Ability™ Developer Portal
Try Sandbox for free
Get a month of free access to ABB Ability™ Platform to learn and experiment!
API Playground
Play with ABB Ability™ Platform APIs (no time limits)

# Device Registration With DPS

Device Registration deals with the process of managing the assets inventory by adding new devices into the system. All assets in the solution are modeled in the ABB Ability™ Platform Information Model​.

Device registration results in the creation of a unique identifier for a device in the Device Information Model. This process may be initiated from the Edge gateway side or programmatically from a web application or via the public REST API. The latter use case allows offline pre-provisioning of devices prior to the physical hardware becoming installed or even available.

For more details on the ID handling please see Device Identification.

# Device Provisioning Service

The devices that connect to the ABB Ability™ Platform however, must go through an additional enrollment into the platform via the Device Provisioning Service (DPS). DPS is a new global service from Microsoft that functions as a gate keeper to authenticate and control the end points that are allowed to transact with the ABB Ability™ Platform. DPS allows us to authenticate the devices and to ensure that they are routed to the correct IoT Hub for sending the telemetry information into the platform.

More details on DPS from Microsoft can be found here and in this blog.

DPS depends on X.509 certificates for Authentication of the Edge devices.

# How DPS Works

DPS works by authenticating the devices that attempt to connect to the ABB Ability™ Platform and looking at distribution rules in order to determine the IoT Hub that needs to be assigned to the device. The following steps are involved in the DPS flow:

  • Creation of DPS Instance (Responsibility of Ability Platform)
  • Configuration of Trust in DPS (Responsibility of Ability Platform)
  • Configuration DPS URL in Edge Devices (Responsibility of BL's Solution team)
  • Edge Device Enrollment into the Ability PKI
  • Edge Commissioning and registration to DPS
  • Edge Communication with IoT Hub

# Configuration of DPS URL in Edge Devices

During the manufacturing phase, the Edge devices should be configured with the URL of the DPS instance. This is required so that during the operations, the device can communicate with the DPS instance using the device certificate to register itself in the Ability Platform.

Additionally, Edge devices should be configured with the trust anchors required to trust the certificates presented by DPS and the IoT Hub. These are public certificates which can be used to verify that the Edge is connecting to an authentic DPS instance or an IoT Hub.

# Edge Device Enrollment into Ability PKI

Edge devices must have a valid certificate issued by Ability PKI to authenticate with DPS. During manufacturing or pre-commissioning, the Edge device should enroll into a CA Server to obtain a valid certificate. The device should manage the certificate lifetime and perform renewal of the certificate before it expires.

The identity of the device is used in different scenarios. The certificate Common Name (CN) identifies the device at the DPS and IoT Hub level, whereas the device ID uniquely identifies the device in the information model across the ABB Ability™ Platform. In order to effectively manage the life cycle of the devices in ABB Ability™, a central device ID service is created which can be used to assign IDs to devices or register offline generated IDs and check for duplicates in the IDs. More information on the ID service can be found at Device Identification.

During operation, the Edge device should periodically download the CRL and verify the authenticity of the DPS/IoT Hub certificates used for the TLS connection.

# Edge Commissioning and Registration to DPS

When the Edge device is commissioned, it invokes the DPS registration flow to register and receive the IoT Hub URL. The following diagram illustrates the registration procedure:

dps2

  • Edge device makes a TLS Connection with the DPS URL (pre-configured during manufacturing).
  • Device sends a "Register" request message to DPS along with the registration ID (device ID).
  • DPS authenticates the device via the Device Certificate presented during the TLS handshake. The DPS instance uses information in the distribution rules to identify an IoT Hub for the device and registers the device information in the IoT Hub.
  • DPS then sends the IoT Hub URL back to the device.
  • Device then makes a TLS connection to the provided IoT Hub using the device certificates and sends telemetry information via the secure connection.
Last updated: 7/20/2021, 8:42:12 AM

Docker Registry

Feedback