Microsoft recently announced Azure Sphere, a platform designed to, according to the company, “secure and power the intelligent edge.” Above and beyond acting as a means for companies to lock down the IoT devices whose numbers are growing by the day, Azure Sphere acts as a proof point for the ways in which Linux and a cloud-assisted security broker model make sense for companies seeking to increasingly leverage IoT.
With IoT devices expanding in the billions, large organizations are looking for ways to trust IoT device security deployments through long life cycles to cut the costs while gaining control over a wide variety of possible IoT applications.
The Microsoft Azure Sphere ecosystem comes with a control plane that manages IoT endpoint security, app download, authentication and attestation. The IoT app data flow can be controlled from on-premises and/or cloud-based communications, and doesn’t require data flow routing through Azure Sphere.
According to Microsoft President Brad Smith, who announced the platform at the RSA 2018 Conference in San Francisco, micro controller units, or MCUs, will be integrated into the Microsoft Azure Sphere software platform via a specially crafted Microsoft distribution of the Linux operating system. The Linux Distribution is tailored to specific device combinations using Linux gcc compilers and Microsoft Visual Studio extensions (libraries) on target IoT devices.
The Azure Sphere security architecture permits Microsoft to act like a cloud-assisted security broker (CASB), controlling operating system updates, patches and fixes to IoT devices authenticated using a security certificate-based protocol and infrastructure. Security brokerage software is already popular in enterprise installations for its ability to serve as an authenticating and attesting gateway for access, updates, upgrades and more.
Azure Sphere-controlled devices could be embedded in IoT applications ranging from manufacturing sensors, logistics controllers, transactional data sensors, robotic devices and/or appliances of many kinds.
Microsoft partner MediaTek has produced an initial sample of the MCU, the System On A Chip/SoC MT3620 Platform. This prototyping platfom is based on the ARM Cortex-A7 CPU architecture, containing three user-accessible processor cores and a fourth isolated core that handles “secure boot” and “secure system operation,” according to MediaTek. An additional Andes RISC N9 core is dedicated to handling WiFi 802.11a/b/g/n dual band communication.
OS updates and app distribution for the IoT devices are delivered via certificate-based authentication from Microsoft, according to company documents. While app and OS updates come from Microsoft, app data and telemetry can be targeted to a developer’s choice of targets, including local/on-premises hosts/servers or through communications to cloud-based targets.
Smith has pledged support for devices through a 10-year update cycle. That’s longer than the usual length of support offered for other Linux distributions, and is seen as necessary to assure a long depreciation life for deployed IoT devices.
This is the first time Microsoft has released a Linux distribution for use in edge devices. Already popular on a wide variety of devices such as Raspberry Pi and other sub-tablet form factor devices, Linux has proven a popular development platform for the IoT marketplace, where device form factors range from tiny embedded single-chip systems to sophisticated platforms to a broad range of consumer devices.