Endpoints

The Endpoints tab in Platform Settings allows administrators to configure the core communication and provisioning endpoints that Nexus uses for device management, data ingestion, and device provisioning.

These settings are essential for enabling scalable, global environments where multiple regions, sites, and ingestion pipelines must be supported consistently. Endpoints defined here act as the backbone for how devices connect, send data, and are provisioned into Nexus.

These settings require the Administrator Role to access and modify.

Types of Endpoints

Administrators can create the following types of endpoints:

Device Management Endpoints (IoT Hubs)

• A Device Management Endpoint corresponds to an Azure IoT Hub.

• IoT Hubs handle device communication, control, and deployments.

• Useful when operating across multiple regions - for example, creating:

  • An endpoint in Europe

  • An endpoint in the US

  • An endpoint in Asia

• Devices can then be associated with the IoT Hub closest to their location, improving performance and reducing latency.

Ingestion Endpoints

• An Ingestion Endpoint corresponds to an Azure Storage Account.

• Ingestion endpoints handle all data upload operations from devices, including:

  • Time-series measurements

  • Processed analytics results

  • Files from FTP servers or network file shares

  • Device metrics and logs

• By creating multiple ingestion endpoints close to the devices or sites, administrators can optimize data upload performance and reliability.

Device Provisioning Endpoints (DPS)

• A Device Provisioning Endpoint corresponds to an Azure IoT Hub Device Provisioning Service (DPS).

• DPS automates the process of provisioning devices to their correct IoT Hub (management endpoint).

• In most scenarios, only one DPS endpoint is required, as it can manage provisioning across multiple IoT Hubs.

• Devices are automatically assigned to the appropriate management hub based on defined allocation rules.

Default Endpoints

Endpoints can be marked as default. Defaults play a key role in how Nexus operates:

• Default Device Management Endpoint → Used for device configuration under Settings (if no other endpoint is specified).

• Default Ingestion Endpoint → Used by devices as the standard target for uploading telemetry, files, and logs and can be found in device configuration under Settings.

• Default Device Provisioning Endpoint → Used whenever new devices are provisioned into Nexus and can be found in Provisioning.

This ensures that all devices have a consistent fallback configuration while still allowing flexibility for site- or region-specific overrides.

Typical Use Cases

• Global Operations: Configure IoT Hubs in multiple regions to reduce latency and align devices with their closest management endpoint.

• Scalable Data Collection: Add ingestion endpoints in regional storage accounts to ensure efficient, high-throughput upload of telemetry and logs.

• Centralized Provisioning: Use a single DPS instance to manage device provisioning across many IoT Hubs, simplifying operations while maintaining scalability.

Adding Endpoints

Endpoints can be added to Nexus using the Add dropdown button in the top toolbar of the Endpoints Tab in Platform Settings. This requires the role of an Administrator.

Adding a Device Management Endpoint (IoT Hub)

A Device Management Endpoint connects Nexus to an existing Azure IoT Hub. These endpoints are used to manage devices, send configurations, and perform module deployments.

⚠️ Important: The administrator is responsible for creating the IoT Hub in Azure before it can be added as an endpoint in Nexus. Nexus does not provision IoT Hubs on your behalf.

Steps to Add a Device Management Endpoint

1. Navigate to Platform Settings → Endpoints

   • Click + Add and select Device Management Endpoint.

2. Fill in the required details:

   • Name

     • Provide a descriptive name for the endpoint (e.g., mgmt-us-west or iot-mgmt-europe).

     • This helps identify the IoT Hub when operating in global environments with multiple endpoints.

   • Type

     • Always set to Azure IoT Hub.

   • Location

     • Specify the Azure region where the IoT Hub is deployed (e.g., westeurope, westus).

     • Using the correct location makes it easier to map devices to their closest hub for low-latency communication.

   • IoT Hub Connection String

     • Provide a connection string with Registry Write and Service Connect permissions.

     • These permissions are required by Nexus to:

       • Manage devices in the IoT Hub (create, update, delete device identities).

       • Establish module-to-cloud and cloud-to-module connections.

     Example:

     Copy

     HostName=my-iothub.azure-devices.net;SharedAccessKeyName=iothubowner;SharedAccessKey=xxxxxxxx

3. Save the Endpoint

   • Once all fields are completed, click Save to register the endpoint with Nexus.

Best Practices

• Use Regional Hubs: Create IoT Hubs in regions close to your devices/sites to reduce latency and improve reliability.

• Restrict Permissions: Avoid using overly broad connection strings (e.g., iothubowner) in production. Instead, generate a custom policy with only Registry Write and Service Connect permissions.

• Naming Convention: Adopt a naming convention such as mgmt-<region> to make endpoints easy to identify (e.g., mgmt-us-west, mgmt-eu-central).

Creating an Ingestion Endpoint

An Ingestion Endpoint allows devices to upload data (such as measurements, processed results, files from FTP servers, device metrics, and logs) into Azure Blob Storage. Nexus uses this storage account as the landing zone for device data before further processing or analysis.

⚠️ Important: The administrator must create the Azure Storage Account in Azure before adding it as an Ingestion Endpoint in Nexus.

Steps to Add an Ingestion Endpoint

1. Navigate to Platform Settings → Endpoints

   • Click + Add and select Ingestion Endpoint.

2. Fill in the required details:

   • Name

     • Provide a descriptive name for the endpoint (e.g., ingestion-us, ingest-europe).

   • Type

     • Always set to Azure Blob Storage.

   • Location

     • Enter the Azure datacenter region where the storage account is hosted (e.g., westeurope, westus).

   • Storage Account Connection String

     • Provide a connection string for the storage account with Blob Read/Write permissions.

     • This ensures Nexus can write incoming device data to the storage account and, if required, read back stored files.

     Example:

     Copy

     DefaultEndpointsProtocol=https;AccountName=myingestionstore;AccountKey=xxxxxxxx;EndpointSuffix=core.windows.net

3. Save the Endpoint

   • Once all fields are completed, click Save to register the ingestion endpoint in Nexus.

Best Practices

• Regional Ingestion: Place ingestion endpoints close to devices to minimize upload latency (e.g., a storage account in eastus for U.S. devices, another in westeurope for European devices).

• Security: Limit permissions to only what’s required (Blob Read/Write). Do not expose root access keys where unnecessary.

• Naming Convention: Use a clear naming scheme such as ingestion-<region> (e.g., ingestion-us, ingestion-asia).

• Scalability: For large-scale deployments, create multiple ingestion endpoints to distribute load across regions.

Adding a Device Provisioning Endpoint

A Device Provisioning Service (DPS) Endpoint in Nexus enables automated provisioning of devices at scale. DPS simplifies device onboarding by securely assigning devices to the correct IoT Hub Device Management Endpoint(s) based on provisioning rules and enrollment groups.

⚠️ Important: The DPS must already be created in Azure before it can be added to Nexus.

Steps to Add a Device Provisioning Endpoint

1. Navigate to Platform Settings → Endpoints

   • Click + Add and select Device Provisioning Endpoint.

2. Fill in the required details:

   • Name

     • Provide a descriptive name for the provisioning service (e.g., dps-us, dps-europe).

   • ID Scope

     • Enter the unique ID Scope of the DPS service from Azure.

     • This ID Scope links the Nexus configuration to the correct DPS instance.

   • Type

     • Always set to Azure IoT Hub Device Provisioning Service (DPS).

   • Location

     • Enter the Azure datacenter location where the DPS is hosted (e.g., westus, westeurope).

   • Connection String

     • Provide a DPS connection string with the following permissions:

       • Service Configuration

       • Enrollment Read/Write

     • Example:

       Copy

       HostName=mydps.azure-devices-provisioning.net;SharedAccessKeyName=provisioningserviceowner;SharedAccessKey=xxxxxxxxxx

3. Save the Endpoint

   • Once all fields are filled out, click Save to register the DPS endpoint in Nexus.

Best Practices

• Single DPS, Multiple IoT Hubs

  • Typically, you only need one DPS per environment, even if you are using multiple IoT Hubs for device management across regions.

• Redundancy

  • For global deployments, you may choose to create additional DPS instances in different regions, but most scenarios can be handled with a single centralized DPS.

• Security

  • Use dedicated access policies with limited permissions instead of reusing the root DPS key.

• Naming Convention

  • Use a clear naming scheme such as dps-<region> (e.g., dps-europe, dps-us).