Azure Sphere

IoT løsninger Cloud tjenester & Analyseværktøjer

Ole Kjeldsen CTO & CISO Microsoft Danmark & Island Denne pptx: https://aka.ms/msiot2018 AGENDA

Overblik … Trusler & mulige løsninger Sphere, Hub, Edge & cloud services

…. meget mere i appendix & via bl.a. online træning hvis man vil nørde ☺ What is ….

9 billion IoT devices deployed per year

Wave 1: Wave 2: The Microcontroller (MCU) Internet Connectivity

IN TOYS... IN APPLIANCES… IN EQUIPMENT…

FEWER THAN 1% ARE CONNECTED TODAY. North Carolina Highway Signs Compromised By a First/Largest known DDoS attack using insecure IoT Foreign Hacker* devices (2016) disrupted WW internet traffic **

*NSTAC Report to the President on the Internet of Things. www.dhs.gov/sites/default/files/publications/ ** https://www.wired.com/2016/12/botnet-broke-internet-isnt-going-away/ What is ….

5 billion USD Microsoft investment in IoT

Announced at RSA Azure Sphere is an end-to-end solution for securing MCU powered devices

A new Azure Sphere OS secured by Microsoft for the devices 10-year lifetime to create a trustworthy platform for new IoT experiences

A new Azure Sphere class of MCUs, from silicon partners, with built-in Microsoft security technology provide connectivity and a dependable hardware root of trust.

The Azure Sphere Security Service guards every Azure Sphere device; it brokers trust for device-to-device and device-to-cloud communication, detects emerging threats, and renews device security.

Hardware Defense Small Trusted Root of Trust in Depth Computing Base

Is your device’s identity Does your device remain Is your device’s TCB and software integrity protected if a security protected from bugs in secured by hardware? mechanism is defeated? other code?

Dynamic Certificate-Based Failure Renewable Compartments Authentication Reporting Security Can your device’s Does your device use Does your device Does your security protections certificates instead report back about device’s software improve after of passwords for failures and update deployment? authentication? anomalies? automatically?

© Microsoft Corporation = Silicon support required = OS support required = Cloud Service support required Three components. An Azure Sphere certified MCU One low price. The Azure Sphere Security Service No subscription required. for 10 years The Azure Sphere OS with 10 years of on-device updates

Open to any cloud Azure Sphere is open Azure Sphere devices are free to connect to Azure or any other cloud, proprietary or public for application data

Open to any innovation MCU manufacturers are free to innovate with our GPL’d OSS Linux kernel code base

* Azure Sphere branding requires an Azure Sphere chip with Azure Sphere © Microsoft Corporation OS and Azure Sphere Security Service Our Silicon Partners

The first devices with Azure Sphere MCUs on shelf September 2018 In preorder now!

IoT Edge Solutions

Azure IoT Edge Azure Stream Analytics Azure Monitor Use | | Use

Windows 10 IoT Core Azure Machine Learning Azure Event Grid

Azure Sphere Azure Maps Azure Websites

Azure HD Insight Platform Azure Certified for IoT Spark, Storm, Kafka Microsoft Power BI

Azure IoT Device SDK Azure Event Hubs Microsoft Flow

Azure IoT Hub Device Azure Data Lake Azure Functions Provisioning Service

Azure Time Series Azure IoT Hub Insights Azure Logic Apps Fully hosted and managed by Microsoft

No cloud development expertise required

Device connectivity and management

Azure IoT Central Monitoring rules and triggered actions

User roles and permissions

Analytics, dashboards and visualization

Risk-free trial with simplified pricing End-to-end implementation

Completely customizable

Open-source microservices based architecture

Device connectivity and management

Azure IoT solution Dashboards, visualization, and insights accelerators Workflow automation and integration

Command and control

Preconfigured solutions

Remote Monitoring Connected Factory

Predictive Maintenance Device Simulation Establish bi-directional communication with billions of IoT devices

Enhance security with per device authentication

Provision devices at scale w/IoT Azure IoT Hub Hub Device Provisioning Service

Manage devices at scale with device management

Multi-language and open source SDKs Move cloud and custom workloads to the edge, securely

Seamless deployment of AI and advanced analytics

Configure, update and monitor from the cloud Azure IoT Edge

Compatible with popular operating systems

Code symmetry between cloud and edge for easy development and testing

Secure solution from chipset to cloud Connect millions of devices, integrate your business systems with new analysis tools to gain insights and transform your business.

Get started quickly with preconfigured solutions for common IoT scenarios, using accellerators. Azure IoT Leverage a worldwide ecosystem of experienced IoT partners to tailor IoT solutions to your needs.

Sphere delivers highly secured, Internet connected MCU devices with a purpose built OS & turn-key cloud service guarding every device. https://www.youtube.com/watch?v=iiDF26HNh-Y © Microsoft Corporation Klar til at BYGGE IoT Applikationer? Klar til at BRUGE en IoT Solution? Find alt du har brug for at udvikle selv Brug kontrollerede at industri-specifikke avancerede IoT apps med kendte værktøjer løsninger for at komme igang hurtigt og og udviklingssprog. Byg IoT apps nemt. Prøv IoT løsninger

Azure IoT solutions Azure IoT Build page Azure IoT Hub IoT School acceleratorer

Sphere: https://azure.microsoft.com/da-dk/services/azure-sphere/ Azure IoT: https://azure.microsoft.com/da-dk/overview/iot/ Edge IoT: https://azure.microsoft.com/da-dk/services/iot-edge/ Microsoft Research Paper:

https://aka.ms/7pohsd

“7 Properties of Highly Secure Devices”

Hent præsentationen med mange flere detaljer på Ole Kjeldsen https://aka.ms/olek https://aka.ms/msiot2018 Use common, templates to accelerate your IoT projects and jump ahead of the competition. Hardware Root of Trust Unforgeable cryptographic keys generated and protected by hardware Is your device’s identity and software integrity secured by hardware?

o Hardware to protect Device Identity Some properties o Hardware to Secure Boot depend only on hardware support o Hardware to attest System Integrity

Some properties o Hardware to Create Barriers

depend on hardware o Software to Create Compartments and software

o Cloud to Provide Updates Some properties o Software to Apply Updates depend on hardware, software and cloud o Cloud to Prevent Rollbacks

SECURITY PRODUCTIVITY OPPORTUNITY Every device built with The Azure Sphere Azure Sphere empowers Azure Sphere is secured developer experience OEMs to create new by Microsoft. shortens OEM time to customer experiences and market. business models. For its 10 year lifetime.

Microsoft C O N N E C T E D with built-in networking Network Pluton FLASH Connection Security ≥ 4MB Wi-Fi in first chips SECURED with built-in Microsoft silicon Subsystem CONNECTED with built-in networking security technology including the Pluton Firewall Firewall Firewall Security Subsystem SECURED with built-in Microsoft silicon security ARM ARM Cortex-A SRAM Cortex-M technologyCROSSOVER including theCortex Pluton-A Securityprocessing Subsystem power Optimized for ≥ 4MB For real-time brought to MCUs for the first time low power processing

CROSSOVER Cortex-A processing power Firewall Firewall Firewall brought to MCUs for the first time Multiplexed I/O

GPIO PWM TDM I2S UART I2C SPI ADC

Azure Sphere OS Architecture

App Containers for App Containers for Secure Application Containers OS Layer 4 POSIX (on Cortex-A) I/O (on Cortex-Ms) Compartmentalize code for agility, robustness & security

On-chip Cloud Services OS Layer 3 On-chip Cloud Services Provide update, authentication, and connectivity

Custom Linux kernel OS Layer 2 HLOS Kernel Empowers agile silicon evolution and reuse of code

Security Monitor OS Layer 1 Security Monitor Guards integrity and access to critical resources

Hardware Azure Sphere MCUs

Protects your devices and your customers with certificate-based authentication of all communication

Detects emerging security threats through automated processing of on-device failures

Responds to threats with fully automated on-device updates of OS

Allows for easy deployment of software updates to Azure Sphere powered devices

Simplify development Focus your device development effort on the value you want to create

Streamline debugging Experience interactive, context-aware debugging across device and cloud

Simplify Azure connect Connect your Azure Sphere devices quickly and easily to Azure IoT

© Microsoft Corporation SECURITY PRODUCTIVITY OPPORTUNITY Peace of mind Faster time to market The future is now Protect your products and customers Lower overhead and increase team Transform engagement your products and with our turnkey, 7 property security efficiency with tools that deliver customer strategies, and enable new solution that protects, detects and productivity and dramatically optimize revenue streams with connected crossover responds to threats dynamically so development and maintenance of your chips powerful enough to create next you’re always prepared. device and experiences. generation experiences.

Our goal is to give every customer the ability to transform their businesses, and the world at large, with connected solutions.

https://blogs.microsoft.com/iot/2018/04/04/microsoft-will-invest-5-billion-in-iot-heres-why The Internet of Things opportunity

80 billion connected “things” by 2025 - IDC

70% 180 zettabytes digital data by 2025 - IDC value enabled by IoT from B2B scenarios - McKinsey and Company $457 billion global IoT market by 2020 - Gartner Innovation at work – real IoT use cases

Auto

Public Safety Azure IoT Hero Portfolio

Microsoft’s vision is to democratize IoT by allowing everyone to access the benefits of IoT and provide the foundation for digital transformation

Fully managed SaaS Azure Azure IoT IoT Central Best used when you need to get started quickly Edge with minimal IoT experience

+ On-premises processing

Azure IoT Customizable PaaS Adds capacity to solution do local Best used when you need a lot of control over processing accelerators your IoT solution End-to-end implementation

Completely customizable

Open-source microservices based architecture

Device connectivity and management

Azure IoT solution Dashboards, visualization and insights accelerators Workflow automation and integration Command and control

Preconfigured solutions

Remote Monitoring Connected Factory

Predictive Maintenance Device Simulation Accelerate time to value

Start quickly for Finish with your IoT common IoT scenarios application

• Get started in minutes • Fine-tuned to specific assets and processes • Modify existing rules and alerts • Highly visual for your real-time operational data • Add your devices and begin tailor to your needs • Integrate with back-end systems Components of a preconfigured solution

Devices

Web App Active Directory

Back end Cosmos DB systems and Microservices processes MicroservicesMicroservices C# simulator Microservices IoT Hub Logic Apps

VM VMVM Orchestrator VM Azure ML Fully hosted and managed by Microsoft

No cloud development expertise required

Device connectivity and management

Azure IoT Central Monitoring rules and triggered actions

User roles and permissions

Analytics, dashboards and visualization

Risk-free trial with simplified pricing Builder Operator

Product Modeler Device management

Device settings Analytics & dashboards

Template Management Time-series Insights

Rules Workflows Alerts and actions

User and identity management Establish bi-directional communication with billions of IoT devices

Enhance security with per device authentication

Provision devices at scale w/ IoT Hub Device Azure IoT Hub Provisioning Service Manage devices at scale with device management

Multi-language and open source SDKs Azure IoT Hub

Bi-directional communication Enterprise scale and integration End-to-end security IoT Device Management Lifecycle

Replace or decommission Group devices and control devices after failure, upgrade access according to your cycle or service lifetime organization's needs Retire Plan

Monitor device inventory, health Securely authenticate devices, and security while providing Monitor Provision on-board for management proactive remediation of issues and provision for service

Configure

Provide updates, configuration and applications to assign the purpose of each device Azure IoT Hub Device Provisioning Service

Azure IoT Hub Device Provisioning Service Register and provision devices with zero-touch in a secure and scalable way

• Simple "plug and play” provisioning • Minimize manual connection requirements • Enhanced security through HSM • Global availability IoT scale time-series data store

Schema-less store, just send data

Easy IoT Hub connection Azure Time Series Insights

Store, query, and visualize billions of events

Get near real-time insights in seconds

Build apps using Time Series Insights APIs

Render maps and satellite imagery across many geographies

Integrate rich mapping visualizations into applications

Calculate routes from N to N points for optimal Azure Maps calculations

Convert places and addresses to coordinates; or, convert coordinates to addresses or cross streets

Show real time traffic information

Obtain time zone and current time information Location is at the heart of everything Accurate, real time geospatial data is fundamental to the digital transformation of a wide range of industries and use cases, among them…

Mobility Solutions Field Service Automotive

Internet of Logistics Web & Mobile Apps Things (IoT) Why use Azure Maps? Key reasons for customers to opt for Azure Maps for their geospatial needs

In-vehicle use Unrivalled traffic data 30+ languages licensing rights and commercial routing supported

Integrated into Custom data Enterprise Azure IoT visualizations scale Open platform that seamlessly connects things, endpoints, and the cloud

Commercial OS for IoT devices and a modern user experience

Supports the languages and frameworks you already know Windows 10 IoT Trusted platform for security and servicing of for cloud-connected devices

Bring power and capability to the edge

Enable a more nature user interface

• Azure Services & Management on-prem Azure Stack Azure Stack • Managed by Azure or Locally Core Subsystems

Visualize data and learnings

Provision and send data from Stream processing and device to cloud rules evaluation over data

Device Management

Store data Integrate with business processes

Things Insights Actions