azure sphere - easdam.blob.core.windows.net · new azure sphere os secured by microsoft for the...

Azure Sphere为智能边缘保驾护航

施佳物联网解决方案架构师微软（中国）周书洋物联网工程师 Seeed

2019年3月19日北京

9 BILLION new MCU devices

built and deployed every year

The microcontroller (MCU)

a low-cost, single chip computer

MPU

MCU

The MPU in your PC is 100x to 1000xmore powerful than the MCU in your fridge.

© Microsoft Corporation

Connected devices create profoundly

better customer experiences.

How does a consumer know the compressor

in their fridge needs to be replaced?

Option 1

Melted ice cream

Option 2

Predictive maintenance

Connected MCUs will change your customer relationships


Observations on October 21, 2016 Botnet Attack

And, expose your business to unequalled risks…

Device security is a socioeconomic concern

Day 1 the attack is Technology headline in NY Times

Day 2 the attack is Politics headline

The attack exploited well-understood weaknesses

Weak common passwords, no early detection, no remote

update, etc.

Future attacks could be much larger

This attack was small; just 100k devices

Imagine a 100M-device attack

Future attacks could create huge liability exposure

Hackers could ”brick” an entire product line in a day

Actuating devices could cause property damage or loss

of life


Highly-secured connected devices require 7 properties

Hardware

Root of Trust

Is your device’s identity

and software integrity

secured by hardware?

Defense

in Depth

Does your device remain

protected if a security

mechanism is defeated?

Small Trusted

Computing Base

Is your device’s TCB

protected from bugs in

other code?

Dynamic

Compartments

Can your device’s

security protections

improve after

deployment?

Certificate-Based

Authentication

Does your device use

certificates instead

of passwords for

authentication?

Failure

Reporting

Does your device

report back about

failures and

anomalies?

Does your

device’s software

update

automatically?

Renewable

Security

= Silicon support required = OS support required = Cloud Service support required https://aka.ms/7properties


New Azure Sphere certified MCUs,

from silicon partners, with built-in

Microsoft security technology provide

connectivity and a dependable

hardware root of trust.

New Azure Sphere OS secured by

Microsoft for the devices 10-year

lifetime to create a trustworthy

platform for new IoT experiences

The Azure Sphere Security Service guards

every Azure Sphere device; it brokers trust

for device-to-device and device-to-cloud

communication, detects emerging threats,

and renews device security.

Azure Sphere is an end-to-end solution for

securing MCU powered devices


Multiplexed I/O

SPII2CUARTI2STDMPWMGPIO ADC

ARMCortex-M

for real time processing

S E C U R E D with built-in Microsoft silicon security technology including the Pluton Security Subsystem

C RO S S O V E R Cortex-A processing powerbrought to MCUs for the first time

CO N N E C T E D with built-in networking

Azure Sphere certified MCUs create a secured root of trust for connected, intelligence edge devices

CO N N E C T E D with built-in networking

S E C U R E D with built-in Microsoft silicon

security technology including the Pluton

Security Subsystem

C RO S S O V E R Cortex-A processing power

brought to MCUs for the first time

Network ConnectionWiFi in first chips

FLASH ≥ 4MB

SRAM≥ 4MB

ARM Cortex-Aoptimized for

low power

Firewall

MicrosoftPlutonSecurity

Subsystem

Firewall

Firewall

Firewall

Firewall

Firewall


Our Silicon Partners


Azure Sphere OS Architecture

App Containers for POSIX (on Cortex-A)

App Containers for

I/O (on Cortex-Ms)

On-chip Cloud Services

HLOS Kernel

Security Monitor

Azure Sphere certified MCUs

OS Layer 4

OS Layer 3

OS Layer 2

OS Layer 1

Hardware

The Azure Sphere OS is optimized for IoT, Security and MCU agility

On-chip Cloud Services

Provide update, authentication, and connectivity

Custom Linux kernel

Empowers agile silicon evolution and reuse of code

Security Monitor

Guards integrity and access to critical resources

Secure Application Sandboxes

Compartmentalize code for agility, robustness & security


The Azure Sphere Security Service connects and protects every Azure Sphere device

Protects your devices and your customers with

certificate-based authentication of all communication

Detects emerging security threats through

automated processing of on-device failures

Responds to threats with fully automated

on-device updates of OS

Allows for easy deployment of software updates to

Azure Sphere powered devices


Simplify development

Focus your device development effort

on the value you want to create

Streamline debugging

Experience interactive, context-aware

debugging across device and cloud

Collaborate across your team

Apply tool-assisted collaboration across

your entire development organization

Simplify Azure connect

Connect your Azure Sphere devices

quickly and easily to Azure IoT

Modernize MCU development with Azure Sphere and Visual Studio

Azure Sphere MCU and Module Application Scenarios*

Add connectivity to

existing or new devices by

wiring simple sensing,

control and HMI to a

Azure Sphere module.

Product PCB

Azure Sphere

module

Azure

Sphere

Sensor

s

Contro

l

HMI†

Use a Azure Sphere MCU to

implement all the on-device

logic and provide

connectivity.

Product PCB

Sensor

s

Contro

l

HMI†

Upgrade existing devices

by adding a Azure Sphere

module to existing MCU,

connected by serial, SPI

etc.

Product PCB

MCU

Azure Sphere

module

* Hybrid combinations possible † HMI: human-machine interface

Product PCB

MCUUse a Azure Sphere MCU

to provide connectivity in

conjunction with an

application-specific MCU.

Azure

SphereAzure

Sphere

Azure

Sphere

Azure Sphere开发工具及服务

© Microsoft Corporation© Microsoft Corporation

MT3620 Development Board for Azure Sphere

产品介绍:

开发板基于联发科的MT3620 MCU 设计，预烧录了Azure

Sphere 操作系统，配备Azure Sphere 安全服务。可以使用

这个开发板，参考完整的使用指引，体验Azure Sphere 的开

发过程，这是你的第一步。

— 全球第一款支持Azure Sphere 的开发工具包

规格:

• 1 x ARM Cortex-A7 + 2 x ARM Cortex-M4F

• 支持 GPIO, I2C, SPI, UART

• WiFi 802.11 b/g/n

• CE, FCC, MIC

A Microsoft solution for creating highly secured, connected MCU-powered devices to help you reimagine your business, drive innovation, and delight customers

Azure Sphere

a global partner of Microsoft Azure Sphere ecosystem

Learn More At

azure.microsoft.comwww.ilinkthings.com/Microsoft


MT3620 Mini Development Board

产品介绍:

为了让开发者有更好的开发体验，新开发版基于爱联科技的

WF-M620-RSC1 模组设计，预烧录了Azure Sphere 操作

系统，配备Azure Sphere 安全服务。更轻，更便宜，更适合

用来开发商业化产品，缩短了基于Azure Sphere 产品化的路

径。

—更适合用来开发商业化产品的Azure Sphere开发板

与第一代开发板比对:

• 新的form factor 更方便做功能扩展

• 体积更小，更便宜，更适合用来开发商业化产品

价格及上市时间:

• $34.9

• 2019年3月19日开启预售


MT3620 Grove BreakoutMT3620 Ethernet Shield Seeed Grove Starter Kit

开发工具配件

Demo环节


硬件定制服务案例介绍: 安全的数据收发器

— 该案例的应用领域是智能零售。客户需要远程监控与更新无法联网的设备。 Seeed 基于AzureSphere 做了一个安全的数据收发器，客户可远程实时读取设备的数据，同时远程遥控设备，例如为设备更新软件。

Seeed 服务:

产品规格:

• 硬件设计• 结构件与ID 设计• 固件设计• 批量生产

• 支持Wi-Fi 与 Ethernet• 防水外壳• 支持 RTC• 支持OTA 与失效报警

为客户带来的价值:• 人工成本的节省• 效率的提升

Seeed介绍

从 IT 到 IoT 的鸿沟

信息技术物联网

过程复杂

技能要求高且更多样

多元装置：万物皆联装置单纯：pc与手机端

技能要求高

垂直应用

Sensors传感器

输入输出显示

环境机器人

动态测试通讯

套件其他

Grove体系目前共有300+个传感器模块

Communications通讯最新的通讯协议与连接

更多…

WIFI 蓝牙蜂窝移动数据 LoRa 其他

Gateway网关应用从工业级到物联网端、人工智能、语音和视觉

Software and Cloud软件与云端与行业巨头战略合作

微控制器／物联网端中央处理器／网关云

Intel

mra

a

矽递服务架构－从原型到批量交付的一站式完整硬件服务

物联网定制解决方案（开发，生产，交付）

1700百万硬件，销往209个国家

700+ 个生产项目每个月通过Fusion服务产生的工程样品数8k

100+

© 2019 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to

changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date

of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

azure sphere - easdam.blob.core.windows.net · new azure sphere os secured by microsoft for the...

Documents