In an earlier blog we introduced you to the Azure Sphere’s journey so far – from a problem statement to a cutting edge commercial offering. Let us take a closer look at key components of the Azure Sphere offering.
Azure Sphere certified MCU is a MediaTek MT3620 AN. By purchasing one Azure Sphere SKU of this model, you get the following components and licenses:
- A Certified MCUs – MediaTek MT3620 AN with the chip license (perpetual)
- Operating System and Software – OS updates till July 2031
- Security Service – security updates till July 2031- Continued support for certificate-based authentication, device failure reporting and OEM software (firmware, drivers) software updates post July 2031
Let us understand each component in detail
MCU with Azure Sphere Certified Chip and Associated Chip License
These units have Microsoft Pluton subsystem that is responsible for securely booting the processors that run the high-level applications as well as real-time workloads on the connected asset. Along with its in-silicon security infrastructure, Azure Sphere chips support connectivity through diverse protocols and multiplexing I/O options.
For processing the high-level applications (often built using Visual Studio for Azure Sphere), Microsoft Security Monitor workloads and real-time applications, memory provisions (RAM and flash) have been made.
Operating System and Software
High level edge applications that are developed (often using Visual Studio for Sphere) are containerized and executed in the application runtime. This runtime is supported by OS services for network authenticated data traffic, interfacing with external PC during application development for debugging. Custom Linux kernel packs drivers for peripheral based I/O and communication while hardware security is managed by Security monitor – both of which run in supervisor mode. This component also enables side-loading i.e. loading software or an update during development or debugging phase of application lifecycle using Azure Sphere CLI (command line interface).
The software bundle in the Azure sphere contains a software development kit (SDK) for building and managing applications on edge devices. This SDK can independently be used for developing applications or with a Visual Studio extension that enables developing and deploying applications on the Visual Studio IDE.
Security Service
It features state-of-the-art security resources ranging from on-chip and in-cloud (MS Azure or private cloud) certificate-based authentication of device and tampering countermeasures. This subsystem also delivers cloud-enabled system software updates (OS and firmware) ensuring continued device operations for best performance. Another key component is a failure reporting mechanism that provides failure log data which can be used by downstream systems for detailed analysis and visualization for actionable insights.
This service manifests as a cloud-based entity called Azure Sphere tenant. Its primary functions are
- Claim the device i.e. take ownership and group under an organization – this is a one time, immutable activity
- Communicates with deployed devices under management for maintenance, security, update and control
Adopting Azure Sphere across diverse use cases and development lifecycle stages
Azure Sphere is available in various configurations for accelerated adoption and deployment in industrial and commercial use cases.
- Development kits, popularly known as DEV Boards – These are instrumental as quick-start kits during initial stages of the product development lifecycle for iteratively testing possible design options, debugging system and application software algorithms with ease using on-board LEDs and buttons. These should get you through till a working conceptual prototype is built and specifications are finalized.
- Modules for newly connected assets – Once device prototypes are finalized, companies embark on designing devices for developing and deploying at scale with connectivity as part of ‘greenfield’ projects. These Azure Sphere modules feature state of the art edge compute infrastructure with robust application development platform leveraging Azure Sphere SDK and Visual Studio.
With a production-ready communication subsystem and end-to-end managed security, these modules drastically reduce the time to market of connected products. These modules aim to provide integrated functionality and ensure regulatory certifications for a wide range of industry-specific use cases.
- Guardian modules for connecting existing asset networks – Often thought of as ‘brownfield’ initiatives where assets’ native functionality and compute resources are limited for deploying and executing intelligent application footprints. These modules are often plugged into the ‘legacy’ equipment using existing peripheral technology to augment the basic equipment functionality with connectivity and intelligence. These devices then connect to the internet through Wi-Fi to enable remote device monitoring, over the air updates and cloud-based data management. The underlying equipment remains isolated from the internet, with a guardian module doing all the heavy-lifting for secure connectivity and device health monitoring.
Azure Sphere with its cloud security, MCU and high-level OS provides a ready to use platform to build connected IoT solutions. eInfochips is a Microsoft Productivity Gold Partner, we have extensive experience in building connected devices using Azure services like Azure Sphere and Azure IoT hub. For more information, on building connected IoT solutions, please contact us today.