将下游设备连接到 Azure IoT Edge 网关Connect a downstream device to an Azure IoT Edge gateway

本文提供有关在下游设备与 IoT Edge 透明网关之间建立受信任连接的说明。This article provides instructions for establishing a trusted connection between downstream devices and IoT Edge transparent gateways. 在透明网关方案中,一个或多个设备可以通过与 IoT 中心保持连接的单个网关设备传递其消息。In a transparent gateway scenario, one or more devices can pass their messages through a single gateway device that maintains the connection to IoT Hub.

成功设置透明网关连接需要完成三个常规步骤。There are three general steps to set up a successful transparent gateway connection. 本文介绍其中的第三个步骤:This article covers the third step:

  1. 将网关设备配置为服务器,以便下游设备能够安全地连接到该设备。Configure the gateway device as a server so that downstream devices can connect to it securely. 设置网关以接收来自下游设备的消息,并将消息路由到适当的目标。Set up the gateway to receive messages from downstream devices and route them to the proper destination. 有关详细信息,请参阅将 IoT Edge 设备配置为充当透明网关For more information, see Configure an IoT Edge device to act as a transparent gateway.
  2. 为下游设备创建设备标识,以便它可以向 IoT 中心进行身份验证。Create a device identity for the downstream device so that it can authenticate with IoT Hub. 配置下游设备,使其通过网关设备发送消息。Configure the downstream device to send messages through the gateway device. 有关详细信息,请参阅在 Azure IoT 中心对下游设备进行身份验证For more information, see Authenticate a downstream device to Azure IoT Hub.
  3. 将下游设备连接到网关设备,然后开始发送消息。Connect the downstream device to the gateway device and start sending messages.

本文列出了下游设备的常见连接问题,并引导你设置下游设备。具体内容包括:This article identifies common problems with downstream device connections and guides you in setting up your downstream devices by:

  • 介绍传输层安全性 (TLS) 和证书基础知识。Explaining transport layer security (TLS) and certificate fundamentals.
  • 介绍 TLS 库在不同操作系统中的工作原理,以及每个操作系统如何处理证书。Explaining how TLS libraries work across different operating systems and how each operating system deals with certificates.
  • 演练不同语言的 Azure IoT 示例以帮助你入门。Walking through Azure IoT samples in several languages to help get you started.

在本文中,术语“网关”和“IoT Edge 网关”是指配置为透明网关的 IoT Edge 设备。 In this article, the terms gateway and IoT Edge gateway refer to an IoT Edge device configured as a transparent gateway.

先决条件Prerequisites

准备下游设备Prepare a downstream device

下游设备可以是包含通过 Azure IoT 中心云服务创建的标识的任何应用程序或平台。A downstream device can be any application or platform that has an identity created with the Azure IoT Hub cloud service. 在许多情况下,这些应用程序使用 Azure IoT 设备 SDKIn many cases, these applications use the Azure IoT device SDK. 下游设备甚至可以是 IoT Edge 网关设备本身上运行的应用程序。A downstream device could even be an application running on the IoT Edge gateway device itself. 但是,另一个 IoT Edge 设备不能位于 IoT Edge 网关的下游。However, another IoT Edge device cannot be downstream of an IoT Edge gateway.

备注

已向 IoT 中心注册的 IoT 设备可以使用模块孪生在单个设备上隔离不同的进程、硬件或函数。IoT devices registered with IoT Hub can use module twins to isolate different processes, hardware, or functions on a single device. IoT Edge 网关支持使用对称密钥身份验证的下游模块连接,但不支持 X.509 证书身份验证。IoT Edge gateways support downstream module connections using symmetric key authentication but not X.509 certificate authentication.

若要将下游设备连接到 IoT Edge 网关,需要准备好以下两项:To connect a downstream device to an IoT Edge gateway, you need two things:

  • 配置了 IoT 中心设备连接字符串的设备或应用程序,该字符串中追加了用于将该设备或应用程序连接到网关的信息。A device or application that's configured with an IoT Hub device connection string appended with information to connect it to the gateway.

    此步骤已在上一篇文章在 Azure IoT 中心对下游设备进行身份验证中完成。This step was completed in the previous article, Authenticate a downstream device to Azure IoT Hub.

  • 设备或应用程序必须信任网关的根 CA 证书才能验证网关设备的传输层安全性 (TLS) 连接。The device or application has to trust the gateway's root CA certificate to validate the transport layer security (TLS) connections to the gateway device.

    本文的余下内容将详细介绍此步骤。This step is explained in detail in the rest of this article. 可通过两种方法之一执行此步骤:在操作系统的证书存储中安装 CA 证书;(适用于特定的语言)使用 Azure IoT SDK 在应用程序中引用证书。This step can be performed one of two ways: by installing the CA certificate in the operating system's certificate store, or (for certain languages) by referencing the certificate within applications using the Azure IoT SDKs.

TLS 和证书基础知识TLS and certificate fundamentals

将下游设备安全连接到 IoT Edge 所存在的难题就如同通过 Internet 进行其他任何客户端/服务器安全通信。The challenge of securely connecting downstream devices to IoT Edge is just like any other secure client/server communication that occurs over the internet. 客户端和服务器使用传输层安全性 (TLS) 通过 Internet 安全地进行通信。A client and a server securely communicate over the internet using Transport layer security (TLS). TLS 是使用称作“证书”的标准公钥基础结构 (PKI) 构造生成的。TLS is built using standard Public key infrastructure (PKI) constructs called certificates. TLS 是一种相当复杂的规范,阐述了与保护两个终结点相关的各种主题。TLS is a fairly involved specification and addresses a wide range of topics related to securing two endpoints. 本部分汇总了将设备安全连接到 IoT Edge 网关的相关概念。This section summarizes the concepts relevant for you to securely connect devices to an IoT Edge gateway.

当客户端连接到某个服务器时,该服务器将出示称作“服务器证书链”的证书链。When a client connects to a server, the server presents a chain of certificates, called the server certificate chain. 证书链通常包含根证书颁发机构 (CA) 证书、一个或多个中间 CA 证书,以及服务器证书本身。A certificate chain typically comprises a root certificate authority (CA) certificate, one or more intermediate CA certificates, and finally the server's certificate itself. 客户端通过以加密方式验证整个服务器证书链来与服务器建立信任。A client establishes trust with a server by cryptographically verifying the entire server certificate chain. 客户端对服务器证书链进行的这种验证称作“服务器链验证”。This client validation of the server certificate chain is called server chain validation. 客户端将在一个称作“所有权证明”的过程中对服务器提出质询,以证明与服务器证书关联的私钥的所有权。The client challenges the server to prove possession of the private key associated with the server certificate in a process called proof of possession. 服务器链验证和所有权证明的组合称作“服务器身份验证”。The combination of server chain validation and proof of possession is called server authentication. 若要验证服务器证书链,客户端需要使用创建(或发出)服务器证书时所用的根 CA 证书的副本。To validate a server certificate chain, a client needs a copy of the root CA certificate that was used to create (or issue) the server's certificate. 一般情况下,在连接到网站时,浏览器中会预配置常用的 CA 证书,使客户端能够顺利完成验证过程。Normally when connecting to websites, a browser comes pre-configured with commonly used CA certificates so the client has a seamless process.

当某个设备连接到 Azure IoT 中心时,该设备为客户端,IoT 中心云服务为服务器。When a device connects to Azure IoT Hub, the device is the client and the IoT Hub cloud service is the server. IoT 中心云服务由公开且广泛使用的名为“Baltimore CyberTrust 根”的根 CA 证书提供支持。The IoT Hub cloud service is backed by a root CA certificate called Baltimore CyberTrust Root, which is publicly available and widely used. 由于大多数设备上已安装 IoT 中心 CA 证书,因此,许多 TLS 实现(OpenSSL、Schannel、LibreSSL)在服务器证书验证期间会自动使用该证书。Since the IoT Hub CA certificate is already installed on most devices, many TLS implementations (OpenSSL, Schannel, LibreSSL) automatically use it during server certificate validation. 但是,成功连接到 IoT 中心的设备在尝试连接到 IoT Edge 网关时可能会出现问题。However, a device that successfully connects to IoT Hub may have issues trying to connect to an IoT Edge gateway.

当某个设备连接到 IoT Edge 网关时,下游设备为客户端,网关设备为服务器。When a device connects to an IoT Edge gateway, the downstream device is the client and the gateway device is the server. Azure IoT Edge 允许操作员(或用户)在适当的情况下生成网关证书链。Azure IoT Edge allows operators (or users) to build gateway certificate chains however they see fit. 操作员可以选择使用公共 CA 证书(例如 Baltimore),或使用自签名的(或内部)根 CA 证书。The operator may choose to use a public CA certificate, like Baltimore, or use a self-signed (or in-house) root CA certificate. 公共 CA 证书往往会产生相关的费用,因此通常在生产方案中使用。Public CA certificates often have a cost associated with them, so are typically used in production scenarios. 最好是使用自签名的 CA 证书进行开发和测试。Self-signed CA certificates are preferred for development and testing. 简介中所列的有关透明网关设置的文章使用自签名的根 CA 证书。The transparent gateway setup articles listed in the introduction use self-signed root CA certificates.

对 IoT Edge 网关使用自签名的根 CA 证书时,需要在尝试连接到该网关的所有下游设备上安装或提供该证书。When you use a self-signed root CA certificate for an IoT Edge gateway, it needs to be installed on or provided to all the downstream devices attempting to connect to the gateway.

网关证书设置

若要详细了解 IoT Edge 证书和对生产造成的某些影响,请参阅 IoT Edge 证书用法详细信息To learn more about IoT Edge certificates and some production implications, see IoT Edge certificate usage details.

提供根 CA 证书Provide the root CA certificate

若要验证网关设备的证书,下游设备需要提供自身的根 CA 证书副本。To verify the gateway device's certificates, the downstream device needs its own copy of the root CA certificate. 如果你使用 IoT Edge Git 存储库中提供的脚本创建了测试证书,则根 CA 证书名为 azure-iot-test-only.root.ca.cert.pemIf you used the scripts provided in the IoT Edge git repository to create test certificates, then the root CA certificate is called azure-iot-test-only.root.ca.cert.pem. 如果你在执行其他下游设备准备步骤过程中尚未创建测试证书,请将此证书移到下游设备上的任意目录中。If you haven't already as part of the other downstream device preparation steps, move this certificate file to any directory on your downstream device. 可以使用 Azure Key Vault 之类的服务或安全复制协议之类的功能来移动证书文件。You can use a service like Azure Key Vault or a function like Secure copy protocol to move the certificate file.

在 OS 中安装证书Install certificates in the OS

一般情况下,在操作系统的证书存储中安装根 CA 证书可让大多数应用程序使用根 CA 证书。Installing the root CA certificate in the operating system's certificate store generally allows most applications to use the root CA certificate. 但存在一些例外情况,例如,NodeJS 应用程序不使用 OS 证书存储,而是使用 Node 运行时的内部证书存储。There are some exceptions, like NodeJS applications that don't use the OS certificate store but rather use the Node runtime's internal certificate store. 如果无法在操作系统级别安装证书,请转到配合 Azure IoT SDK 使用证书If you can't install the certificate at the operating system level, skip ahead to Use certificates with Azure IoT SDKs.

UbuntuUbuntu

以下示例命令演示如何在 Ubuntu 主机上安装 CA 证书。The following commands are an example of how to install a CA certificate on an Ubuntu host. 此示例假设使用先决条件文章中的 azure-iot-test-only.root.ca.cert.pem 证书,并且已将该证书复制到下游设备上的某个位置。This example assumes that you're using the azure-iot-test-only.root.ca.cert.pem certificate from the prerequisites articles, and that you've copied the certificate into a location on the downstream device.

sudo cp <path>/azure-iot-test-only.root.ca.cert.pem /usr/local/share/ca-certificates/azure-iot-test-only.root.ca.cert.pem.crt
sudo update-ca-certificates

应会看到有一条消息指出“正在更新 /etc/ssl/certs 中的证书...已添加 1 个,已删除 0 个;已完成。”You should see a message that says, "Updating certificates in /etc/ssl/certs... 1 added, 0 removed; done."

WindowsWindows

以下示例步骤演示如何在 Windows 主机上安装 CA 证书。The following steps are an example of how to install a CA certificate on a Windows host. 此示例假设使用先决条件文章中的 azure-iot-test-only.root.ca.cert.pem 证书,并且已将该证书复制到下游设备上的某个位置。This example assumes that you're using the azure-iot-test-only.root.ca.cert.pem certificate from the prerequisites articles, and that you've copied the certificate into a location on the downstream device.

可以使用 PowerShell 的 Import-Certificate 以管理员身份安装证书:You can install certificates using PowerShell's Import-Certificate as an administrator:

import-certificate  <file path>\azure-iot-test-only.root.ca.cert.pem -certstorelocation cert:\LocalMachine\root

还可以使用 certlm 实用工具安装证书:You can also install certificates using the certlm utility:

  1. 在“开始”菜单中,搜索并选择“管理计算机证书”。In the Start menu, search for and select Manage computer certificates. 此时会打开一个名为 certlm 的实用工具。A utility called certlm opens.
  2. 导航到“证书 - 本地计算机” > “受信任的根证书颁发机构”。 Navigate to Certificates - Local Computer > Trusted Root Certification Authorities.
  3. 右键单击“证书”,并选择“所有任务” > “导入”。 Right-click Certificates and select All Tasks > Import. 此时应会启动证书导入向导。The certificate import wizard should launch.
  4. 按指导执行步骤,导入证书文件 <path>/azure-iot-test-only.root.ca.cert.pemFollow the steps as directed and import certificate file <path>/azure-iot-test-only.root.ca.cert.pem. 完成后,应看到“已成功导入”消息。When completed, you should see a "Successfully imported" message.

还可以按本文稍后的 .NET 示例中所示,使用 .NET API 以编程方式安装证书。You can also install certificates programmatically using .NET APIs, as shown in the .NET sample later in this article.

通常,应用程序使用 Windows 提供的名为 Schannel 的 TLS 堆栈来通过 TLS 进行安全连接。Typically applications use the Windows provided TLS stack called Schannel to securely connect over TLS. 在尝试建立 TLS 连接之前,Schannel 要求所有证书已安装在 Windows 证书存储中。Schannel requires that any certificates be installed in the Windows certificate store before attempting to establish a TLS connection.

配合 Azure IoT SDK 使用证书Use certificates with Azure IoT SDKs

本部分介绍 Azure IoT SDK 如何使用简单的示例应用程序连接到 IoT Edge 设备。This section describes how the Azure IoT SDKs connect to an IoT Edge device using simple sample applications. 所有示例的目标是连接设备客户端并将遥测消息发送到网关,然后关闭连接并退出。The goal of all the samples is to connect the device client and send telemetry messages to the gateway, then close the connection and exit.

在使用应用程序级示例之前,请做好两项准备:Have two things ready before using the application-level samples:

  • 将下游设备的 IoT 中心连接字符串修改为指向网关设备,以及在 IoT 中心对下游设备进行身份验证所需的任何证书。Your downstream device's IoT Hub connection string modified to point to the gateway device, and any certificates required to authenticate your downstream device to IoT Hub. 有关详细信息,请参阅在 Azure IoT 中心对下游设备进行身份验证For more information, see Authenticate a downstream device to Azure IoT Hub.

  • 已复制并保存在下游设备上某个位置的根 CA 证书的完整路径。The full path to the root CA certificate that you copied and saved somewhere on your downstream device.

    例如,<path>/azure-iot-test-only.root.ca.cert.pemFor example, <path>/azure-iot-test-only.root.ca.cert.pem.

NodeJSNodeJS

本部分提供用于将 Azure IoT NodeJS 设备客户端连接到 IoT Edge 网关的示例应用程序。This section provides a sample application to connect an Azure IoT NodeJS device client to an IoT Edge gateway. 对于 NodeJS 应用程序,必须按如下所示在应用程序级别安装根 CA 证书。For NodeJS applications, you must install the root CA certificate at the application level as shown here. NodeJS 应用程序不使用系统的证书存储。NodeJS applications don't use the system's certificate store.

  1. 适用于 Node.js 的 Azure IoT 设备 SDK 示例存储库获取 edge_downstream_device.js 的示例。Get the sample for edge_downstream_device.js from the Azure IoT device SDK for Node.js samples repo.
  2. 查看 readme.md 文件,确保满足运行该示例的所有先决条件。Make sure that you have all the prerequisites to run the sample by reviewing the readme.md file.
  3. 在 edge_downstream_device.js 文件中,更新 connectionStringedge_ca_cert_path 变量。In the edge_downstream_device.js file, update the connectionString and edge_ca_cert_path variables.
  4. 参阅 SDK 文档,获取有关如何在设备上运行该示例的说明。Refer to the SDK documentation for instructions on how to run the sample on your device.

若要了解所运行的示例,请参阅以下代码片段,其中演示了客户端 SDK 如何读取证书文件,并使用它来建立安全的 TLS 连接:To understand the sample that you're running, the following code snippet is how the client SDK reads the certificate file and uses it to establish a secure TLS connection:

// Provide the Azure IoT device client via setOptions with the X509
// Edge root CA certificate that was used to setup the Edge runtime
var options = {
    ca : fs.readFileSync(edge_ca_cert_path, 'utf-8'),
};

.NET.NET

本部分介绍用于将 Azure IoT .NET 设备客户端连接到 IoT Edge 网关的示例应用程序。This section introduces a sample application to connect an Azure IoT .NET device client to an IoT Edge gateway. 但是,.NET 应用程序可自动使用 Linux 和 Windows 主机上的系统证书存储中安装的任何证书。However, .NET applications are automatically able to use any installed certificates in the system's certificate store on both Linux and Windows hosts.

  1. IoT Edge .NET 示例文件夹获取 EdgeDownstreamDevice 的示例。Get the sample for EdgeDownstreamDevice from the IoT Edge .NET samples folder.
  2. 查看 readme.md 文件,确保满足运行该示例的所有先决条件。Make sure that you have all the prerequisites to run the sample by reviewing the readme.md file.
  3. Properties / launchSettings.json 文件中,更新 DEVICE_CONNECTION_STRINGCA_CERTIFICATE_PATH 变量。In the Properties / launchSettings.json file, update the DEVICE_CONNECTION_STRING and CA_CERTIFICATE_PATH variables. 若要使用主机系统上受信任证书存储中安装的证书,请将此变量留空。If you want to use the certificate installed in the trusted certificate store on the host system, leave this variable blank.
  4. 参阅 SDK 文档,获取有关如何在设备上运行该示例的说明。Refer to the SDK documentation for instructions on how to run the sample on your device.

若要通过 .NET 应用程序以编程方式在证书存储中安装受信任的证书,请参阅 EdgeDownstreamDevice / Program.cs 文件中的 InstallCACert() 函数。To programmatically install a trusted certificate in the certificate store via a .NET application, refer to the InstallCACert() function in the EdgeDownstreamDevice / Program.cs file. 此操作是幂等的,因此可以使用相同的值运行多次,而不会造成其他影响。This operation is idempotent, so can be run multiple times with the same values with no additional effect.

CC

本部分介绍用于将 Azure IoT C 设备客户端连接到 IoT Edge 网关的示例应用程序。This section introduces a sample application to connect an Azure IoT C device client to an IoT Edge gateway. C SDK 可以配合许多 TLS 库(包括 OpenSSL、WolfSSL 和 Schannel)运行。The C SDK can operate with many TLS libraries, including OpenSSL, WolfSSL, and Schannel. 有关详细信息,请参阅 Azure IoT C SDKFor more information, see the Azure IoT C SDK.

  1. 适用于 C 的 Azure IoT 设备 SDK 示例获取 iotedge_downstream_device_sample 应用程序。Get the iotedge_downstream_device_sample application from the Azure IoT device SDK for C samples.
  2. 查看 readme.md 文件,确保满足运行该示例的所有先决条件。Make sure that you have all the prerequisites to run the sample by reviewing the readme.md file.
  3. 在 iotedge_downstream_device_sample.c 文件中,更新 connectionStringedge_ca_cert_path 变量。In the iotedge_downstream_device_sample.c file, update the connectionString and edge_ca_cert_path variables.
  4. 参阅 SDK 文档,获取有关如何在设备上运行该示例的说明。Refer to the SDK documentation for instructions on how to run the sample on your device.

适用于 C 的 Azure IoT 设备 SDK 提供一个用于在设置客户端时注册 CA 证书的选项。The Azure IoT device SDK for C provides an option to register a CA certificate when setting up the client. 此操作不会在任何位置安装证书,而是使用内存中证书的字符串格式。This operation doesn't install the certificate anywhere, but rather uses a string format of the certificate in memory. 建立连接时,将向底层 TLS 堆栈提供已保存的证书。The saved certificate is provided to the underlying TLS stack when establishing a connection.

(void)IoTHubDeviceClient_SetOption(device_handle, OPTION_TRUSTED_CERT, cert_string);

在 Windows 主机上,如果你不使用 OpenSSL 或其他 TLS 库,则 SDK 默认使用 Schannel。On Windows hosts, if you're not using OpenSSL or another TLS library, the SDK default to using Schannel. 要使 Schannel 正常工作,应在 Windows 证书存储中安装 IoT Edge 根 CA 证书,而不要使用 IoTHubDeviceClient_SetOption 操作进行设置。For Schannel to work, the IoT Edge root CA certificate should be installed in the Windows certificate store, not set using the IoTHubDeviceClient_SetOption operation.

JavaJava

本部分介绍用于将 Azure IoT Java 设备客户端连接到 IoT Edge 网关的示例应用程序。This section introduces a sample application to connect an Azure IoT Java device client to an IoT Edge gateway.

  1. 适用于 Java 的 Azure IoT 设备 SDK 示例获取 Send-event 的示例。Get the sample for Send-event from the Azure IoT device SDK for Java samples.
  2. 查看 readme.md 文件,确保满足运行该示例的所有先决条件。Make sure that you have all the prerequisites to run the sample by reviewing the readme.md file.
  3. 参阅 SDK 文档,获取有关如何在设备上运行该示例的说明。Refer to the SDK documentation for instructions on how to run the sample on your device.

PythonPython

本部分介绍用于将 Azure IoT Python 设备客户端连接到 IoT Edge 网关的示例应用程序。This section introduces a sample application to connect an Azure IoT Python device client to an IoT Edge gateway.

  1. 适用于 Python 的 Azure IoT 设备 SDK 示例获取 send_message_downstream 的示例。Get the sample for send_message_downstream from the Azure IoT device SDK for Python samples.
  2. 按照 Python 脚本注释中指定的方式设置 IOTHUB_DEVICE_CONNECTION_STRINGIOTEDGE_ROOT_CA_CERT_PATH 环境变量。Set the IOTHUB_DEVICE_CONNECTION_STRING and IOTEDGE_ROOT_CA_CERT_PATH environment variables as specified in the Python script comments.
  3. 参阅 SDK 文档,获取有关如何在设备上运行该示例的任何其他说明。Refer to the SDK documentation for any additional instructions on how to run the sample on your device.

测试网关连接Test the gateway connection

使用此示例命令测试下游设备是否可以连接到网关设备:Use this sample command to test that your downstream device can connect to the gateway device:

openssl s_client -connect mygateway.contoso.com:8883 -CAfile <CERTDIR>/certs/azure-iot-test-only.root.ca.cert.pem -showcerts

此命令通过 MQTTS(端口 8883)测试连接。This command tests connections over MQTTS (port 8883). 如果使用其他协议,请根据需要针对 AMQPS (5671) 或 HTTPS (433) 调整该命令If you're using a different protocol, adjust the command as necessary for AMQPS (5671) or HTTPS (433)

此命令的输出可能很长,其中包括有关链中所有证书的信息。The output of this command may be long, including information about all the certificates in the chain. 如果连接成功,将看到类似于 Verification: OKVerify return code: 0 (ok) 的行。If your connection is successful, you'll see a line like Verification: OK or Verify return code: 0 (ok).

验证网关连接

对网关连接进行故障排除Troubleshoot the gateway connection

如果叶设备与其网关设备之间的连接是断断续续的,请尝试执行以下步骤来解决问题。If your leaf device has intermittent connection to its gateway device, try the following steps for resolution.

  1. 连接字符串中的网关主机名是否与网关设备上 IoT Edge config.yaml 文件中的 hostname 值相同?Is the gateway hostname in the connection string the same as the hostname value in the IoT Edge config.yaml file on the gateway device?
  2. 网关主机名是否可以解析为 IP 地址?Is the gateway hostname resolvable to an IP Address? 可以通过使用 DNS 或通过在叶设备上添加一个主机文件条目来解决连接断断续续的问题。You can resolve intermittent connections either by using DNS or by adding a host file entry on the leaf device.
  3. 防火墙中是否打开了通信端口?Are communication ports open in your firewall? 必须能够在下游设备和透明 IoT Edge 之间进行基于所用协议 (MQTTS:8883/AMQPS:5671/HTTPS:433) 的通信。Communication based on the protocol used (MQTTS:8883/AMQPS:5671/HTTPS:433) must be possible between downstream device and the transparent IoT Edge.

后续步骤Next steps

了解 IoT Edge 如何将脱机功能扩展到下游设备。Learn how IoT Edge can extend offline capabilities to downstream devices.