The Supply Chain system contains the various components that work together to ensure an efficient flow of goods from suppliers to consumers. Therefore, the components are transportation methods, production and storage facilities, all of which contribute to the overall performance of the system. Each component has specific attributes, such as speed, temperature, humidity etc. A simulation script generates data for 151 units, that incudes the following system components:
- Air Shipment Devices (14 units) - Facilitate air freight for fast, long-distance cargo transportation.
- Boat Shipment Devices (10 units) - Handle sea transport for cost-effective, bulk cargo shipping.
- Conveyor Devices (20 units) - Automate and streamline the movement of goods within facilities.
- Cutter Devices (20 units) - Essential for shaping, trimming, and separating materials during production.
- Factory Devices (5 units) - Represent manufacturing facilities where raw materials become finished products.
- Shop Devices (20 units) - Retail outlets for selling goods to end consumers.
- Store Room Devices (20 units) - Enable temporary storage and organization of goods within facilities.
- Supplier Devices (8 units) - Vendors providing raw materials, components, or finished goods.
- Truck Shipment Devices (26 units) - Manage road freight for versatile and cost-effective transportation.
- Ware House Devices (8 units) - Large storage facilities that serve as distribution hubs within the supply chain.
To install this product, we expect that you have got azure-cli and *terraform utilities installed and configured properly on the machine where terraform code will be executed.
As well, verify that environment variables
ARM_CLIENT_ID
ARM_CLIENT_SECRET
ARM_TENANT_ID
ARM_SUBSCRIPTION_IDare set up with appropriate values and RSA SSH key under ~/.ssh/ is present.
Deployment of this solution was test with 'Cloud Application Administrator' role which contains next permiissions:
| Role permissions | |
|---|---|
| microsoft.directory/adminConsentRequestPolicy/allProperties/allTasks | Manage admin consent request policies in Azure AD. |
| microsoft.directory/appConsent/appConsentRequests/allProperties/read | Read all properties of consent requests for applications registered with Azure AD. |
| microsoft.directory/applications/create | Create all types of applications. |
| microsoft.directory/applications/delete | Delete all types of applications. |
| microsoft.directory/applications/appRoles/update | Update the appRoles property on all types of applications. |
| microsoft.directory/applications/audience/update | Update the audience property for applications. |
| microsoft.directory/applications/authentication/update | Update authentication on all types of applications. |
| microsoft.directory/applications/basic/update | Update basic properties for applications. |
| microsoft.directory/applications/credentials/update | Update application credentials. |
| microsoft.directory/applications/extensionProperties/update | Update extension properties on applications. |
| microsoft.directory/applications/notes/update | Update notes of applications. |
| microsoft.directory/applications/owners/update | Update owners of applications. |
| microsoft.directory/applications/permissions/update | Update exposed permissions and required permissions on all types of applications. |
| microsoft.directory/applications/policies/update | Update policies of applications. |
| microsoft.directory/applications/tag/update | Update tags of applications. |
| microsoft.directory/applications/verification/update | Update applicationsverification property. |
| microsoft.directory/applications/synchronization/standard/read | Read provisioning settings associated with the application object. |
| microsoft.directory/applicationTemplates/instantiate | Instantiate gallery applications from application templates. |
| microsoft.directory/auditLogs/allProperties/read | Read all properties on audit logs, including privileged properties. |
| microsoft.directory/deletedItems.applications/delete | Permanently delete applications, which can no longer be restored. |
| microsoft.directory/deletedItems.applications/restore | Restore soft deleted applications to original state. |
| microsoft.directory/oAuth2PermissionGrants/allProperties/allTasks | Create and delete OAuth 2.0 permission grants, and read and update all properties. |
| microsoft.directory/applicationPolicies/create | Create application policies. |
| microsoft.directory/applicationPolicies/delete | Delete application policies. |
| microsoft.directory/applicationPolicies/standard/read | Read standard properties of application policies. |
| microsoft.directory/applicationPolicies/owners/read | Read owners on application policies. |
| microsoft.directory/applicationPolicies/policyAppliedTo/read | Read application policies applied to objects list. |
| microsoft.directory/applicationPolicies/basic/update | Update standard properties of application policies. |
| microsoft.directory/applicationPolicies/owners/update | Update the owner property of application policies. |
| microsoft.directory/provisioningLogs/allProperties/read | Read all properties of provisioning logs. |
| microsoft.directory/servicePrincipals/create | Create service principals. |
| microsoft.directory/servicePrincipals/delete | Delete service principals. |
| microsoft.directory/servicePrincipals/disable | Disable service principals. |
| microsoft.directory/servicePrincipals/enable | Enable service principals. |
| microsoft.directory/servicePrincipals/getPasswordSingleSignOnCredentials | Manage password single sign-on credentials on service principals. |
| microsoft.directory/servicePrincipals/synchronizationCredentials/manage | Manage application provisioning secrets and credentials. |
| microsoft.directory/servicePrincipals/synchronizationJobs/manage | Start, restart, and pause application provisioning syncronization jobs. |
| microsoft.directory/servicePrincipals/synchronizationSchema/manage | Create and manage application provisioning syncronization jobs and schema. |
| microsoft.directory/servicePrincipals/managePasswordSingleSignOnCredentials | Read password single sign-on credentials on service principals. |
| microsoft.directory/servicePrincipals/managePermissionGrantsForAll.microsoft-application-admin | Grant consent for application permissions and delegated permissions on behalf of any user or all users, except for application permissions for Microsoft Graph and Azure AD Graph. |
| microsoft.directory/servicePrincipals/audience/update | Update audience properties on service principals. |
| microsoft.directory/servicePrincipals/authentication/update | Update authentication properties on service principals. |
| microsoft.directory/servicePrincipals/basic/update | Update basic properties on service principals. |
| microsoft.directory/servicePrincipals/credentials/update | Update credentials of service principals. |
| microsoft.directory/servicePrincipals/notes/update | Update notes of service principals. |
| microsoft.directory/servicePrincipals/owners/update | Update owners of service principals. |
| microsoft.directory/servicePrincipals/permissions/update | Update permissions of service principals. |
| microsoft.directory/servicePrincipals/policies/update | Update policies of service principals. |
| microsoft.directory/servicePrincipals/tag/update | Update the tag property for service principals. |
| microsoft.directory/servicePrincipals/synchronization/standard/read | Read provisioning settings associated with your service principal. |
| microsoft.directory/signInReports/allProperties/read | Read all properties on sign-in reports, including privileged properties. |
| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets. |
| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Service Health in the Microsoft 365 admin center. |
| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Microsoft 365 service requests. |
| microsoft.office365.webPortal/allEntities/standard/read | Read basic properties on all resources in the Microsoft 365 admin center. |
| microsoft.directory/administrativeUnits/standard/read | Read basic properties on administrative units. |
| microsoft.directory/administrativeUnits/members/read | Read members of administrative units. |
| microsoft.directory/applications/standard/read | Read standard properties of applications. |
| microsoft.directory/applications/owners/read | Read owners of applications. |
| microsoft.directory/applications/policies/read | Read policies of applications. |
| microsoft.directory/contacts/standard/read | Read basic properties on contacts in Azure AD. |
| microsoft.directory/contacts/memberOf/read | Read the group membership for all contacts in Azure AD. |
| microsoft.directory/contracts/standard/read | Read basic properties on partner contracts. |
| microsoft.directory/devices/standard/read | Read basic properties on devices. |
| microsoft.directory/devices/memberOf/read | Read device memberships. |
| microsoft.directory/devices/registeredOwners/read | Read registered owners of devices. |
| microsoft.directory/devices/registeredUsers/read | Read registered users of devices. |
| microsoft.directory/directoryRoles/standard/read | Read basic properties of Azure AD roles. |
| microsoft.directory/directoryRoles/eligibleMembers/read | Read the eligible members of Azure AD roles. |
| microsoft.directory/directoryRoles/members/read | Read all members of Azure AD roles. |
| microsoft.directory/domains/standard/read | Read basic properties on domains. |
| microsoft.directory/groups/standard/read | Read standard properties of Security groups and Microsoft 365 groups, including role-assignable groups. |
| microsoft.directory/groups/appRoleAssignments/read | Read application role assignments of groups. |
| microsoft.directory/groups/memberOf/read | Read the memberOf property on Security groups and Microsoft 365 groups, including role-assignable groups. |
| microsoft.directory/groups/members/read | Read members of Security groups and Microsoft 365 groups, including role-assignable groups. |
| microsoft.directory/groups/owners/read | Read owners of Security groups and Microsoft 365 groups, including role-assignable groups. |
| microsoft.directory/groups/settings/read | Read settings of groups. |
| microsoft.directory/groupSettings/standard/read | Read basic properties on group settings. |
| microsoft.directory/groupSettingTemplates/standard/read | Read basic properties on group setting templates. |
| microsoft.directory/oAuth2PermissionGrants/standard/read | Read basic properties on OAuth 2.0 permission grants. |
| microsoft.directory/organization/standard/read | Read basic properties on an organization. |
| microsoft.directory/organization/trustedCAsForPasswordlessAuth/read | Read trusted certificate authorities for passwordless authentication. |
| microsoft.directory/applicationPolicies/standard/read | Read standard properties of application policies. |
| microsoft.directory/roleAssignments/standard/read | Read basic properties on role assignments. |
| microsoft.directory/roleDefinitions/standard/read | Read basic properties on role definitions. |
| microsoft.directory/servicePrincipals/appRoleAssignedTo/read | Read service principal role assignments. |
| microsoft.directory/servicePrincipals/appRoleAssignments/read | Read role assignments assigned to service principals. |
| microsoft.directory/servicePrincipals/standard/read | Read basic properties of service principals. |
| microsoft.directory/servicePrincipals/memberOf/read | Read the group memberships on service principals. |
| microsoft.directory/servicePrincipals/oAuth2PermissionGrants/read | Read delegated permission grants on service principals. |
| microsoft.directory/servicePrincipals/owners/read | Read owners of service principals. |
| microsoft.directory/servicePrincipals/ownedObjects/read | Read owned objects of service principals. |
| microsoft.directory/servicePrincipals/policies/read | Read policies of service principals. |
| microsoft.directory/subscribedSkus/standard/read | Read basic properties on subscriptions. |
| microsoft.directory/users/standard/read | Read basic properties on users. |
| microsoft.directory/users/appRoleAssignments/read | Read application role assignments for users. |
| microsoft.directory/users/deviceForResourceAccount/read | Read deviceForResourceAccount of users. |
| microsoft.directory/users/directReports/read | Read the direct reports for users. |
| microsoft.directory/users/licenseDetails/read | Read license details of users. |
| microsoft.directory/users/manager/read | Read manager of users. |
| microsoft.directory/users/memberOf/read | Read the group memberships of users. |
| microsoft.directory/users/oAuth2PermissionGrants/read | Read delegated permission grants on users. |
| microsoft.directory/users/ownedDevices/read | Read owned devices of users. |
| microsoft.directory/users/ownedObjects/read | Read owned objects of users. |
| microsoft.directory/users/photo/read | Read photo of users. |
| microsoft.directory/users/registeredDevices/read | Read registered devices of users. |
| microsoft.directory/users/scopedRoleMemberOf/read | Read user's membership of an Azure AD role, that is scoped to an administrative unit. |
| microsoft.directory/users/sponsors/read |
Under 'terraform/' directory you will find subdirectory iot/ with the module which represents the whole soltuon.
Use the following сommand listing for basic installation. You will be prompted for required variables.
IMPORTANT! Do not forget to set up environment variables properly.
terraform init
terraform applyAs terraform code provides basic usage scenario, you might want to customise it.
If you would prefer to use remote backend for Azure provider, you can customize provider settings in terraform/solutions/iot/versions.tf
By default configuration is pretty simple:
provider "azurerm" {
features {
resource_group {
prevent_deletion_if_contains_resources = false
}
}
}There is a possibility to update default tags for resources if it is required. For this, check terraform/solutions/iot/locals.tf and update with appropriate values for your case.
locals {
tags = {
platform = var.platform
solution = var.solution
location = var.location
owner = var.owner
source = "terraform"
}
}For the resource naming, solution uses Azure/naming/ module. You can patch suffixes in terraform/solutions/iot/main.tf
module "naming" {
source = "Azure/naming/azurerm"
version = "0.2.0"
suffix = [var.platform, var.owner, var.solution]
}If it does not comply with your internal policies, you can specify your own names instead of calls to naming module. For example, you can replace names for resource group and virtual network in terraform/solutions/iot/main.tf on any you would prefer.
module "base" {
source = "../../components/base"
resource_group_name = module.naming.resource_group.name # Can be anything you
location = var.location
vnet_name = module.naming.virtual_network.name
vnet_address_space = var.vnet_cidr
subnets = var.subnets
tags = local.tags
}
To import Digital Twins Model, open Digital Twins Explorer UI in Azure:
- upload models: “models” folder (*.json)
- import Twin Graph: “models/FullTwins.xlsx”
- upload models images: “models/icons” folder (*.png)
For more information, check Digital Twins Documentation
A Python application simulates multiple IoT devices and sends periodic telemetry messages to Azure IoT Hub or Azure IoT Edge Hub. The application uses the Azure IoT Hub Service SDK to create new IoT devices and Azure IoT Device SDK to send messages.
Install required packages:
pip install -r requirements.txtCopy IoT Edge root CA certificate to ./certificates/azure-iot-test-only.root.ca.cert.pem
For additional instructions regarding certificate generation and usage, refer to Azure IoT docs
python simulator.py [--config_path CONFIG_PATH]Arguments:
- CONFIG_PATH - path to the config.json file. Default value:
config.json
Configuration file (config.json)
{
"iot_hub_host_name": "<name>.azure-devices.net",
"iot_hub_connection_string": "HostName=<HostName>;SharedAccessKeyName=<SharedAccessKeyName>;SharedAccessKey=<SharedAccessKey>",
"devices_primary_key": "<primary key>",
"devices_secondary_key": "<secondary key>",
"edge_host_name": "<Name or IP>",
"edge_device_scope": "ms-azure-iot-edge://<scope>",
"edge_device_id": "<edge device id>",
"edge_ca_cert_path": "./certificates/azure-iot-test-only.root.ca.cert.pem",
"use_edge_hub": true,
"minutes_to_run": 3.0
}specifies the following parameters:
- "iot_hub_host_name" (string): IoT Hub host name,
- "iot_hub_connection_string" (string): IoTHub connection string,
- "devices_primary_key" (string): Primary devices authentication key (one for all devices),
- "devices_secondary_key" (string): Secondary devices authentication key (one for all devices),
- "edge_host_name" (string): IoT Edge Hub host name,
- "edge_device_scope" (string): Edge device "device_scope" parameter,
- "edge_device_id" (string): Name (Id) of the edge device,
- "edge_ca_cert_path" (string): IoT Edge root CA certificate,
- "use_edge_hub" (bool): Uses IoT Edge Hub,
- "minutes_to_run" (float): Number of minutes for simulation to run.
python simulator.py