The Internet-of-Things was one of the big hypes in 2015 but it’s more than that – Customers want to build out their own infrastructures and act on their data.
Today we’ll look at how Microsoft Azure helps us to build scalable solutions to process events from thousands of devices in a secure manner and the challenges it has. Once the data is in the cloud we’ll also take a look at ways we can learn from our measurements.
4. 25 BILLION
Connected “things”
will be in use by 2020
Gartner
$7.2 TRILLION
worldwide market for IoT solutions
by 2020
IDC: Worldwide and Regional Internet of Things (IoT) 2014–2020 Forecast
5. Platform Services
Infrastructure Services
Web Apps
Mobile
Apps
API
Management
API Apps
Logic Apps
Notification
Hubs
Content
Delivery
Network (CDN)
Media
Services
BizTalk
Services
Hybrid
Connections
Service Bus
Storage
Queues
Hybrid
Operations
Backup
StorSimple
Azure Site
Recovery
Import/Export
SQL
Database
DocumentDB
Redis
Cache
Azure
Search
Storage
Tables
Data
Warehouse Azure AD
Health Monitoring
AD Privileged
Identity
Management
Operational
Analytics
Cloud
Services
Batch
RemoteApp
Service
Fabric
Visual Studio
App
Insights
Azure
SDK
VS Online
Domain Services
HDInsight Machine
Learning
Stream
Analytics
Data
Factory
Event
Hubs
Mobile
Engagement
Data
Lake
IoT Hub
Data
Catalog
Security &
Management
Azure Active
Directory
Multi-Factor
Authentication
Automation
Portal
Key Vault
Store/
Marketplace
VM Image Gallery
& VM Depot
Azure AD
B2C
Scheduler
12. • High scale telemetry ingestion service
• Ingres of millions of events per second
• HTTP/AMQP protocol support
• Each Event Hub supports
• Uses a data log-approach
13. Send over HTTPS/AMQP
Never expose an enpoint on the device for callbacks
Close all ports that are not required
Follow the Service Assisted Communication pattern
16. • Bi-directional device <-> cloud
• Up to 10 million devices
• Device Management
• Protocol Support
• Operations Monitoring
17. • Endpoints for devices
• Endpoints for cloud-components
• Device Management
IoT Hub
Device id
C2D queue
endpoint
D2C send
endpoint
Device …
Device …
Device …
D2C receive
endpoint
C2D send endpoint
IoT Hub
management
Send time-limited commands to devices
Assign a time-to-live (TLL) to your commands so that offline
devices don’t perform actions while it’s no longer needed
18. Send over HTTPS/AMQP
Physically lock down your device
This avoids tampering with your devices or installing other software
Encrypt device storage
This avoids potential information disclosure when hard drive is stolen
21. Provision device XYZ
Activation Key ABC
Provision API
Securely store your credentials & keys
Burn it into the silicone or use a TPM if possible
Device ID Connection Status Device State Auth Key
<Generated ID> Disconnected Inactive <Auth Key>
22. Activate device XYZ
Activation Key ABC
Provision API
Securely store your credentials & keys
Burn it into the silicone or use a TPM if possible
Gets device-specific auth key
Device ID Connection Status Device State Auth Key
<Generated ID> Disconnected Active <Auth Key>
45. • Service Assisted Communication by Clemens Vasters
• Best Practices for Creating IoT Solutions with Azure
(//BUILD/ 2015)
• Official Azure documentation about Security
46. • Cloud Design Patterns: Prescriptive Architecture
Guidance for Cloud Applications by Microsoft
Patterns & Practices
• Mastering Azure Analytics by Zoiner Tejada
• I <3 Logs by Jah Kreps
48. • Think Big, Start Small
• Think about Device Management from the start
• Know the limits and design around them
• Build security from the ground up