As part of our ongoing relationship with and experience in the Microsoft IoT Accelerate Tier-1 partner program, we were able to get a firsthand briefing of the recently announced Azure Sphere device for quickly IoT enabling multitudes of devices. One example we have seen is Starbucks adding Azure Sphere devices to their blenders and coffee machines to remotely push firmware updates and eventually provide predictive analytics for early-warning failure detection.
During this briefing with the Azure Sphere team, there was a presentation about what Azure Sphere brings to the hardware side of the Azure IoT offering. Azure IoT already provides a scalable and flexible architecture with support for MQTT, Device Twins, Cloud-to-device and Device-to-cloud communications, Commands, and Jobs. However, the connection between the device and the cloud requires some careful design for security and much of it must be implemented from the device side.
Azure Sphere addresses the problem areas for security in hardware:
- Device Provisioning – the device ID can be pre-provisioned through the Device Provisioning Service in Azure, and the hardware can claim itself with a valid Azure login. Once provisioned, the device does not need any further user interaction to communicate with the cloud.
- Device Communication – the Azure Sphere Development Kit includes a Wi-Fi adapter. Once connected to a local network, the device will be able to perform Over the Air (OTA) updates and communicate with an IoT Hub in the cloud. All communications are encrypted with a signed X.509 certificate.
- Device Security – security is managed by not only securing the communications but also verifying the version and integrity of the running firmware. If the device detects a newer version of its OS or application code is available, it will automatically download it and update. If the device detects the running application has been tampered with or altered, it will revert to a signed and verified version.
Developing on Azure Sphere
Setting up the Azure Sphere Development Kit is as simple as connecting it via the provided USB cable to your Windows Development PC, installing the Azure Sphere SDK, then issuing commands using azsphere from the command line.
Some one-time setup is required to provision the Azure Sphere Tenant in your Azure Environment and upload the certificate extracted with azsphere to your Device Provisioning Service (DPS).
Since the device is designed for security, it is not normally possible to sideload your application onto the device or download it directly over Wi-fi. Furthermore, once the hardware detects a new invalid version, it would revert it with an OTA update or reset itself.
To enable development and debugging, you need to issue another azsphere command: azsphere device prep-debug. This disables OTA updating and permits sideloading. Now it is possible to download applications directly to the device and attach the Visual Studio Debugger.
More to come about working with Azure Sphere!
Stratus Innovations Group: Innovative Solutions for Manufacturers and Businesses
Stratus Innovations Group’s Intelligent Factory Solution Offering is a powerful tool that can give you deeper insight into your equipment’s health and maintenance needs. More importantly, it can communicate with machinery across a wide variety of platforms and protocols to increase safety and efficiency while mitigating downtime.
Downtime Costs Auto Industry $22k/Minute – Survey (2006, March 29). ATS. Retrieved from https://news.thomasnet.com/companystory/downtime-costs-auto-industry-22k-minute-survey-481017
IndustryWeek Custom Research (2016). The future of manufacturing: 2020 and beyond. NIST. Retrieved from https://www.nist.gov/sites/default/files/documents/2016/11/16/iw_kronos_research_report_2016.pdf
VansonBourne and ServiceMax. (2017). After the fall: The costs, causes, & consequences of unplanned downtime. Retrieved from https://lp.servicemax.com/rs/020-PCR-876/images/After%20The%20Fall%20whitepaper%20-%20updated%20global%20numbers%20FINAL%20refresh.pdf
The content provided here is for informational purposes only and should not be construed as legal advice on any subject.