Programma
16.30 Ontvangst
17.00 Robbrecht van Amerongen - Head of IoT, Conclusion Connect
• Welkom en opvallendste zaken van het congres
• Stand van zaken PaaS/SaaS, Digital Twin, Context IoT, Big Data en Machine Learning
• IoT en Security
• IoT-projecten: stand van zaken, opvallende voorbeelden en best practices
• Waar staan de vendors/ platformleveranciers
18.00 Diner
18.45 Gertjan van het Hof - IoT Solutions Architect, Conclusion Connect
• Platformen: Microsoft Azure IoT Reference Architecture en Google Cloud IoT
• CrateDB
• EdgeX Foundry en NetFoundry
• Intel Video processing
• Beacons
• Security Maturity Model
• Industrial Internet Consortium (IIC)
19:45 Pauze
20:00 Henk Jan van Wijk - IoT Solution Engineer, Conclusion Connect
• Microsoft Azure Sphere (connected devices)
• Low Power Connectivity (Thingstream)
• Digital Twin
• Anomaly detection at Intel (predict robots failure)
21.00 Afsluiting en borrel
2. Who am I?
Henk Jan van Wijk
IoT Solutions Engineer
linkedin.com/in/henkjanvanwijk
henkjan.vanwijk@conclusion.nl
@orakelvandelphi
IoT World Solutions Congres Review 2018
3. Subjects
• Connected devices (Azure Sphere)
• Edge devices
• Low power connectivity
• Digital Twins
• Anomaly detection using AI
IoT World Solutions Congres Review 2018 3
4. Connected devices
• Azure Sphere is a secured application platform for internet connected
devices from device to cloud by Microsoft
• Announced in April of 2018
• Documentation available since begin of August 2018
• Developer kit available (by Seeed)
Azure Sphere
IoT World Solutions Congres Review 2018 4
5. Connected devices
• MCU’s are used in many, many devices (like washing-, coffee machine etc)
• Currently most are not connected (about 1%)
• Many devices are not secure and we see the consequences regularly in the
news
• Most of these devices have no remote update possibilities to circumvent
known weaknesses
• Security should be the basis when designing and building these devices
MCU - Microcontroller
IoT World Solutions Congres Review 2018 5
6. Edge computing: IC’s
• Microsoft has a solution: Azure Sphere, and end-to-end
solution for connecting MCUs in a
secure way to the cloud
Azure Sphere
IoT World Solutions Congres Review 2018 6
• With Azure Sphere Microsoft introduced an MCU which is secured,
has built-in cloud communication and runs a high-level OS (Sphere OS) and
real-time processing capabilities
7. Edge computing: IC’s
• Azure Sphere Certified MCUs have built-in Microsoft security technology,
provide connectivity and hardware based root of trust
• Azure Sphere OS (Linux based), secured multi-layer
OS with ongoing on-device OS updates
• Azure Sphere Security Service (Cloud), brokers the trust for
device to device and device to cloud communication, detects
emerging threats with ongoing on-device security updates
Azure Sphere
IoT World Solutions Congres Review 2018 7
8. Connected devices
• The Azure Sphere platform is designed around 7 principles:
1. Hardware-based root of trust
2. Small trusted computing base
3. Defense in depth
4. Compartmentalization
5. Certificate based authentication
6. Renewable security
7. Failure reporting
Azure Sphere
IoT World Solutions Congres Review 2018 8
9. Connected devices
• MCU: MT3620
• Combination of two types of ARM Cortex cores,
one for the power (A7) and one for the low overhead and
real-guarantees
Azure Sphere MCU
IoT World Solutions Congres Review 2018 9
10. Connected devices
• Application Development
• Uses Azure Sphere SDK for C (Visual Studio)
• Application platform
Azure Sphere Development
IoT World Solutions Congres Review 2018 10
11. Connected devices
• Connect to not only Azure
• OS and application updates through the
Azure Sphere Security Service on Azure
• Data can be send to any cloud or on-premise
infrastructure
Azure Sphere
IoT World Solutions Congres Review 2018 11
13. Edge computing: IoT edge gateways
• Up
• Up²
• Up AI Edge
• Several models (11)
• All Intel based chips
• Most models are using 1 or more
Intel Movidius Myriad X VPUs
IoT World Solutions Congres Review 2018 13
14. Edge computing: IoT edge gateways
• Edge is ARM based (800 MHz), 512 MB RAM, 8GB storage
• LR Bluetooth 5
• 802.15.4 including Zigbee & Thread
• Wirepas Mesh
• IPv6
• Wi-Fi 802.11a/b/g/n/ac
• 10/100 Ethernet with PoE 802.3af
• LTE option
• Outdoor / Weatherproof enclosures
Rigado
IoT World Solutions Congres Review 2018 14
15. Edge computing: IoT edge gateways
• Included in a secure edge solution including IoT gateway for a
fixed price per month ($9) Edge-as-a-Service
• Edge runs on Ubuntu Core OS using ‘snap’ containers
• Includes tool for monitoring, provisioning and remote
maintenance/updates (Edge-Direct)
Rigado
IoT World Solutions Congres Review 2018 15
• Edges are created with a Secure Element and encrypted
key at the point of manufacture
• All applications run in secure containers, on an encrypted
OS & filesystem with Secure Boot
• Regular security patches are tested & published by
Rigado as new risks emerge
https://www.rigado.com/products/iot-edge-as-a-service/
16. Edge computing: IoT edge gateways
• Wireless modules certified by Rigado for use in
your own solution
• Most modules are Bluetooth 5.0 and some 4.2 and
depending on the use case (protocol, environment
size, cost) you can choose a module
Rigado
IoT World Solutions Congres Review 2018 16
https://www.rigado.com/products/modules-page-2-0/
17. Edge computing: IoT edge gateways
• Focused on helping customer building up an IoT infrastructure in:
• Smart Buildings
• Retail & Hospitality
• Location & Asset Tracking
• Some customers:
• Radius Networks
• Steelcase (connected workplace)
• Perfect Company (smart kitchen)
Rigado
IoT World Solutions Congres Review 2018 17
19. Edge computing: IoT edge gateways
• Manufacturer of industrial I/O modules, gateways, etc.
• IIoT Edge gateway: UC-8100 series
• ARM Cortex-A8 based
• DIN rail mountable
• 2 serial ports (RS-232/422/485), 2 ethernet LAN ports (10/100 Mbps)
• 8GB eMMC storage, 256 or 512 GB RAM
• SD socket for storage expansion and OS installation
• Mini PCIe socket for cellular module
• OS preinstalled: Debian 9 based
• Microsoft Azure Certified for IoT
• Available as IIoT Gateway Starter Kit includes ThingsPro® data-acquisition software
(Modbus DAQ and MQTT)
• Device management with ThingsPro Server
Moxa
IoT World Solutions Congres Review 2018 19
https://www.moxa.com/product/UC-8100.htm
20. Low power connectivity
• BLE / WiFi
• Small range
• LoRa
• Suitable when sensing devices are in fixed locations across the business
estate, less suitable when they leave the estate
• Sigfox
• More suitable when sensing devices could be anywhere across a
domestic market, but coverage will not be everywhere
• NB-IoT / LTE-Cat1M
• Not yet everywhere available (carriers need to roll out) and roaming is
needed when crossing borders
• Thingstream
• Global reach (everywhere where GSM coverage is available either 2G,
3G or 4G)
IoT World Solutions Congres Review 2018 20
21. Low power connectivity
• Thingstream is not IP based, but MQTT over GSM
• No IP means no visible IP address
• Uses USSD (part of the GSM standard)
• USSD (unstructured data), message up to 184 characters
• Real-time connection, can wait until response is received
• MQTT-SN
IoT World Solutions Congres Review 2018 21
22. Low power connectivity
• MQTT for Sensor Networks (MQTT-SN) is a variation of the main protocol
aimed at embedded devices on non-TCP/IP networks
IoT World Solutions Congres Review 2018 22
23. Low power connectivity
• MQTT-SN Thingstream supports 4 Quality of Service modes:
• Blind fire-and-forget (QoS -1)
• Fire-and-forger (QoS 0)
• At-least-once (QoS 1)
• Exactly-once (QoS 2)
• Platform has a visual data flow manager
IoT World Solutions Congres Review 2018 23
24. Low power connectivity
• Examples of Thingstream ready devices
IoT World Solutions Congres Review 2018 24
26. Azure Digital Twins
• A digital twin is a digital model in context of the physical world a device
exists in
• Azure Digital Twins not only takes devices into account, but also people
• Azure Digital Twins is a PaaS service of Microsoft
• Announced at Ignite 2018 (September)
• Since 15 October 2018 in public preview
IoT World Solutions Congres Review 2018 26
28. Azure Digital Twins
• Key capabilities:
• Spatial intelligence graph
• Spatial graphs are virtual representations of the many relationships between spaces,
devices, and people relevant to an IoT solution
IoT World Solutions Congres Review 2018 28
30. Azure Digital Twins
• Key capabilities:
• Spatial intelligence graph
• Spatial graphs are virtual representations of the many relationships between spaces,
devices, and people relevant to an IoT solution
• Digital twin object models
• Predefined object models
• Multiple and nested tenants
• Multi-tenancy support already built-in
• Advanced compute capabilities
• User defined functions (define and run custom functions against incoming device data)
• Built-in access control
• Role-based access system and Azure Active Directory
• Ecosystem
• Connect to other Azure components, such as Azure Stream Analytics, AI, Dynamics 365,
etc.
IoT World Solutions Congres Review 2018 30
32. IoT World Solutions Congres Review 2018 32
Azure Digital Twins in the Azure IoT solution
33. Azure Digital Twins
• Some pre-release customers:
• SteelCase
• Willow (building management)
IoT World Solutions Congres Review 2018 33
34. Azure Digital Twins
IoT World Solutions Congres Review 2018 34
https://www.youtube.com/watch?v=TKoBTZhCkPE
35. Real-time anomaly detection
• AI session by Intel:
Real-time anomaly detection using deep learning to predict robots’ failure
• Problem statement:
• High volume manufacturing employ large number of robots
• Robots faults affect production yield, equipment downtime and factory
throughput
• Detection of anomaly in the robots is done manually during scheduled
maintenance
IoT World Solutions Congres Review 2018 35
36. Real-time anomaly detection
• How can we get data?
• Consider we want to be as little intrusive as possible.
• The robots are moving within a machine
• Approach followed:
• Added 2 accelerometers on each robot, each sending data at 512Hz
wirelessly
IoT World Solutions Congres Review 2018 36
37. Real-time anomaly detection
• How can we analyze data?
• Consider that basic / user defined rule does not work on this kind of data
• Approach:
• Use machine learning (unsupervised model)
• Learn only the good behavior and treat any anomaly as ”bad“
• Collect examples which can be used for multiple robots
IoT World Solutions Congres Review 2018 37
38. Real-time anomaly detection
• What is good or bad?
• Consider that the robots behavior is not repetitive and unpredictable
• Approach:
• Use deep learning RNN – LSTM (Recurrent Neural Network, Long term
Short Term Memory)
• Think about smart phone keyboards predicting the next word
IoT World Solutions Congres Review 2018 38
41. Real-time anomaly detection
• Used on-premise solution because of highly sensitive data (may not leave
the factory)
• Used a edge/fog solution because the latency must be as low as possible
(the algorithm predicts failure just a few seconds before it happens)
• Used Intel NUCs (core i5) as edge
IoT World Solutions Congres Review 2018 41
Hinweis der Redaktion
Secured MCU
Azure Sphere MCUs: A new crossover class of MCU with built-in Microsoft security technology, connectivity, and the headroom to support dynamic new experiences.
The Pluton security subsystem creates a hardware root of trust, stores private keys, and executes complex cryptographic operations.
A new crossover MCU combines the versatility and power of a Cortex-A class processor with the low overhead and real-time guarantees of a Cortex-M class processor.
Built-in network connectivity provides secured, reliable, online experiences and ensures devices are up to date.
Secured OS
The Azure Sphere OS: A highly-secured OS from Microsoft that creates a trustworthy defense-in-depth platform for new IoT experiences.
Secured application containers compartmentalize code for agility, robustness, and security.
On-chip connectivity services secure your connection to the cloud and provide access to the Azure Sphere Security Service.
A custom Linux kernel enables silicon diversity and innovation.
A security monitor guards integrity and access to critical resources.
Secured Cloud
The Azure Sphere Security Service: A turnkey security service that guards every Azure Sphere device by renewing security, identifying emerging threats, and brokering trust among device, cloud, and other endpoints.
Protects your devices and customers with certificate-based authentication of all communication.
Guarantees a device’s authenticity and ensures it runs only your genuine software.
Provides insight into device and application failures and visibility into emerging security threats.
Responds to threats with automated updates of the Azure Sphere OS.
Allows for easy deployment of your software updates to your Azure Sphere powered devices.
Hardware-based root of trust. A hardware-based root of trust ensures that the device and its identity cannot be separated, thus preventing device forgery or spoofing. Every Azure Sphere MCU is identified by an unforgeable cryptographic key that is generated and protected by the Microsoft-designed Pluton security subsystem hardware. This ensures a tamper-resistant, secured hardware root of trust from factory to end user.
Small trusted computing base. Most of the device’s software remains outside the trusted computing base, thus reducing the surface area for attacks. Only the secured Security Monitor, Pluton runtime, and Pluton subsystem—all of which Microsoft provides—run on the trusted computing base.
Defense in depth. Defense in depth provides for multiple layers of security and thus multiple mitigations against each threat. Each layer of software in the Azure Sphere platform verifies that the layer above it is secured.
Compartmentalization. Compartmentalization limits the reach of any single failure. Azure Sphere MCUs contain silicon counter-measures, including hardware firewalls, to prevent a security breach in one component from propagating to other components. A constrained, “sandboxed” runtime environment prevents applications from corrupting secured code or data.
Certificate-based authentication. The use of signed certificates, validated by an unforgeable cryptographic key, provides much stronger authentication than passwords. The Azure Sphere platform requires every software element to be signed. Device-to-cloud and cloud-to-device communications require further certificate-based authentication.
Renewable security. The device software is automatically updated to correct known vulnerabilities or security breaches, requiring no intervention from the product manufacturer or the end user. The Azure Sphere Security Service updates Azure Sphere OS and OEM applications automatically.
Failure reporting. Failures in device software or hardware are typical in emerging security attacks; device failure by itself constitutes a denial-of-service attack. Device-to-cloud communication provides early warning of potential failures. Azure Sphere devices can automatically report operational data and failures to a cloud-based analysis system, and updates and servicing can be performed remotely.
https://docs.microsoft.com/en-us/azure-sphere/product-overview/azure-sphere-seven-properties
https://docs.microsoft.com/en-us/azure-sphere/product-overview/architecture
Hardware-based root of trust. A hardware-based root of trust ensures that the device and its identity cannot be separated, thus preventing device forgery or spoofing. Every Azure Sphere MCU is identified by an unforgeable cryptographic key that is generated and protected by the Microsoft-designed Pluton security subsystem hardware. This ensures a tamper-resistant, secured hardware root of trust from factory to end user.
Small trusted computing base. Most of the device’s software remains outside the trusted computing base, thus reducing the surface area for attacks. Only the secured Security Monitor, Pluton runtime, and Pluton subsystem—all of which Microsoft provides—run on the trusted computing base.
Defense in depth. Defense in depth provides for multiple layers of security and thus multiple mitigations against each threat. Each layer of software in the Azure Sphere platform verifies that the layer above it is secured.
Compartmentalization. Compartmentalization limits the reach of any single failure. Azure Sphere MCUs contain silicon counter-measures, including hardware firewalls, to prevent a security breach in one component from propagating to other components. A constrained, “sandboxed” runtime environment prevents applications from corrupting secured code or data.
Certificate-based authentication. The use of signed certificates, validated by an unforgeable cryptographic key, provides much stronger authentication than passwords. The Azure Sphere platform requires every software element to be signed. Device-to-cloud and cloud-to-device communications require further certificate-based authentication.
Renewable security. The device software is automatically updated to correct known vulnerabilities or security breaches, requiring no intervention from the product manufacturer or the end user. The Azure Sphere Security Service updates Azure Sphere OS and OEM applications automatically.
Failure reporting. Failures in device software or hardware are typical in emerging security attacks; device failure by itself constitutes a denial-of-service attack. Device-to-cloud communication provides early warning of potential failures. Azure Sphere devices can automatically report operational data and failures to a cloud-based analysis system, and updates and servicing can be performed remotely.
https://docs.microsoft.com/en-us/azure-sphere/product-overview/azure-sphere-seven-properties
https://docs.microsoft.com/en-us/azure-sphere/product-overview/architecture
VPU = Vision Processing Unit
https://www.movidius.com/myriad
https://www.rigado.com/
Rigado’s Cascade IoT Gateway includes a Secure Element and is certified with AWS Greengrass making it the ultimate IoT hardware for running your AWS IoT solutions.
Rigado’s Cascade IoT Gateway is the hardware foundation of Microsoft’s IoT solution simplifying their creation of Smart Workspaces. Rigado connects to Azure IoT using easy-to-modify predefined “snap” (example application code) making your cloud integration quick and easy.