With a focus on manufacturing at the recent Hannover Fair, Microsoft unveiled extensions of its Azure IoT Suite related to security, on-premise capabi
With a focus on manufacturing at the recent Hannover Fair, Microsoft unveiled extensions of its Azure IoT Suite related to security, on-premise capabilities, time series data storage and more.
Following on from an announcement it made earlier in the month about investing $5 billion in Internet of Things (IoT) technologies over the next four years, at the Hannover Fair, Microsoft unveiled the latest of what it’s been working on—and still working on, in many cases—for the manufacturing sector.
“IoT solutions are pretty complex—connecting to and managing devices, storage systems, cloud gateways for managing devices, integration services,” commented Sam George, partner director for Azure Internet of Things at Microsoft. “We have several major areas of focus, but the biggest area of focus is on simplifying IoT for our customers.”
Central to the latest announcements around Microsoft’s Azure IoT Suite are bringing Azure IoT Hub to Azure Stack, which extends the Azure cloud environment to on-premise environments; an automatic discovery service for its Connected Factory; long-term archival of time series data; and a preview of Azure Sphere, which brings industrial-grade security to edge devices.
Automatic device discovery
A preconfigured IoT solution that Microsoft has based on the OPC UA interoperability standard is Connected Factory, which the company unveiled at Hannover Fair last year. This year at Hannover, they brought out components to simplify onboarding and securing industrial assets—including OPC Twin and Global Discovery Server, which automatically detect, register and perform a security audit on industrial assets.
This solves one of the harder parts of creating a connected factory, according to George. “Even though we have this preconfigured solution, it still had to know what devices to connect to, which took time,” he said. “Using this approach, it’s really plug and play. It can auto-discover all the machines that are running on it.”
With OPC Twin and Global Discovery Server integrated into Connected Factory, operators are no longer required to manually exchange OPC UA certificates for each client and server on the factory floor. Instead, they can manage the security settings on a global scale using a cloud-based interface, saving time and also enhancing security. OPC Twin also allows operators to securely interact with each OPC UA asset in their factory from the Azure cloud.
Microsoft takes an active role in the OPC Foundation, and has increased its participation in the working groups. “We’re the No. 1 contributor of open source code to OPC by a factory of 10,” George said. “This Global Discovery Server is a great example of one we’ve given to the community.”
Microsoft recognizes the importance of a holistic approach to IoT security—robust enough to handle system complexity throughout the IoT ecosystem. In fact, part of the company’s $5 billion IoT investment is geared toward significantly improving IoT security.
This is where Azure Sphere comes in, focused on securing the microcontrollers (MCUs) that will be ever-present in the billions of connected assets in industrial manufacturing. Launched at the RSA security conference in San Francisco and previewed at Hannover, Azure Sphere is a platform for securing and powering the MCUs at the edge. It builds security into the chip’s silicon and provides five times the processing power of traditional MCUs. It also includes a highly secure operating system (OS) designed for IoT applications, plus a turnkey cloud security service that will monitor and detect threats, and automatically update security protocols.
“This is a project that we started four years ago,” George said. “When you look forward to the 20 billion devices that we expect are going to be connected to the Internet in 2020, somewhere on the order of 15 billion of those are going to be tiny devices like microprocessors.” That microprocessor landscape hasn’t changed a lot in the past couple years with regard to security and productivity, he added.
Azure Sphere builds on Microsoft’s seven properties of highly secure devices: a hardware-based root of trust, small trusted computing base, defense in depth, compartmentalization, certificate-based authentication, renewable security and failure reporting. What George described as a “very novel approach to securing microcontrollers,” Azure Sphere is made up of three main components: the MCUs themselves, the OS and the security service.
The Azure Sphere certified MCUs combine real-time and application processors with built-in Microsoft security technology and connectivity. Each chip includes custom silicon security technology inspired by Microsoft’s Xbox experience and learnings.
Microsoft is not in the business of making chips, but instead provides the IP freely to manufacturers for this new class of microprocessors. The first Azure Sphere chip will be the MediaTek MT3620, but there are about 10 other manufacturers that Microsoft will be announcing.
The defense-in-depth Azure Sphere OS provides multiple layers of security. It combines security innovations pioneered in Windows, a security monitor, and a custom Linux kernel to create a highly secured software environment and a trustworthy platform for IoT.
Azure Sphere Security Service is a turnkey cloud service that monitors all the Azure Sphere devices. It also brokers trust using renewable certificates, George noted, enabling a device to trust adjacent devices that it might be communicating with. The system detects emerging security threats across the entire Azure Sphere ecosystem through online failure reporting.
As part of its commitment to security, Microsoft has been working with the Industrial Internet Consortium (IIC) to create a Security Maturity Model. “It’s sort of the first comprehensive cyber-physical security model,” George explained.
Industrial companies need a better way to understand how to work toward their security goals. “We need a common language to talk about security,” George added. “Protecting a smart doorbell is a little different than protecting a nuclear power plant.”
The IIC recently introduced the Security Maturity Model through a whitepaper, and will provide more technical guidance in the coming months.
On-premise cloud capabilities
Whether because of concerns about the security of their data, limited connectivity or other reasons, industrial companies have been pushing Microsoft for more on-premise capabilities. So Microsoft is also working on bringing Azure IoT Hub and IoT Hub Device Provisioning Service to Azure Stack, which extends the company’s Azure cloud platform to on-premises environments.
“In general, we’re seeing an increased adoption of cloud. They’re realizing that cloud is a more secure place, no question,” George said. “What we’re seeing, though, particularly in manufacturing, a lot of remaining customers still want to run it on premises. And they’re really demanding offerings. We’re a big believer in meeting customers where they are.”
Some good use cases for disconnected cloud solutions come from oil and gas drilling platforms and cruise ships, George noted. “Connectivity is very slow if at all,” he said. “But they still want the benefit of the cloud.”
This development will enable operators to deploy and manage their IoT devices as well as collect and process real-time data within their facility. Azure Stack will enable IoT scenarios with intermittent connectivity, disconnected operations for remote sites, and applications that cannot send data to the public cloud because of regulatory requirements.
Customers also have the option of connecting Azure Stack to Azure for hybrid systems; they could benefit from the local capabilities of Azure Stack, while obtaining a global view across multiple instances or performing advanced analytics in the Azure cloud at scale.
Broadened time series insights
Time series data—data taken at intervals from sensor readings—has traditionally been difficult to store, analyze and visualize. Microsoft built Azure Time Series Insights (TSI) to visually find insights into that time series data.
“A large amount of data in IoT comes in in time series fashion,” George said. “There’s a lot of insight to be gained from that time series data.”
Microsoft is planning an update to TSI to reduce storage costs and also allow operations teams to easily uncover long-term trends. “We wanted it to not only be optimized and highly performant,” George said, “but also be able to support long-term archival.” This will enable operations, for example, to look over a 10-year horizon to find patterns in the data, he added.
With the updates, manufacturers will be able to move their times series data to an IoT cloud platform where the information can be more securely stored and managed. This will lower storage costs and help achieve the long-term insights.