Scenario 2.2: Dynamically Register Sub-Devices


Scenario 2.2 introduces the dynamic registration of sub-devices through an Edge gateway device. First, you should register the gateway device, and burn an service account(SA) into the gateway device, granting it permission to call the EnOS API. Finally the gateway device can be used to create sub-devices.


The figure below illustrates the operation flow for Scenario 2.2.


../../_images/connection_scenario_2.2.png


  1. The Edge developer registers an Edge application in EnOS Cloud and obtains the service account(SA, including accessKey and accessSecret) for the application.


  2. IoT implementation personnel log into EnOS Cloud and perform the following configurations in the customer OU:

    • Create an Edge product and register an Edge device instance to obtain the Edge device triple.

    • Create a product for the sub-devices to be connected to the Edge, obtaining the productkey.


  3. During the Edge manufacturing stage, the following credential information needs to be burned:

    • The SA of the Edge application, which will be used to obtain permission to call EnOS APIs.

    • The Edge device triple issued by EnOS Cloud.

    • The productkey of the product to which the sub-devices belong, along with the OU ID to which the device belongs, i.e., orgId.


  4. EnOS Cloud performs the following authentication for Edge API calls:

    • The Edge uses the SA to obtain permission to call the EnOS API.

    • EnOS Cloud verifies the orgId and SA parameters carried in the Edge connection request and checks whether the OU has registered the Edge application.

    • EnOS Cloud validates the ownership relationship between the request parameters orgId and productkey. If the product does not belong to the OU, the validation will fail.


  5. EnOS Cloud authenticates the identity of the Edge.

    • Edge uses secret-based one-way authentication by default. The Edge connects to the cloud with its triple, and the cloud authenticates the Edge triple. Once authenticated, the Edge device is allowed to log in.

    • The first login of the Edge simultaneously activates the Edge device, updating its status from Inactive to Online.


  6. If certificate-based two-way authentication is enabled, EnOS Edge requests a certificate from Device Connectivity and Management, which returns the Edge certificate to the Edge.


  7. IoT implementation personnel choose one of the following methods to configure sub-device registration:

    • Directly create the sub-devices to be connected in the EnOS Edge Configuration Center.

    • Create the sub-devices to be connected in the Developer Console of EnOS Application Portal, then bind them in the Edge Configuration Center. The Edge proxies the sub-devices to connect to EnOS Cloud.


  8. After registration, sub-devices can transmit data with the cloud through the Edge gateway device.

    • The Edge connects directly to the cloud, while sub-devices are proxied by the Edge to connect to the cloud.

    • Data transmission between the Edge and the cloud uses the MQTT protocol.

    • If certificate-based two-way authentication is enabled, the data transmission content between the Edge and the cloud will be encrypted with the certificate.