building a better mousetrapfiles.informatandm.com/uploads/2018/10/building_a... · building a...
TRANSCRIPT
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
Building a Better Mousetrap:Deploying and Managing IoT Solutions for ITPros
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
Anthony BartoloSr. Cloud Advocate
Microsoft
New monetization avenues due to IoT-related services
Companies that increased revenue as a result of IoT implementation
Average increase in operating income (avg. 8%) among the most digitally transformed enterprises
p
p
p
Data +
intelligence
Optimize
operations
Transform
products
Engage
customers
Empower
employees
Connected “things” by 2025 generating 180ZB of data
p
Developing an IoT solution can be challenging
TimeMany IoT solutions require months to set up.
ComplexityIoT requires numerous skill sets.
CostHeavy up-front investments as well as maintenance can be cost-prohibitive.
SecurityIoT poses unique security, privacy, and compliance challenges.
ActionsThings Insights
A Simple View of an IoT Solution
ActionsThings Insights
… and why IoT needs Ops support
Updating devicesProvisioning
devices
Device updates
Data storage
Cold path analytics
Warm path analytics
Hot path analytics
On device analytics
Securing data
Business process integration
Solution scale
High availability
Disaster recovery
Transport protocols
Cost managementOperations monitoring
Device lifecycle
Data ownership
Data visualization
Cloud-to-devicecommands
< ---- End-to-End Security ---- >
Industry and government compliance
Enterprise integration
Device recovery
Internationalization
HW certification Manufacturing scale
Deployment
Drivers
Device commercialization
A more realistic view…
What could go wrong?
Auto
Business Decision Maker(BDM)
Developer(Dev)
Operations(IT / Ops)
The Essential Relationship
MouseTrappGetting that mouse, out of your house, eh!
Anthony Bartolo | Jef King | Julien Stroheker | Susan Ibach | Barry Gervin
Opportunity
• Rats and mice spread over 35 diseases
• Traps are monitored by regular visitations requiring time & mileage
• Traps can be empty resulting in wasted resources
• Business owners can become frustrated if traps are not cleaned out regularly
• Business’ potential customers may stay away if vermin reported
• Industry Statistics & Market Size• Revenue $12B | Annual Growth 3.1%
• PaaS Services used for easy Scale-out , Reliable “Always On” SLA, and low cost of maintenance.
• Services loosely coupled together so the architecture is flexible to future enhancements & maintenance.
SQL DatabaseIOT Hub
Streaming Analytics
PowerBI
PowerBI
Cordova App
Future
Raspberry PiWireless Sensor(s)
Test Data Generator
Solution Technical Overview
• PowerShell : Drive deployment
• Cordova: cross platform
• GitHub: dev in the open
• VSTS: Build, Package, Release
• Dacpac: database schema
• Raspberry Pi: Windows 10 IoT, UWP, Mousetrap
• Azure: IoT Hub, SQL Azure, Machine Learning, Stream Analytics, Blob/Table storage, Web Jobs
• Reporting: PowerBi
• C#: Web Job (Data Generation – Testing Component)
Solution Components
Solution Technical Overview
Registration Configuration Provisioning
What is provisioning?
device DPSIoT hub
5. Connects
1. Asks for hub 2. Creates ID
4. Returns hub
3. Returns ID
High level provisioning
Devices
Back end
systems and
processesEvent Hub
Storage blobs DocumentDB
Web/
Mobile App
Stream
Analytics
Logic AppsIoT Hub Web Jobs
* Azure ML
Power BI
Provisioning happens here
Quick orientation
Device Provisioning ServiceAutomate device provisioning at scale and eliminate security threats from manual handling
X X XXIoT Solution US IoT Solution Germany IoT Solution China
Connection Security
X.509/TLS-Based Handshake and Encryption
Device Security
X.509 Certificate Based Identity and Attestation
Device Provisioning, Authorization & Management
Support for Diverse Hardware Secure Modules
Securely connect millions of devices… …over a secure internet connection……to Microsoft Azure – built with security
from the ground up
Cloud Security
Azure Security Center | Azure Active Directory
Key Vault | Policy-Based Access Control
Authentication Attestation Access Controls
1 Share Access Secrets (SAS) Tokens Shared Access Key- Permission based
- Role based
- Action based
- Per device
granularity
2 Certificate Based Mutual Authentication Certificate Thumbprint
3 Certificate Based Mutual Authentication Certificate Authority
IoT HubDevice
Connection Security
X.509/TLS-Based Handshake and Encryption
9 BILLION new MCU devices built and deployed every year.
Terrorists Ignite Thousands of House Fires with Hacked Stoves
From: HackersTo: ConsumerSubject: Your Fridge
We control your fridge.Send us $5 in bitcoin or else…
No manufacturer wants to make insecure devices
Does your
device security
get smarter
over time?
report back use certificates respond
automatically
updating
protect
1 2 3 4 5
Are your devices secure?
Hackers attack casino
Hardware
Root of Trust
Defense
in Depth
Small Trusted
Computing Base
Dynamic
Compartments
Certificate-Based
Authentication
Failure
Reporting
Renewable
Security
Highly-secured connected devices require 7 properties
Azure Sphere
certified MCUs
The Azure
Sphere OS
The Azure Sphere
Security Service
Azure Sphere is an end-to-end solution for securing MCU powered devices
Azure Sphere certified MCUs, from silicon partners, with built-in Microsoft
security technology provide connectivity and a
dependable hardware root of trust.
The Azure Sphere OS secured by Microsoft for the devices 10-year
lifetime to create a trustworthy platform for
new IoT experiences
The Azure Sphere Security Service guards every Azure Sphere device; it brokers trust
for device-to-device and device-to-cloud
communication, detects emerging threats, and
renews device security.
Azure Sphere is open
Open to any MCU manufacturer
We are licensing our Pluton security subsystem
royalty free for use in any chip*
Open to any cloud
Azure Sphere devices are free to connect to Azure
or any other cloud, proprietary or public for
application data
Open to any innovation
MCU manufacturers are free to innovate with our
GPL’d OSS Linux kernel code base
* Azure Sphere branding requires an Azure Sphere chip with Azure Sphere OS
and Azure Sphere Security Service
Edge
intelligence
Cloud offload
Rich device
functionalitySecurity update control,
lifecycle management, device
managementLong-life hardware, long-term OS
support, security updates
https://aka.ms/MSLearnIoT
• https://aka.ms/ITiotschool
• Intro to IoT Hub
• Device management with Azure IoT Hub
• Device provisioning with Azure IoT Hub
• Getting Started with Azure Sphere
• https://aka.ms/AzureSphereIOT
• Internet of Things Show
• https://aka.ms/ITiotshow
https://aka.ms/mousetrap
Next Steps
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
Thank you!
Questions?