
This document describes the use of Public Cloud Edge Interface (PCEI) implemented based on Edge Multi-Cluster Orchestrator (EMCO) for deployment of Public Cloud Edge (PCE) Apps from multiple clouds (Azure and AWS), deployment of a 3rd-Party Edge (3PE) App (an implementation of ETSI MEC Location API App), as well as the end-to-end operation of the deployed PCE Apps using simulated Low Power Wide Area (LPWA) IoT client.

End-to-End Validation Environment

The end-to-end validation environment and flow of steps is shown below:

Description of components of the end-to-end validation environmen:

Note that P1, P3, P5/P7 Reference Points are shown to illustrate alignment with general PCEI architecture.

The end-to-end PCEI validation steps are described below:

  1. Deploy EMCO.
  2. Deploy Edge K8S clusters
  3. Onboard Edge K8S clusters onto EMCO
  4. Provision Public Cloud Core Service and PCE software.
  5. Package PCE/3PE Helm Charts into  EMCO
  6. Onboard PCE/3PE as a service/application into EMCO
  7. Deploy PCE/3PE onto the Edge K8S clusters
  8. All PCE pods came up and register with PCC. All 3PE pods come up.
  9. Deploy software onto PCE on the worker cluster
  10. Successfully pass LPWA IoT messages from a simulated IoT device to PCE, decode messages and send to PCC.

For performing Steps 1 and 2 please refer to the PCEI R4 Installation Guide.

Provisioning PCEI Orchestration Infrastructure (EMCO)

Please refer to the PCEI R4 Installation Guide to deploy EMCO and Edge K8S Clusters.

Access EMCO UI via a Web Browser as shown in the diagram below (all IP addresses shown are used as examples):

In order to be able to access the EMCO cluster and the Edge K8S cluster via ssh directly from a laptop as shown in the diagram above, please copy the ssh key used in the PCEI Installation to you local machine:

### copy id_rsa key from deployment host to be able to ssh to eco and cluster vm’s
sftp onaplab@
get ~/.ssh/id_rsa pcei-emco

### ssh to VMs
ssh -i pcei-emco onaplab@

Accessing EMCO UI

Connect to the VNC server, start the Browser (Chrome) and point it to the EMCO VM (amcop-vm-01) IP address and port 30480:

You should be able to connect to EMCO UI as shown below:

Provisioning Network Controllers

The following Network Controllers must be provisioned in EMCO:

### Add controllers
host : rsync
port: 9041
type: < leave blank, not required.>
priority: < leave blank, not required>

host: ovnaction
port: 9053
type: action
priority: 1

To provision Network Controllers, please use the parameters shown above and EMCO UI "Controllers → Register Controllers" tab:

Fill in the parameters for the "rsync" and the "ovnaction" controllers:

Registering Edge Clusters

To register the two Edge K8S Clusters created during PCEI installation (refer to PCEI R4 Installation Guide), the cluster configuration files need to be copied from the corresponding VMs to the machine that is used to run the VNC server to access EMCO UI. Please make sure that the ssh key used to access the VMs is present on the machine that runs the VNC server. The example below assumes that the VNC server is running on the Host Server used to deploy EMCO and Edge Cluster VMs

# Determine VM IP addresses:
[onaplab@os12 ~]$ sudo virsh list --all
 Id    Name                           State
 6     amcop-vm-01                    running
 9     edge_k8s-1                     running
 10    edge_k8s-2                     running

[onaplab@os12 ~]$ sudo virsh domifaddr edge_k8s-1
 Name       MAC address          Protocol     Address
 vnet1      52:54:00:19:96:72    ipv4

[onaplab@os12 ~]$ sudo virsh domifaddr edge_k8s-2
 Name       MAC address          Protocol     Address
 vnet2      52:54:00:c0:47:8b    ipv4

sftp -i pcei-emco onaplab@
cd .kube
get config kube-config-edge-k8s-2

sftp -i pcei-emco onaplab@
cd .kube
get config kube-config-edge-k8s-1

Using EMCO UI "Cluster → Register Cluster Provider" tabs, provision Cluster Providers for EDGE-K8S-1 and EDGE-K8S-2 clusters:

Click on the Cluster Provider and click on "Add Cluster". Fill in the Cluster Name and add the config file downloaded earlier. Repeat for the two clusters EDGE-K8S-1 and EDGE-K8S-2:

You should see the following result:

At this point the edge clusters have been registered with the orchestrator and are redy for placing PCE and 3PE apps.

Deploying Azure IoT Edge with PCEI

Overall Deployment Summary

The deployment of Azure IoT Edge cloud native application as a PCE involves the following steps:

  1. Provision Azure Cloud (PCC).
    1. Provision IoT Hub.
    2. Provision Azure Container Registry.
  2. Enable custom software module for Azure IoT Hub (optional). This step is used to show end-to-end operation of Azure IoT Edge with a simulated LPWA IoT device.
    1. Install Visual Studio Code IDE.
    2. Add LoRaEdgeSolution code.
    3. Build and push the LoRaRead custom module to Azure Container Registry.
  3. Package Azure IoT Edge cloud native application.
    1. Download Helm charts.
    2. Modify values.yaml with IoT Edge authentication parameters.
    3. Package Helm charts into a tar file.
  4. Define Azure IoT Edge Service and PCE App in EMCO.
  5. Deploy Azure IoT Edge onto Edge K8S Cluster using EMCO.
  6. Verify IoT end-to-end IoT operation.
    1. Connect LPWA IoT device and pass encoded IoT messages to Azure IoT Edge.
    2. Decode LPWA messages using custom LoRaRead module.
    3. Pass decoded messaged to Azure Cloud.

Provisioning Azure Public Cloud Core (PCC) IoT Environment

Provisioning Azure Public Cloud Core

Login to your Azure Portal and add Subscription, IoT Hub and Container Registry Resources:

Provision IoT Hub:

Provision IoT Edge under IoT Hub:

Copy the "Primary Connection String" from the IoT Edge parameters. This string will be used later in the values.yaml file for the Azure IoT Edge Helm Charts.

Enabling Azure IoT Edge Custom Module

Use this link for information on developing custom software modules for Azure IoT Edge:

The example below is optional. It shows how to build a custom module for Azure IoT Edge to read and decode Low Power IoT messages from a simulated LPWA IoT device. Follow the above link to:

  1. Install Docker.
  2. Download and install Visual Studio Code (VSC).
  3. Setup VSC with Azure IoT Tools.
  4. Setup Azure Container Registry in Azure Cloud.
  5. Create Module Project. For this step, please refer to instructions below on downloading the LoRaEdgeSolution from PCEI repo.
  6. Build and push solution to Azure Container Registry.

The steps below show how to build custom IoT module for Azure IoT Edge using "LoRaEdgeSolution" code from PCEI repo:

Download PCEI repo to the machine that has VSC and Docker installed (per above instructions):

git clone ""

cd pcei
ls -l
total 0
drwxr-xr-x  8 oberzin  staff  256 Dec 24 15:44 LoRaEdgeSolution
drwxr-xr-x  3 oberzin  staff   96 Dec 24 15:44 iotclient
drwxr-xr-x  5 oberzin  staff  160 Dec 24 15:44 locationAPI

Using VSC open the LoRaEdgeSolution folder that was downloaded from PCEI repo.

Add required credentials for Azure Container Registry (ACR) using .env file.

Build and push the solution to ACR as shown below. Righ-click on "deployment.template.json":

The docker image for the custom module should now be visible in Azure Cloud ACR:

Packaging Azure IoT Edge Public Cloud Edge (PCE) Application

Use this link to understand the architecture of Azure IoT Edge cloud native application:

For the purposes of this document we use the Host Server on which EMCO has been deployed and on which we run the VNC server to package Helm charts for Azure IoT Edge.

Clone Azure IoT Edge from github:

git clone

cd iotedge/kubernetes/charts/
mkdir azureiotedge1
cp -a edge-kubernetes/. azureiotedge1/
cd azureiotedge1
ls -al
total 24
drwxrwxr-x. 3 onaplab onaplab    79 Dec 24 13:14 .
drwxrwxr-x. 5 onaplab onaplab    77 Dec 24 13:14 ..
-rw-rw-r--. 1 onaplab onaplab   137 Dec 24 13:02 Chart.yaml
-rw-rw-r--. 1 onaplab onaplab   333 Dec 24 13:02 .helmignore
drwxrwxr-x. 2 onaplab onaplab   220 Dec 24 13:02 templates
-rw-rw-r--. 1 onaplab onaplab 14226 Dec 24 13:02 values.yaml

Modify values.yaml file to specify the "Primary Connection String" from Azure Cloud generated during IoT Hub/IoT Edge provisioning.

Modify values.yaml to set the LoadBalancer port mapping for iotedged and edgeAgent pods

vi values.yaml
# Change the line below and save the file
  source: "manual"
  #dynamicReprovisioning: false

# Set LoadBalancer port mapping

    name: iotedged
    type: LoadBalancer

  containerName: edgeagent
    repository: azureiotedge/azureiotedge-agent
    tag: 0.1.0-beta9
    pullPolicy: Always
  hostname: "localhost"
    authScheme: 'sasToken'
    # Set this to one of "LoadBalancer", "NodePort", or "ClusterIP" to tell the
    # IoT Edge runtime how you want to expose mapped ports as Services.
    portMappingServiceType: 'LoadBalancer'

Create a tar file with Azure IoT Edge Helm Charts:

# Make sure to change to the "charts" directory
cd ..

# zip the "azureiotedge1" directory. Be sure to use "" file name.
tar -czvf azureiotedge1.tar azureiotedge1/

ls -al
total 12
drwxrwxr-x. 5 onaplab onaplab  102 Dec 24 13:23 .
drwxrwxr-x. 4 onaplab onaplab   31 Dec 24 13:02 ..
drwxrwxr-x. 3 onaplab onaplab   79 Dec 24 13:14 azureiotedge1
-rw-rw-r--. 1 onaplab onaplab 8790 Dec 24 13:23 azureiotedge1.tar
drwxrwxr-x. 3 onaplab onaplab   79 Dec 24 13:14 edge-kubernetes
drwxrwxr-x. 3 onaplab onaplab   60 Dec 24 13:02 edge-kubernetes-crd

Copy the infrastructure profile tar file to your home directory on the Host Server. This file is needed to define the Service and the App in EMCO:

cp /home/onaplab/amcop_deploy/aarna-stream/cnf/vfw_helm/profile.tar.gz .
la -l
ls -l
total 220088
drwxrwxr-x.  9 onaplab onaplab       138 Nov 24 06:53 aarna-stream
drwxrwxr-x.  3 onaplab onaplab        56 Nov 24 06:52 amcop_deploy
-rw-r--r--.  1 onaplab onaplab 225356880 Nov 23 14:58
drwxrwxr-x. 22 onaplab onaplab      4096 Dec 24 13:02 iotedge
-rw-rw-r--.  1 onaplab onaplab       263 Nov 23 17:13 netdefault.xml
-rw-rw-r--.  1 onaplab onaplab      1098 Dec 26 12:19 profile.tar.gz

Add Azure CRD to Edge K8S Cluster

Due to limitations in the current EMCO implementation the following step must be performed manually:


# Determine VMs IP
[onaplab@os12 ~]$ sudo virsh domifaddr edge_k8s-1
 Name       MAC address          Protocol     Address
 vnet1      52:54:00:19:96:72    ipv4

# ssh from your laptop
ssh -i pcei-emco onaplab@

Deploy Azure CRD:

helm install edge-crd --repo edge-kubernetes-crd 
NAME: edge-crd
LAST DEPLOYED: Thu Dec 24 21:43:12 2020
NAMESPACE: default
STATUS: deployed

kubectl get crd
NAME                                             CREATED AT     2020-12-24T21:43:13Z

Defining Azure IoT Edge Service in PCEI

To define Azure IoT Edge Service in PCEI, connect to EMCO UI and select "Projects → Add Project":

Select the project you just created (PCEI-AZURE-IOT-1 in the above example), select "Add Service", specify the Name and click on "Add App":

Click on Add App tp specify the App Name.

IMPORTANT NOTE: Please ensure that the "App Name" string matches the name of the tar file (without the .tar extension" created earlier with the Helm charts for Azure IoT Edge ("azureiotedge1" in this example".

Click "Create".

You should see the screen below:

Click on the "azureiotedge1" Service and attach application definition files. Add App file "azureiotedge1.tar" and profile file "profile.tar.gz". DO NOT CLICK "SUBMIT".

In order to select the tar file please use the "Options" button on the Mac and select "All files":

Add the App tar file and the Profile tar file

Select the "Placement" tab on the left.

Select the "EDGE-K8S-1" cluster that was registered earlier:

Click "SUBMIT" in the upper right corner:

After clicking "SUBMIT" you should see the screen below:

Deploying Azure IoT Edge PCE App on Edge Cluster

To deploy Azure IoT Edge App onto the Edge K8S Cluster (EDGE-K8S-1 in this example), select "Deployment Intent Groups" tab on the left side of the previous screen:

Click on the Blue Down Arrow on the right to deploy Azure IoT Edge App:

After successful deployment, you should see a message in GREEN stating that the deployment has been successful.

SSH to the EDGE-K8S-1 VM and verify the Azure IoT Edge pods started:

ssh onaplab@

# Verify Azure IoT Edge pods are Running in the default namespace
kubectl get pods
NAME                         READY   STATUS    RESTARTS   AGE
edgeagent-59cf45d8b9-tc5g9   2/2     Running   1          2m8s
edgehub-97dc4fdc8-t5qhf      2/2     Running   0          110s
iotedged-6d9dcf4757-h474r    1/1     Running   0          2m17s
loraread-d4d79b867-2ft2v     2/2     Running   0          110s

# Verify services. Note the TCP port for the loraread-xxxxx-yyyy pod (31230 in the example below):
kubectl get svc
NAME             TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                                       AGE
awsggc-service   NodePort    <none>        8883:30883/TCP                                9d
edgehub          LoadBalancer   <pending>     5671:30252/TCP,8883:31342/TCP,443:30902/TCP   3m
iotedged         LoadBalancer   <pending>     35000:32275/TCP,35001:32560/TCP               32d
kubernetes       ClusterIP      <none>        443/TCP                                       32d
loraread         LoadBalancer    <pending>     50005:31230/TCP

Verifying Azure IoT Edge End-to-End Operation

To verify Azure IoT Edge end-to-end operation, perform the following tasks:

On the Host Server list the IP address for the edge_k8s-1 VM:

sudo virsh domifaddr edge_k8s-1
 Name       MAC address          Protocol     Address
 vnet1      52:54:00:19:96:72    ipv4

ssh onaplab@

kubectl get svc loraread
NAME       TYPE           CLUSTER-IP     EXTERNAL-IP   PORT(S)           AGE
loraread   LoadBalancer   <pending>     50005:31230/TCP   8m28s

onaplab@localhost:~$ logout
Connection to closed.

#Clone PCEI repo to a local directory:

git clone ""
cd pcei/iotclient/
ls -l
total 8
-rw-r--r--  1 oberzin  108493823  3230 Dec 26 16:15

# Run the LPWA IoT Client. Specify the IP address (be sure to enclose the IP address in double quotes) of the edge_k8s-1 VM and the port number for the loraread service:

######## COUNT: 1
{u'txtime': u'2020-12-26T16:20:47-99', u'datarate': 3, u'ack': u'false', u'seqno': 60782, u'pdu': u'007321E7016700d2026862', u'devClass': u'A', u'snr': 10.75, u'devEui': u'0004A30B001BAAAA', u'rssi': -39, u'gwEui': u'00250C00010003A9', u'joinId': 90, u'freq': 903.5, u'port': 3, u'channel': 6}
######## COUNT: 2
{u'txtime': u'2020-12-26T16:20:58-25', u'datarate': 3, u'ack': u'false', u'seqno': 60782, u'pdu': u'007321E7016700dc026862', u'devClass': u'A', u'snr': 10.75, u'devEui': u'0004A30B001BAAAA', u'rssi': -39, u'gwEui': u'00250C00010003A9', u'joinId': 90, u'freq': 903.5, u'port': 3, u'channel': 6}

Note that the LPWA IoT Client is generating Temperature, Humidity and Pressure readings  in the encoded format: u'pdu': u'007321E7016700d2026862'.

On the EGGE-K8S-1 cluster (edge_k8s-1 VM) veryfy that the Azure IoT Edge LoRaRead pod is receiving LPWA IoT messages and decoding their contents:

ssh onaplab@

kubectl get pods
NAME                         READY   STATUS    RESTARTS   AGE
edgeagent-59cf45d8b9-tc5g9   2/2     Running   1          26m
edgehub-97dc4fdc8-t5qhf      2/2     Running   0          26m
iotedged-6d9dcf4757-h474r    1/1     Running   0          26m
loraread-d4d79b867-2ft2v     2/2     Running   0          26m

kubectl logs loraread-d4d79b867-2ft2v loraread
('Connection address:', ('', 7117))
('received data:', '{\n   "ack": "false", \n   "channel": 6, \n   "datarate": 3, \n   "devClass": "A", \n   "devEui": "0004A30B001BAAAA", \n   "freq": 903.5, \n   "gwEui": "00250C00010003A9", \n   "joinId": 90, \n   "pdu": "007321E7016700d2026862", \n   "port": 3, \n   "rssi": -39, \n   "seqno": 60782, \n   "snr": 10.75, \n   "txtime": "2020-12-26T16:20:47-99"\n}')
{u'txtime': u'2020-12-26T16:20:47-99', u'datarate': 3, u'ack': u'false', u'seqno': 60782, u'pdu': u'007321E7016700d2026862', u'devClass': u'A', u'snr': 10.75, u'devEui': u'0004A30B001BAAAA', u'rssi': -39, u'gwEui': u'00250C00010003A9', u'joinId': 90, u'freq': 903.5, u'port': 3, u'channel': 6}
{"Pressure": 867, "TIMESTAMP": "2020-12-26T16:20:47-99", "Humidity": 49, "Temperature": 69.80000000000001, "Device EUI": "0004A30B001BAAAA"}
Confirmation[0] received for message with result = OK
    Properties: {}
    Total calls confirmed: 1
('Connection address:', ('', 24020))
('received data:', '{\n   "ack": "false", \n   "channel": 6, \n   "datarate": 3, \n   "devClass": "A", \n   "devEui": "0004A30B001BAAAA", \n   "freq": 903.5, \n   "gwEui": "00250C00010003A9", \n   "joinId": 90, \n   "pdu": "007321E7016700dc026862", \n   "port": 3, \n   "rssi": -39, \n   "seqno": 60782, \n   "snr": 10.75, \n   "txtime": "2020-12-26T16:20:58-25"\n}')
{u'txtime': u'2020-12-26T16:20:58-25', u'datarate': 3, u'ack': u'false', u'seqno': 60782, u'pdu': u'007321E7016700dc026862', u'devClass': u'A', u'snr': 10.75, u'devEui': u'0004A30B001BAAAA', u'rssi': -39, u'gwEui': u'00250C00010003A9', u'joinId': 90, u'freq': 903.5, u'port': 3, u'channel': 6}
{"Pressure": 867, "TIMESTAMP": "2020-12-26T16:20:58-25", "Humidity": 49, "Temperature": 71.6, "Device EUI": "0004A30B001BAAAA"}
Confirmation[0] received for message with result = OK
    Properties: {}
    Total calls confirmed: 2

Note that the Azure IoT Edge PCE App is decoding the IoT Client readings from the Low Power encoding into clear text JSON format and forwarding the decoded readings to the Azure IoT Hub in the core cloud:

{"Pressure": 867, "TIMESTAMP": "2020-12-26T16:20:58-25", "Humidity": 49, "Temperature": 71.6, "Device EUI": "0004A30B001BAAAA"} sent!

Verify that the IoT message count is increasing in Azure Portal for the IoT Edge:

Deploying AWS GreenGrass Core with PCEI

The process of deploying AWS GreenGrass Core with PCEI is similar to the process described for Azure IoT Edge.

  1. Provision AWS Cloud (PCC).
    1. Provision Greengrass Group.
    2. Provision Greengrass Core.
  2. Package AWS GreenGrass Core application.
    1. Pull GGC Docker Image from AWS.
    2. Push GGC Docker Image to PCEI Docker Registry.
    3. Download Helm charts.
    4. Modify template files with AWS GGC image and authentication parameters.
    5. Package Helm charts into a tar file.
  3. Define AWS GGC Service and PCE App in EMCO.
  4. Deploy AWS GGC onto Edge K8S Cluster using EMCO.

Provisioning AWS Public Cloud Core (PCC) IoT Environment

Login to AWS Console and select AWS IoT service.

Select "Greengrass" on the left hand side, select "Classic (V1)":

Create a Group by clicking on "Create a Group":

Select "Use default creation" and specify the Group Name:

Confirm the "Core Function" and create the Group and Core:

Download the Core Security Resources tar file to your local directory:

Next, chose a root CA by clicking the button and right clicking on "Amazon Root CA" link on the next page. Select "Save Link As" and save the file in your local directory

At this point your AWS Greengrass Group and Core have been provisioned.

Packaging AWS GGC Public Cloud Edge (PCE) Application

Prepare Edge Cluster and Download AWS GGC Docker Image

Perform the following tasks on the edge_k8s-2 VM/Cluster. For the purposes of this guide, a local Docker registry is deployed on the edge cluster. Any other registry can be used.

# SSH to the EMCO Cluster (use the ssh key is ssh-ing from you laptop:

ssh -i ~/.ssh/pcei-emco onaplab@

## Install AWS CLI on EMCO cluster

curl "" -o ""
sudo ./aws/install

## Configure AWS auth - supply Access Key and Secret Access Key:

aws configure
Access Key ID:
Secret Access Key:

## Pull GGC docker image from AWS ACR

awspass=`sudo aws ecr get-login-password --region  us-west-2`

sudo docker login --username AWS --password $awspass

sudo docker pull

### Start local docker repo on worker cluster

sudo docker run -d -p 5000:5000 --restart=always --name registry registry:2

## Tag AWS GGC docker image
sudo docker tag localhost:5000/aws-iot-greengrass

## Push AWS GGC docker image to local registry

sudo docker push localhost:5000/aws-iot-greengrass

Prepare and Package AWS GGC Helm Charts

Defining AWS GGC Service in PCEI

Deploying AWS GGC PCE App on Edge Cluster

Verifying AWS GGC End-to-End Operation

Deploying Location API App with PCEI

Packaging PCEI Location API App

Defining Location API App in PCEI

Deploying PCEI Location API App on Edge Cluster