series DK 

To send modem traces over UART on an nRF91 Series DK, configuration must be added for the UART device in the devicetree and Kconfig. This is done by adding the modem trace UART snippet when building and programming.

Use the Cellular Monitor app for capturing and analyzing modem traces.

TF-M logging must use the same UART as the application. For more details, see shared TF-M logging.

Building and running 

This sample can be found under samples/net/azure_iot_hub in the nRF Connect SDK folder structure.

When built as firmware image for the _ns build target, the sample has Cortex-M Security Extensions (CMSE) enabled and separates the firmware between Non-Secure Processing Environment (NSPE) and Secure Processing Environment (SPE). Because of this, it automatically includes the Trusted Firmware-M (TF-M). To read more about CMSE, see Processing environments.

To build the sample with Visual Studio Code, follow the steps listed on the How to build an application page in the nRF Connect for VS Code extension documentation. See Configuring and building an application for other building scenarios, Programming an application for programming steps, and Testing and optimization for general information about testing and debugging in the nRF Connect SDK.

Testing 

Microsoft has created Azure IoT Explorer to interact and test devices connected to an Azure IoT Hub instance. Optionally, follow the instructions at Azure IoT Explorer to install and configure the tool and use it as mentioned in the below instructions.

After programming the sample to your development kit, complete the following steps to test it:

Connect the kit to the computer using a USB cable. The kit is assigned a COM port (Windows) or ttyACM device (Linux), which is visible in the Device Manager.
Connect to the kit with a terminal emulator (for example, nRF Connect Serial Terminal). See Testing and optimization for the required settings and steps.
Reset the development kit.
Observe the log output and verify that it is similar to the Sample output.
Use the Azure IoT Explorer, or log in to the Azure Portal.
Select the connected IoT hub and then your device.
Change the device twin’s desired property telemetryInterval to a new value, for instance 60, and save the updated device twin. If it does not exist, you can add the desired property.
Observe that the device receives the updated telemetryInterval value, applies it, and starts sending new telemetry events every 10 seconds.
Verify that the reported object in the device twin now has a telemetryInterval property with the correct value reported back from the device.
In the Azure IoT Explorer or device page in Azure Portal, navigate to the Direct method tab.
Enter led as the method name. In the payload field, enter the value 1 (or 0) and click Invoke method.
Observe that LED 1 on the development kit lights up (or switches off if 0 is entered as the payload). If you are using Azure IoT Explorer, you can observe a notification in the top right corner stating if the direct method was successfully invoked based on the report received from the device.
In the Azure IoT Explorer, navigate to the Telemetry tab and click start.
Observe that the event messages from the device are displayed in the terminal within the specified telemetry interval.

To test FOTA update:

Navigate to the view where you can update the device twin using the Azure IoT Explorer or Azure Portal.

Create a firmware JSON object inside the desired object of the device twin document, containing information about the binary to download:

  {
      "firmware": {
          "fwVersion": "v0.0.2-dev",
          "jobId": "ca186d4b-4171-4209-a49d-700c35567d1d",
          "fwLocation": {
              "host": "example.com",
              "path": "firmware/my-app-update.bin"
          },
          "fwFragmentSize": 1800
      }
  }

Click Save to apply the changes to the device twin. Updating the device twin causes a message to be sent to the device, containing the updates to the desired object.
In the terminal emulator, observe that the new firmware image is downloaded and installed as shown in Sample output.
Observe that the sample displays the logs from the new application when the development kit reboots.
Confirm that the device twin contains the updated application version in the reported.firmware.fwVersion field in Azure IoT Explorer or Azure Portal.

Sample output 

When the sample runs, the device boots, and the sample displays the following output in the terminal over UART:

*** Booting Zephyr OS build v2.3.0-rc1-ncs1-1453-gf41496cd30d5  ***
<inf> azure_iot_hub_sample: Azure IoT Hub sample started
<inf> azure_iot_hub_sample: Bringing network interface up and connecting to the network
<inf> azure_iot_hub_sample: Device ID: my-device
<inf> azure_iot_hub_sample: Connecting...
<inf> azure_iot_hub_sample: Network connectivity established and IP address assigned
<inf> azure_fota: Current firmware version: 0.0.1-dev
<inf> azure_iot_hub_sample: Azure IoT Hub library initialized
<inf> azure_iot_hub_sample: AZURE_IOT_HUB_EVT_CONNECTING
<inf> azure_iot_hub_sample: Connection request sent to IoT Hub
<inf> azure_iot_hub_sample: AZURE_IOT_HUB_EVT_CONNECTED
<inf> azure_iot_hub_sample: AZURE_IOT_HUB_EVT_READY
<inf> azure_iot_hub_sample: Sending event:
<inf> azure_iot_hub_sample: {"temperature":25.9,"timestamp":16849}
<inf> azure_iot_hub_sample: Event was successfully sent
<inf> azure_iot_hub_sample: Next event will be sent in 60 seconds

If a new telemetry interval is set in the device twin, the console output is like this:

<inf> azure_iot_hub_sample: AZURE_IOT_HUB_EVT_TWIN_DESIRED_RECEIVED
<inf> azure_iot_hub_sample: New telemetry interval has been applied: 60
<inf> azure_iot_hub_sample: AZURE_IOT_HUB_EVT_TWIN_RESULT_SUCCESS, ID: 42740
<inf> azure_iot_hub_sample: Sending event:
<inf> azure_iot_hub_sample: {"temperature":25.5,"timestamp":47585}
<inf> azure_iot_hub_sample: Event was successfully sent
<inf> azure_iot_hub_sample: Next event will be sent in 60 seconds

If a new FOTA update is initiated, the console output is like this:

<inf> azure_iot_hub_sample: AZURE_IOT_HUB_EVT_TWIN_RESULT_SUCCESS, ID: 140
<inf> azure_fota: Attempting to download firmware (version 'v0.0.2-dev') from example.com/firmware/app_update.bin
<inf> download_client: Downloading: firmware/app_update.bin [0]
<inf> azure_iot_hub_sample: AZURE_IOT_HUB_EVT_FOTA_START
<inf> azure_iot_hub_sample: AZURE_IOT_HUB_EVT_TWIN_DESIRED_RECEIVED
<inf> download_client: Setting up TLS credentials, sec tag count 1
<inf> download_client: Connecting to example.com
<inf> azure_iot_hub_sample: AZURE_IOT_HUB_EVT_TWIN_RESULT_SUCCESS, ID: 190
<inf> azure_iot_hub_sample: AZURE_IOT_HUB_EVT_TWIN_RESULT_SUCCESS, ID: 190
<inf> download_client: Downloaded 1800/674416 bytes (0%)
...
<inf> download_client: Downloaded 674416/674416 bytes (100%)
<inf> download_client: Download complete
<inf> dfu_target_mcuboot: MCUBoot image-0 upgrade scheduled. Reset device to apply
<inf> azure_iot_hub_sample: AZURE_IOT_HUB_EVT_FOTA_DONE
<inf> azure_iot_hub_sample: The device will reboot in 5 seconds to apply update
<inf> azure_iot_hub_sample: AZURE_IOT_HUB_EVT_TWIN_RESULT_SUCCESS, ID: 109

Dependencies 

The sample uses the following nRF Connect SDK and Zephyr libraries:

It uses the following libraries and secure firmware component for nRF91 Series builds:

It uses the following libraries for nRF7 Series builds: