Twitter: @DittmannAxel
Waves of
innovation
Cloud
Globally available, unlimited compute
resources
IoT
Harnessing signals from sensors and devices,
managed centrally by the cloud
Edge
Intelligence offloaded from the cloud to IoT
devices
AI
Breakthrough intelligence capabilities
42Azure
regions
Trusted
Intelligent
Hybrid
Productive
announced
Security Program
for Azure IoT
Matchmaking with IoT
security auditors
Azure IoT Hub
Device Mgmt.
Cross platform and fully
extensible at scale
Azure IoT
Edge
Offload cloud intelligence
to IoT devices
Azure IoT
Device Catalog
Easily discover Azure IoT
compatible devices
Azure IoT Hub
Routing
Simple, powerful,
declarative
Recent Innovations
Security
Partnerships
/DICE
Secure hardware
attestation for
constrained devices
Azure IoT Hub
Device
Provisioning Svc.
Cross platform and fully
extensible at scale
OPC-UA
Adapters
Complex event
processing on Azure IoT
Gateway SDK
Azure Time Series
Insights
Fully managed Time
Series Store and UX
Azure IoT Suite
Connected
factory
Pre-configured Solution
for Insights from OPC
installations
Azure Time Series
Insights
Azure Machine
Learning
Azure Stream
Analytics
Cosmos DB Azure Data Lake
Azure Data Lake
Analytics
Azure HD Insight
Azure Event Hubs
Microsoft Flow
Azure Logic Apps
Notification Hubs
Azure Websites
Microsoft Power
BI
Azure Active
Directory
Azure IoT Hub
Azure IoT Hub Device
Provisioning Service
Azure IoT Edge
Azure Monitor
PaaSServices&
DeviceSupport
Edge SupportDevice Support
Azure IoT Device
SDK
Certified Devices
Azure Certified
for IoT
Security Program
for Azure IoT
IoT Services Data & Analytics Services Visualization & Integration Services
PaaSSaaS Microsoft IoT Central
IoT SaaS
Remote Monitoring Predictive Maintenance Connected factory
Windows 10 IoT
Core
Azure IoT Suite
Comprehensive Set of Capabilities for IoT SolutionsSolutionsServices
Business ConnectivityData Processing, Analytics and ManagementDevice Connectivity and Management
Low power
devices
Existing IoT
devices
IoT Client
Solution UX
Stream Processors
Analytics &
Machine Learning
Business
IntegrationGateway
Storage
App Backend
IoT Edge
Personal
mobile
devices
IP capable
devices
IoT Client
Business
systems
Data Path
Optional solution component
Azure IoT solution component
Azure IoT Reference Architecture
Device Metadata
Intelligence and Interaction* (HoloLens, Cortana, etc)
Custom
Protocol
Gateway
(Cloud
Service, VM)
Cloud Gateway
Existing Flow
JVM/ Azure Container Service
Device provisioning
SOLUTIONS THINGS INSIGHTS ACTIONSBuild Connect Manage
Cloud
Gateway Insights ActionsThings
IoT Pattern + Edge
Azure IoT Hub
Insights Actions
Azure IoT Edge IoT Hub
Devices
Local Storage
Azure Machine
Learning
(Container)
Container
Management
• Offline / Synchronized Device Twins
• Local Storage
• Container Management
• Local “IoT Hub”
• HA/DR, Cloud Dev/Test Support
• Container based workloads
• Azure Functions
• Azure Stream Analytics
• Azure Machine Learning
• Cognitive Services
Device
Twin
Device
Twin
Azure Stream
Analytics
(Container)
Azure Functions
(Container)
Cognitive Services
(Container)
Custom Code
(Container)
Module
Twin
Module
Twin
Module
Twin
Module
Twin
Module
Twin
Module
Twin
Module
Twin
Module
Twin
Module
Twin
Module
TwinModule
Twin
Module
Twin
Module
Twin
Module
Twin
Device
Twin
Module
Twin
Module
Twin
Module
Twin
Module
Twin
Device
Twin
Edge
Hub
PLAN
PROVISION
CONFIGURE
MONITOR
RETIRE
Group devices and control access
according to your organization's
needs
Securely authenticate devices,
on-board for management, and
provision for service
Provide updates, configuration, and applications
to assign the purpose of each device
Monitor device inventory,
health and security while
providing proactive
remediation of issues
Replace or decommission devices
after failure, upgrade cycle or
service lifetime
IoT device lifecycle
Azure IoT Hub Device Provisioning Service
IoT Hub 1
IoT Hub 2
Device A
Device B
IoT Hub Device
Provisioning
Service
Device A Information
Device B Information
Customer
3rd Party
Authority
Devices Azure
3rd Party
Device
Attestation
Services
▪ Solve device provisioning & operationalization at scale
▪ Enable 3rd party hardware attestation services
▪ Static, Dynamic/Runtime and Geo-Shard to IoT Hub
IoT device
Device twin
Methods
Properties
Desired
Reported
Azure IoT Hub device management
IoT Hub
Device twin
Tags
Methods
Telemetry
Properties
Desired
Reported
Telemetry
channel
Cloud-owned,
device visible
Device-owned,
cloud visible
Cloud-only,
device metadata
Cloud-initiated C2D
with response
Commands
Cloud-initiated C2D
message
SaaS
SaaS and Paas – a quick way to digitize
Customized
SaaSSaaS
Features
Features IOT Central
(public preview)
IOT Central: Connect a dog in less than 5 min
Try the Microsoft IoT Central application
Device
Dashboard
Platform independent
Protocol independent
Discovery & Browse
Extensible Information Model
Encryption, Validation & Authentication
Open Source
>50M machines WW, >500 members
Azure IoT Suite Connected Factory Architecture
IoT Hub
VM
Linux VM (with multiple assembly lines)
Web App hosting
Solution Dashboard &
OPC UA Client
OPC UA Server
OPC UA Server
OPC UA Server
IoT Edge with
OPC Proxy &
OPC Publisher
Modules
MES
Simulation
(OPC UA Client)
Telemetry path
Browse, Command
& Control path
Time Series Insights
1. Softing
2. Unified Automation
3. Hewlett Packard Enterprise
4. Kepware
5. Cisco
6. Beckhoff
7. Moxa
8. Advantech
9. Nexcom
10. Prosys OPC
11. New: Matrikon
12. New: Kontron
13. New: Hilscher
OPC UA Gateway Partners
Azure Time Series Insights
Get near real-time insights
in seconds
Azure Time Series Insights is a fully managed analytics, storage, and visualization service that
makes it incredibly simple to explore and analyze billions of events simultaneously.
Start in seconds, scale in
minutes
Create a global view of your
IoT-scale data
Build apps using Time Series
Insights APIs
Store, query and visualize
billions of events
Query response in seconds.
Ingest 100’s of millions of
sensor events per day
Schema-less store, just send
data
No coding required to start
Easy event source
connection
Compare disparate data
Share data with domain
experts
Add multiple event sources
REST query API exposed
Build custom applications
Allows multi-tenant.
scenarios for external
applications
What Microsoft brings to the table
Azure Everywhere
workshops delivered by
Microsoft partners
Business Case
development support
Hands-on experience
with Hackathon
Architecture design
session
Microsoft IoT Lab
PR and Marketing
cooperation
The Seven Properties of Highly Secure Devices:
Hardware-based
Root of Trust
Unforgeable cryptographic key generated and protected by hardware.
Does the device have an unforgeable identity, inseparable from the hardware?
Small Trusted
Computing Base
Security enforcement features protected from other hardware and software.
Is most of the device’s software outside the device’s trusted computing base?
Defense in Depth
Multiple countermeasures mitigate the consequences of any one successful attack.
Is the device still protected if the security of one layer of device software is breached?
Compartmentalization
Internal barriers limit the reach of any single failure.
Can a compromised software sub-component be reset & restarted independently?
Certificate-based
Authentication
Trust brokered using signed certificates, proven by unforgeable cryptographic keys.
Does the device use certificates instead of passwords for authentication?
Renewable Security
Device security renewed to overcome evolving threats and security breaches.
Is the device’s software updated automatically?
Failure Reporting
Device failures automatically reported to cloud-based failure analysis system.
Does the device report failures to its creator?
= Cloud Service support required.= OS support required.= Silicon support required.
techcommunity.microsoft.com
aka.ms/ts/frankfurt
BRK2122 IOT - From the cloud to the edge

BRK2122 IOT - From the cloud to the edge

  • 2.
  • 3.
    Waves of innovation Cloud Globally available,unlimited compute resources IoT Harnessing signals from sensors and devices, managed centrally by the cloud Edge Intelligence offloaded from the cloud to IoT devices AI Breakthrough intelligence capabilities
  • 4.
  • 5.
    Security Program for AzureIoT Matchmaking with IoT security auditors Azure IoT Hub Device Mgmt. Cross platform and fully extensible at scale Azure IoT Edge Offload cloud intelligence to IoT devices Azure IoT Device Catalog Easily discover Azure IoT compatible devices Azure IoT Hub Routing Simple, powerful, declarative Recent Innovations Security Partnerships /DICE Secure hardware attestation for constrained devices Azure IoT Hub Device Provisioning Svc. Cross platform and fully extensible at scale OPC-UA Adapters Complex event processing on Azure IoT Gateway SDK Azure Time Series Insights Fully managed Time Series Store and UX Azure IoT Suite Connected factory Pre-configured Solution for Insights from OPC installations
  • 6.
    Azure Time Series Insights AzureMachine Learning Azure Stream Analytics Cosmos DB Azure Data Lake Azure Data Lake Analytics Azure HD Insight Azure Event Hubs Microsoft Flow Azure Logic Apps Notification Hubs Azure Websites Microsoft Power BI Azure Active Directory Azure IoT Hub Azure IoT Hub Device Provisioning Service Azure IoT Edge Azure Monitor PaaSServices& DeviceSupport Edge SupportDevice Support Azure IoT Device SDK Certified Devices Azure Certified for IoT Security Program for Azure IoT IoT Services Data & Analytics Services Visualization & Integration Services PaaSSaaS Microsoft IoT Central IoT SaaS Remote Monitoring Predictive Maintenance Connected factory Windows 10 IoT Core Azure IoT Suite Comprehensive Set of Capabilities for IoT SolutionsSolutionsServices
  • 7.
    Business ConnectivityData Processing,Analytics and ManagementDevice Connectivity and Management Low power devices Existing IoT devices IoT Client Solution UX Stream Processors Analytics & Machine Learning Business IntegrationGateway Storage App Backend IoT Edge Personal mobile devices IP capable devices IoT Client Business systems Data Path Optional solution component Azure IoT solution component Azure IoT Reference Architecture Device Metadata Intelligence and Interaction* (HoloLens, Cortana, etc) Custom Protocol Gateway (Cloud Service, VM) Cloud Gateway Existing Flow JVM/ Azure Container Service Device provisioning
  • 8.
    SOLUTIONS THINGS INSIGHTSACTIONSBuild Connect Manage Cloud Gateway Insights ActionsThings IoT Pattern + Edge Azure IoT Hub Insights Actions
  • 9.
    Azure IoT EdgeIoT Hub Devices Local Storage Azure Machine Learning (Container) Container Management • Offline / Synchronized Device Twins • Local Storage • Container Management • Local “IoT Hub” • HA/DR, Cloud Dev/Test Support • Container based workloads • Azure Functions • Azure Stream Analytics • Azure Machine Learning • Cognitive Services Device Twin Device Twin Azure Stream Analytics (Container) Azure Functions (Container) Cognitive Services (Container) Custom Code (Container) Module Twin Module Twin Module Twin Module Twin Module Twin Module Twin Module Twin Module Twin Module Twin Module TwinModule Twin Module Twin Module Twin Module Twin Device Twin Module Twin Module Twin Module Twin Module Twin Device Twin Edge Hub
  • 10.
    PLAN PROVISION CONFIGURE MONITOR RETIRE Group devices andcontrol access according to your organization's needs Securely authenticate devices, on-board for management, and provision for service Provide updates, configuration, and applications to assign the purpose of each device Monitor device inventory, health and security while providing proactive remediation of issues Replace or decommission devices after failure, upgrade cycle or service lifetime IoT device lifecycle
  • 11.
    Azure IoT HubDevice Provisioning Service IoT Hub 1 IoT Hub 2 Device A Device B IoT Hub Device Provisioning Service Device A Information Device B Information Customer 3rd Party Authority Devices Azure 3rd Party Device Attestation Services ▪ Solve device provisioning & operationalization at scale ▪ Enable 3rd party hardware attestation services ▪ Static, Dynamic/Runtime and Geo-Shard to IoT Hub
  • 12.
    IoT device Device twin Methods Properties Desired Reported AzureIoT Hub device management IoT Hub Device twin Tags Methods Telemetry Properties Desired Reported Telemetry channel Cloud-owned, device visible Device-owned, cloud visible Cloud-only, device metadata Cloud-initiated C2D with response Commands Cloud-initiated C2D message
  • 13.
    SaaS SaaS and Paas– a quick way to digitize Customized SaaSSaaS
  • 14.
  • 15.
    IOT Central: Connecta dog in less than 5 min Try the Microsoft IoT Central application
  • 16.
  • 17.
    Platform independent Protocol independent Discovery& Browse Extensible Information Model Encryption, Validation & Authentication Open Source >50M machines WW, >500 members
  • 18.
    Azure IoT SuiteConnected Factory Architecture IoT Hub VM Linux VM (with multiple assembly lines) Web App hosting Solution Dashboard & OPC UA Client OPC UA Server OPC UA Server OPC UA Server IoT Edge with OPC Proxy & OPC Publisher Modules MES Simulation (OPC UA Client) Telemetry path Browse, Command & Control path Time Series Insights
  • 19.
    1. Softing 2. UnifiedAutomation 3. Hewlett Packard Enterprise 4. Kepware 5. Cisco 6. Beckhoff 7. Moxa 8. Advantech 9. Nexcom 10. Prosys OPC 11. New: Matrikon 12. New: Kontron 13. New: Hilscher OPC UA Gateway Partners
  • 20.
    Azure Time SeriesInsights Get near real-time insights in seconds Azure Time Series Insights is a fully managed analytics, storage, and visualization service that makes it incredibly simple to explore and analyze billions of events simultaneously. Start in seconds, scale in minutes Create a global view of your IoT-scale data Build apps using Time Series Insights APIs Store, query and visualize billions of events Query response in seconds. Ingest 100’s of millions of sensor events per day Schema-less store, just send data No coding required to start Easy event source connection Compare disparate data Share data with domain experts Add multiple event sources REST query API exposed Build custom applications Allows multi-tenant. scenarios for external applications
  • 21.
    What Microsoft bringsto the table Azure Everywhere workshops delivered by Microsoft partners Business Case development support Hands-on experience with Hackathon Architecture design session Microsoft IoT Lab PR and Marketing cooperation
  • 22.
    The Seven Propertiesof Highly Secure Devices: Hardware-based Root of Trust Unforgeable cryptographic key generated and protected by hardware. Does the device have an unforgeable identity, inseparable from the hardware? Small Trusted Computing Base Security enforcement features protected from other hardware and software. Is most of the device’s software outside the device’s trusted computing base? Defense in Depth Multiple countermeasures mitigate the consequences of any one successful attack. Is the device still protected if the security of one layer of device software is breached? Compartmentalization Internal barriers limit the reach of any single failure. Can a compromised software sub-component be reset & restarted independently? Certificate-based Authentication Trust brokered using signed certificates, proven by unforgeable cryptographic keys. Does the device use certificates instead of passwords for authentication? Renewable Security Device security renewed to overcome evolving threats and security breaches. Is the device’s software updated automatically? Failure Reporting Device failures automatically reported to cloud-based failure analysis system. Does the device report failures to its creator? = Cloud Service support required.= OS support required.= Silicon support required.
  • 23.
  • 24.