Microsoft has three public cloud-based services offerings. Key components in the backend of Microsoft-based IoT solutions reside in the Azure cloud. Azure provides a platform for development and deployment of highly customized IoT solutions and for deployment of IoT applications and solutions developed by Microsoft’s partners. Thus, there are examples of IoT implementations deployed in Azure using IaaS components, PaaS components, and SaaS components.
The other two Microsoft cloud-based services are Office 365 (also included in Microsoft 365) and Dynamics 365. Office 365 is a cloud-based modern workplace SaaS offering that features a variety of popular tools including Excel, PowerPoint, Word, OneNote, OneDrive, and Power BI for personal productivity, and collaborative tools such as SharePoint, Outlook, and Teams. Dynamics 365 is a suite of business applications that deliver solutions for customer sales, service, field service, finance and operations, marketing, and talent management. Microsoft’s cloud-based modern workplace components and business applications often provide some of the functionality required in IoT solutions.
The Azure public cloud is available in data centers in over 50 regions around the world. For IaaS implementations, Azure provides the underlying compute, storage, and networking required. In its PaaS offerings, Azure additionally offers artificial intelligence (AI), analytics, data services, IoT components, integration components, media and content delivery network (CDN), DevOps and developer environments, compute and container services, and web and mobile development and deployment environments. Azure features an extensive management and security framework and the tools needed to support all these implementations.
Microsoft Azure and IoT PaaS
Non-Microsoft components in Azure IoT
IoT SaaS solutions in Azure
Azure deployment and management
Microsoft intelligent edge
Choosing the right component model
We begin this chapter by focusing on Azure PaaS components deployment scenarios in IoT solutions.
Microsoft Azure PaaS and IoT
IoT reference architecture diagram
Microsoft components in the IoT architecture
In the batch layer, the enterprise data warehouse and data marts can also be deployed as PaaS components. Figure 2-2 also illustrates where many of these fit, including Azure SQL Database, Azure SQL Data Warehouse, Azure Analysis Services, Azure Data Factory (ADF), and Power BI.
The diagram in Figure 2-2 also notes the Microsoft offerings at the edge. These include Azure IoT Edge, Azure Sphere, and Windows 10 IoT. We will discuss the edge components later in the chapter.
Azure IoT Hub
Microsoft recommends deploying its Azure IoT Hub cloud service to enable connection of IoT edge devices to the Microsoft Azure cloud. IoT Hubs are capable of ingesting billions of events per day and support integration with Azure Stream Analytics, Azure Time Series Insights, Databricks, Azure Data Lake Storage, and HDInsight. The IoT Hub utilizes Microsoft’s Event Hub technology for telemetry flow.
The IoT Hub supports a variety of popular IoT protocols for queueing and transmission of data including HTTPS, AMQP, AMQP over WebSockets, MQTT, and MQTT over WebSockets. Other protocols can be handled through protocol conversion at the edge within the Azure IoT Edge or by performing protocol conversion in the cloud through deployment of a customized Azure IoT protocol gateway (using Azure Service Fabric, Azure Cloud Services worker roles, or Windows Virtual Machines).
The Open Platform Communications (OPC) Foundation, of which Microsoft is a member, collaborates with many industry associations and industry standards bodies in defining IoT specifications. The OPC Unified Architecture (OPC UA) specifications were created to ensure open connectivity, security, and reliability where industrial devices and systems are linked. The specifications are documented in the International Electrotechnical Commission (IEC) standard IEC 62541. OPC UA was also adopted by The Open Group Open Process Automation Forum (OPAF).
OPC UA as deployed in the Microsoft IoT architecture supports publish-and-subscribe connections and client-server connections with the IoT Hub. In a typical configuration, OPC UA servers are deployed at the edge, and OPC Proxy and Publisher modules are deployed in the Microsoft IoT Edge.
The IoT Hub also provides other key functionality in the architecture. It is used for managing devices and device twins, and for identity and authentication, file upload from devices, device provisioning, and cloud-to-device messaging. Authentication is through SAS tokens, individual X.509 certificates, or an X.509 Certificate Authority. An IoT Hub can support up to 100 devices running Microsoft’s IoT Edge.
Note
A device twin is a JSON document maintained in the IoT Hub that contains device-specific metadata, configurations, and conditions. It is also used when synchronizing workflows operating between the IoT Hub and edge devices (such as when firmware updates are performed).
The support of bidirectional communications enables the sending of commands, policies, and cloud-generated intelligence back to edge devices. You can store, synchronize, and query device metadata and state information, set device state, and automatically respond to device state changes using message routing integration.
Azure Digital Twins
A digital twin provides a means to represent the location of a device in the physical world. Azure Digital Twins are deployed using Azure IoT Hub technology as a foundation.
Spatial intelligence graphs are used to provide a virtual representation of the real world. Relationships between people, places, and devices can be modeled through the schema. For example, you might represent a building by defining tenants, customers, regions, building names/addresses, floors, areas within floors, and devices. You can then query data within these contexts (e.g., by location).
An example usage of a digital twin would be for processing sensor data that indicates the environmental conditions at a manufacturing site. The Azure Digital Twin would be used to validate, match, compute, and dispatch the telemetry data. Computation is executed from within user-defined functions. Using the spatial intelligence graph, you can then query data sent to the Azure Digital Twin by sensor location.
Azure Stream Analytics
Azure Stream Analytics provides an event processing engine that enables the examination and analysis of high data volumes streaming from devices. The analysis can include the extraction of information, patterns, and relationships. Actions can be triggered downstream as a result of this analysis.
Stream Analytics ingests data from the Azure IoT Hub. Stream Analytics jobs then process the data using SQL transformation queries to filter, sort, aggregate, and/or join the streaming data. The data output type is specified. Data can be sent to queues that then trigger alerts or workflows. It can be visualized in real time through tools such as Power BI. Data can also be sent to the data lake for the training of machine learning models.
Azure Time Series Insights
Time series data represents how conditions, assets, or processes change over time. Gaining an understanding of such changes to trigger actions is often the point of IoT solutions. This type of streaming data typically includes a timestamp and arrives in the order in which it was gathered.
Azure Time Series Insights parses data in JSON messages and structures that arrive from the Azure IoT Hub into clean rows and columns. It indexes the data in a columnar store and stores the data in memory or SSDs for up to 400 days (hence this is sometimes referred to as a “warm” data source given the mix of real-time and historical data). Data can be queried and visualized using the Time Series Insights (TSI) Explorer.
Azure Databricks
Azure Databricks is an Apache Spark-based analytics platform used for in-memory data preparation and in the training of machine learning models. In an IoT solution footprint, raw streaming real-time data can be ingested directly from the IoT Hub into the Databricks cluster. The data usually eventually lands in a data lake for persistent storage. Data can also be extracted from persistent storage such as Azure Data Lake Storage, Cosmos DB, the Azure SQL Data Warehouse, and non-Azure data store sources.
The collaborative workspace provided by Databricks enables the exploration of data; programming development in notebooks; data visualization through popular programming packages and toolkits such as Matplotlib, ggplot, and D3; and creation of dynamic reports. Programming languages supported in Databricks include Python, R, Scala, and SQL.
Though you can designate a fixed number of workers, autoscaling of clusters assures that a proper number of workers are always present to execute jobs. You simply specify a minimum and maximum number of workers and turn autoscaling on; clusters are appropriately sized automatically. When jobs are run, if certain parts of the pipeline are more computationally demanding, Databricks will add additional workers during these phases and remove them when no longer needed.
Azure Data Lake Storage
At the time this book was published, Microsoft had recently introduced Azure Data Lake Storage Gen2. This represented a converging of capabilities in two previously available storage services – Azure Blob Storage and Azure Data Lake Storage Gen1.
Azure Blob Storage provides general-purpose object storage and is noted for providing low-cost tiered storage. It was frequently considered adequate for smaller data lakes. Azure Data Lake Storage Gen1 added file system semantics, directory, and file level security and was usually preferred in larger implementations.
By converging these capabilities, Azure Data Lake Storage Gen2 gains Blob Storage foundation cost effectiveness to a namespace that organizes files into a hierarchy of directories containing underlying objects. POSIX permissions can be set on the directories and files. Access control lists (ACLs) and other security extensions are also supported.
Data access is more performant than in the previous generation. The Azure Blob File System (ABFS) driver is optimized for analytics. Data can be accessed in storage using the ABFS driver from Azure Databricks or HDInsight. Data in Azure Data Lake Storage Gen2 can also be accessed using versions of Apache Hadoop, Cloudera, and Hortonworks that support ABFS.
Azure HDInsight
Azure HDInsight is Microsoft’s cloud-based PaaS Hadoop environment in partnership with the Hortonworks Data Platform (HDP) . Today, it is most frequently deployed on Azure Data Lake Storage Gen2. Optimized clusters can be created for Apache Hadoop, Apache Spark (for in-memory caching/processing and stream processing), Apache Hive Low Latency Analytical Processing (LLAP), Apache Kafka (enabling real-time streaming messaging), Apache Storm (for distributed stream processing computation), Apache HBase (providing a distributed non-relational database deployable in Hadoop), and Machine Learning (ML) services.
Apache Ambari. An open-source Hadoop cluster administration tool
Avro. A data serialization framework often used for data exchange services in Hadoop
Apache Hive. A SQL-like query interface to data stored in Hadoop
HCatalog. A storage management layer in Hadoop that exposes Hive metadata to applications
Apache Mahout. Open-source distribution of collaborative filtering, clustering, and classification machine learning algorithms
Apache Hadoop YARN. Automates assignment of system resources for applications and schedules and monitors jobs
Apache Phoenix. An open-source massively parallel relational database engine that utilizes HBase as its store
Apache Pig. A platform for data analysis, designed for parallelization, that provides a programming dialect (Pig Latin)
Apache Sqoop. A bulk data transfer utility used to move data from non-Hadoop data stores (e.g., relational databases, NoSQL databases) into a Hadoop Distributed File System
Apache Tez. A component library that enables developers to create Hadoop applications that integrate natively with YARN
Apache Oozie. A workflow scheduler for Hadoop jobs
Apache Zookeeper. Provides a distributed configuration service, synchronization service, and naming registry
Default programming languages supported include Java, Python, .NET, and Go as well as several Java Virtual Machine (JVM) languages. Pig Latin for Pig jobs and HiveQL and SparkSQL are also supported. Typical development environments utilized include Visual Studio, the Visual Studio Code editor, Eclipse, and Intellij. Notebooks used in developing, debugging, and running machine learning scripts include Jupyter and Zeppelin.
Note
With Azure Data Lake Storage Gen1, HDInsight or Azure Data Lake Analytics (ADLA) could be deployed as environments. Azure Data Lake Analytics provided a U-SQL query language interface. However, ADLA was not made available for Azure Data Lake Storage Gen2.
Cosmos DB
An emerging popular alternative to deployment of Azure Data Lake Storage environments is Cosmos DB , a globally distributed NoSQL database engine. APIs available in Cosmos DB include SQL, MongoDB, Cassandra, Azure Table Storage, and Gremlin. Spark is supported for in-memory processing of data stored in Cosmos DB.
Cosmos DB can be elastically and independently scaled for throughput and storage across any number of Azure regions. Transparent multi-master replication enables 99.999 percent availability, and regional failover capabilities can also be implemented.
The datastore is schema-agnostic. Cosmos DB automatically indexes all data. Latencies are guaranteed to be 10 ms or less for reads and for indexed writes at the 99th percentile. All data is encrypted at rest and in motion, and row-level security is provided.
Other Azure Data Stores
Azure SQL Database (SQL DB). A relational database engine that shares a common code base with SQL Server and can be deployed as part of a managed instance, a single database, or part of an elastic pool
Azure SQL Data Warehouse (SQL DW). A massively parallel relational database engine for large-scale data warehousing
Azure Analysis Services. Enables creation of tabular models often deployed as data mart solutions
Tools, Frameworks, and Services
Azure Data Factory (ADF). A data integration and extraction, load, and transfer (ELT) service that enables creation of data-driven workflows
Azure Data Catalog. A tool used to register, tag, document, and annotate data sources through metadata
Power BI. Microsoft’s business intelligence tool used in the creation and analysis of reports and dashboards
Visual Studio. The AI tools extension enables you to develop models deployed in Azure while providing a desktop programming interface for popular programming languages such as Python.
Azure ML Service. Accessible through the Azure Portal; you have access to a modeling and deployment interface. You can also access the service through popular open-source frameworks such as PyTorch, TensorFlow, and scikit-learn. Jupyter notebooks are commonly used for programming, debugging, and running scripts.
Vision. Computer Vision, Custom Vision Service, Face API, Form Recognizer, Ink Recognizer, and Video Indexer
Speech. Speech Services and Speaker Recognition API
Language. Language Understanding (LUIS), QnA Maker (for easy Bot creation), Text Analytics, and Translator Text
Search. Bing Web Search, Bing News Search, Bing Video Search, Bing Image Search, Bing Visual Search, Bing Custom Search, Bing Entity Search, Bing Autosuggest, Bing Local Business Search, and Bing Spell Check
Decision. Anomaly Detector, Content Moderator, and Personalizer
An increasing number of these cognitive services can be deployed to intelligent edge devices in containers. As this book was published, services that could be deployed to the edge included parts of Anomaly Detector, Computer Vision, Face, Form Recognizer, LUIS, Personalizer, Speech Service API, and Text Analytics.
Non-Microsoft Components in Azure IoT
Non-Microsoft components are sometimes chosen for deployment in Azure IoT footprints. The reason for taking this approach is often because of preexisting strategies for deployment of other vendors’ components. In such situations, the organization likely made an investment in software development and skills attainment tied to the component. For example, legacy ETL tools such as Informatica or Talend might already be deployed feeding on-premises or cloud-based data warehouses. The scripts that were generated might have been customized to take advantage of extended features in the data management systems that were earlier deployed.
New development using different tools and data management solutions could introduce additional costs and a learning curve. Thus, in the batch layer of the IoT architecture, we might find new development in Azure that utilizes ETL tools and data management solutions from other vendors. For example, we might find relational databases serving as data warehouses that include IBM DB2, MariaDB, MySQL, Oracle, PostgreSQL, or Snowflake.
In the speed layer, Hadoop engines from Cloudera/Hortonworks or MapR might be deployed for similar reasons. NoSQL databases such as Cassandra or MongoDB could also be present.
Note
Azure Stack is Microsoft’s on-premises cloud offering that provides an Azure IaaS environment on specific server and storage configurations built by Microsoft partners such as Dell, HP, Lenovo, and others. You are more likely to find non-Microsoft software components to be part of the IoT footprint here. Deployment of on-premises cloud configurations providing the IoT backend are most often considered when limited networking availability makes connections to an off-site cloud nonviable.
Microsoft also has several IoT platform partners that utilize the IoT Hub to connect their offerings to Microsoft’s Azure IoT footprint. Partners include C3 IoT, OSISoft PI, and PTC ThingWorx. Their IoT solutions sometimes leverage Microsoft data management offerings in Azure such as SQL DB or Azure Postgres. The deployment architectures from these partners typically contain components that overlap in capabilities with Microsoft Azure IoT components providing functionality in areas such as stream analytics, machine learning, and edge services.
IoT SaaS Solutions in Azure
Repeatable IoT solution architectures built upon a common set of Microsoft PaaS components are becoming increasingly common. To speed deployment of such solutions, Microsoft has created IoT Central and solution accelerators. These accelerators can also be used to provide a starting point for understanding components needed in an IoT solution since. Each solution accelerator deployment configures and spins up the necessary cloud-based services required in implementations of remote monitoring, preventive maintenance, and for other IoT solution use cases. The application code is open-sourced through GitHub.
Remote Monitoring. Collects telemetry from remote devices, monitors device condition (presented through a dashboard), and provides firmware and software update provisioning
Connected Factory. Collects telemetry from industrial assets (such as PLCs, industrial barcode readers and scanners, smart meters) based on the OPC UA standard, monitors them and presents metrics in a dashboard, and enables management of the devices
Predictive Maintenance. Predicts when a remote device is about to fail by applying machine learning algorithms to telemetry from those devices and provides a dashboard interface to view device status
Device Simulation. Provides a means to run simulated devices that produce realistic telemetry for testing of the solution accelerators or custom IoT solutions
Some Microsoft partners have leveraged IoT PaaS components to build out their own solutions that are marketed as complete architectures, product suites, and services. Examples include Honeywell’s MAXPRO Cloud providing services for connected buildings, Rockwell Automation’s FactoryTalk for monitoring industrial equipment, Schneider Electric’s Ecostruxure used to optimize energy and water resource utilization, and Siemens’ MindSphere typically deployed in optimizing operations of industrial equipment. Other example solutions where Microsoft Azure is under the covers include connected car offerings offered by some automakers and patient monitoring and diagnosis devices offered by healthcare device manufacturers.
As noted in the introduction to this chapter, IoT solution footprints are sometimes linked to other SaaS-based cloud solutions to provide additional functionality. Microsoft PowerApps can be used to create business logic and workflow needed in custom integration between SaaS applications and IoT backend data sources.
For example, an IoT alert indicating the likely future failure of equipment might trigger a work order in Microsoft Dynamics 365. Using Connected Field Service, the right technician with the right skills can be scheduled and dispatched. They can view information on the anticipated problem and indicate when the problem has been mitigated in Dynamics.
Azure Management and Deployment
We realize that some of you might be new to Azure. In this section, we take a step back to provide a quick introduction to Azure management and deployment considerations. This is a broad topic, and entire books have been written on the subject. Here, we simply hope to highlight some areas that can help you plan your IoT deployment strategy and governance of your Azure environment.
Microsoft describes Azure as a platform built upon trust. Foundation principles for the platform include scalability and performance, manageability, resilience, availability, and security. We’ll touch on these topics in the following subsections.
How you govern your environment and the technology you choose to use is determined by your business strategy and your risk profile. Technology deployment success is dependent on establishing and managing configurations, establishing policies and then monitoring and enforcing compliance, managing costs and resources, and managing security (including identities). In Microsoft documentation, outlining a governance plan for your Azure environment is described as establishing a scaffold.
Subscriptions and Resource Groups
When you utilize Azure, the resources that you consume are allocated to the subscription that you are using. Subscriptions are typically assigned to individual projects, phases in development, or by applications. Multiple subscriptions can be assigned to accounts.
Multiple accounts can be assigned to departments (typically defined by organization or geographic location) that make up your enterprise. These entities should be identified consistent with the naming standards used within your organization. They are managed using the Azure Portal.
Azure subscription hierarchy
Hierarchies can be extended beyond those defined for billing purposes through Azure management groups. Related subscriptions can be grouped together regardless of where they are in the billing hierarchy. Common roles, initiatives, and policies can be defined across subscriptions. In addition, accounts and departments can be nested up to six levels.
The Azure Resource Manager enables the placement of common resources into groups for ease of management and billing. These resource groups typically hold the resources required by applications or other solutions that you deploy. The Azure Resource Manager can be used to enforce policies such as maintaining data sovereignty and privacy or to enable more accurate and explainable billing.
Note
For environment setup, you might also use the Azure Blueprints service. It provides a means of packaging artifacts that include resource groups, Resource Manager templates, policies, and role assignments.
Owners. Possess full access to all resources and can delegate access.
Contributors. Create and manage Azure resources but cannot delegate access to others.
Readers. View Azure resources.
User Access Administrators. Manage user access to Azure resources.
Azure Portal
Azure applications and resource management, deployment, and monitoring are most typically performed through the Azure Portal, a web-based interface. Many management activities can also be executed through the command line interface (CLI) or through Azure PowerShell.
Azure Portal
Dashboard layouts can be customized and published. After publishing, you can share your customized dashboards with others.
Azure Monitor provides tools that collect and analyze performance and availability data for your deployed solutions. Accessible through the Azure Portal, you can use the Azure Monitor interface to set up alerts when specific conditions occur and trigger actions, query and analyze logs, or simply monitor and visualize metrics associated with your cloud resources. Metrics that can be tracked include blocked calls, client errors, data in, data out, latency, server errors, successful calls, total calls, and total errors. Data can be viewed in time segments ranging from the last 24 hours to the last 30 days.
Azure Monitor metrics
Azure Advisor calls attention to best practices recommendations
The Azure Portal also plays a key role in managing the costs of your Azure deployment. During your initial configuration of resources needed for deployment, you will see cost choices clearly spelled out. For example, when deploying data management components, you’ll have a choice of different CPU and memory classes of performance and different storage levels (premium/SSD, hot, cool, and archive).
Note
In addition to costs associated with the operation of Azure resources, you will also accrue costs when data flows out of Azure regions and between different availability zones, peered VNets, and globally peered VNets.
Azure Cost Management analysis of current month costs
Designing for Resiliency and Availability
Resiliency is the ability of a system to recover from failures and continue to function. Availability is the proportion of time that the system is operating normally. Designing to achieve both resiliency and availability is key to meeting service level agreements (SLAs) for the backend of your IoT solution.
Microsoft’s Azure architecture delivers an SLA above 99.9 percent for single virtual machines by default. The platform can take proactive automated action when potential hardware failure is detected, communicates via a Microsoft private network between regions, triple mirrors data, and has other availability design characteristics under the covers.
Azure Backup. A general-purpose backup solution for workflows on virtual machines or servers
Azure Site Recovery. Replication of virtual machines from on Azure region to another
Availability Sets. Virtual machines distributed across multiple isolated cluster nodes providing protection from hardware failures within a data center
Availability Zones. Distribution of virtual machines across multiple physical locations within a region where each location has independent network, cooling, and power
Azure Load Balancer. Distributes traffic according to rules and health
Azure Traffic Manager. Optimal distribution of traffic to services across global regions
Geo-replication for Azure SQL Database. Fast disaster recovery of individual databases during regional or widespread outages
Locally Redundant Storage (LRS). Replication of data to a storage scale unit.
Zone Redundant Storage (ZRS). Synchronous replication of data across three storage clusters in a single region
Geo-redundant Storage (GRS). Replication of data to a secondary region hundreds of miles away from the primary
Comparison of on-premises vs. Azure resiliency responsibilities
Components Configured and Managed by IT | On-Premises Backend | Infra. as a Service (IaaS) | Platform as a Service (PaaS) | Software as a Service (SaaS) |
|---|---|---|---|---|
Database/data HA and DR | X | X | X | X |
Workload/application HA, DR, backup | X | X | X | * |
Virtual machine/OS HA, DR, backup | X | X | X | |
Storage HA, DR, backup | X | X | * | |
Networking HA and DR | X | * | ||
Power/facility HA and DR | X | |||
Data center environment (power, etc.) | X |
Database and data resiliency can be assured through Azure Backup and services provided by Azure PaaS databases. Workload application resiliency can be satisfied using Azure Backup and Azure Site Recovery.
Resiliency of virtual machines and operating systems can be assured through Availability Sets, Azure Backups, and Azure Site Recovery. There is 99.99 percent SLA when two or more VMs are running in separate Availability Zones within a region protecting against data center failures in comparison to a 99.9 percent SLA when just single VMs are deployed.
Storage resiliency can be satisfied through deployment of managed disk in combination with redundant storage. You might choose to configure storage as locally redundant, zone redundant, or geo-redundant depending on the level of resiliency required.
Networking resiliency is achieved through deployment of region pairs that leverage Load Balancer and Availability Zones. Region pairs provide protection for data and applications even in the event of loss of an entire region via geo-redundant storage (GRS) and Azure Site Recovery. Region Pairs and Availability Zones are also key building blocks in providing power and facility resiliency.
Azure Security Considerations
Identity and Access Management. Azure Active Directory, Multifactor Authentication, Role-Based Access Control, and Azure Active Directory Identity Protection
Data Protection. Encryption (disks, storage, SQL), Azure Key Vault, and Confidential Computing
Network Security. VNet, VPN, NSG; Application Gateway (WAF), Azure Firewall; and DDoS Protection Standard, ExpressRoute
Threat Protection. Microsoft Antimalware for Azure and Azure Security Center
Security Management. Azure Log Analytics and Azure Security Center
Azure Security Center is accessible through the Azure Portal and provides a unified security management system for your Azure resources as well as for hybrid workloads. Events collected from agents and Azure are correlated in a security analytics engine, assessing whether your resources are secure. Threat prevention recommendations and threat detection alerts are raised. When those occur, you can take the recommended actions and properly provision the identified resources.
Azure Security Center
When planning security for you Azure-based solutions and designing, deploying, configuring, and managing them, you can get guidance from the Microsoft Trust Center (https://www.microsoft.com/trustcenter). There, you will find how Azure can help you meet compliance standards driven by industry and geographic requirements. You can explore the compliance manager, audit reports that are produced, and other data protection available resources such as whitepapers and documentation.
Microsoft Intelligent Edge
IoT devices gather data through sensors and transmit the data from remote locations to the Azure cloud through networks. These edge devices continue to grow in sophistication and capabilities. Today, many can run analytics and custom business logic at the edge, sometimes even when they are disconnected from the cloud. This edge device software is managed through Azure IoT Edge.
Today’s sophisticated IoT devices feature CPUs, storage, and memory of varying processing power and capacities enabling deployment of operating systems. Microsoft’s device operating system offerings include Azure Sphere (with Linux or real-time operating systems) and Windows 10 IoT. We introduce all of these in this section of the chapter.
Azure IoT Edge
Microsoft’s Azure IoT Edge is comprised of three components: IoT edge runtime environments that run on each device, edge modules that run analytics and your custom logic, and edge cloud interfaces.
The IoT runtime environment runs on devices that support Linux or Windows. It enables software installation and updates on the device, enables secure operations and ensures that the device is operational, reports the health of modules to the cloud, and manages communications to downstream devices, between modules, and to the cloud.
Azure Machine Learning
Azure Cognitive Services
Azure Event Grid
Azure Functions
Azure Stream Analytics
Azure SQL Server
In addition, Microsoft announced a small footprint edge optimized data engine for the IoT Edge in 2019 named Azure SQL Database Edge. It is deployed in a container running on ARM- or x64-based devices that can be connected or disconnected from the Azure IoT backend. You can use this engine to stream, store, and analyze time series data on the device.
The IoT Edge cloud interface enables the creation and configuration of workloads in the cloud that will be run on specific devices. It is also used to provision workloads to the edge devices and monitor the workloads running on the edge devices.
Azure Sphere
Azure Sphere is a secured application environment that can be deployed in edge devices featuring a class of crossover microcontroller units (MCUs) available from Microsoft partners. A custom Microsoft Linux kernel provides a secured operating system for devices and the subset of POSIX functionality needed by some applications. Applications can be run in sandboxed containers on the device.
The Azure Sphere Security Service brokers trust for device-to-device and device-to-cloud communications. It detects emerging threats and can renew device security. Additionally, the Sphere Security Service can automate download and installation of operating system updates and ensure that the device boots only with approved software.
An alternative real-time operating system (RTOS) for these devices was announced when Microsoft acquired Express Logic, the developer of ThreadX RTOS, in 2019. ThreadX had already been deployed on over 6 billion devices including many that are highly constrained (as it requires just 2 KB in instruction area and 1 KB in RAM). The RTOS provides advanced scheduling, secure communications, synchronization, a timer, memory management, and interrupt management facilities. It supports MQTT and can connect directly to the IoT Hub.
Windows 10 IoT
Windows 10 IoT Core. A limited version of Windows 10 for less powerful IoT devices running x86, x64, ARM, or i.MX processors; enables the running of only a single application.
Windows 10 IoT Enterprise. A full version of Windows 10 with additional features enabling the lockdown of IoT devices; available for devices running x86 or x64 processors.
Azure IoT Edge for Windows. A runtime environment that enables deployment of Windows containers on devices running Windows 10 or Windows 10 IoT Core; used to deploy Azure services and custom logic.
Azure IoT Device Agent for Windows. Enables configuration, monitoring, and management of remote IoT devices running Windows 10 from the Azure dashboard.
Robot Operating System for Windows. A version of Windows 10 intended to make development of robotic applications easier; includes intelligent edge capabilities and support for Cognitive Services and hardware-accelerated Windows Machine Learning.
Choosing the Right Component Model
As IoT began to mature, footprints grew in breadth and depth. Early deployments of IoT solution backends relied on IaaS components with custom integration required between them. Diverse management tools were required to manage the entire environment, and support models were highly complex with many vendors involved.
Today, as we’ve illustrated in this chapter, Microsoft has an extensive array of PaaS components in Azure that are more tightly integrated. The PaaS components are all managed through the Azure Portal. Microsoft also provides software that enables critical capabilities required in devices at the edge.
This extensive footprint has enabled the introduction of Microsoft IoT solution sets that provide a starting point for deploying complete solutions. Solution accelerators found in the Azure IoT Central are increasingly featuring characteristics common in SaaS solutions. You will also find that there are many third-party solutions that rely on underlying Microsoft IoT components and are sold as packages with devices.
We’ll continue to see a growing array of more SaaS-like IoT solutions in the future. How you will choose to deploy your IoT footprints will likely be driven by the devices that you purchase to meet your business and technical needs and the support and service offerings of the device or solution vendors.
Given the current diversity of devices and building block approach that is often taken when defining IoT solutions today, you likely need to gain a deeper understanding of the components required beyond the introduction that we provided in this chapter. So, in the next few chapters, we take a further look at many of the Microsoft IoT components deployed in Azure cloud-based backends and at the intelligent edge.