Wait! Exclusive 60 day trial to the world's largest digital library.
The SlideShare family just got bigger. You now have unlimited* access to books, audiobooks, magazines, and more from Scribd.
Cancel anytime.More Related Content
Related Books
Free with a 30 day trial from Scribd
TechDays NL 2016 - Building your scalable secure IoT Solution on Azure
- 1. • Tom Kerkhove • You can find me
- 2. 25 BILLION Connected “things” will be in use by 2020 Gartner $7.2 TRILLION worldwide market for IoT solutions by 2020 IDC: Worldwide and Regional Internet of Things (IoT) 2014–2020 Forecast
- 3. Platform Services Infrastructure Services Web Apps Mobile Apps API Management API Apps Logic Apps Notification Hubs Content Delivery Network (CDN) Media Services BizTalk Services Hybrid Connections Service Bus Storage Queues Hybrid Operations Backup StorSimple Azure Site Recovery Import/Export SQL Database DocumentDB Redis Cache Azure Search Storage Tables Data Warehouse Azure AD Health Monitoring AD Privileged Identity Management Operational Analytics Cloud Services Batch RemoteApp Service Fabric Visual Studio App Insights Azure SDK VS Online Domain Services HDInsight Machine Learning Stream Analytics Data Factory Event Hubs Mobile Engagement Data Lake IoT Hub Data Catalog Security & Management Azure Active Directory Multi-Factor Authentication Automation Portal Key Vault Store/ Marketplace VM Image Gallery & VM Depot Azure AD B2C Scheduler
- 4. HTTP POST /api/event?sensorId=123 Cloud Gateway
- 5. HTTPS POST /api/event?sensorId=123 Securely store your credentials & keys Use a Trusted Platform Model (TPM) if possible
- 6. • High scale telemetry ingestion service • Ingres of millions of events per second • HTTP/AMQP protocol support • Each Event Hub supports • Uses a data log-approach
- 7. Send over HTTPS/AMQP Never expose an enpoint on the device for callbacks Close all ports that are not required Follow the Service Assisted Communication pattern
- 8. Send over HTTPS/AMQP
- 9. • How will the devices connect?
- 10. • Bi-directional device <-> cloud • Up to 10 million devices • Device Management • Protocol Support • Operations Monitoring
- 11. • Endpoints for devices • Endpoints for cloud-components • Device Management IoT Hub Device id C2D queue endpoint D2C send endpoint Device … Device … Device … D2C receive endpoint C2D send endpoint IoT Hub management Send time-limited commands to devices Assign a time-to-live (TLL) to your commands so that offline devices don’t perform actions while it’s no longer needed
- 12. Send over HTTPS/AMQP Physically lock down your device This avoids tampering with your devices or installing other software Encrypt device storage This avoids potential information disclosure when hard drive is stolen
- 13. Send over HTTPS/AMQP
- 14. Provision device XYZ Activation Key ABC Provision API Securely store your credentials & keys Burn it into the silicone or use a TPM if possible Device ID Connection Status Device State Auth Key <Generated ID> Disconnected Inactive <Auth Key>
- 15. Activate device XYZ Activation Key ABC Provision API Securely store your credentials & keys Burn it into the silicone or use a TPM if possible Gets device-specific auth key Device ID Connection Status Device State Auth Key <Generated ID> Disconnected Active <Auth Key>
- 16. Command: Update Blob Storage SAS URI App v2 App v1
- 17. Hot Data Warm Data Cold Data Archived Data
- 18. Near-Real-Time Processing Azure Stream Analytics Batch Processing Azure Data Lake HDInsights / Analytics Custom Processing Machine Learning
- 19. IoT Hub Table Storage Document DbEvent Hubs Data Lake StoreBlob Storage(Elastic) SQL Database SQL Data Warehouse
- 20. • Protect your data at rest, it’s free of charge! • Protect your privates • Only secure what needs to be secured
- 21. • Understand how services store your data • Replicate mission critical data to a different region
- 22. • Enabling replication in Azure • Only want to replicate a subset?
- 23. • Keep track of all your data sources with Azure Data Catalog
- 24. Move & transform you data with Azure Data Factory
- 25. • No high-level overview of your components in Azure • Document your data sets • Do this from the start
- 26. 40
- 27. • Explore the Pre-Configured Solutions https://azureiotsuite.com https://gallery.cortanaintelligence.com
- 28. MyDriving Reference Implementation
- 29. Microsoft Azure IoT Reference Architecture
- 30. • Service Assisted Communication by Clemens Vasters • Best Practices for Creating IoT Solutions with Azure (//BUILD/ 2015) • Official Azure documentation about Security
- 31. • Cloud Design Patterns: Prescriptive Architecture Guidance for Cloud Applications by Microsoft Patterns & Practices • Mastering Azure Analytics by Zoiner Tejada • I <3 Logs by Jah Kreps
- 32. 47
- 33. • Think Big, Start Small • Think about Device Management from the start • Know the limits and design around them • Build security from the ground up
- 34. 49
- 35. 50