In IoT Development
IoT Show: Azure Percept DK and Wi-Fi Zero Touch Provisioning - read the full article about IoT Development, IoT Development and Internet of Things technologies from Microsoft IoT Developers on Qualified.One
Youtube Blogger
>> Provisioning devices to connect them to Wi-Fi network is a hard task.
Very often requires manual interaction with the device.
Keys entered manually shared with operators, not good, not secure.
Today, on the IoT Show, well see a solution leveraging true zero touch provisioning for Wi-Fi, and thats going to be demoed within Azure Percept Device by Keith, and explained by Michael from Aruba, presenting the Aruba Central solution.
Thats today on the IoT Show.
[MUSIC] >> Hi, everyone. Youre watching The Internet of Things Show.
Im Olivier, your host.
Well be talking about zero touch provisioning with Wi-Fi and the Azure Percepts kit today.
For that, we have Keith, from the Azure Devices and Platforms Team, as well as Michael, whos from Aruba.
Youll see why we have Michael over here.
Thats a super interesting topic.
But lets get started with some introductions actually.
Keith, tell us about yourself and what your team is doing.
>> Im a Senior Program Manager on the Azure Percept Devices Team, and we are building Azure Percept DevKit that can do a wireless touch provisioning solution with zero touch.
That is what we are going to be showing today.
>> Awesome. Thanks, Keith.
The Wi-Fi zero touch provisioning part is just one of the many things that the Azure Percept DevKits can do.
But when it comes to Wi-Fi, actually, Michael, youre part of Aruba, and Aruba provides Wi-Fi solutions, right? >> Thats right. Im Michael Tennefoss, I run IoT and Strategic Partnerships for Aruba, which is Hewlett Packard Enterprise company.
Were very well known for our high security Wi-Fi solutions, and weve been working for quite some time with Microsoft to simplify IT deployments and IoT integration.
>> Actually this simplification of deploying IoT solutions is something critical, and well talk about that, Keith, in a moment in terms of the demo that you will be presenting and why were talking about this topic.
Well, lets actually just jump into that.
Set up the context of what were going to see today, Keith, please.
>> We started our journey by listening to what customer feedback was saying about what we could do here.
The top pain point for the wireless provisioning was doing multiple devices and provisioning into a Wi-Fi network is hard and its really a manual process, super inefficient, and the cost in integration and deployment time, it all needs to be simpler.
This provisioning of Wi-Fi devices is not only painful to the end customers, but also hinders device makers and their ability to make or they may just stock single skew IoT devices.
>> Okay, Keith. How is it done today? I want to know if its complicated to connect these devices.
People in their home when they want to connect to Wi-Fi or home automation or gadget, they have to go through the hoops of putting the device in access point mode and thing like that.
Tell us how it works, especially in the industry today.
An operator comes into a site and wants to deploy and connect devices.
>> We hear about two methods most often.
Like a solution provider, hes given or shes given the Wi-Fi credentials to place on a device and then theres the other part which is like or the IT department has to send somebody out to go manually configure each device as its being placed into service with its Wi-Fi credentials.
You can see how inefficient and insecure this process can be.
Provisioning these Wi-Fi devices is just way too hard.
>> I see. Okay, Keith.
I get that its hard.
What are the bits and pieces were going to see today that helps solving a problem to make it easier.
>> If you didnt have a chance to see the Ignite keynote demo, Id highly recommend it.
In their demo, they actually showed how easy it was to create and deploy AI models with the Azure Percept DevKit, and at the end they showed how zero touch provisioning was able to bring multiple Wi-Fi enabled devices into service simply by powering them on.
Thats what were going to talk about here.
This zero touch provisioning.
It was made possible by the convergence of two things, the device provisioning service, which provides this single framework for storing device information, and then Wi-Fi Easy Connect, which is a Wi-Fi alliance standard.
Now these are the two basic stages.
Get connected and get provisioned. Thats it.
>> More specifically for the demo itself.
You have the two steps here, like for the end-to-end provisioning well say, hey, from powering on to being connected to a Cloud solution.
But more specifically here, what is the hardware youre going to use and what is the software youre going to use as well in that demo? >> Were going to be using the Azure Percept DevKit and that will be doing the ZTP device, itll be the device that gets provisioned, and the Aruba gateway access point.
That is going to be acting as the configurator.
>> Thanks, Keith. Michael, this is the opportunity for you to tell us more about Aruba, the Aruba Gateway, and the Aruba central solution, which actually is a Cloud management tool, if I understand that correctly.
Tell us a bit more about that so that the audience understands better whats going to happen.
>> Sure. Well, let me introduce Aruba Central, which does play a cameo role in zero touch provisioning.
Its a Cloud-native service built on a microservice architecture that delivers AI insights, security, unified infrastructure for any kind of deployment, whether its a campus or a branch or a datacenter, and it does that all from a single point of class.
That is an Aruba Cloud service product.
>> Awesome. Well see it in action, and you were saying its almost a cameo, were almost not seeing it actually, right? >> Thats right. In fact, you dont see most of the technology thats involved here.
Thats a good thing because by making this truly zero touch, weve hit the easy button and weve allowed devices to be provisioned at scale without requiring any specialized training or knowledge.
Theres actually this unfortunate belief that strong security implies complexity, and thats just the opposite here.
We want to dispel that belief and provide the strongest security possible in the simplest possible way.
You plug it in, you turn it on, and thats it.
>> Well, lets see the magic happen then.
Keith, lets actually look at that.
>> Sure. Let me start the stage by saying what my deployment goals are, reiterating some of what Michael had said.
I have to deploy multiple devices as a pilot project to an area which has Wi-Fi networks.
The site is remote, so one of the goals of the deployment is that the existing on-site personnel, they need to be able to do this deploying without having to do the configurations.
The device needs to be ready for ZTP and pilot out-of-the-box.
Lets go ahead and power the device.
First youll see here that we actually dont have the device in IoT Hub yet.
Now Im going to go ahead and switch over to the devices camera and power on our device.
Now, the boot sequence and everything else is quite boring.
What I will do is switch back and talk to you about what the process is.
The first thing that the device does after booting its announces its presence using Wi-Fi action frames every few seconds.
The Wi-Fi LED is going to show blinking during this announce phase.
The configurator is there to hear these presence announcements and then recognizes and authenticates the device.
Then the configurator sends down the Wi-Fi settings, which are the unique credentials or device specific credentials it will use to connect to the local Wi-Fi network.
Now, this unique credential allows Aruba to provide the identity-based controls to enforce additional application layer policies, privatization, traffic forwarding, and other network performance policies for the device and the network.
Once the devices LED goes solid, we have an association with the Wi-Fi network and the normal boot process of provisioning can go through and device provisioning service will take over.
At that point, you can see the device has come online.
>> Well, Ill ask you Keith well, while its happening.
Im not clear on the role of the Azure device provisioning service in the Wi-Fi or network connectivity provisioning here, can you tell me a bit more about whats going on when it constitute the device provisioning service and its relationship with the Aruba Central solution? >> Yeah. The device provisioning service is and already has knowledge of all the devices that are going to be provisioned.
This was the logical place for us to start to have the configurator pull its extra needed information.
We worked with the DPS team and they have a new feature coming out thats going to allow extra optional device information to be part of each device record so that when the configurator makes a connection to the Azure DPS instance, it can actually go and read all of the Wi-Fi ECC keys that it needs to for these incoming devices.
As a first step, that is how it gets connected.
>> Got it. Then the second step is usual provisioning of the device.
Device comes to DPS directly now it has Internet connection. I get it.
Let me actually turn to Michael on this one because I was worrying a bit.
If we can know and learn a bit more about Wi-Fi Easy Connect, whats the role of the Aruba access points, and if its really required at the end of the day in that scenario? >> Wi-Fi ZTP solution is built on an Wi-Fi alliance standard.
Microsoft and Aruba are working together to productize the technology so that enterprise customers with existing Aruba lifeline infrastructure can use it and can also maintain the security and identity-based controls for which Aruba is well known.
All of these mechanisms are enabled automatically with devices that are onboard with Wi-Fi, easy connect in ZTP.
You dont have to compromise features or security for the ease of use.
This concept of a device class is enumeration of different types of IoT devices that customers can define, tab distinct access policies.
After provisioning a device with unique credential will know the devices class and well be able to apply that customer, define policy with robust conductivity even before the device is fully connected to the network.
Weve integrated the configurator function that Keith described as part of our Wi-Fi infrastructure.
Once the customer has performed the one-time linking of Aruba Central to the device provisioning service, the devices can be activated anywhere within the coverage of the wireless LAN in a room across the site, across the campus.
The interaction of the device and the configurator is defined by the Wi-Fi Easy Connect protocol, which is a wide filing standard.
The net result of the Wi-Fi ZTP solution is that it delivers uniform security, uniform visibility, and uniform performance across the Aruba Wi-Fi network without disruption or degradation of IoT devices that are sharing the network.
If a customer isnt able to use the integrated ZTP function, all Azure Percept Devkits can be configured to take on a configurator role and provision devices onto most Wi-Fi networks.
Or in fact, anyone can make a device that becomes a configurator if they wish to.
>> Interesting. Thats pretty powerful actually.
Device, if I sum it up correctly, will need a configurator to be on the network.
If there is one, it will connect, it can become a configurator.
Its turned so then if rooms around and theres another access point as EDP with no easy access capabilities and that new device can act as a configurator, right? >> Thats right.
>> Okay. Get it correctly.
Now, and you were saying Michael, this is interesting, any manufacturer can actually implement that.
The easy connect part of Wi-Fi is a standard, so the industry can adopt that and we really hope will.
Keith back at you, what was required from the hardware and software perspective on an Azure Percept Devkits to make it happen, to make that device able to leverage that zero-touch provisioning capability, but also eventually become a configurator on network? >> Yeah, so to ensure the solution was easy to adopt for device makers, we wanted the hardware requirements to be as little as possible, and lucky for us they work.
We include a TPM and this is factory provisioned in the TPM is a bootstrap ECC public key for Wi-Fi, and that is used during authentication for the configurator.
Then the other piece is the Wi-Fi hardware.
You will need a Wi-Fi adapter and driver who supports action frames and remain on channel.
From the hardware perspective, that is it.
On the software side, all the software that is necessary to enables ZTP is in the Azure Percept Devkit and will be open-sourced.
Wi-Fi Easy Connect, as it being a Wi-Fi alliance certified product, will have all of the needed pieces.
>> Nice. Well, that was a good demo.
Thanks Keith, its time to wrap it up with some key takeaways and what weve just seen here today.
If you want to sum up the technical key takeaways for our audience that would be nice.
>> First off we have the bootstrap keys that you have been done at the factory from the TPM with Wi-Fi Easy Connect and then you have your choice of the configurator.
You can either pick if you already have your Aruba Network set up, you can use that, and if he did not have in a Aruba Network, you could use one of our Azure Percept Devkits as a configurator and it would just connect to your other local Wi-Fi, whatever that might be.
Devices once powered on will automatically connect to Wi-Fi through Wi-Fi Easy Connect.
The automatic provisioning of Azure Device Percept DK Devices to IoT Device Provisioning Service happens as a result of getting network connects.
>> Actually back at you Michael, from the business perspective, what are the key takeaways, and one of the things you want our audience to actually remember today? >> Well, theyre really three primary takeaways.
First of all, this solution addresses the top pain point by provisioning multiple IoT devices to Wi-Fi networks with minimal effort, thats the first.
The second is that it lowers the cost of integration and deployment time at scale.
Finally, its built on a standards-based approach.
Its not proprietary.
Between those three, weve accommodated the requests from customers to make this process simple, we lower the cost of doing it, and weve also given them a standards-based approach.
>> I love it. Perfect, good summary.
Everyone who has just watched all of that, you can now go read the blog posts that has all the details, all the resources, links to learn more and that link actually is going to be shown down there.
Let me actually bring it up.
There you go, aka.ms/iotshow/AzurePerceptWiFiZTP like zero-touch provisioning.
Keith, Michael thanks a lot for your time.
Nice demo, nice explanations.
I look forward to eventually see you again on the IoT Show.
Michael, Thanks a lot once again for your time.
Aruba is providing some very interesting solution that Im sure IoT developers and operators will love.
Thanks, everyone for watching the IoT Show and see you soon. Bye.
[MUSIC]
Microsoft IoT Developers: IoT Show: Azure Percept DK and Wi-Fi Zero Touch Provisioning - IoT Development