
Thoughts about Modern Cloud & Edge IoT Operations at Scale - Part 1 (Deployment)
Business
We are living in the exciting times of Generative AI, Large Language Models (LLMs), Small Language Models (SLMs), AI-powered software development with GitHub Copilot, etc. All of these technological advancements make developing distributed Kubernetes-native architectures and solutions for Intelligent Cloud and Intelligent Edge as possible as never before. Big corporations and small start-ups alike are taking advantage of this opportunity to move the needle forward in different industries, and one of the software categories which is currently enjoying its renaissance is IoT (Internet of Things) and Edge computing.
Focus
In this article we’ll start a series dedicated to Azure IoT Operations — an IoT platform well-architected for running Hybrid and Edge workloads at scale. We’re going to start with the initial deployment of Azure IoT Operations Preview (v0.4) bits.
Azure IoT Operations Preview is a unified data plane for the edge. It’s composed of a set of modular, scalable, and highly available data services that run on Azure Arc-enabled edge Kubernetes clusters. Please find more infomation about Azure IoT Operations (currently in Preview) here.
Note: We’ve been focusing on distributed Kubernetes-native Hybrid solution architectures (Cloud, Edge and everything in between) for a while now as it can be seen from publications on this Medium account (check out the series dedicated to Enriched Search Experience reference architecture deployed in the Cloud and on the Edge on various Azure Stack family of appliances) and on GitHub here.
Setup
Also as an owner of Microsoft Surface Studio (1) Laptop with GPU, what we like better is only the recent Microsoft Surface Studio 2 Laptop with GPU (NVIDIA GeForce RTX 4060). We found this versatile and powerful machine ideal for conducting various hardware and software experiments fast. Initially Microsoft Surface Studio Laptop comes with Windows OS pre-installed, however, we turned it into a dual-boot machine also with Ubuntu Linux installed.
Kubernetes
First things first: For the foundation of our future Edge workloads we choose K3s which is a lightweight certified Kubernetes distribution built for IoT & Edge computing.

K3S installation on Linux is centered around this command curl -sfL https://get.k3s.io | sh -
` as described here and it doesn’t take long.

Once installed you will see the following pods running in kube-system
namespace of your Kubernetes cluster.

Azure Arc
Azure IoT Operations is an extension of Azure Arc. Essentially Azure Arc is a bridge that extends the Azure platform to your environments. Please find more information about Azure Arc here.
To add your K3S Kubernetes cluster to Azure Arc we go the Azure portal and look up Kubernetes — Azure Arc
Marketplace deployment item.

If we look a little bit ahead of ourselves, the following extensions will show up for your Kubernetes — Azure Arc resource in Azure portal once Azure IoT Operations Preview bits have been successfully installed.

And as we mentioned above, adding Azure IoT Operations (Preview) to your Kubernetes — Azure Arc resource as shown below is the most intuitive way, in our opinion. Please also note other extensions available for Azure Arc.

Now coming back to it, the following Kubernetes — Azure Arc Wizard in Azure portal helps to generate a Bash (or Powershell) script which you execute on your machine to connect Kubernetes cluster to Azure Arc. In our case, we’re going to run Bash script on Ubuntu Linux where our K3S cluster is installed.

Once you run the script on the machine successfully, you can confirm that you successfully connected your Kubernetes cluster to Azure Arc in Azure portal as shown below.

Finally, you can also look up Kubernetes pods running for Azure Arc on your machine in azure-arc
namespace.

At this point we are ready to start installing Azure IoT Operations Preview bits.
Azure IoT Operations (AIO)
Azure IoT Operations is currently in Public Preview (v0.4) since November 2023 per this announcement. Before General Availability (GA) Azure IoT Operations may change, however its current architecture is currently described here and as shown below. Also please consider checking Azure Arc Jumpstart here for useful resources for Azure Arc and Azure IoT Operations.

To start installing Azure IoT Operations Preview bits in your Kubernetes cluster you can look up Azure IoT Operations (Preview) Marketplace deployment item in Azure portal or open up your Kubernetes — Azure Arc resources and add extension for Azure IoT Operations Preview which will lead to the same Wizard.

The Wizard will also end up providing you a script, specifically, Azure CLI command, which you run on your machine for installing Azure IoT Operations Preview bits.

There’re multiple considerations which we outline below to help making your Azure IoT Operations Preview installation experience as pleasant as possible.
Principal (account)
Heads up: During Azure IoT Operations Preview bits installation it’s going to be needed to create an App Registration in Azure Entra (fka AAD) for which your account needs to have enough and appropriate permissions. Otherwise, you will see this ”Unable to fetch the Object ID of the Azure AD application used by Azure Arc service” error which connecting your Kubernetes cluster to Azure Arc.

Amongst other things depending on the configuration of your Azure Subscription and permissions granted to your account, you may face with MFA requirements upon sign in using Azure CLI, requirements for your machine to be managed with Microsoft Intune, etc. One way of avoid most of these is to use an account which has Azure Subscription Owner role (suitable for demos and experiments), otherwise please follow the principle of the least privilege for setting up your Principal (account) (for pre/production-like environment, also remembering that Azure IoT Operations is still currently in Preview and is not recommended for production atm).
Resource providers
Another thing which can be addressed ahead of the time is the necessary Resource providers registrations.

Namely, Microsoft.Kubernetes* resource providers will be required in your Azure Subscription along with Microsoft.ExtendedLocation resource provider. Otherwise, you will see “Microsoft.Kubernetes* provider is not registered” error when connecting your cluster to Azure Arc.

Kubernetes cluster features
Please note that for the successful deployment of Azure IoT Operations Preview bits you will have to make sure that cluster-connect
and custom-locations
features have been enabled in your Kubernetes cluster as described here. Otherwise, you will see “Unable to enable the `custom-locations` feature” error.

These features (cluster-connect
and custom-locations
) are important for the successful installation and operations of Azure IoT Operations Preview bits, and even if you ignore the warning while adding your cluster to Azure Arc, this “The `custom-locations` feature is required but not enabled on the cluster” error will be back while installing Azure IoT Operations Preview bits.

AIO successful deployment
Upon successful deployment of Azure IoT Operations Preview bits the following Azure resources will be created:

These resources will include Kubernetes — Azure Arc, Custom location and Azure Key Vault. Also as we mentioned before, here’s the list of Azure IoT Operations Preview components showing up as extensions under Kubernetes — Azure Arc resource.

The successful installation of Azure IoT Operation Preview overall may take about 20 mins + on your machine.

Also please note these useful commands which you can use pre&post-installation of Azure IoT Operations Preview bits. az iot ops verify-host
for the baseline host verification including connectivity to the Cloud.

az iot ops verify-host command
Post-installation az iot ops check
command executes detailed check on component by component basis.

az iot ops check command
Eventually, you can also look up Kubernetes pods running for Azure IoT Operations Preview on your machine in azure-iot-operations
namespace.

Here you go! You just successfully installed Azure IoT Operations Preview bits. Below are some additional musings on the topic.
Musings
Here we’re going to reiterate on Azure Entra App Registration which gets created during Azure IoT Operations Preview installation process. Please remember that your account is going to need appropriate permissions: “The command must be executed using the principal with permission to create a Microsoft Entra Enterprise Application”

Another gotcha to be aware of is that Azure Key Vault that is required for Azure IoT Operations Preview needs to be configured for Access policy-based permissions model, otherwise you will see “Target Key Vault must be configured for access policy based permission model. RBAC is not currently supported.” error.

You can configure Azure Key Vault for Vault access policy as shown below.

Equipped with this knowledge you can fully enjoy your experience while installing Azure IoT Operations Preview bits on you machine with Kubernetes cluster for running your exciting Edge-based workloads.
Next steps
In the next articles we’ll cover other aspects of installation, deployment, configuration, usage, monitoring, upgrading, etc. (the entire SDL = Software Development Lifecycle including DevSecOps) of Azure IoT Operations Preview (currently, v0.4) and GA (when General Availability comes around).
At this stage we’ll drop a little teaser in here. In our opinion, one of the premier workloads for the Edge as a part of Microsoft Azure Cognitive Services suite is Azure Spatial Analysis container. It’s an CV (Computer Vision) Edge workload which implements people-centric & vehicle-centric scenarios and can be extended with “custom” models (trained for “custom” objects) brought from Azure Vision AI. Please find more information about Azure Spatial Analysis container here.

Please find detailed Azure Spatial Analysis container requirements here.

Azure Spatial Analysis container takes advantage of GPU-accelerated inference on the Edge.

The rest is already yet another story. Please stay tuned! :)
Conclusion
Azure IoT Operations is a part of Microsoft Azure adaptive Cloud approach as described in this article. Built atop Azure Arc foundation for scalability and reliability, and multiplied by your innovative AI-powered value-adding workloads, Azure IoT Operations provides the necessary platform (with the right components) for You focusing on the business value and achieving success.
If you like this work please support this article with a clap (or few :)). And also please check out our other work on GitHub here.
Disclaimer
Opinions expressed are solely of the author and do not express the views and opinions of author’s current employer, Microsoft.