Monat: März 2019

Guardian modules: Bringing Azure Sphere security to brownfield IoT

When someone mentions the words “Internet of Things,” often the first picture that comes to mind is some sort of device with the Internet “built-in.” However, a built-in design involves months or years of design work and applies only to devices that have yet to come to market. How do businesses leverage IoT for the billions of devices already in the field without creating a large security risk? Within the Azure Sphere team, we have a term for those scenarios that is called “brownfield” deployments.  Josh Nash, our product planner, is guest blogging today to tell you more about brownfield IoT and how Azure Sphere can safely connect devices already deployed in the field.

Happy reading!

– Ed Nightingale

As a product planner, I have spent thousands of hours meeting with partners and customers to understand their needs to ensure that our product is not only secured, but also practical and useful. Our first focus is often on new devices, which are devices that have Azure Sphere deeply integrated into the product platform. We refer to these devices as “greenfield” scenarios. These scenarios shine as Azure Sphere’s value proposition resonates soundly, and the implementation is comparatively more straightforward due to the flexibility before a design is considered final. OEMs can focus on how to integrate Azure Sphere within a device’s internal design to meet power, performance, and functionality goals. Devices already in service without connectivity represent a “brownfield” opportunity to create meaningful, new connected experiences across a wide range of equipment. This blog post outlines the challenges of these brownfield devices and how Azure Sphere can help.

The problem

The act of connecting enterprise equipment represents an opportunity to enable markedly better outcomes by enabling scenarios and innovative business models for the enterprise such as preventive maintenance, just-in-time reporting, and even role-based access to equipment and data. But there are millions of devices in enterprises around the world that were either put into service before connectivity for non-IT devices was considered feasible or were intentionally not connected because they were deemed too mission critical to be subjected to the unsafe world of the Internet.

While connecting these unconnected devices creates positive outcomes and opportunities for the enterprise, in either case, there are risks associated with connecting these devices. Whether the devices predated connectivity or were deemed too important to connect, the outcome is the same – their lack of connectedness is their security model, a concept known as air-gap security.  However, as capabilities improve to solve optimization and other resourcing decisions with the cloud, the value of connectedness increases. At the same time, the risk of connecting air-gap devices is at least as high as before. Businesses need a mechanism to balance the equation, mitigating risk by infusing a new security model into the system design. As the value of connectedness increases, enterprises need a mechanism to securely connect these devices that are already in service.

Securing existing equipment and devices with a guardian module

Microsoft announced Azure Sphere at RSA last year to enable secure, connected, microcontroller- (MCU-) based devices. Azure Sphere unlocks IoT by establishing a foundation on which an enterprise can trust a device to run securely in any environment. Based on the Microsoft whitepaper, “The 7 Properties of Highly Secure Devices,” Azure Sphere delivers device security by combining hardware, operating system software, and cloud services that has been purpose-built for secure IoT applications. Azure Sphere is raising the bar for manufacturers and enterprises to enable secure connectivity in new devices by delivering the seven properties, but it can do more.

Azure Sphere can also deliver secured connectivity to established devices already in service. By utilizing existing ports on an unconnected device, Azure Sphere can be built into a “guardian module” that can be paired with existing equipment to enable secured connectivity that rebalances the opportunity versus risk debate in favor of device connectivity. The key to security in these scenarios is that Azure Sphere, not the device, communicates with the cloud. By separating the device from the network, a guardian module enabled by Azure Sphere can protect the equipment from attack, ensure data is only transmitted between trusted cloud and device communications partners, and ensure the software of the module and the equipment remains intact and secured.

With Azure Sphere in a guardian module, enterprises can enable a variety of secured operations between the device and the cloud. From a device health and security perspective, the device can utilize the Azure Sphere Security Service for certificate-based authentication, failure reporting, and over-the-air software updates. When a guardian module passes authentication, it receives a certificate signed by the Azure Sphere Security Service that can be used to identify the device as genuine in communicating with cloud services. These communications between the guardian module and the cloud could comprise of data coming off the device to signal events or inform decision-making, and they could also represent messages from the cloud to trigger activity from the device itself.

In both directions, applications running on Azure Sphere can be used to validate that messages are properly formed before they are passed to or from the brownfield device and Azure Sphere ensures that the guardian module can only communicate with trusted endpoints. The Azure Sphere Security Service can also be used as a distribution point for software updates not only to the Azure Sphere OS and guardian module manufacturer’s device software, but also for updates to the downstream, previously unconnected device’s software. In this situation, the enterprise can avoid costly truck rolls to update software on their equipment. With a guardian module enabled by Azure Sphere, these brownfield devices can reap most of the benefits of a device that integrated Azure Sphere into its design.

With an Azure Sphere-enabled device, enterprise customers can more confidently connect existing devices to the cloud and unlock scenarios related to preventive maintenance, optimizing utilization, and even role-based access control. When linking a multitude of devices together in the cloud, the possibilities are almost endless.

To start the discussion on how Azure Sphere can help your business, email us at nextinfo@microsoft.com.
Quelle: Azure

Azure.Source – Volume 72

Now in preview

Announcing Azure Spatial Anchors for collaborative, cross-platform mixed reality apps

Azure Spatial Anchors, a mixed reality service that enables you to build a new generation of mixed reality applications that are collaborative, cross-platform, and spatially aware, is now in public preview. Across industries, developers and businesses are using mixed reality in their daily workflows and giving us feedback on what they’d like to see next. When we look across all the mixed reality solutions that customers have built, two things stand out: they want to easily share their mixed reality experiences and place applications in the context of the real world. Learn about two application patterns gaining momentum across industries, and how Azure Spatial Anchors can help you deliver them with greater ease and speed.

Introducing Microsoft Azure Sentinel, intelligent security analytics for your entire enterprise

Microsoft Azure Sentinel is available in preview in the Azure portal. Security can be a never-ending saga—a chronicle of increasingly sophisticated attacks, volumes of alerts, and long resolution timeframes where today’s Security Information and Event Management (SIEM) products can’t keep pace. We’ve reimagined a new cloud-native SIEM tool called Microsoft Azure Sentinel to provide intelligent security analytics at cloud scale while making it easy to collect security data across your entire hybrid organization; from devices, to users, to apps, to servers on any cloud.

Announcing Azure Monitor AIOps Alerts with Dynamic Thresholds

Metric Alerts with Dynamic Thresholds is now available in public preview. Dynamic Thresholds significantly enhance Azure Monitor Metric Alerts so you no longer need to manually identify and set thresholds. The alert rule now leverages advanced machine learning (ML) capabilities to learn metrics' historical behavior while identifying patterns and anomalies that indicate possible service issues. Metric Alerts with Dynamic Threshold is currently available for free during the public preview.

Working with AZCopy 10 and Azure Storage Blob Access Tiers

AzCopy v10 is now available in public preview. Azure Blob Storage offers three different access tiers for saving money depending on storage requirements. Get high-performance, reliable data transfers that work with mixed access tiers inside an Azure storage account using the latest AzCopy, a console tool to help with uploading blobs to Azure Storage.

Announcing Azure Integration Service Environment for Logic Apps

Integrated Service Environment is now available in every region for which Logic Apps is currently available. In critical business scenarios, you need to have the confidence that your data is flowing between all the moving parts. The core Logic Apps offering is a multi-faceted service for integrating between data sources and services, but sometimes you also need to have a dedicated service to ensure that your integration processes are as performant as can be. That’s why we developed the Integration Service Environment (ISE), a fully isolated and dedicated environment for all enterprise-scale integration needs. Integration Service Environments are available in every region that Logic Apps is currently available in except for West Central US, Brazil South and Canada East.

Also available in preview

Public preview: Azure Log Analytics is available in new regions in Australia
Azure Container Registry firewall rules and Virtual Network (in preview)
Azure App Service – WildFly on Linux is in preview
Code-free data transformation at scale using Azure Data Factory
Data Migration Assistant support for Cassandra to Azure Cosmos DB assessment
Azure Maps events in Azure Event Grid
Azure SQL DB as reference data input
Machine learning-based anomaly detection functions in Azure Stream Analytics (preview)
Azure DevOps CLI preview and feature updates in Pipelines – Sprint 148 Update

Now generally available

 

Announcing the general availability of Java support in Azure Functions

Announcing the general availability of Java support in Azure Functions 2.0; enabling a wide range of options for you to build and run your Java apps in the 50+ regions offered by Azure around the world. Azure Functions provides a productive programming model based on triggers and bindings for accelerated development and serverless hosting of event-driven applications. It enables developers to build apps using the platform (Windows, Mac, or Linux), programming languages, and tools of their choice; with an end-to-end developer experience that spans from building and debugging locally, to deploying and monitoring in the cloud.

Announcing the general availability of Azure Lab Services

Announcing the general availability of Azure Lab Services – computer labs in the cloud. Provisioning and managing a lab’s underlying infrastructure makes preparing the right lab experience for your users difficult. With Azure Lab Services, you can easily set up and provide on-demand access to preconfigured virtual machines (VMs) to teach a class, train professionals, run hackathons or hands-on labs, and more. Azure Lab Services GA pricing goes into effect on May 1, 2019. Learn more about using Azure Lab Services in this post from the Premier Developer blog: Azure Lab services scheduling now Available.

Running Cognitive Services on Azure IoT Edge

Announcing support for running Azure Cognitive Services containers for Text Analytics and Language Understanding containers on edge devices with Azure IoT Edge so you can run workloads locally. Whether you don’t have a reliable internet connection, or want to save on bandwidth cost, have super low latency requirements, or are dealing with sensitive data that needs to be analyzed on-site, Azure IoT Edge with the Cognitive Services containers gives you consistency with the cloud. These container images are directly available to try as IoT Edge modules on the Azure Marketplace.

Also generally available

Azure Database for MySQL: Read replica now generally available
Virtual network service endpoints for Azure Database for MariaDB are now generally available
New features are now generally available in Event Grid

General availability: Azure Availability Zones in East US
General availability: Global VNet Peering in Azure Government regions

Events

MWC 2019: Azure IoT customers, partners accelerate innovation from cloud to edge

The Internet of Things (IoT) has expanded the world of computing far beyond mobile and PC, bringing a new and ever-growing class of cloud-connected devices that is on track to reach 20 billion devices by 2020. Announcing new IoT partnerships for global-scale IoT solutions with new devices and cloud services that further increase the strategic value of IoT.

Learn more in this post by Julia White, Corporate Vice President, Microsoft Azure on the Official Microsoft Blog: Microsoft at MWC Barcelona: Introducing Microsoft HoloLens 2.

News and updates

Instantly restore your Azure Virtual Machines using Azure Backup

Azure Backup Instant Restore capability for Azure Virtual Machines (VMs) is now available. If you use Azure Backup, Instant Restore helps you quickly recover VMs from the snapshots stored together with the disks. In addition, you get complete flexibility in configuring the retention range of snapshots at the backup policy level depending on the requirements and criticality of the virtual machines associated; giving users more granular control over their resources. We are enabling and rolling out this experience on a region-by-region basis.

Cognitive Services Speech SDK 1.3 – February update

Developers can now access the latest Cognitive Services Speech SDK which now supports: selection of the input microphone through the AudioConfig class, expanded support for Debian 9, Unity in C# (beta) on Windows x86 and x64 (desktop or Universal Windows Platform applications), and Android (ARM32/64, x86), and more. Read about all the updates made to the Cognitive Services Speech SDK made in February.

Improving the TypeScript support in Azure Functions

TypeScript is becoming increasingly popular in the JavaScript community. Announcing a set of tooling improvements for TypeScript support in Azure Functions so you can more easily develop with TypeScript when building your event-driven applications. With this set of changes to the Azure Functions Core Tools and the Azure Functions Extension for Visual Studio Code, Azure Functions now supports TypeScript out of the box. Included with these changes are a set of templates for TypeScript, type definitions, and npm scripts.

New device modeling experience in Azure IoT Central

Optimize your device workflow for easier management and clarity. Introducing a new “Device Templates” navigation tab that replaces the existing “Application Builder” tab, as well as updated patterns for viewing or editing device templates. We've begun a flighted rollout of a new the device modeling.

Azure Data Factory updates

Monitor Azure Data Factory pipelines by using Azure Monitor and Log Analytics

Azure Data Factory visual tools integrated with GitHub
Self-hosted IR sharing across multiple data factories
Parameterize connections to your data stores in Azure Data Factory
Linked Resource Manager template support available for CI/CD in your data factories
Azure Functions now supported as a step in Azure Data Factory pipelines
Create alerts to proactively monitor your data factory pipelines
Enhanced monitoring capabilities and tags/annotations in Azure Data Factory
Support for Enterprise Security Package–enabled HDInsight clusters in Azure Data Factory

Additional news and updates

FastTrack for Azure
Global VNet Peering now supports Standard Load Balancer
Database rename is now supported in Azure SQL Database Managed Instance
Remove Application Insights connections via PowerShell
Instantly provision GraphQL on Azure with Hasura and Azure Database for PostgreSQL
Azure Database for MySQL and PostgreSQL: New compute options are now available
Azure Policy non-compliance reasoning and change history features
Azure Blockchain: Updated Hyperledger Fabric template 1.3 now available
M-series virtual machines (VMs) are now available in the Korea South region
Azure Event Grid Availability in Azure US Gov regions

Technical content

Five tips for securing your IaaS workloads

Implementing IaaS security best practices is an essential step to securing your IaaS resources. Get specific recommendations for improving your IaaS security posture, focus on data protection, strengthen network security, and streamline security management including threat protection. Read the Azure Government Security documentation to understand features and variations for Azure Government.

Azure Stack laaS – part two

Every organization has a unique journey to the cloud, based on the organization’s history, business specifics, culture, and maybe most importantly, their starting point. Typically in your migration journey, you use a mixture of tools, so you need to understand the options available in order to select the right tool for the specific workloads. The Azure migration center provides a good model and helpful resources to get you started on your migration to the cloud and to make sure you can create the proper frame for your migration.

AZX.ms – A Collection of Azure CLI Recipes

Simplify your Azure development with a collection of Azure CLI scripts accessible right at your fingertips.

 

Latest enhancements now available for Cognitive Services' Computer Vision

With the latest enhancements to Cognitive Services’ Computer Vision service, you can extract insights, unlock new workflows, and easily customize and deploy your model without requiring machine-learning expertise.

Creating IoT applications with Azure Database for PostgreSQL

There are numerous IoT use cases in different industries with common categories like predictive maintenance, connected vehicles, anomaly detection, asset monitoring, and many others. Azure IoT is a complete stack of IoT solutions; a collection of Microsoft managed cloud services that connect, monitor, and control billions of IoT assets. See how to implement an end-to-end Azure IoT solution and use Azure Database for PostgreSQL to store IoT event data in the JSONB format.

3 Reasons To Add Deep Learning to Your Time-Series Toolkit

In this article, Francesca shares 3-5 lessons learned while building neural networks for time series (leading up to 2-day trainings at AI Conference NYC and Strata Data Conference in San Francisco). With clear explanations, standard Python libraries, readers discovers tips and tricks to develop deep learning models for their own time series forecasting projects.

Understanding routing in istio

This is the first in a series of blog posts that will go into depth on how to use popular OSS on top of Azure Kubernetes service.  In this post, Scott Coulton runs through how to install istio with Helm and how to deploy two versions of the same application and route traffic on weight (percentage). The post also contains all of the source code and a demo application so you can go and test the topic out for yourself.

How to Lock Azure Resources to Prevent Modification or Deletion

This article demonstrates how to configure Azure Resource Locking using Azure Role Based Access Control (RBAC) enables us to restrict access to resources and resource actions, which helps prevent inadvertent resource deletion and modification.

Running Micro Focus Enterprise Server 4.0 in a Docker Container in Azure

Running a Docker container in Micro Focus Enterprise Server 4.0 is new and provides portability, performance, agility, and isolation. See how to effectively run and manage a mainframe CICS application in a Docker Container using the Windows 2016 Datacenter and the Containers VM now available from the Azure Marketplace.

Exploring Feature Weights using R and Azure Machine Learning Studio

Suppose we have to design a black box that displays a “thumbs up” or “thumbs down” depending on hundreds of different combinations of inputs. This post describes how to conduct exploratory data analysis using R and Azure Machine Learning Studio to train a “black-box” model in a case when it is difficult to explain how the model characterizes the relationship between the features and the target variable.

Intro to Microsoft Azure Resource Manager Templates

Cloud Advocate, Jay Gordon gives you an introduction to Azure Resource Manager Templates and how to begin using them with Azure Cloud Shell. You'll see the number of options available to quickly create Azure resources.

Additional technical content

Introduction to DevOps for Dynamics 365 Customer Engagement using YAML Based Azure Pipelines
How to Lock Azure Resources to Prevent Modification or Deletion
Xamarin and Azure Office Hours Recap from December 2018 and January 2019
Azure Development Community – Same Great Blog… NEW HOME!
Lesson Learned #73: Azure Database for MySQL – CONVERT_TZ returns null

Azure shows

Episode 268 – ExpressRoute Roadmap | The Azure Podcast

Paresh Mundade, a Senior PM in the Azure ExpressRoute team, gives the guys an update on the service and a glimpse into the roadmap of planned features.

HTML5 audio not supported

Azure Cosmos DB update: SDKs, CORS, multi-region strong consistency, and more | Azure Friday

Learn about the new SDKs for Azure Cosmos DB with the JavaScript SDK used as an example as well as learn about CORS (Cross-Origin Resource Sharing) via a simple JavaScript app for demonstration. See a new, low-cost database offer in the Azure portal, watch an Azure DevOps build task setup, get some cost saving tips, and learn about support for multi-region strong consistency.

An intro to Azure Cosmos DB .NET SDK 3.0 | Azure Friday

Learn about the new improvements for Azure Cosmos DB SDKs, including the new, idiomatic .NET SDK with a friendlier, more intuitive programming model, better testability, better performance, .NET Standard 2.0 support. Plus, it is now open sourced.

Azure Maps – The Microsoft Azure Enterprise Location Platform | Internet of Things Show

Azure Maps is the de facto location intelligence platform natively hosted in the Microsoft Azure cloud. Chris Pendleton, PM Lead for the service, gives us an overview of what Azure Maps is, who uses Azure Maps, how Azure Maps is being used across our customer base, and how you can start using Azure Maps today.

How to get started with Azure Front Door | Azure Tips and Tricks

learn how to get started with Azure Front Door. Azure Front Door easily makes your applications globally available and secure.

How to create, share, and use Azure Portal dashboards | Azure Portal Series

In this video of the Azure Portal "How To" series, learn how to easily create, share, and use dashboards in the Azure Portal. Learn more about the series: Introducing the Azure portal “how to” video series

What is Identity Protection? | Azure Active Directory

In this video, get a high-level overview of Identity Protection, a feature of Azure Active Directory. You’ll learn about different types of detections, risks and risk policies that exist in Identity Protection. It explains the benefits of the risk policies, recent UX enhancements, powerful APIs, improved risk assessment and overall alignment along risky users and risky sign-ins. In addition, this series also videos on How to deploy Identity Protection & How to use Identity Protection.

Martin Woodward on Azure DevOps With GitHub – Episode 25 | Azure DevOps Podcast

In this episode, Martin Woodward and Jeffrey Palermo dive right into the topic of Azure DevOps with GitHub; discussing some of the changes since Microsoft acquired GitHub, whether you should choose to work with Azure Repos or GitHub, and how to use Azure DevOps Services with GitHub.

HTML5 audio not supported

Customers, partners, and industries

Microsoft and SAP extend partnership to Internet of Things

The Internet of Things (IoT) is becoming mainstream as companies see market-making benefits from IoT and deploying at scale – from transforming operations and logistics, remote monitoring, and predictive maintenance at the edge, to new consumer experiences powered by connected devices. In all of these solutions, IoT data and AI are producing powerful insights that lead to new opportunities. Microsoft and SAP have announced an expansion of their partnership to include physical devices and assets with a new collaboration in the IoT space. SAP Leonardo IoT will integrate with Azure IoT services, providing customers with the ability to contextualize and enrich their IoT data with SAP business data and to seamlessly extend their SAP solution-based business processes to the Azure IoT Edge platform.

Azure Marketplace new offers – Volume 32

The Azure Marketplace is the premier destination for all your software needs – certified and optimized to run on Azure. Find, try, purchase, and provision applications & services from hundreds of leading software providers. You can also connect with Gold and Silver Microsoft Cloud Competency partners to help your adoption of Azure. In the second half of January we published 70 new offers.

Azure This Week – 1 March 2019 | A Cloud Guru – Azure This Week

This time on Azure This Week, Lars talks with JT from Microsoft about the brand new HoloLens 2 and how it will be cloud connected, Azure DevOps Projects Kubernetes support gets new features, and you can now protect Azure VMs by using Storage Spaces Direct with Azure Site Recovery.

Quelle: Azure