When deploying IoT devices on a global scale, many considerations have to be put in place. Remote accessibility, security, device management, simplicity, flow control, reliability, low latency, redundancy, integration with other cloud services represent some of the important considerations. To meet most of the requirements needed in deploying devices on a global scale, one has little or no option but to look to cloud platforms.
Google’s cloud platform provides Cloud IoT Core solution to meet the demands of secure and scalable IoT. Cloud IoT Core is a fully managed service to securely connect and manage a global device network. It features https/MQTT endpoints, automatic load balancing and global data access with Pub/Sub. Cloud IoT Core acts as a device manager and the integration with Pub/Sub enables IoT Core to also act as a communication broker. The use of Cloud IoT also ensures highway access to the rest of Google’s cloud platform.
To show off the simplicity of connecting a device to Cloud IoT Core, we are going to register a device on it, and use a sample to connect a virtual device and publish device telemetry events.
To begin;
- Select or create a new project on the Manage resources page in the GCP Console
Manage resources page - Ensure billing is enabled
Learn how to enable billing - Enable the Cloud IoT Core and Cloud Pub/Sub APIs
Enable the APIs
Let’s go ahead and create a device registry – this is used to group a set of devices;
- Go to Google Cloud IoT Core page in the GCP Console
- Click Create a registry
- Enter my-registry for the Registry ID
- Select us-central1 for the Cloud Region
- Select MQTT for the Protocol
- In the Telemetry topic dropdown list, select Create a topic
- In the Create a topic dialog, enter my-device-events in the Name field
- Click Create in the Create a topic dialog
- Leave the other fields in their default state
- Click Create on the Cloud IoT Core page.
We just created a device registry with a Cloud Pub/Sub topic for publishing device telemetry events. Next, we add a device to the registry.
- Click Add device on the Registry Details page.
- Enter my-device for the Device ID
- Select Allow for Device communication
- Leave the other fields in their default state
- Click Add
Having just added a device to the registry, we shall be adding a public key to the device. In order to do this, we shall be making use of the Google Cloud Shell which comes with Cloud SDK and Node.js already installed. Click the Activate Cloud Shell button at the top of the Google Cloud Platform Console.
When the Cloud Shell starts, do the following:
- Run the multi-line command below to create an RS256 key
openssl req -x509 -newkey rsa:2048 -keyout rsa_private.pem -nodes -out rsa_cert.pem -subj "/CN=unused"
- Enter the command below to display the public key
cat rsa_cert.pem
- Copy the contents, ensure to include the lines that say
-----BEGIN CERTIFICATE-----to -----END CERTIFICATE-----
- On the Device details page for the device created in the preceding section, click Add public key
- Select RS256_X509 for the Public key format
- Paste your public key in the Public key value box
- Click Add
An RS256_X509 key appears on the Device details page for your device. At this point, we are homestretch, all that remains is to connect the device and start to view telemetry.
Let’s connect a virtual device and read messages published to the telemetry topic.
- In the Cloud Shell, run the command below to clone a repo from GitHub
git clone https://github.com/GoogleCloudPlatform/nodejs-docs-samples
- Navigate to the iot/mqtt_example
cd nodejs-docs-samples/iot/mqtt_example
- Copy rsa_private.pem to the current directory (iot/mqtt_example), with the following command
cp ../../../rsa_private.pem .
- Install Node.js dependencies
npm install
- Run the following command to create a subscription to the registry’s Pub/Sub topic, substituting your PROJECT_ID
gcloud pubsub subscriptions create \projects/PROJECT_ID/subscriptions/my-subscription --topic=projects/PROJECT_ID/topics/my-device-events
- Run the following command to connect the virtual device to Cloud IoT Core using MQTT protocol, substituting your PROJECT_ID and REGION
node cloudiot_mqtt_example_nodejs.js --projectId=PROJECT_ID --cloudRegion=REGION --registryId=my-registry --deviceId=my-device --privateKeyFile=rsa_private.pem --numMessages=25 --algorithm=RS256 --mqttBridgePort=443
- To read the messages published to the telemetry topic, substitute for your PROJECT_ID in the following
gcloud pubsub subscriptions pull --auto-ack \projects/PROJECT_ID/subscriptions/my-subscription
Once you run step 7 above, you should be able to see a similar output as the one below.
Congratulations! You have been able to connect a device to Cloud IoT Core and viewed telemetry data. Take out more time to explore more of Cloud IoT Core.
Hi, your tutorial is very good, and thanks for the good explanation.
but my question is, what if we have to distribute the hardware to the client?
In the case of multiple devices, will there be different private key-public key pair or the same?
Do we have to repeat the above process for all new devices? hardware?
is there any way to automate this?
For example, a real scenario will be that all the IoT device will be purchased by some third-party client,
what he wants is to authenticate and register a device with his own credentials so that it can only accept command sent by him and only receive data sent for him.
How can we achieve this.?
Currently, I have one set up for my own business.
I have my own oAuth server setup for hardware and software services.
Also, have an MQTT service running which is authenticated with same auth server with ACLs
So each client has to register on this companion server and then register the device by scanning a code on the device (with the help of companion app+server).
now the device only works in this client's userspace.
Can you explain the same thing in relation with Google IoT Cloud?
Although your title says it but you have not explained that part in it.