Microsoft Launches Public Preview of Azure IoT Hub Device Streams

The PaaS service aims to provide a platform to allow developers and vendors to create a secure pathway for IoT device connectivity.

IoT security

To encourage continuing development and secure connectivity for a diverse range of new internet of things devices, Microsoft has launched a public preview of its Azure IoT Hub Device Streams to help make it happen.

An IoT Hub device stream is a data transfer tunnel that provides connectivity between two TCP/IP-enabled endpoints, wrote Reza Sherafat, the senior program manager for the Azure IoT team, in a recent post on the Microsoft Azure Blog.

"One side of the tunnel is an IoT device and the other side is a customer endpoint that intends to communicate with the device," wrote Sherafat. That customer endpoint, also commonly called a service endpoint, needs help in many cases where direct connectivity to a device is prohibited based on the organization's security policies and connectivity restrictions placed on its networks, he wrote. "These restrictions, while justified, frequently impact various legitimate scenarios that require connectivity to an IoT device."

That's where the IoT Hub Device Streams can help by providing a foundation for secure connectivity to IoT devices, he explained. "Customers, partners, application developers and third-party platform providers can leverage device streams to communicate securely with IoT devices that reside behind firewalls or are deployed inside of private networks. Furthermore, built-in compatibility with the TCP/IP stack makes device streams applicable to a wide range of applications involving both custom proprietary protocols as well as standards-based protocols such as remote shell, web, file transfer and video streaming among others."

The benefits of IoT Hub Device Streams include firewall-friendly secure connectivity that doesn't require the opening of an inbound firewall port at the device or network perimeters and authentication enforcement using corresponding credentials to ensure that the identity of each side of the tunnel is verified prior to any communication taking place between them. Other benefits include default TLS-enabled connections that ensure that application traffic is encrypted regardless of whether the application uses encryption or not, as well as simplified connectivity without the need for complicated virtual private networks (VPNs) to enable connectivity to IoT devices, wrote Sherafat.

"Furthermore, unlike VPNs, which give broad access to the entire network, device streams are point-to-point involving a single device and a single service at each side of the tunnel," he explained.

The device streams also include compatibility with the TCP/IP stack and can communicate with private networks without having to assign publicly routable IP addresses to each device.

"IoT Hub device streams are particularly helpful when devices are placed behind a firewall or inside a private network with no publicly reachable IP address," wrote Sherafat.

"In today's security-first digital age, ensuring secure connectivity to IoT devices is of paramount importance," he wrote. "A wide range of operational and maintenance scenarios in the IoT space rely on end-to-end device connectivity in order to enable users and services to interact with, login, troubleshoot, send or receive data from devices. Security and compliance with the organization's policies are therefore an essential ingredient across all these scenarios."

During the public preview, IoT Hub Device Streams are available in the Central United States and in the Central U.S. Early Updates Access Program region. To use the preview, users must be certain they create their hubs in one of these regions.