azure sphere - easdam.blob.core.windows.net · new azure sphere os secured by microsoft for the...
TRANSCRIPT
Azure Sphere为智能边缘保驾护航
施 佳 物联网解决方案架构师 微软(中国)周书洋 物联网工程师 Seeed
2019年3月19日 北京
9 BILLION new MCU devices
built and deployed every year
The microcontroller (MCU)
a low-cost, single chip computer
MPU
MCU
The MPU in your PC is 100x to 1000xmore powerful than the MCU in your fridge.
© Microsoft Corporation
Connected devices create profoundly
better customer experiences.
How does a consumer know the compressor
in their fridge needs to be replaced?
Option 1
Melted ice cream
Option 2
Predictive maintenance
Connected MCUs will change your customer relationships
© Microsoft Corporation
Observations on October 21, 2016 Botnet Attack
And, expose your business to unequalled risks…
Device security is a socioeconomic concern
Day 1 the attack is Technology headline in NY Times
Day 2 the attack is Politics headline
The attack exploited well-understood weaknesses
Weak common passwords, no early detection, no remote
update, etc.
Future attacks could be much larger
This attack was small; just 100k devices
Imagine a 100M-device attack
Future attacks could create huge liability exposure
Hackers could ”brick” an entire product line in a day
Actuating devices could cause property damage or loss
of life
© Microsoft Corporation
Highly-secured connected devices require 7 properties
Hardware
Root of Trust
Is your device’s identity
and software integrity
secured by hardware?
Defense
in Depth
Does your device remain
protected if a security
mechanism is defeated?
Small Trusted
Computing Base
Is your device’s TCB
protected from bugs in
other code?
Dynamic
Compartments
Can your device’s
security protections
improve after
deployment?
Certificate-Based
Authentication
Does your device use
certificates instead
of passwords for
authentication?
Failure
Reporting
Does your device
report back about
failures and
anomalies?
Does your
device’s software
update
automatically?
Renewable
Security
= Silicon support required = OS support required = Cloud Service support required https://aka.ms/7properties
© Microsoft Corporation
New Azure Sphere certified MCUs,
from silicon partners, with built-in
Microsoft security technology provide
connectivity and a dependable
hardware root of trust.
New Azure Sphere OS secured by
Microsoft for the devices 10-year
lifetime to create a trustworthy
platform for new IoT experiences
The Azure Sphere Security Service guards
every Azure Sphere device; it brokers trust
for device-to-device and device-to-cloud
communication, detects emerging threats,
and renews device security.
Azure Sphere is an end-to-end solution for
securing MCU powered devices
© Microsoft Corporation
Multiplexed I/O
SPII2CUARTI2STDMPWMGPIO ADC
ARMCortex-M
for real time processing
S E C U R E D with built-in Microsoft silicon security technology including the Pluton Security Subsystem
C RO S S O V E R Cortex-A processing powerbrought to MCUs for the first time
CO N N E C T E D with built-in networking
Azure Sphere certified MCUs create a secured root of trust for connected, intelligence edge devices
CO N N E C T E D with built-in networking
S E C U R E D with built-in Microsoft silicon
security technology including the Pluton
Security Subsystem
C RO S S O V E R Cortex-A processing power
brought to MCUs for the first time
Network ConnectionWiFi in first chips
FLASH ≥ 4MB
SRAM≥ 4MB
ARM Cortex-Aoptimized for
low power
Firewall
MicrosoftPlutonSecurity
Subsystem
Firewall
Firewall
Firewall
Firewall
Firewall
© Microsoft Corporation
Our Silicon Partners
© Microsoft Corporation
Azure Sphere OS Architecture
App Containers for POSIX (on Cortex-A)
App Containers for
I/O (on Cortex-Ms)
On-chip Cloud Services
HLOS Kernel
Security Monitor
Azure Sphere certified MCUs
OS Layer 4
OS Layer 3
OS Layer 2
OS Layer 1
Hardware
The Azure Sphere OS is optimized for IoT, Security and MCU agility
On-chip Cloud Services
Provide update, authentication, and connectivity
Custom Linux kernel
Empowers agile silicon evolution and reuse of code
Security Monitor
Guards integrity and access to critical resources
Secure Application Sandboxes
Compartmentalize code for agility, robustness & security
© Microsoft Corporation
The Azure Sphere Security Service connects and protects every Azure Sphere device
Protects your devices and your customers with
certificate-based authentication of all communication
Detects emerging security threats through
automated processing of on-device failures
Responds to threats with fully automated
on-device updates of OS
Allows for easy deployment of software updates to
Azure Sphere powered devices
© Microsoft Corporation
Simplify development
Focus your device development effort
on the value you want to create
Streamline debugging
Experience interactive, context-aware
debugging across device and cloud
Collaborate across your team
Apply tool-assisted collaboration across
your entire development organization
Simplify Azure connect
Connect your Azure Sphere devices
quickly and easily to Azure IoT
Modernize MCU development with Azure Sphere and Visual Studio
Azure Sphere MCU and Module Application Scenarios*
Add connectivity to
existing or new devices by
wiring simple sensing,
control and HMI to a
Azure Sphere module.
Product PCB
Azure Sphere
module
Azure
Sphere
Sensor
s
Contro
l
HMI†
Use a Azure Sphere MCU to
implement all the on-device
logic and provide
connectivity.
Product PCB
Sensor
s
Contro
l
HMI†
Upgrade existing devices
by adding a Azure Sphere
module to existing MCU,
connected by serial, SPI
etc.
Product PCB
MCU
Azure Sphere
module
* Hybrid combinations possible † HMI: human-machine interface
Product PCB
MCUUse a Azure Sphere MCU
to provide connectivity in
conjunction with an
application-specific MCU.
Azure
SphereAzure
Sphere
Azure
Sphere
Azure Sphere开发工具及服务
© Microsoft Corporation© Microsoft Corporation
MT3620 Development Board for Azure Sphere
产品介绍:
开发板基于联发科的MT3620 MCU 设计,预烧录了Azure
Sphere 操作系统,配备Azure Sphere 安全服务。可以使用
这个开发板,参考完整的使用指引,体验Azure Sphere 的开
发过程,这是你的第一步。
— 全球第一款支持Azure Sphere 的开发工具包
规格:
• 1 x ARM Cortex-A7 + 2 x ARM Cortex-M4F
• 支持 GPIO, I2C, SPI, UART
• WiFi 802.11 b/g/n
• CE, FCC, MIC
A Microsoft solution for creating highly secured, connected MCU-powered devices to help you reimagine your business, drive innovation, and delight customers
Azure Sphere
a global partner of Microsoft Azure Sphere ecosystem
Learn More At
azure.microsoft.comwww.ilinkthings.com/Microsoft
© Microsoft Corporation© Microsoft Corporation
MT3620 Mini Development Board
产品介绍:
为了让开发者有更好的开发体验,新开发版基于爱联科技的
WF-M620-RSC1 模组设计,预烧录了Azure Sphere 操作
系统,配备Azure Sphere 安全服务。更轻,更便宜,更适合
用来开发商业化产品,缩短了基于Azure Sphere 产品化的路
径。
—更适合用来开发商业化产品的Azure Sphere开发板
与第一代开发板比对:
• 新的form factor 更方便做功能扩展
• 体积更小,更便宜,更适合用来开发商业化产品
价格及上市时间:
• $34.9
• 2019年3月19日开启预售
© Microsoft Corporation© Microsoft Corporation
MT3620 Grove BreakoutMT3620 Ethernet Shield Seeed Grove Starter Kit
开发工具配件
Demo环节
Demo环节
© Microsoft Corporation© Microsoft Corporation
硬件定制服务案例介绍: 安全的数据收发器
— 该案例的应用领域是智能零售。 客户需要远程监控与更新无法联网的设备。 Seeed 基于AzureSphere 做了一个安全的数据收发器,客户可远程实时读取设备的数据,同时远程遥控设备,例如为设备更新软件。
Seeed 服务:
产品规格:
• 硬件设计• 结构件与ID 设计• 固件设计• 批量生产
• 支持Wi-Fi 与 Ethernet• 防水外壳• 支持 RTC• 支持OTA 与失效报警
为客户带来的价值:• 人工成本的节省• 效率的提升
Seeed介绍
从 IT 到 IoT 的鸿沟
信息技术 物联网
过程复杂
技能要求高且更多样
多元装置:万物皆联装置单纯:pc与手机端
技能要求高
垂直应用
Sensors传感器
输入输出 显示
环境 机器人
动态测试 通讯
套件 其他
Grove体系目前共有300+个传感器模块
Communications通讯最新的通讯协议与连接
更多…
WIFI 蓝牙 蜂窝移动数据 LoRa 其他
Gateway网关应用从工业级到物联网端、人工智能、语音和视觉
Software and Cloud软件与云端与行业巨头战略合作
微控制器/物联网端 中央处理器/网关 云
Intel
mra
a
矽递服务架构-从原型到批量交付的一站式完整硬件服务
物联网定制解决方案(开发,生产,交付)
1700百万硬件,销往209个国家
700+ 个生产项目每个月通过Fusion服务产生的工程样品数8k
100+
© 2018 Microsoft Corporation. All rights reserved.
非常感谢!
© 2019 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to
changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date
of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.