IoT løsningerCloud tjenester &
Analyseværktøjer
Ole KjeldsenCTO & CISO
Microsoft Danmark & Island
Denne pptx: https://aka.ms/msiot2018
Overblik …
Trusler & mulige løsninger
Sphere, Hub, Edge & cloud services
…. meget mere i appendix & via bl.a. online træning hvis man vil nørde ☺
AGENDA
© Microsoft Corporation
What is ….
9 billion
IoT devices deployed per year
© Microsoft Corporation
Microcontrollers (MCUs)
1970’s 1980’s 1990’s 2000’s 2010’s 2020’s 2030’s
Wave 2:Wave 1:The Microcontroller (MCU) Internet Connectivity
9 BILLION new MCU devices deployed every year
IN TOYS... IN APPLIANCES… IN EQUIPMENT…
FEWER THAN 1% ARE CONNECTED TODAY.
North Carolina Highway Signs Compromised By a
Foreign Hacker*
First/Largest known DDoS attack using insecure IoT
devices (2016) disrupted WW internet traffic **
*NSTAC Report to the President on the Internet of Things. www.dhs.gov/sites/default/files/publications/
** https://www.wired.com/2016/12/botnet-broke-internet-isnt-going-away/
© Microsoft Corporation
What is ….
5 billion
USD
Microsoft investment in IoT
© Microsoft Corporation
The internet security battle.
We’ve been fighting it for decades.
We have experience to share.
Azure SphereAnnounced at RSA
© Microsoft Corporation
A new Azure Sphere class of MCUs,
from silicon partners, with built-in
Microsoft security technology provide
connectivity and a dependable
hardware root of trust.
A new Azure Sphere OS secured by
Microsoft for the devices 10-year
lifetime to create a trustworthy
platform for new IoT experiences
The Azure Sphere Security Service guards
every Azure Sphere device; it brokers trust
for device-to-device and device-to-cloud
communication, detects emerging threats,
and renews device security.
Azure Sphere is an end-to-end solution for securing MCU
powered devices
© Microsoft Corporation
Highly-secured connected devices require 7 properties
Hardware
Root of Trust
Is your device’s identity
and software integrity
secured by hardware?
Defense
in Depth
Does your device remain
protected if a security
mechanism is defeated?
Small Trusted
Computing Base
Is your device’s TCB
protected from bugs in
other code?
Dynamic
Compartments
Can your device’s
security protections
improve after
deployment?
Certificate-Based
Authentication
Does your device use
certificates instead
of passwords for
authentication?
Failure
Reporting
Does your device
report back about
failures and
anomalies?
Does your
device’s software
update
automatically?
Renewable
Security
= Silicon support required = OS support required = Cloud Service support required
© Microsoft Corporation
Three components.
One low price.
No subscription required.
An Azure Sphere certified MCU
The Azure Sphere OS
with 10 years of on-device updates
The Azure Sphere Security Service
for 10 years
© Microsoft Corporation
Azure Sphere is open
Open to any MCU manufacturer
We are licensing our Pluton security subsystem
royalty free for use in any chip*
Open to any cloud
Azure Sphere devices are free to connect to
Azure or any other cloud, proprietary or public
for application data
Open to any innovation
MCU manufacturers are free to innovate with
our GPL’d OSS Linux kernel code base
* Azure Sphere branding requires an Azure Sphere chip with Azure Sphere
OS and Azure Sphere Security Service
© Microsoft Corporation
Our Silicon Partners
© Microsoft Corporation
The first devices with Azure Sphere MCUs
on shelf September 2018
In preorder now!
WHEN?
https://www.seeedstudio.com/MT3620-Development-Board-for-Azure-Sphere-p-3052.html#
Azure Data Lake
Azure Time Series Insights
Azure Maps
Azure Stream Analytics
Azure Machine Learning
Azure HD InsightSpark, Storm, Kafka
Azure Event Hubs
Azure IoT Hub Device Provisioning Service
Azure IoT Hub
Windows 10 IoT Core
Azure IoT Edge
Azure Sphere
Azure Certified for IoT
Azure IoT Device SDK
Azure Logic Apps
Azure Websites
Azure Monitor
Azure Event Grid
Microsoft Power BI
Microsoft Flow
Azure Functions
Pla
tfo
rmU
se | S
olu
tio
ns
IoT Edge
Azure IoT Central
Analytics, dashboards and visualization
User roles and permissions
Monitoring rules and triggered actions
Fully hosted and managed by Microsoft
Device connectivity and management
Risk-free trial with simplified pricing
No cloud development expertise required
Azure IoT solution
accelerators
Predictive Maintenance
Connected FactoryRemote Monitoring
Device Simulation
End-to-end implementation
Completely customizable
Open-source microservices based architecture
Device connectivity and management
Dashboards, visualization, and insights
Workflow automation and integration
Command and control
Preconfigured solutions
Azure IoT HubProvision devices at scale w/IoT
Hub Device Provisioning Service
Establish bi-directional communication with billions of IoT devices
Enhance security with perdevice authentication
Multi-language and open source SDKs
Manage devices at scale with
device management
Azure IoT EdgeCompatible with popular operating systems
Code symmetry between cloud and edge for easy development and testing
Secure solution from chipset to cloud
Move cloud and custom workloads to the edge, securely
Seamless deployment of AI and advanced analytics
Configure, update and monitor from the cloud
Get started quickly with preconfigured solutions for common IoT scenarios, using accellerators.
Leverage a worldwide ecosystem of experienced IoT partners to tailor IoTsolutions to your needs.
Azure IoT
Connect millions of devices, integrate your business systems with new analysis tools to gain insights and transform your business.
Sphere delivers highly secured, Internet connected MCU devices with a purpose built OS & turn-key cloud service guarding every device.
https://www.youtube.com/watch?v=iiDF26HNh-Y
© Microsoft Corporation
Klar til at BYGGE IoT Applikationer?
Find alt du har brug for at udvikle selv
avancerede IoT apps med kendte værktøjer
og udviklingssprog. Byg IoT apps
Azure IoT Build pageAzure IoT solutions
acceleratorerAzure IoT Hub IoT School
Klar til at BRUGE en IoT Solution?
Brug kontrollerede at industri-specifikke
løsninger for at komme igang hurtigt og
nemt. Prøv IoT løsninger
Sphere: https://azure.microsoft.com/da-dk/services/azure-sphere/
Azure IoT: https://azure.microsoft.com/da-dk/overview/iot/
Edge IoT: https://azure.microsoft.com/da-dk/services/iot-edge/
© Microsoft Corporation
Microsoft Research Paper:
https://aka.ms/7pohsd
“7 Properties of Highly Secure Devices”
Ole Kjeldsen
https://aka.ms/olek
TAK!Hent præsentationen med
mange flere detaljer på
https://aka.ms/msiot2018
Use common, templates to accelerate your IoT projects and jump ahead of the competition.
© Microsoft Corporation
Some properties depend only on hardware support
o Hardware to protect Device Identity
o Hardware to Secure Boot
o Hardware to attest System Integrity
Unforgeable cryptographic
keys generated and protected
by hardware
Is your device’s identity
and software integrity
secured by hardware?
Hardware Root of Trust
© Microsoft Corporation
Some properties depend on hardware and software
o Hardware to Create Barriers
o Software to Create Compartments
Internal barriers limit the
reach of any single failure
Can your device’s security
protections improve after
deployment?
Dynamic Compartments
© Microsoft Corporation
Some properties depend on hardware, software and cloud
Device security renewed to
overcome evolving threats and
security breaches.
Does your device’s software
update automatically?
Renewable Security
o Cloud to Provide Updates
o Software to Apply Updates
o Cloud to Prevent Rollbacks
© Microsoft Corporation
Azure Sphere empowers manufacturers to create
highly-secured, connected MCU devices
S E C U R I T Y
Every device built with Azure Sphere is secured by Microsoft.
For its 10 year lifetime.
P RO D U C T I V I T Y
The Azure Sphere developer experience shortens OEM time to market.
O P P O RT U N I T Y
Azure Sphere empowers OEMs to create new customer experiences and business models.
© Microsoft Corporation
S E C U R E D with built-in Microsoft silicon security technology including the Pluton Security Subsystem
C RO S S O V E R Cortex-A processing powerbrought to MCUs for the first time
CO N N E C T E D with built-in networking
Microsoft
PlutonSecurity
Subsystem
Firewall Firewall Firewall
Firewall Firewall Firewall
Multiplexed I/O
SPII2CUARTI2STDMPWMGPIO ADC
ARM Cortex-AOptimized for
low power
FLASH ≥ 4MB
SRAM≥ 4MB
Network ConnectionWi-Fi in first chips
ARM Cortex-MFor real-time processing
Azure Sphere MCUs create a secured root of trust for connected, intelligence edge devices
CO N N E C T E D with built-in networking
S E C U R E D with built-in Microsoft silicon
security technology including the Pluton
Security Subsystem
C RO S S O V E R Cortex-A processing power
brought to MCUs for the first time
© Microsoft Corporation
Azure Sphere OS Architecture
App Containers for POSIX (on Cortex-A)
App Containers for
I/O (on Cortex-Ms)
On-chip Cloud Services
HLOS Kernel
Security Monitor
Azure Sphere MCUs
OS Layer 4
OS Layer 3
OS Layer 2
OS Layer 1
Hardware
The Azure Sphere OS is optimized for IoT, Security and MCU agility
On-chip Cloud Services
Provide update, authentication, and connectivity
Custom Linux kernel
Empowers agile silicon evolution and reuse of code
Security Monitor
Guards integrity and access to critical resources
Secure Application Containers
Compartmentalize code for agility, robustness & security
© Microsoft Corporation
The Azure Sphere Security Service connects and protects every Azure Sphere device
Protects your devices and your customers with
certificate-based authentication of all communication
Detects emerging security threats through
automated processing of on-device failures
Responds to threats with fully automated
on-device updates of OS
Allows for easy deployment of software updates to
Azure Sphere powered devices
© Microsoft Corporation
Simplify development
Focus your device development effort
on the value you want to create
Streamline debugging
Experience interactive, context-aware
debugging across device and cloud
Simplify Azure connect
Connect your Azure Sphere devices
quickly and easily to Azure IoT
Modernize MCU development with Azure Sphere and Visual Studio
© Microsoft Corporation
S E C U R I T Y
Peace of mind
Protect your products and customers with our turnkey, 7 property security solution that protects, detects and responds to threats dynamically so you’re always prepared.
P RO D U C T I V I T Y
Faster time to market
Lower overhead and increase team efficiency with tools that deliver productivity and dramatically optimize development and maintenance of your device and experiences.
O P P O RT U N I T Y
The future is now
Transform engagement your products and customer strategies, and enable new revenue streams with connected crossover chips powerful enough to create next generation experiences.
© Microsoft Corporation
MICROSOFT WILL INVEST $5 BILLION IN IoT
Our goal is to give every customer the ability to transform their businesses, and the
world at large, with connected solutions.
https://blogs.microsoft.com/iot/2018/04/04/microsoft-will-invest-5-billion-in-iot-heres-why
70%value enabled by IoT
from B2B scenarios- McKinsey and Company
The Internet of Things opportunity
80 billion connected “things” by 2025 - IDC
$457 billionglobal IoT market by 2020 - Gartner
180 zettabytesdigital data by 2025 - IDC
Innovation at work – real IoT use cases
Auto
Public Safety
Fully managed SaaS
Azure IoT Hero Portfolio
Microsoft’s vision is to democratize IoT by allowing everyone to access the benefits of IoT and provide the foundation for digital transformation
Best used when you need to get started quickly with minimal IoT experience
Azure IoT Central
Adds capacity to do local
processing
On-premises processing
Azure IoT Edge
+
Customizable PaaS
Best used when you need a lot of control over your IoT solution
Azure IoT solution
accelerators
Azure IoT solution
acceleratorsDashboards, visualization and insights
Completely customizable
Command and control
Device connectivity and management
Predictive Maintenance
Connected FactoryRemote Monitoring
Workflow automation and integration
Preconfigured solutions
End-to-end implementation
Device Simulation
Open-source microservices based architecture
• Get started in minutes
• Modify existing rules and alerts
• Add your devices and begin tailor to your needs
Start quickly for
common IoT scenarios
• Fine-tuned to specific assets and processes
• Highly visual for your real-time operational data
• Integrate with back-end systems
Finish with your IoT
application
Accelerate time to value
Components of a preconfigured solution
Microservices
VM
Devices
Back end
systems and
processes
Cosmos DB
Web App
Logic AppsIoT Hub
C# simulator
Active
Directory
Orchestrator
Microservices
VM
Microservices
VM
Microservices
VM Azure ML
Azure IoT Central
No cloud development expertise required
Fully hosted and managed by Microsoft
Analytics, dashboards and visualization
User roles and permissions
Monitoring rules and triggered actions
Device connectivity and management
Risk-free trial with simplified pricing
Builder Operator
Time-series Insights
Analytics & dashboards
Device management
Alerts and actions
User and identity management
Template Management
Rules Workflows
Device settings
Product Modeler
Azure IoT Hub Provision devices at scale w/ IoT Hub Device
Provisioning Service
Establish bi-directional communication with
billions of IoT devices
Enhance security with per device authentication
Multi-language and open source SDKs
Manage devices at scale with device
management
Azure IoT Hub
Bi-directional communication Enterprise scale and integration End-to-end security
IoT Device Management Lifecycle
Plan
Provision
Configure
Monitor
Retire
Replace or decommission devices after failure, upgrade
cycle or service lifetime
Group devices and control
access according to your
organization's needs
Provide updates, configuration and
applications to assign the purpose
of each device
Securely authenticate devices,
on-board for management
and provision for service
Monitor device inventory, health
and security while providing
proactive remediation of issues
Azure IoT Hub Device Provisioning Service
Azure IoT Hub Device Provisioning ServiceRegister and provision devices with zero-touch in a
secure and scalable way
• Simple "plug and play” provisioning
• Minimize manual connection requirements
• Enhanced security through HSM
• Global availability
Azure Time Series Insights
IoT scale time-series data store
Easy IoT Hub connection
Store, query, and visualize billions of events
Get near real-time insights in seconds
Schema-less store, just send data
Build apps using Time Series Insights APIs
Azure Maps
Render maps and satellite imagery across many geographies
Integrate rich mapping visualizations into applications
Calculate routes from N to N points for optimal calculations
Convert places and addresses to coordinates; or, convert coordinates to addresses or cross streets
Show real time traffic information
Obtain time zone and current time information
Location is at the heart of everythingAccurate, real time geospatial data is fundamental to the digital transformation of a wide
range of industries and use cases, among them…
Mobility Solutions
Internet of Things (IoT)
Automotive
Web & Mobile Apps
Field Service
Logistics
Why use Azure Maps?
Key reasons for customers to opt for Azure Maps for their geospatial needs
Integrated into
Azure IoT
In-vehicle use licensing rights
Unrivalled traffic data and commercial routing
Custom data visualizations
30+ languages supported
Enterprise scale
Enable a more nature user interface
Open platform that seamlessly connects things, endpoints, and the cloud
Commercial OS for IoT devices and a modern user experience
Supports the languages and
frameworks you already know
Trusted platform for security and
servicing of for cloud-connected devices
Bring power and capability to the edge
Windows 10 IoT
• Azure Services & Management on-prem
• Managed by Azure or LocallyAzure Stack Azure Stack
Core Subsystems
Things Insights Actions
Provision and
send data from
device to cloud
Device
Management
Stream processing and
rules evaluation over data
Store data Integrate with business processes
Visualize data and learnings