Blog Post

Internet of Things Blog
9 MIN READ

Bridge Building – Mosquitto MQTT to Azure IOT Using Paho MQTT and the Azure IoT Device SDK’s

shanebaldacchino's avatar
shanebaldacchino
Former Employee
Dec 08, 2021
I have been on a journey to explore Azure IoT and push the thousands of events that flow through my local MQTT broker (Mosquitto) in to Azure IoT Hub. From direct connection to Azure IoT Hub (...
Updated Dec 08, 2021
Version 3.0
azure iot
Azure IoT Hub
iot
Christian_Beier's avatar
Christian_Beier
Copper Contributor
Jun 20, 2022

Hi Alessanddro,

 

Great that you managed to have your device sending messages to IoT Hub and as I understood, you also created a service what can receive and process these messages from IoT Hub. This is also the explanation why at least two connection strings come into the game:

  • one connection string for each IoT device out in the wild and potentially exposed to hackers.
  • one or more connection strings for your (trustworthy?) consuming backend service(s)

To allow separation of the different areas and provide access control (a device usually should only send and receive data but not alter the device registry or read other messages), you should not use one connection string to connect a device and use the same for your backend service to consume the messages. To learn more about the other access control options to IoT Hub you can look athttps://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-security and for security by design https://docs.microsoft.com/en-us/azure/iot-fundamentals/security-recommendations

 

To your second question on how to connect your device with Paho or any other MQTT client to IoT Hub, I recommend reading https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-mqtt-support This doc article contains even a python snippet showing how to connect a device. You just need to add the code to subscribe for receiving Cloud2Device Messages from IoT Hub as described further down in the doc. I still would highly recommend using the Azure IoT Device SDK as it already solves typical base functionality and is regularly updated for new features, bugs, and security-related fixes.

 

Your use case sounds interesting, and I do not see why this should not be possible with IoT Hub. You are right, IoT Hub is no full MQTT broker and does not provide subscriptions to read only a particular device, although if required, you can filter in IoT Hub on a specific device id or other message properties and even on the payload to route traffic into a specific processing pipeline. https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-messages-d2c

 

Best regards

Christian