Azure Sphere: Professional grade IOT with services of unknown longevity or long term financial costs.

Azure Sphere is another example of  how vendors can create great end to end solutions. Time will tell if it will become another cautionary tale about vendor lock in and corporate attention spans.

Why Azure Sphere?

Azure Sphere is an end-to-end IOT platform to build applications, deploy them, manage them, securely communicate with them and and remotely update them.

Microsoft spent the last few years learning the complexity of building and running secure IOT environments. The continual stream of IOT device hacks and attacks shows that building and running secure, scale-able IOT clouds is beyond the capabilities of many companies. Azure Sphere simplifies this by pushing some of the responsibilities onto Microsoft itself. Azure 

Microsoft's Software Effort 

Microsoft is putting in a real effort create a professional grade IOT ecosystem with their Azure Sphere project. They have built a hardware and software platform where security and cloud integration are first class citizens. Positive design points include:

  • Secure devices with program zone isolation and an over-the-air (OTA) update and automatic security patching.
  • A well managed IOT device cloud with a ground up tenant architecture and domain integration. Active Directory integration.
  • A development environment with tight VSCode integration.
  • 3rd Party IOT integration and native development APIs
  • Well integrated IOT friendly cloud services and run-time APIs that simplify end to end integration.

Hardware and Devices

Microsoft designed a multi-CPU, responsibility partitioned, hardware platform. that contained standard CPUs, real-time CPUs communications components and support for various IO modules.. Microsoft build and maintain the underlying O/S kernel and specifies the type of hardware it supports. The devices includes network connectivity in order to communicate with the cloud. Devices are permanently bound to an organization and tenant structure.  This cannot be changed or adjusted either by black-hat hackers or the owning corporation.

Assumed Risk

Azure Sphere promises a rich secure platform with integrated services completely bound to Azure services. The development environment, fleet operations, device patching and fleet management are all based on proprietary Microsoft products with no exit strategy.  Companies on Azure balance this promise against the risks and service termination and unbounded cost increases. Problems include:
  • Loss of mind-share. Azure Sphere is one re-org away from ceasing to exist. Azure Sphere is a rounding error on Microsoft's revenue stream.  It is a small platform that may never become large enough to meaningfully contribute to Microsoft's bottom line.
  • Services can be turned off at any time with no recourse.  Many IOT COTS products are no longer useful because the creating companies have dropped support or changed directions. Microsoft has turned off services rendering the dependent platforms unusable as designed. Xbox Fitness users can tell you what it is like to have a device/program where the backend services have been turned off.
  • Future costs are unknown and possibly unbounded. Azure Sphere devices cannot be migrated to other hosting environments leaving little negotiation leverage.  Imagine giving a different vendor, like Oracle, this kind of power. 
  • New or appropriate hardware may never arrive. The ability to buy improved hardware depends on the success of this new platform. History does not pay a pretty picture. Windows Phone and .Net Netduino are two platforms that stopped producing new and improved hardware within only a few short years.

Reasonable Approaches

  1. Use an open source platform. Way more build-your-own with lest vendor lock in. None of them are as focused on security as well as Azure Sphere
  2. Prototype, test and PoC with Azure IOT. Then decided if security and the automated platform management valuable enough for up to 10-20 years of vendor lock in.

Not Google and Not Oracle

The good news is that Azure Sphere is built by neither Google nor Oracle.  

Comments

  1. Joe, nice take on this. If you are building your own, I would look to Apache NiFi/MiniFi originally designed by NSA and now supported by Cloudera and a significant portion of the original NSA team. It is software only but it does contain a layer to update the agents on the IOT devices. Since it is open source, it is extensible.
    Michael I Lazar

    ReplyDelete

Post a Comment

Popular posts from this blog

Understanding your WSL2 RAM and swap - Changing the default 50%-25%

Installing the RNDIS driver on Windows 11 to use USB Raspberry Pi as network attached

DNS for Azure Point to Site (P2S) VPN - getting the internal IPs