ADU configured to be used as a module

[FinitelyFailed]

[Enter feedback here] We have created a number of Linux images using Yocto, which contains ADU. ADU (with swupdate) is used to update the image on the device using a A-B update scheme. As far as I'm aware we do not configure ADU to be used as a module anywhere.

In our first test our service uses a connection string from a device in the IoT Hub to enable it to connect to the IoT device. We tried using the SAME connection string for ADU as well. Which resulted in a strange timeouts for our service. Our assumption is that two services, in this case our service and ADU, cannot share the same connection string. Is that assumption true? We are not able to find anything about this in the documentation.

In our second test we created a module on the device in the IoT hub. We connected to the device from our service using the devices connection string and ADU with the modules connection string. This seems to work well, as we have been able to do a number of updates this way. Is this a good approach to work with?

The documentation says "If Device Update agent is configured as a module copy the module's primary connection string.", we have used the same build and the same configuration when we tested to use:

• The device primary connection string
• The modules primary connection string And it seems to work fine.

We have been unable to find any way to configure ADU to be used as a module in its git repos and this documentation. I have a very vague recollection of there was a build flag for ADU if one wanted the module version or not. A while back, but I may be mistaken.

---

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

• ID: d4f4520a-f352-6318-d524-828a60a6ec2f
• Version Independent ID: 7e15e3b9-ca42-d37f-71c4-f9cee857b765
• Content: Provisioning Device Update for Azure IoT Hub Agent
• Content Source: articles/iot-hub-device-update/device-update-agent-provisioning.md
• Service: iot-hub-device-update
• GitHub Login: @eshashah-msft
• Microsoft Alias: eshashah

[ManoharLakkoju-MSFT]

@FinitelyFailed Thanks for your feedback! We will investigate and update as appropriate.

[eshashah-msft]

@FinitelyFailed,

The same connection string, however, cannot be used for multiple services per IoT Hub design. (See this thread)

ADU can be provisioned as a device or module. By default, when Azure IoT Identity service is used the ADU agent is provisioned with the SAS keys as module. Our recommendation is using Azure IoT Identity/ DPS for provisioning versus using the device/ module connection string directly as a better security practice. Also, x.509 provide higher security and are recommended for production scenarios.

[FinitelyFailed]

@eshashah-msft we are (finally) using Azure IoT Identity Service together with ADU and our own service.

You said that "By default, when Azure IoT Identity service is used the ADU agent is provisioned with the SAS keys as module.", our ADU agent writes and reads to the devices twin.

We can configure identitiy service so that the ADU agent uses a Module Identity. However after an A-B update the Module Identity is recreated, which removes the ADUGroup value in tags. I created an issue about this (here).