SIT432 - Developing Secure Internet-of-Things

Applications
Task 6.3D: Automated firmware update at scale
Overview
In this task, we will apply what we learned in previously to configure a firmware update on several groups
of devices, illustrating a real life scenario.
To create, manage and monitor Automatic Device Management configurations with Azure IoT Hub, you
can use the portal like you did in previous exercises, but in order to integrate the device management
operations into your IoT application and process, dealing with multiple configurations in parallel and
automate part of the process, you will want to use a more programmatic method. The IoT extension for
the Azure CLI allows you to easily create, update, monitor, and delete configurations as you can see in
the documentation.
Challenges and risks of configuring large groups of devices
Let's get back to our cheese cave environment solution company. Now that we have tested that the
firmware update configuration is working on one device in the lab, we need to start deploying the new
features and security updates to all our customers. But you want to be careful to not accidentally brick all
devices at one customer's location. Lots of things can go wrong when doing a firmware update over the
air at scale: firmware not working as expected on different variations and versions of the hardware,
connectivity loss during FW update process, power loss, operator interacting with device at the same
time a device is being updated.
To limit the risks of disrupting your customers' production and the cost of a large-scale firmware update
fail, the best way to implement a firmware update campaign is usually to proceed in batches: you deploy
the firmware on a small set of devices, then if successful you start the deployment on the next group of
devices.
Manage group of devices with Device Twins tags
The first thing that you will need to do when managing groups of devices via Azure IoT Hub is to assign
meta data to your devices to group them depending on their location, the hardware version, the
customer's name. To store that metadata and make it available to your solution, you can use the Device
Twins tags.
We want to prepare a firmware update campaign to update all devices installed at 2 of our customers:
Lewis and Smith. But as explained in the previous unit, we don't want to take the risk of disrupting cheese
aging processes for too long and we can't afford a failure of all devices at the same time. We will go
through the following steps:
. Create new device identities, set up their device twin tag, and start simulators
. Create a first new Automatic Device Management configuration for the first batch of devices
1/6
 . Monitor the deployment of the new configuration, then, when successful, create the second
configuration.
Instructions
NOTE:
This task requires a sandbox to complete. A sandbox gives you access to free resources. The sandbox
may only be used for educational purposes. Use for any other reason is prohibited, and may result in
permanent loss of access to the sandbox.
The sandbox automatically cleans up your resources after the time limit has expired.
When you're working in your own subscription, it's a good idea at the end of a project to identify whether
you still need the resources you created. Resources left running can cost you money. You can delete
resources individually or delete the resource group to delete the entire set of resources.
Sign in here to activate sandbox.
Create new device identities and run simulators using the Azure CLI
. Let's start by creating a set of device identities with different sets of tags. This operation would in
practice be done when new devices are deployed. Let's use the Azure CLI to rapidly add 10 new
device Identities and start simulators. We will create a script file that we will execute from the shell
in order to create the device identities and starting the simulators.
. In the Azure shell, and in the same folder you created the device simulator app, create, and open a
script file called createdevices.sh typing the following command:

code createdevices.sh

. Copy and paste the following script in your script file:

#!/bin/bash
iothubname="<iot hub name>"
for i in 1 2 3 4 5 6 7 8 9 10
do
# Create a new device Id
echo Creating device Id simulateddevice$i
az iot hub device-identity create --hub-name $iothubname --device-
id simulateddevice$i

# Set tag value for customer name (alternating between 2 customers

names)
echo Adding customer tag in device twin
if [ $i -gt 5 ]
then
az iot hub device-twin update --device-id simulateddevice$i --
hub-name $iothubname --set tags="{\"customer\":{\"name\":\"Smith\"}}"

2/6
 else
az iot hub device-twin update --device-id simulateddevice$i --
hub-name $iothubname --set tags="{\"customer\":{\"name\":\"Lewis\"}}"
fi

# Start the device simulator

connectionString=$(az iot hub device-identity show-connection-
string --hub-name $iothubname --device-id simulateddevice$i)
connectionString=${connectionString#*: \"}
connectionString=${connectionString%\"*}
echo Starting device simulator $i with connection string
$connectionString
dotnet run "$connectionString" &
done

. Replace "<iot hub name>" with your IoT Hub Name

. Save the script file and close the editor.
. In the terminal, run the script createdevices.sh:

sh createdevices.sh

. You should see a series of commands passing by creating the device IDs in the IoT Hub, assigning
device twin tags, and starting simulators for 10 separate devices. Half of the devices are set with a
tag indicating they have been installed at customer Smith, while the rest has a tag indicating they
are at Lewis'.
Create new Automatic Device Management configurations using the Azure CLI
. As an administrator of the IoT solution, you could use the Azure portal to create the device
management configurations (as done in previous units), but to automate things at scale it is
simpler to create and use Azure CLI scripts.
. In the same folder, you created the device simulator app, create an automatic configuration
content file called firmwareupdatecontent.json.

code firmwareupdatecontent.json

. Copy and paste the below in firmwareupdatecontent.json:

{
"content":{
"deviceContent":{
"properties.desired.firmware":{
"fwVersion":"1.0.1",

3/6
 "fwPackageURI":"https://MyPackage.uri",
"fwPackageCheckValue":"1234"
}
}
}
}

. Save the file and close the editor.

. In the same folder, you created the previous file, create two other automatic configuration metrics
files called firmwareupdatemetricslewis.json.

code firmwareupdatemetricslewis.json

. Copy and paste the below in firmwareupdatemetricslewis.json:

{
"metrics":{
"queries":{
"fwupdated":"select deviceid from devices where
configurations.[[firmwareupdatelewis]].status='Applied' and
properties.reported.firmware.currentFwVersion='1.0.1'"
}
}
}

. Save the file and close the editor.

. In the same folder, you created the previous file, create two other automatic configuration metrics
files called firmwareupdatemetricssmith.json.

code firmwareupdatemetricssmith.json

. Copy and paste the below in firmwareupdatemetricssmith.json:

{
"metrics":{
"queries":{
"fwupdated":"select deviceid from devices where
configurations.[[firmwareupdatesmith]].status='Applied' and
properties.reported.firmware.currentFwVersion='1.0.1'"
}
}
}

4/6
. Save the file and close the editor.
. Now that we have our configuration content ready, we want to create and monitor the first
configuration. Once the first one will terminate successfully, we will create and monitor the second
one.
. Working in the same terminal you used to run the device simulator, run the following commands
(replacing {your iot hub name} with your hub name):

az iot hub configuration create --config-id "firmwareupdatelewis"

--content firmwareupdatecontent.json \
--hub-name {your iot hub name}\
--target-condition "tags.customer.name='Lewis'"\
--priority 10 \
--metrics firmwareupdatemetricslewis.json

. Note: Remember the trick to use a text editor to prepare the commands before pasting them in the
Azure Shell terminal.
. The firmware update campaign started and you should see the five devices installed at the Lewis'
start the firmware update. We will now monitor the progress of the configuration to make sure
everything went well before starting the second one. In the terminal, run the following command
(replacing {your iot hub name} with your hub name):

az iot hub configuration show-metric --config-id firmwareupdatelewis \

--metric-id fwupdated --hub-name {your iot hub name} --metric-type
user

This command will list all the devices on which the firmware update has been successfully applied.
You should see 5 of them. If that's not the case, check the progress on each device simulator
output and try the monitoring command again.
. Once the first part of the firmware update campaign was successful, you can start the second one
running the following command in the terminal:

az iot hub configuration create --config-id "firmwareupdatesmith" \

--content firmwareupdatecontent.json \
--hub-name {your iot hub name}\
--target-condition "tags.customer.name='Smith'"\
--priority 10 \
--metrics firmwareupdatemetricssmith.json

And the following (eventually several times) to monitor progress.

5/6
 az iot hub configuration show-metric --config-id firmwareupdatesmith \
--metric-id fwupdated --hub-name {your iot hub name} --metric-type
user

. You have now successfully updated all devices' firmware at both customers' location without
disrupting their production!
Summary quiz
You have now completed an over-the-air firmware update campaign for two customers from the comfort
of Azure IoT. Up to this point, you have learned how to:
Create a custom Azure IoT Hub, using the Azure CLI
Create IoT Hub device IDs, using the Azure CLI
Create an app that will simulate a device implementing a firmware update in C#
Test a single device firmware update setting it up and initiating it from the Azure portal
Use the Automatic device management feature of Azure IoT Hub to automate the firmware update
on several groups of devices in sequence, using the Azure CLI
Now, answer the following questions to test your knowledge:
. What are some of the challenges and risks of updating IoT devices firmware?
. What is the name of the Azure IoT Hub feature that will help me implement an over-the-air firmware
update campaign on several groups of devices?
. True or False: Device Management configurations can only be setup in the Azure portal.
. What is the command to create a new Device Management configuration with the Azure CLI and
the IoT extension?
. What does the command az iot hub configuration show-metric return?
Submission details
Submit the final outputs of each sections above as screenshots with some text description to prove that
you have successfully completed the task. You will also need to include your answers to the summary
quiz. Combine them all in a single document and submit to OnTrack.

6/6