How to get devices ready for production?

Ana Carraca 21 Reputation points
2021-09-10T08:13:14.05+00:00

We are launching our solution to production and following this tutorial Prepare to deploy your IoT Edge solution in production

Setting up the production certificates, we have some questions:

  1. Are the certificates (as explained here) really necessary if we don't have downstream devices?
  2. How is the overhead of setting up X.509 Self-signed authentication worth it? (compared to using Symmetric keys)

Regarding log files, is cleaning docker log files using logrotate relevant? As mentioned here

Azure IoT Edge
Azure IoT Edge
An Azure service that is used to deploy cloud workloads to run on internet of things (IoT) edge devices via standard containers.
561 questions
Azure IoT Hub
Azure IoT Hub
An Azure service that enables bidirectional communication between internet of things (IoT) devices and applications.
1,157 questions
0 comments No comments
{count} votes

Accepted answer
  1. Sander van de Velde | MVP 31,211 Reputation points MVP
    2021-09-10T13:43:59.507+00:00

    Hello @Ana Carraca ,

    the certificates you reference are used for securing module-to-module communication. This is handled by the EdgeHub module.

    Using the same mechanism for downstream devices is optionally but still it's still one of the production preparation steps.

    Microsoft provides a 'development and test' certificate which is valid for 90 days.

    If you do not replace that temporary certificate, the communication between modules will halt after these 90 days. Notice that a reboot of the device (I'm not sure if a restart of the service/daemon is also ok) will force the creation of a new 90 days certificate...

    Conclusion: Are you fine with this 90 days limitation and a warning in 'sudo iotedge check' ?

    Regarding Symmetric keys, the certificate mentioned above has nothing to do with device-to-cloud communication.

    Though, symmetric keys are theoretically less secure than the used of certficates or TPM for D2C communication.

    Finally, log files eat up harddisk space. You Edge device 'crashes' when disk space runs out. So yes, cleaning/reducing logfile size will help you in the end.

    2 people found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful