question

OndrejTomcik-3469 avatar image
0 Votes"
OndrejTomcik-3469 asked asergaz edited

Purpose of deleting registration from the Azure DPS

Dear community

I would like to understand what is the use-case / purpose of "Delete Registration" in the Azure DPS.

Scenario:
My device was successfully registered with the provisioning service and connected to the Azure IoT Hub. Then in the Azure DPS management, I am able to delete the registration record. But after deletion, the device is able to connect to the Azure IoT Hub, or again register with the provisioning service. Therefore I don't see a point of this delete command.

I know how I can delete the device from the IoT Hub, as well as how to prevent the device from being provisioned. But I would like to understand, what's the point of deleting the registration record, which seems to be only meta information about status and time.


Thank you
Ondrej

azure-iot-hubazure-iot-dps
· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @OndrejTomcik-3469 ,
Thanks for your great question! Before I try to clarify the scenario can you confirm what you mean by "Delete Registration" in the Azure DPS?

Do you mean deleting the Individual Enrollment? The Group Enrollment?

195060-image.png

Thanks!


0 Votes 0 ·
image.png (66.5 KiB)

Hello @asergaz

Nope. Check the screenshot below:
195550-image.png


1 Vote 1 ·
image.png (80.4 KiB)

Any update? Does Azure DPS team know why it's there? ;)

0 Votes 0 ·
asergaz avatar image asergaz OndrejTomcik-7177 ·

@OndrejTomcik-7177 , thanks for the clarification. I am checking on this with Product Team. Please bear with me.

As per the definition here: https://docs.microsoft.com/en-us/azure/iot-dps/concepts-service#registration

A registration is the record of a device successfully registering/provisioning to an IoT Hub via the Device Provisioning Service. Registration records are created automatically; they can be deleted, but they cannot be updated.

0 Votes 0 ·

Hello @OndrejTomcik-3469 ,

Let us know if the answer from @ralarcones helped you and if so can you please verify it? Thank you so much :)!

Remember:
- Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.
- Want a reminder to come back and check responses? Here is how to subscribe to a notification.

0 Votes 0 ·

1 Answer

ralarcones avatar image
1 Vote"
ralarcones answered asergaz commented

Hi @OndrejTomcik-3469

Here are some thoughts, if you have a huge number of devices registered in DPS that can go thru life cycle where you remove part of that huge number of devices, but need to register others, then you would reach the limits of DPS. This would be something to consider if we are talking about multiple hundreds of thousands or even millions of devices.


For example, imaging you are reaching the DPS limits during some performance tests which need to remove registration records to continue working (something that could happen if ypu are looking to deploy millions of devices in production and you are testing the provisioning process).


Other example, imaging that in production, you are close to the limits for DPS during your regular usage, if for any reason they need to re-provision part of your device fleet, it would rise some issues (imagine a change in authentication, a change in the certificates...).

For DPS limits check: https://docs.microsoft.com/en-us/azure/iot-dps/about-iot-dps#quotas-and-limits

Of course, if you are managing a big number of devices you will need to use a scripting approach to manage the deletions.

For disenroll devices check: https://docs.microsoft.com/en-us/azure/iot-dps/how-to-revoke-device-access-portal
For deprovisioning devices check: https://docs.microsoft.com/en-us/azure/iot-dps/how-to-unprovision-devices

To point out that directly removing an enrollment does not remove the registration records, you need to take care of it as mentioned in the documentation. Removing an enrollment would lead to have the registration records in an "orphan" state (by now, I know there is some actions on-going this situation). There is explicit guidance to remove an enrollment to avoid this situation too.

Hope this helps!

· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @OndrejTomcik-7177,

You are right, reprovisioning will reuse the quota as far as your registration id is the same. I was thinking more in "fleet replacement" or as mentioned, change in how your devices are registered (new registration id, new certificate, etc.).

Exactly, the registration number is the sum of the registrations from all possible mechanisms (individual or group enrollments). To delete a registration belonging to a ceratin enrollment you can use the az cli commands or rest api once you have the registrationId: https://docs.microsoft.com/en-us/cli/azure/iot/dps/enrollment-group/registration?view=azure-cli-latest

For your last question, consider that DPS can work with multiple IoT Hubs, and there are different policies to assign the devices to the hubs, so having accurate information in the DPS will help to proper distribute the device among multiple IoT Hubs: https://docs.microsoft.com/en-us/azure/iot-dps/tutorial-provision-multiple-hubs

1 Vote 1 ·

Thank you @ralacones for your explanation. :)

1 Vote 1 ·
asergaz avatar image asergaz OndrejTomcik-7177 ·

@OndrejTomcik-7177 ,

Please share with us if you have any other questions related with your original post. Otherwise could you go ahead and mark the above as answer?

Thank you so much.

Remember:
- Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

0 Votes 0 ·

Dear @ralarcones

Thank you for your detailed answer. Have few questions back:

if for any reason they need to re-provision part of your device fleet

My understanding is that reprovisioning of the same device won't create a new registration record, it will overwrite the one which is already there. So I suppose I will be still within the quota for the reprovisioning of the same device use case. Please correct me if I am wrong.


Is the "Maximum number of registrations" sum of registrations from all possible attestation mechanisms (individual + x509)? I found a way to delete the registration record for the individual enrollment. Is there the same API for the case using x509 enrollment group?

And the last question, what is the point of having such a limit? Basically, let's assume I provisioned 1 million devices and reached the quota. Devices are successfully provisioned and connected to the IoT Hub. Cleanup service recognized that the limit was reached so it will remove registration records in the background. This has actually no effect on devices, as they stay connected to the IoT hub and their credentials are not invalidated. After cleanup, other 1 million devices can be provisioned, and so on.


Thank you
Ondrej
0 Votes 0 ·