Azure Sphere is a secured, high-level application platform with built-in communication and security features for internet-connected devices. It comprises a secured, connected, crossover microcontroller unit (MCU), a custom high-level Linux-based operating system (OS), and a cloud-based security service that provides continuous, renewable security.
The Azure Sphere MCU integrates real-time processing capabilities with the ability to run a high-level operating system. An Azure Sphere MCU, along with its operating system and application platform, enables the creation of secured, internet-connected devices that can be updated, controlled, monitored, and maintained remotely. A connected device that includes an Azure Sphere MCU, either alongside or in place of an existing MCU(s), provides enhanced security, productivity, and opportunity. For example:
- A secured application environment, authenticated connections, and opt-in use of peripherals minimizes security risks due to spoofing, rogue software, or denial of service attacks, among others.
- Software updates can be automatically deployed from the cloud to any connected device to fix problems, provide new functionality, or counter emerging methods of attack, thus enhancing the productivity of support personnel.
- Product usage data can be reported to the cloud over a secured connection to help in diagnosing problems and designing new products, thus increasing the opportunity for product service, positive customer interactions, and future development.
The Azure Sphere Security Service is an integral aspect of Azure Sphere. Using this service, Azure Sphere MCUs safely and securely connect to the cloud and web. The service ensures that the device boots only with an authorized version of genuine, approved software. In addition, it provides a secured channel through which Microsoft can automatically download and install OS updates to deployed devices in the field to mitigate security issues. Neither manufacturer nor end-user intervention is required, thus closing a common security hole.
How it Work
To understand how Azure Sphere works in a real-world setting, consider this scenario.
Contoso, Ltd., is a white-goods product manufacturer who embeds an Azure Sphere MCU into its dishwashers. The DW100 dishwasher couples the MCU with several sensors and an onboard high-level application that runs on the Azure Sphere MCU. The application communicates with the Azure Sphere Security Service and with Contoso’s cloud services. The following diagram illustrates this scenario:
Contoso network-connected dishwashers
Starting from the top left and moving clockwise:
- Microsoft releases updates for the Sphere OS through the AzureSphere Security Service.
- Contoso product engineering releases updates to its DW100 application through the Azure Sphere Security Service.
- The Sphere Security Service securely deploys the updated OS and the Contoso DW100 application software to the dishwashers at end-user locations.
- Contoso dishwasher support communicates with the Sphere Security Service to determine which version of the AzureSphere software and the DW100 application software should be running on each end-user device and to glean any error-reporting data that has been reported to the service. Contoso dishwasher support also communicates with the Contoso cloud service for additional information.
- Contoso cloud services support applications for troubleshooting, data analysis, and customer interaction. Contoso’s cloud services may be hosted by Microsoft Azure, by another vendor’s cloud service, or by Contoso’s own cloud.
- Contoso DW100 models at end-user locations download updated OS and application software over their connection to the Azure Sphere Security Service. They can also communicate with Contoso’s cloud service application to report additional data.
For example, sensors on the dishwasher might monitor water temperature, drying temperature, and rinse agent level and upload this data to Contoso’s cloud services, where a cloud service application analyzes it for potential problems. If the drying temperature seems unusually hot or cool—which might indicate a failing part—Contoso runs diagnostics remotely and notifies the customer that repairs are needed. If the dishwasher is under warranty, the cloud service application might also ensure that the customer’s local repair shop has the replacement part, thus reducing maintenance visits and inventory requirements. Similarly, if the rinse agent is low, the dishwasher might signal the customer to purchase more rinse agent directly from the manufacturer.
All communications take place over secured, authenticated connections. Contoso support and engineering personnel can visualize data by using the AzureSphere Security Service, Microsoft Azure features, or a Contoso-specific cloud service application. Contoso might also provide customer-facing web and mobile applications, with which dishwasher owners can request service, monitor dishwasher resource usage, or otherwise interact with the company.
Using AzureSphere deployment tools, Contoso targets each application software update to the appropriate dishwasher model, and the AzureSphere Security Service distributes the software updates to the correct devices. Only signed and verified software updates can be installed on the dishwashers.
Thanks for reading. If you like this post probably you might like my next ones, so please support me by subscribing my blog.