Remote Access Windows IoT core device over the internet - windows

I am working with Windows IoT core on a Gateway to Run some Edge services, all the ways to connect to the IoT core device is locally, so basically you have to be on the same network, Any possible way to access the device via the internet?

It is a generic network question. There are a two options, depending if this is for private or commercial grade use.
Configure 'port forwarding' on your router.
Using cloud service which have a published IP address. Your device 'publish' on a known location and your clients access a known place. For example, you can use Microsoft Azure IoT Hub. The purpose of remote connection is nothing more than managing the device. You can use Azure IoT Device Management.

Related

Show Windows and Linux Server firewall data to a azure solution

This is Yaseen Zafar. DevOps Engineer from Integrated Dealer Systems. We have multiple customers whose servers are hosted on multiple locations from Canada to America. They are hosted on premises (i.e. they are not currently on Azure). Though we are currently using Microsoft Azure Log Analytics to get some insights of the Windows and Linux Servers. So far it has been a very good experience.
Actually I wanted to know if there is any solution available on Azure that can show me firewall related logs, rules, IP and port details ingested from the Windows and Linux Servers that are hosted on premise location.
Best Regards.
Yaseen Zafar
• Yes, there is a way through which you can forward your on-premises firewall logs to Azure log analytics workspace since almost every firewall device has syslog functionality in built in it to forward logs to a log management server on a specific port. Thus, similarly, on-premises firewall logs that include all data collected related to the traffic passed inbound and outbound to the environment can be forwarded to a Linux virtual machine which then can be forwarded to the Azure Log Analytics.
• Syslog is the cross-platform equivalent of Windows Event log which can be leveraged by forwarding these syslog messages to Azure Log Analytics through Linux machines. This linux system should be deployed as a virtual appliance (VM) in on-premises or in Azure cloud such that the syslog-generating firewalls can communicate directly with them. The Linux forwarder can be on-premises physically near the firewall, or it can be in Azure or another cloud, connected to your firewall by an IPSEC tunnel. The Linux computer has a Log Analytics agent configured to communicate with your Log Analytics workspace.
• Once your firewall is connected to Azure Log Analytics you should create a custom dashboard solution that suits your needs. You will have excellent visibility and gain a lot of insight into your firewall operation by studying the collected and indexed syslog data in the Log search feature of the Azure portal. You will notice which types of data your firewall is delivering and learn what to monitor to meet your business and security needs.
Please find the below links for more information on how to configure the Linux virtual machine as a syslog forwarder and how to implement the above stated solution as a whole: -
https://blog.johnjoyner.net/connect-your-firewall-to-azure-log-analytics-for-security-insights/
https://accountabilit.com/azure-log-analytics-best-syslog-destination/

Communication of devices via AWS greengrass core

I am pretty new to AWS IoT. Can you please guide me or refer me some helpful material to implement whole greengrass. I want to use raspberry pi as my greengrass core in gg group and I want to establish communication between different devices which in my case are esp8266 and esp32 through raspberry pi.
I followed the official documentation given on aws site and implemented all examples given. In 4th module of aws greengrass core documentation they have shown an example in which two devices; publisher and subscriber, communicate with each other. As they mentioned I set up my computer as end device and run that basicDiscovery.py file in one terminal as publisher and subscriber in other terminal and it worked.
Now, instead of terminal in my computer I want to use one esp8266 as publisher and another esp8266 as subscriber and exchange data between them via raspberry pi (greengrass core). I have no idea if I have to install device SDK on esp or what? I am finding no way out from here.
Thank you so much for help.
You asked what software you need to run on your ESP8266 device in order to interact with AWS Greengrass. You have two software options to run on the ESP8266 that I'm aware of:
FreeRTOS (FreeRTOS) is a very stable OS, and allows you to code in C.
MongooseOS is a new OS and allows you to code in Javascript.
Arduino (This instructables article walks you through registering a device with AWS IOT, which should allow you to connect it to Greengrass, but I recommend the above two options.)
Amazon FreeRTOS
To install the FreeRTOS software on your device, here are two tutorials:
install the FreeRTOS software on your device.
Here is another tutorial: AWS IOT with FreeRTOS example.
Once you have the FreeRTOS software installed, you can continue in Module 4 that you mentioned by adding the AWS IOT device (your ESP 8266) into your AWS Greengrass group.
MongooseOS
First, install the mos utility on your computer.
Next, use the mos utility to flash your device with MongooseOS software.
Then, upload code to your device (example) to connect to AWS Greengrass Core (or, continue on with Module 4) as you noted.
Good luck!
First you should read about Greengrass which you can find useful information and how to install it on RaspberryPi here.
Then you should choose which kinds of OS you want to use for your ESPs. You can use:
Amazon FreeRTOS
MongooseOS
Zerynth
Or bare-metal programming with C/C++ using different IDEs like Arduino
I would recommend to use Amazon FreeRTOS because it is well-known and the documentations are very good. You can find more information to get started with it here.
If you want to use MongooseOS, I should mention that the documentation is not good and you may lose your time for connecting your ESP to Greengrass group, although you can find more information about it in their blog here.
You can also use Zerynth which is based on python. It has also well documentation. Although, it doesn't support variety of micro controller manufacturers. You can find more information about it here.
If you want to use Arduno you can find more information here.
Basically, Any AWS IoT device can connect to an AWS Greengrass core but you should consider the following hints:
All of your devices (RaspberryPi and ESPs) should be in the same network and you should set the IP of the broker in your ESPs to the IP of your RaspberryPi in your local network.
Also you should set the devices to be in same group in AWS IoT console and deploy the configuration to the Greengrass.
The policies for IoT devices should allow them to publish/subscribe.
For connecting to the AWS broker all of devices should have valid certifications and for connecting ESPs(or any other devices) to the Greengrass network, CA root certificate should be replaced by Greengrass group certificate.

Site-to-site VPN vs point-to-site VPN

I have a scenario where I have a Windows VM in windows Azure that needs to connect to an external customer network (and connect to a database that is not in Azure).
This traffic is uni-directional in that it is only my VM that needs to connect to the customer's databases and not the other way around. Site to site is managed on Azure, which I cannot really test locally.
Conceptually, connecting to the customer's network via a point-to-site VPN seems more suitable (by creating the VPN connection in Windows itself via the network config).
The customer prefers site-to-site even though they don't need to connect to my VM. Am I missing something?
In point-to-site, you have to connect to the network you want to access manually. Usually, if you log-off or restart the workstation it loses connection, and you have to reconnect every time. It's common to use this type of VPN when we are working remotely, and we need to access our company assets. The channel is bi-directional, but it's 1-to-many.
Site-to-site is used when you want to connect two networks and keep the communication up all the time. It's also bi-directional, but it's many-to-many and stays up no matter if your server/workstation is running or not because the connection is established through a network gateway and not from the computer operating system.
In Azure, the Virtual Network Gateway is the platform providing both functionalities. You can configure site-to-site to connect to your customer network. If this network is not running in Azure, they usually have an appliance to establish dedicated tunnels. As long as it supports IPsec IKE, you are good to go.
If you are using the VM in Azure as a workstation, then point-to-site may be enough, but if your application needs to get data from the customer database automatically with or without someone logged in the VM, then site-to-site is a better approach.
A better explanation can be found here

How to do offline sync to LAN network when no internet connection

We know that in Xamarin.forms there is functionality of Offline Sync in conjunction with Azure Mobile App when no internet connection to the cloud.
We had this requirment where we are utilising Azure Mobile App as well as offline sync. But since the app will be sitting on multiple devices on the LAN network so it will be nice if the Internet is down and it falls back to LAN so each devices can talk each other on the LAN. Is this possible to achieve this Xamarin.Forms? The concepts is similar to Offline Sync.
I'm appreciated your feedback.
Thanks
If you want to find devices and services in the local network you have to use something like Zeroconf.
You could have a look at https://github.com/onovotny/Zeroconf whether it fits your needs.

Difference between Azure Connect and Azure Virtual Network?

Azure Connect is a service found on the older Azure.com portal and allows connectivity between on-premise and cloud servers/roles/resources. It creates a virtual IP (overlay) network - pretty much a VPN.
Azure Virtual Network (found on the new Azure portal) is ALSO touted as a VPN solution for also the same purpose however the configuration seems a lot twisted (although with a pretty UI).
I'm confused how these two product stack up against each other. Googling and searching MSDN didn't reveal much information either.
What are the differences between them and the target use-cases? Are they expected to be merged into one product down the road?
The use case for us is a WebRole that's running as a cloud service, whose REST/Web API services are consumed by machines on a private network. Azure Connect or Azure Virtual Network would (should?) provide the underlying connectivity between them.
Azure Connect allows users to connect Azure applications with on-premise servers in a super simple and quick way. It does not require VPN devices, it does not require user to have network knowledge, it does not require/assume user have access to network infrastructure (e.g. ability to configure the firewall at company's edge firewall). You express your connectivity intent (e.g. Azure service x should connect to a set of machines (machine group) y on-premise) in the management portal, Azure Connect does the rest for you. It is also very flexible in that you can change the network and connectivity policy at any time via the portal, without requiring redeployment of your app or any change on-premise. e.g. you can make Azure service x to connect to machine group z on-premise instead of y, once you make that change in portal, the rest happens automatically, machines in y are not long accessible to/from Azure. Azure Connect uses endpoint software to manage all the network connectivity for users, so you do have to install endpoint software. But it supports many different automatic deployment options including using Microsoft Update.
Azure Virtual Network allows user to extend part of their on-premise infrastructure to your Azure virtual network via standard site-to-site IPSEC connection. You must have an internet facing VPN device at on-premise side. The solution also assumes you have network knowledge - you will be asked to specify the network address range you will be using at both Azure and on-premise sides, you will must launch a VPN gateway at Azure side and manage the IPSEC connection. It does not require install endpoint software on servers, you are responsible for setting up routes to route the traffic from VPN device to servers and vice versa.
The two technologies complement each other, they are suitable for different scenarios.

Resources