Guidelines for creating DPS and IoTHub at Azure

Jeffrey K 171 Reputation points
2021-10-22T22:49:17.05+00:00

What are the guidelines for creating DPS and IoTHub at Azure when getting ready for Production? Like do we need to create new DPS for every customer or new IotHub for every customer/product. Do we have any case study or how it is designed and recommendations?

Azure IoT Hub
Azure IoT Hub
An Azure service that enables bidirectional communication between internet of things (IoT) devices and applications.
1,116 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sander van de Velde 28,386 Reputation points MVP
    2021-10-29T21:56:38.32+00:00

    Hello @Jeffrey K ,

    this is an interesting question and there is no simple answer.

    In your Azure subscription, you can create up to 50 IoT Hubs and up to 10 Device Provisioning Services.

    Each DPS can connect to up to 50 IoT Hubs. There are also limitations regarding number of enrollments per DPS, number of device registration, number of messages per second etc.

    So, there are physical limitations you have to take into account (some are soft limits, you can ask Microsoft for even more resources).

    On the other hand, the logical distribution is probably more important.

    It depends how you want to split the devices:

    • splitting DEV/TEST/ACCEPT/PROD
    • Splitting messages from multiple projects or customers so you can monetize it better
    • You do not want to mix data from a security perspective or government or legal requirements.
    • etc.

    Probably, some of these choices are hard at this moment. Perhaps you want to start small and cheap and see how it goes.

    The good news is that most of the time you can still migrate (groups of) devices at any point of time. The DPS device allocation policy can be used for that, even with custom logic using Azure Functions.

    There are two thing that will limit you over time:

    1. The way the device connects to the cloud, using a DPS or directly to an IoT Hub. Once the device is past the moment where it gets its security keys, you cannot change that remotely at scale.
    2. The tags (not) given to a device or a device enrollment. Without proper Device Twin tags, it is hard to identify and modify both groups of devices or even a single device.

    So, make sure your devices are able to reprovision themselves and no valuable telemetry is not lost when reprovisioning. Then, you can regroup at any given time.

    2 people found this answer helpful.
  2. QuantumCache 20,031 Reputation points
    2021-10-23T14:22:08.297+00:00

    Hello @Jeffrey K This is a great question!

    I see the below documentation on DPS and IoTHub, which gives information on E2E implementation. Though I wanted to highlight here the main production readiness checklist as the

    1. Architecture we are going to use? various components' documentation is available such as Protocol, Routing, Scaling etc,
    2. The production certificates procurement?
    3. Security model?
    4. Device Management, Device Update

    For inspiration, I can point to the Azure Customer Stories page: Azure Customer Stories, but I will keep you posted if I come across any E2E implementations.

    Azure IoT Hub Device Provisioning Service
    Azure IoT Hub

    143086-image.png

    Please comment in the below section for further discussion on this topic, happy to help!

    1 person found this answer helpful.