Azure Digital Twins is an Azure IoT service that creates models of the physical environment. Azure Digital Twins creates spatial intelligence graphs to model the interactions and relationships between spaces, devices, and most importantly, people.
By using Azure Digital Twins, data can be queried from a physical space rather than from various disparate sensors. Azure Digital Twins helps build spatially aware experiences that link streaming data across the physical and digital world.
Azure Digital Twins Capabilities
The following are some key capabilities of Azure Digital Twins:
- Built-in access control: Identity management features, such as role-based access control and Azure Active Directory, enable you to securely control access for individuals and devices.
- Multiple and nested tenants: You can create multiple subtenants that can be used and accessed in an isolated and secure manner.
- Spatial intelligence graph:: The spatial intelligence graph is a virtual representation of the physical environment. This can be used to model the relationships between people, places, and devices.
- Advanced compute capabilities: We can define and run custom functions against incoming device data to send signals to predefined endpoints.
- Digital twin object models: Digital Twin object models are predefined device protocols and data schema.
- Ecosystem: We can connect an Azure Digital Twins instance to many powerful Azure services, including Azure Stream Analytics, Azure AI; and Azure Storage, Azure Maps, Microsoft Mixed Reality, Dynamics 365, or Office 365.
- Role-based access control: Azure Digital Twins enables precise access control to specific actions, data, and resources through RBAC (Role-based access control). Role-based access control simply consists of roles and role assignments. By using Role-based access control, permissions can be granted to the following:
- Service principals
- User-defined functions
- Users who belong to a domain
Role definitions are collections of permissions; they list allowed operations such as the CRUD operations (REATE, READ, UPDATE, and DELETE). Table 1 shows the available roles in Azure Digital Twins.
Specified space: CREATE, READ, UPDATE, and DELETE
All nodes underneath: CREATE, READ, UPDATE, and DELETE
Users: CREATE, READ, UPDATE, and DELETE
User-related objects: CREATE, READ, UPDATE, and DELETE
Devices: CREATE, READ, UPDATE, and DELETE
Device-related objects: CREATE, READ, UPDATE, and DELETE
Access-keys: CREATE, READ, UPDATE, and DELETE
Key-related objects: CREATE, READ, UPDATE, and DELETE
Access Keys: READ and UPDATE
Spaces, Sensors, Users: READ
|Support Specialist||Everything except access-keys: READ|
Devices and Sensors: READ and UPDATE
Table 1: The available roles in Azure Digital Twins
Object identifiers simply refer to the type of identity that is given to a particular role.
Table 2 shows the supported object identifiers in Azure Digital Twins.
|UserId||Assigns a role to a user|
|DeviceId||Assigns a role to a device|
|DomainName||Assigns a role to a domain name|
|TenantId||Assigns a role to a tenant|
|ServicePrincipalId||Assigns a role to a service principal|
|UserDefinedFunctionId||Assigns a role to a user-defined function|
Table 2: The supported object identifiers in Azure Digital Twins
Azure is growing strength by strength, and before we know it, it has become our reality.