Using connected registry with Azure IoT Edge
In this article, you learn about using an Azure connected registry in hierarchical IoT Edge scenarios. The connected container registry can be deployed as an IoT Edge module and play an essential role in serving container images required by the devices in the hierarchy.
What is a hierarchical IoT Edge deployment?
Azure IoT Edge allows you to deploy IoT Edge devices across networks organized in hierarchical layers. Each layer in a hierarchy is a gateway device that handles messages and requests from devices in the layer beneath it. You can structure a hierarchy of devices so that only the top layer has connectivity to the cloud, and the lower layers can only communicate with adjacent north and south layers. This network layering is the foundation of most industrial networks, which follow the ISA-95 standard.
To learn how to create a hierarchy of IoT Edge devices, see Tutorial: Create a hierarchy of IoT Edge devices
How do I use connected registry in hierarchical IoT Edge scenarios?
The following image shows how the connected registry can be used to support the hierarchical deployment of IoT Edge. Solid gray lines show the actual network flow, while the dashed lines show the logical communication between components and the connected registries.
Top layer
The top layer of the example architecture, Layer 5: Enterprise Network, is managed by IT and can access the container registry for Contoso in the Azure cloud. The connected registry is deployed as an IoT Edge module on the IoT Edge VM and can directly communicate with the cloud registry to pull and push images and artifacts.
The connected registry is shown as working in the default ReadWrite mode. Clients of this connected registry can pull and push images and artifacts to it. Pushed images will be synchronized with the cloud registry. If pushes are not required in that layer, the connected registry can be changed to operate in ReadOnly mode.
For steps to deploy the connected registry as an IoT Edge module at this level, see Quickstart - Deploy a connected registry to an IoT Edge device.
Nested layers
The next lower layer, Layer 4: Site Business Planning and Logistics, is configured to communicate only with Layer 5. Thus, when deploying the IoT Edge VM on Layer 4, it needs to pull the module images from the connected registry on Layer 5 instead.
You can also deploy a connected registry working in ReadOnly mode to serve the layers below. This is illustrated with the IoT Edge VM on Layer 3: Industrial Security Zone. That VM must pull the module images from the connected registry on Layer 4. If clients on lower layers need to be served, a connected registry in ReadOnly mode can be deployed on Layer 3, and so on.
In this architecture, the connected registries deployed on each layer are configured to synchronize the images with the connected registry on the layer above. The connected registries are deployed as IoT Edge modules and leverage the IoT Edge mechanisms for deployment and network routing.
For steps to deploy the connected registry on nested IoT Edge devices, see Quickstart: Deploy connected registry on nested IoT Edge devices.
Next steps
In this overview, you learned about the use of the connected registry in hierarchical IoT Edge scenarios. Continue to the following articles to learn how to configure and deploy a connected registry to your IoT Edge device.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for