In April 2018, nearly two years ago, Microsoft announced Azure Sphere, a program to better secure the 41.6 billion internet for things (IoT) devices expected to be connected to the internet by 2025. Now, following a lengthy preview, the tech giant is this week launching Azure Sphere in general availability.
Eligible customers will be able to sign up in the coming days. Azure Sphere doesn’t have ongoing fees associated with it, but there’s a one-time cost for a chip (as little as less than $8.65) that includes access to all of Sphere’s components, plus OS updates for the lifetime of the chip. Alternatively, developers can license Visual Studio and Microsoft’s Azure IoT services to develop apps for Sphere “more efficiently, according to Azure IoT CVP Sam George.
“We live in an increasingly connected world,” added George, who noted last year that Microsoft’s Azure IoT software-as-a-service (SaaS) suite grew nearly 150% year-over-year from 2018 to 2019 and gained over 100 new features. “At Microsoft, we are committed to providing a trusted, easy-to-use platform that allows our customers and partners to build seamless, smart, and secure solutions regardless of where they are in their IoT journey.”
For the uninitiated, Azure Sphere is a high-level software-as-a-service (SaaS) platform with built-in communication features for cross-industry IoT devices. It comprises integrated hardware built around a secured silicon chip; the Azure Sphere OS, a custom Linux-based operating system; and the Azure Sphere Security Service, a cloud-based service that provides continuous security.
The Azure Sphere OS runs on Azure Sphere-certified chips and connects to the Azure Sphere Security Service, and it’s designed to provide a platform for IoT app development — including both high-level and real-time capable apps. It’s the first operating system running a Linux kernel and the second Unix-like operating system that Microsoft has publicly released, interestingly, the other being the decades-old and discontinued Xenix.
Azure Sphere-certified chips and hardware support two implementations: greenfield and brownfield. Greenfield involves designing and building IoT devices with a supported (and optionally cellular-enabled) chip produced or soon-to-be-produced by MediaTek, NXP, and Qualcomm. As for brownfield, it calls for an Azure Sphere “guardian” device — the bulk of which are produced by Avnet and AI-Link — to connect existing hardware to the internet.
Azure Sphere hardware is available in several configurations, including Wi-Fi modules, development kits and dev boards (from partners like Seeed Studios and USI), and the aforementioned guardian. Speaking of, the guardian module — which doesn’t directly connect to networks — is a peripheral with a built-in Azure Sphere-certified chip that runs the Azure Sphere OS and the Azure Sphere Security Service, both of which can be configured via a Wi-Fi or Ethernet connection.
A core component of Azure Sphere is the above-mentioned Security Service, a cloud-based service that enables maintenance, updates, and control for Azure Sphere-certified chips. It establishes a connection between devices and the internet and various ancillary cloud services and ensures secure boot, authenticating device identity, integrity, and root of trust while certifying the device is running a vetted codebase. The Azure Sphere Security Service additionally provides the channel by which Microsoft automatically downloads and installs Azure Sphere OS updates and app updates across deployed devices.
At the hardware level, complementing the Security Service, there’s Pluton. It’s a Microsoft-designed security subsystem that implements root of trust for Azure Sphere via a combination of techniques:
- A custom-designed security processor core
- Cryptographic engines
- A hardware-based random number generator
- A public and private key generator
- Asymmetric and symmetric encryption
- An elliptic curve digital signature algorithm verification for secure boot
- Measured boot in silicon to support remote attestation with a cloud service
- Various tampering counter-measures
App development on Azure Sphere OS is relatively straightforward. Using the Azure Sphere SDK for Linux or Windows and samples and solutions open-sourced on GitHub, developers can deploy apps that make use of peripherals on Azure Sphere-certified chips. The apps in question run atop a primary processor core with access to external networking or a lower-powered core as a real-time capable app, with real-time capable apps running either on bare metal or with a real-time operating system, and they can be distributed to Azure Sphere devices through the same mechanism as Azure Sphere OS updates.
Of course, development isn’t confined to Azure. The chips work with other public, private, and hybrid cloud environments including Amazon Web Services and Google Cloud, which no doubt appealed to Azure Sphere’s early adopters.
Here’s a few of them:
- Microsoft’s own datacenter team tapped Azure Sphere guardian modules to connect equipment and systems for the first time and build new systems.
- Qiio developed an Azure Sphere-based IoT deployment solution that combines hardware, cellular connectivity, and cloud services.
- Vitamix incorporated Azure Sphere into its IoT Module, a retrofit device that allows users to remotely program Vitamix blenders.
- Elettrone is in the process of building an Azure Sphere energy monitoring solution to reduce waste in commercial and residential properties.
- Starbucks partnered with Microsoft to deploy Azure Sphere across its existing equipment in stores globally using guardian modules.
- Gojo, the brand behind Purell, plans to integrate Azure Sphere with motion detectors and connected dispensers in healthcare facilities.
- Leoni, which develops cable systems for the automotive sector and other industries, uses Azure Sphere with integrated sensors to actively monitor cable conditions, creating intelligent and connected cable systems.
Microsoft in IoT
In 2018, Microsoft committed $5 billion to intelligent edge innovation by 2022 (an uptick from the $1.5 billion it spent prior to 2018) and pledged to grow its IoT partner ecosystem to over 10,000. It’s borne fruit in Azure IoT Central, a cloud service that enables customers to quickly provision and deploy IoT apps, and IoT Plug and Play, which provides devices that work with a range of off-the-shelf solutions. Microsoft’s investment has also bolstered Azure Sphere; Azure Security Center, its unified cloud and edge security suite; and Azure IoT Edge, which distributes cloud intelligence to run in isolation on IoT devices directly.
Microsoft has competition in Google’s Cloud IoT, a set of tools that connect, process, store, and analyze edge device data. Not to be outdone, Amazon Web Services’ IoT Device Management tracks, monitors, and manages fleets of devices running a range of operating systems and software. And Baidu’s OpenEdge offers a range of IoT edge computing boards and a cloud-based management suite to manage edge nodes, edge apps, and resources such as certification, password, and program code.
But the Seattle company has ramped up its buildout efforts as of late, most recently with the acquisition of Express Logic, a San Diego, California-based developer of real-time operating systems (RTOS) for IoT and edge devices powered by microcontroller units. Separately, it’s partnered with companies like DJI, SAP, PTC, Qualcomm, and Carnegie Mellon University for IoT and edge app development.