了解 Azure IoT Edge 运行时及其体系结构Understand the Azure IoT Edge runtime and its architecture

IoT Edge 运行时是将某个设备转换为 IoT Edge 设备的程序集合。The IoT Edge runtime is a collection of programs that turn a device into an IoT Edge device. 在 IoT Edge 运行时组件的共同作用下,IoT Edge 设备可以接收要在边缘上运行的代码并传递结果。Collectively, the IoT Edge runtime components enable IoT Edge devices to receive code to run at the edge and communicate the results.

IoT Edge 运行时负责 IoT Edge 设备上的以下功能:The IoT Edge runtime is responsible for the following functions on IoT Edge devices:

  • 在设备上安装和更新工作负荷。Install and update workloads on the device.

  • 维护设备上的 Azure IoT Edge 安全标准。Maintain Azure IoT Edge security standards on the device.

  • 确保 IoT Edge 模块始终处于运行状态。Ensure that IoT Edge modules are always running.

  • 将模块运行状况报告给云以进行远程监视。Report module health to the cloud for remote monitoring.

  • 管理下游设备与 IoT Edge 设备之间的通信。Manage communication between downstream devices and IoT Edge devices.

  • 管理 IoT Edge 设备上的模块之间的通信。Manage communication between modules on an IoT Edge device.

  • 管理 IoT Edge 设备与云之间的通信。Manage communication between an IoT Edge device and the cloud.

运行时向 IoT 中心传达见解和模块运行状况

IoT Edge 运行时的职责分为两类:通信和模块管理。The responsibilities of the IoT Edge runtime fall into two categories: communication and module management. 这两个角色由作为 IoT Edge 运行时一部分的两个组件执行。These two roles are performed by two components that are part of the IoT Edge runtime. IoT Edge 代理部署并监视模块,而 IoT Edge 中心则负责通信。The IoT Edge agent deploys and monitors the modules, while the IoT Edge hub is responsible for communication.

IoT Edge 代理和 IoT Edge 中心都是模块,就像 IoT Edge 设备上运行的其他任何模块一样。Both the IoT Edge agent and the IoT Edge hub are modules, just like any other module running on an IoT Edge device. 有时将它们称为“运行时模块”。They're sometimes referred to as the runtime modules.

IoT Edge 代理IoT Edge agent

IoT Edge 代理是构成 Azure IoT Edge 运行时的两个模块之一。The IoT Edge agent is one of two modules that make up the Azure IoT Edge runtime. 它负责实例化模块、确保它们继续运行以及报告返回到 IoT 中心的模块的状态。It is responsible for instantiating modules, ensuring that they continue to run, and reporting the status of the modules back to IoT Hub. 此配置数据作为 IoT Edge 代理模块孪生的属性写入。This configuration data is written as a property of the IoT Edge agent module twin.

IoT Edge 安全守护程序在设备启动时启动 IoT Edge 代理。The IoT Edge security daemon starts the IoT Edge agent on device startup. 该代理从 IoT 中心检索其模块孪生并检查部署清单。The agent retrieves its module twin from IoT Hub and inspects the deployment manifest. 部署清单是一个 JSON 文件,它声明了需要启动的模块。The deployment manifest is a JSON file that declares the modules that need to be started.

部署清单中的每项都包含有关模块的特定信息,并由 IoT Edge 代理用于控制模块的生命周期。Each item in the deployment manifest contains specific information about a module and is used by the IoT Edge agent for controlling the module's lifecycle. 有关 IoT Edge 代理用来控制模块的所有属性的详细信息,请阅读 IoT Edge 代理和 IoT Edge 中心模块孪生的属性For more information about all the properties used by the IoT Edge agent to control modules, read about the Properties of the IoT Edge agent and IoT Edge hub module twins.

IoT Edge 代理会将运行时响应发送到 IoT 中心。The IoT Edge agent sends runtime response to IoT Hub. 下面是可能的响应的列表:Here is a list of possible responses:

  • 200 - 正常200 - OK
  • 400 - 部署配置格式不正确或无效。400 - The deployment configuration is malformed or invalid.
  • 417 - 没有为设备设置部署配置。417 - The device doesn't have a deployment configuration set.
  • 412 - 部署配置中的架构版本无效。412 - The schema version in the deployment configuration is invalid.
  • 406 - IoT Edge 设备脱机或不发送状态报告。406 - The IoT Edge device is offline or not sending status reports.
  • 500 - IoT Edge 运行时中出现了一个错误。500 - An error occurred in the IoT Edge runtime.

若要详细了解如何创建部署清单,请参阅了解如何在 IoT Edge 中部署模块和建立路由For more information about creating deployment manifests, see Learn how to deploy modules and establish routes in IoT Edge.

安全性Security

IoT Edge 代理在 IoT Edge 设备的安全性中起着关键作用。The IoT Edge agent plays a critical role in the security of an IoT Edge device. 例如,它会执行某些操作,如启动之前验证模块的映像。For example, it performs actions like verifying a module's image before starting it.

有关 Azure IoT Edge 安全框架的详细信息,请阅读有关 IoT Edge 安全管理器的内容。For more information about the Azure IoT Edge security framework, read about the IoT Edge security manager.

IoT Edge 中心IoT Edge hub

IoT Edge 中心是构成 Azure IoT Edge 运行时的另一个模块。The IoT Edge hub is the other module that makes up the Azure IoT Edge runtime. 它通过公开与 IoT 中心相同的协议终结点,充当 IoT 中心的本地代理。It acts as a local proxy for IoT Hub by exposing the same protocol endpoints as IoT Hub. 这种一致性意味着客户端可以连接到 IoT Edge 运行时,就像连接到 IoT 中心一样。This consistency means that clients can connect to the IoT Edge runtime just as they would to IoT Hub.

IoT Edge 中心不是在本地运行的完整版本的 IoT 中心。The IoT Edge hub isn't a full version of IoT Hub running locally. IoT Edge 中心将一些任务以无提示方式委托给 IoT 中心。IoT Edge hub silently delegates some tasks to IoT Hub. 例如,IoT Edge 中心会在第一次连接时自动从 IoT 中心下载授权信息,使设备能够进行连接。For example, IoT Edge hub automatically downloads authorization information from IoT Hub on its first connection to enable a device to connect. 建立第一个连接之后,IoT Edge 中心会在本地缓存授权信息。After the first connection is established, authorization information is cached locally by IoT Edge hub. 该设备将来的连接已经过授权,无需再次从云中下载授权信息。Future connections from that device are authorized without having to download authorization information from the cloud again.

云通信Cloud communication

为减少 IoT Edge 解决方案使用的带宽,IoT Edge 中心优化了对云的实际连接数量。To reduce the bandwidth that your IoT Edge solution uses, the IoT Edge hub optimizes how many actual connections are made to the cloud. IoT Edge 中心采用来自模块或下游设备的逻辑连接,并将它们组合为连接到云的单个物理连接。IoT Edge hub takes logical connections from modules or downstream devices and combines them for a single physical connection to the cloud. 此过程的详细信息对解决方案的其他部分透明。The details of this process are transparent to the rest of the solution. 即使客户端都通过相同连接进行发送,它们也会认为具有自己的云连接。Clients think they have their own connection to the cloud even though they are all being sent over the same connection. IoT Edge 中心可以使用 AMQP 或 MQTT 协议与云进行上游通信,该协议独立于下游设备使用的协议。The IoT Edge hub can either use the AMQP or the MQTT protocol to communicate upstream with the cloud, independently from protocols used by downstream devices. 不过,IoT Edge 中心目前仅支持通过以下方式将多个逻辑连接组合成单个物理连接:使用 AMQP 作为上游协议并使用其多路复用功能。However, the IoT Edge hub currently only supports combining logical connections into a single physical connection by using AMQP as the upstream protocol and its multiplexing capabilities. AMQP 是默认的上游协议。AMQP is the default upstream protocol.

IoT Edge 中心是物理设备和 IoT 中心之间的网关

IoT Edge 中心可以确定其是否连接到了 IoT 中心。IoT Edge hub can determine whether it's connected to IoT Hub. 如果连接丢失,IoT Edge 中心将在本地保存消息或孪生更新。If the connection is lost, IoT Edge hub saves messages or twin updates locally. 一旦重新建立连接,将同步所有数据。Once a connection is reestablished, it syncs all the data. 用于此临时缓存的位置由 IoT Edge 中心的模块孪生的属性决定。The location used for this temporary cache is determined by a property of the IoT Edge hub's module twin. 只要设备具有存储容量,缓存的大小就没有限制并且会增加。The size of the cache is not capped and will grow as long as the device has storage capacity.  有关详细信息,请参阅脱机功能For more information, see Offline capabilities.

运行时质量遥测Runtime quality telemetry

IoT Edge 从主机运行时和系统模块收集匿名遥测以提高产品质量。IoT Edge collects anonymous telemetry from the host runtime and system modules to improve product quality. 此信息称为运行时质量遥测。This information is called runtime quality telemetry. 收集的遥测数据作为设备到云的消息从 IoT Edge 代理定期发送到 IoT 中心。The collected telemetry is periodically sent as device-to-cloud messages to IoT Hub from the IoT Edge agent. 这些消息不会显示在客户的常规遥测中,也不会消耗任何消息配额。These messages do not appear in customer's regular telemetry and do not consume any message quota.

IoT Edge 代理和中心生成指标,你可以收集这些指标来了解设备性能。The IoT Edge agent and hub generate metrics that you can collect to understand device performance. IoT Edge 代理收集这些指标的子集,作为运行时质量遥测的一部分。A subset of these metrics is collected by the IoT Edge Agent as part of runtime quality telemetry. 为运行时质量遥测收集的指标标有 ms_telemetry 标志。The metrics collected for runtime quality telemetry are labeled with the tag ms_telemetry. 有关所有可用指标的信息,请参阅 Access 内置指标For information about all the available metrics, see Access built-in metrics.

任何个人身份信息或组织识别信息(如设备和模块名称)都将在上传之前删除,以确保运行时质量遥测的匿名特性。Any personally or organizationally identifiable information, such as device and module names, are removed before upload to ensure the anonymous nature of the runtime quality telemetry.

IoT Edge 代理每小时收集一次遥测数据,每 24 小时向 IoT 中心发送一条消息。The IoT Edge agent collects the telemetry every hour and sends one message to IoT Hub every 24 hours.

如果要选择不从设备发送运行时遥测数据,可通过以下两种方式实现此目的:If you wish to opt out of sending runtime telemetry from your devices, there are two ways to do so:

  • SendRuntimeQualityTelemetry 环境变量的 edgeAgent 设置为 false,或者Set the SendRuntimeQualityTelemetry environment variable to false for edgeAgent, or
  • 在部署过程中取消选中 Azure 门户中的选项。Uncheck the option in the Azure portal during deployment.

后续步骤Next steps