Microsoft Azure is a cloud-based IaaS (infrastructure as a service) that has technically been around since 2008, and provides nearly two dozen categories of specific services. The cloud-based IaaS market has generally been dominated by AWS (Amazon Web Services) for a number of years.
However, Microsoft announced Azure Sphere in May 2018, and it has reached general public availability with hardware and software ready for customers to use. Azure Sphere is Microsoft’s “defence-in-depth” IoT platform that utilizes a combination of software, hardware, and cloud-based technology to protect IoT devices and the networks they belong to.
Microsoft has been really pushing a “cloud-first” business strategy and focusing on IoT-specific features that have been increasing the platform’s popularity recently.
In this article, we’re going to take a look at what exactly Microsoft Azure does for the IoT sphere.
What are key features of Microsoft Azure related to IoT?
For starters, Microsoft Azure offers machine learning to developers for deploying algorithms and a marketplace for off-the-shelf APIs. This has largely been useful in the past for Azure customers, including for example the deployment of SQL server databases and integrating counters to monitor server performance.
With a large variety of devices from many different manufacturers supported (see the Azure certified for IoT device catalog), and prototyping available for devices such as the Raspberry Pi or MXChip IoT Devkit, both of which support various sensors.
Microsoft provides open-source Device SDKs for building apps to be deployed on IoT devices, and the SDK generally helps to accelerate IoT solution development. Furthermore, Microsoft provides certified chips for IoT devices that are developed by hardware partners, as well as a custom-built Linux OS for those chips called Azure Sphere OS.
For security, Microsoft runs the Azure Sphere Security Service from its own data centers, which gather data on the security status of IoT devices and will automatically provide updates to those devices, as well as a dedicated Azure Sphere security team that helps to identify and contain security threats to IoT devices.
Interestingly, Microsoft uses its own Windows Update Service model for Azure Sphere, which can provide updates to “billions of devices, globally, per hour”. And Azure Sphere devices will receive over 10 years of update support from Microsoft, including security patches and OS updates.
What powers Microsoft Azure IoT?
Microsoft closely worked with MediaTek to address seven properties that are required of all networked devices. Those seven properties are:
- Establishing a hardware-based root of trust.
- Having a small computing base.
- Certificate-based authentication
- Security renewal
- Failure reporting
One of the main goals Microsoft wanted was for IoT devices to have unique, hardware-based identities, using private keys that are inaccessible to the software. So IoT devices should remain protected, even if there is a software-level breach, a concept that Microsoft based on their Xbox gaming console. Instead of using passwords, Microsoft uses signed certificates and cryptographic keys.
Driving Azure Sphere is a hardened Arm-based microcontroller, which Microsoft designed to deliver those seven properties mentioned above. What this basically does is ensure all customers using Azure Sphere are using the same security model.
The first public Microsoft and Linux brainchild
Azure Sphere is actually Microsoft’s first public offering of a Linux-based operating system, and it is entirely intended to enhance the security of IoT devices. Furthermore, Azure Sphere provides a custom kernel and software that are intended for wider distribution.
Microsoft provides all of the libraries that developers need to access the Sphere microcontroller hardware for networking, storage, and communication. There is no general-purpose file access or shell, so Microsoft’s libraries are the only way to interact with the hardware, which enhances overall security.
In other words, developers can only interact with their IoT devices through the Azure Sphere service, or through debugging services on a device that is connected to the developer’s PC. Apps are built in C via the Azure Sphere SDK, which supports either Visual Studio or Visual Studio Code. However, for developers that absolutely prefer Linux, Ubuntu 18.04+ does support Visual Studio Code and can use command-line tools that are bundled with the Azure SDK. You can also develop either high-level apps, or low-level real time code.
All in all, there are much deeper technical possibilities that Microsoft Azure provides, so much that we can’t possibly write about them in general summary, so it’s really best to head over to the Microsoft Azure documentation and get a more in-depth look into what the entire system and SDK is capable of.