Send files from cloud to edge device via transparent gateway - Azure IoT Hub

Bajinder Singh 5 Reputation points
2025-03-25T23:16:21.7233333+00:00

Question relates to thread=> https://learn.microsoft.com/en-us/answers/questions/1345751/sending-files-from-web-app-to-device?page=1&orderby=Helpful&comment=answer-1300279&translated=false#newest-answer-comment

We operate in the mining sector, where it's often necessary to send mine plan files down to machines. We're currently in the process of migrating our custom solution to Azure IoT Edge.

Due to site-specific networking requirements, we sometimes need to deploy a transparent gateway device. In these cases, the IoT Edge device does not have direct access to the external network and can only communicate with the gateway.

Given this setup, how can we solve this the "Azure IoT way"? While we could develop a custom solution, we'd prefer to follow best practices or use a supported approach if one exists.

Windows for business | Windows for IoT
{count} votes

2 answers

Sort by: Most helpful
  1. Anonymous
    2025-03-26T01:39:27.5+00:00

    Hello,

    Migrating to Azure IoT Edge and setting up a transparent gateway device is a great approach for your mining operations. Here are the steps and best practices to follow the "Azure IoT way":

    Configure the Gateway Device:

    Set up your IoT Edge device to act as a transparent gateway. This involves configuring the device to receive messages from downstream devices and route them to the IoT Hub.

    Ensure the gateway device is set up as a server so that downstream devices can connect securely.

    Authenticate Downstream Devices:

    Create a device identity for each downstream device in Azure IoT Hub. This allows the downstream devices to authenticate with the IoT Hub through the gateway.

    Use X.509 certificates for secure authentication. This is a more secure approach compared to symmetric key authentication.

    Connect Downstream Devices:

    Configure the downstream devices to send messages through the gateway device. This involves setting up the necessary routes and ensuring the devices can communicate with the gateway.

    In IoT Central, you can model the relationship between your downstream devices and the gateway, making it easier to manage and monitor them.

    Deployment Manifest:

    Use a deployment manifest to configure the IoT Edge runtime on your gateway device. This manifest includes all the necessary configurations for the gateway to function properly.

    Security Best Practices:

    Follow security best practices such as using a public key infrastructure (PKI) to set up secure connections between devices.

    Ensure that the downstream devices confirm the identity of the gateway device to prevent connections to potentially malicious gateways.

    Have a nice day.

    Best Regards,

    Hania Lian

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.


  2. Sander van de Velde | MVP 36,766 Reputation points MVP Volunteer Moderator
    2025-03-26T23:34:31.1166667+00:00

    Hello @Bajinder Singh,

    welcome to this moderated Azure community forum.

    Notice that Azure IoT Edge can work offline (as long the local certificate used for securing the edgehub routing with TLS is not expired). Configuration of the edge logic is done via the IoT Hub deployment manifest management.

    As long as your Azure IoT Edge is able to connect to the Azure IoT Hub, you can make use on the device/module twin.

    This even works for Azure IoT edge devices that need to honour the ISA95/perdue model.

    There is a specific 'Nested hierarchy' design for this. Check out this tutorial and related documents.

    Notice that this is not the same kind of hierarchy as seen with the transparent gateway methodology. This gateway is typically used for IoT Devices that connect to the IoT Hub using the Azure IoT Device SDK (like this PLC which connect with NodeJS within NodeRed).

    Once your 'leaf' edge device connects to the Azure IoT Hub (via the nested hierarchy), it can manage updates module twins and eg. update files via sas token references in the module twin as seen in the other Q&A question.


    If the response helped, do "Accept Answer". If it doesn't work, please let us know the progress. All community members with similar issues will benefit by doing so. Your contribution is highly appreciated.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.