Microsoft talks IoT, security and more at AzureCon

Azure has changed a lot since it was released and keeping track of all the changes is (almost) impossible.

In one of the AzureCon sessions I found a nice overview of the Azure Landscape summarizing almost all of the services that are available at the moment.

Unfortunately this landscape is already out-of-date and is missing some of the services such as Azure Data Lake (private preview), IoT Hub (public preview), IoT Suite (public preview) and others. That said it still gives a nice overview of what the platform is offering as of today and summarize what’s in the landscape.

Today I’ll walk you through some of the announcements made at AzureCon last week and what you can expect from the services.

Azure IoT Hub

One of the most -if not THE most- important aspect of IoT is security. We need to know who is sending data to us, where they are physically located, be able to revoke access, push software updates, and more all at scale. Building this is hard and requires a big investment.

Because of this Microsoft released Azure IoT Hub in public preview, a managed service that enables secure device-to-cloud ingestion & cloud-to-device messaging between millions of devices and the cloud. By using bi-directional communication you are able to send commands from the cloud to your devices.

With IoT Hubs comes a device registry allowing you to store metadata of a device and use a per-device authentication model. When you suspect that a device has gone rogue you simply revoke it in the IoT hub.

Devices can communicate with IoT Hub by using HTTP 1.1 or AMQP 1.0. For those who are new to AMQP, I recommend watching Clemens Vasters’ “AMQP 1.0” video series.

Interested in more?

• Learn how you can manage your devices using IoT Hub & IoT Suite in this article
• Learn how to connect your IoT devices with the Azure IoT libraries here
• Read Clemens Vasters’ whitepaper on Service Assisted Communication
• Learn how IoT Hub is different from Event Hubs in this article
• Learn how you can support additional protocols in this article
• Get an overview of Azure IoT Hub here

Azure IoT Suite

Next to Azure IoT Hub they’ve also released Azure IoT Suite in public preview. This suite is an abstraction layer on top of existing services such as IoT Hub, Stream Analytics, DocumentDb, Event Hubs and others allowing you to focus on your scenario rather than the implementation.

Based on the preconfigured solution you choose, the service will generate all the artifacts in a matter of minutes and you’re ready to go. Once this is completed we can change the configuration, scaling, etc… as we’ve always done through the Azure portal. 
An example of such a preconfigured solution is remote monitoring of your devices in the field.

The suite comes with a management portal with a dashboard that gives you an overview of the telemetry history per device, map with your devices, history of alerts and some gauges showing the humidity. Ofcourse, this is different for each solution you choose to provision.

There is also integrated device management (on top of IoT Hub) but personally I’m glad to see built-in support for rules & actions. This allows us to add business logic to the solution without writing any code!

Microsoft Azure Certified for IoT

As part of this announcement Microsoft also announced the Microsoft Azure Certified for IoT program for devices that are tested and verified to work with the Azure IoT Suite.

We believe that IoT suite would be a very good solution to generate a reference implementation in a quick way that can then be customized for the customer. This would be ideal in prototyping, demos and standard solutions.

Another great thing to note is that all the preconfigured solution from Microsoft are available on GitHub allowing you to customize what you want – The management portal for example. You can find the Remote Monitoring example here.

To take it a step further – It would be great to have the ability to save our reference architecture as a template and re-provision it again later on or share it with our peers.

You can now get started with Azure IoT Suite and provision a solution for you here.

Interested in more?

• Watch an introductory video on Azure IoT Suite here
• Read more about the Microsoft Azure Certified for IoT program here

Azure Container Service

Almost one year ago Docker & Microsoft announced their partnership to drive the adoption of distributed application with containerisation. Since then Microsoft has been working on a Docker Engine for Windows Server, contributed to the Docker ecosystem and containerisation is the next big thing – Works on your machine? Ship your machine!

During AzureCon Microsoft announced the Azure Container Service, a service to easily create & manage clusters of hosts running Docker, Apache Mesos, Mesosphere Marathon & Dockser Swarm. For this Microsoft partnered with Mesosphere, a company building on top of the Apache Mesos project.

While the service is in an early stage you can already deploy a quickstart ARM template that creates a Mesos cluster with Marathon & Swarm for you. Later this year the Azure Container Service will become available for you that will make it even more easy. While the service will be in charge of creating and management of the Azure infrastructure while Docker will stay in charge of running the app code.

Interested in more?

• Learn more about Docker, Azure Container Service & Windows Server containers here
• Read more on Mesosphere and how Mesos powers the service here
• Follow the Docker & Microsoft partnership here
• Learn more about Mesosphere here
• Read more on containers here
• Read the announcement here

Azure Compute Pre-Purchase Plan

As of the 1st of December you will be able to pre-purchase your compute power with the Compute Pre-Purchase Plan. This allows you to reserve predictable workloads, such as development VMs during business hours, and save up to 63% of what you pay today! This will be available in every region.

From my understandings this is a similar offering such as AWS EC2 Reserved Instances, here’s what Amazon is offering.

Azure Security Center

Over the past couple of months we’ve seen services to increase the security of your solutions in Azure – One example of them is Azure Key Vault. If you haven’t heard about it? Read more about it here!

During AzureCon Microsoft added an additional service to build more secure solutions – Azure Security Center. Security center provides a unified dashboard with security information on top of your existing Azure resources. The goal is to get insights of what resources are vulnerable or detect events that were undetected in the past. Next to that the service is also heavily analysing all the data and using Machine Learning to improve the detection system.

An example of this is somebody trying to brute force your VMs. Azure Security Center than tries to determine where the user is located and create awareness around this.

Based on policies you can define the service will also give recommendations to improve the security of your resources. The example for this was that they’ve defined a policy that every Web App should have a firewall configured. This allows the service to detect Web Apps without a firewall and recommend a fix for it.

While the service isn’t publically available yet, you can already request an invite here. Public preview is scheduled for later this year.

Interested in more?

• Read more on what the Azure Security Center offers here
• Learn more about the Azure Security Center in this video
• Learn more about security & compliances in Azure here
• Learn more about Encryption and key management with Azure Key Vault in this video

New SAS capabilities for Azure Storage

After adding support for client-side encryption with Azure Key Vault, the Azure Storage team has extended their security capabilitis with the additions of three features for Shared Access Signatures:

• Account-level SAS tokens – You can now create SAS tokens on the account level leveraging an alternative to storage account keys. This allows you to give a person or application access to manage your account without exposing your account keys. Currently only Blob & File access are supported, Queues & Tables are coming in the next two months
• IP Restrictions – Specify one or a range of IP addresses for your SAS token from which requests are allowed, others will be blocked.
• Protocol – Restrict account & service-level SAS tokens to HTTPS only.

For more information on the new SAS capabilities or other Azure Storage announcements, read the announcement or read about using Shared Access Signatures (SAS) for Azure Storage here.

General availability

During AzureCon several services were announced to become general available in the near future.
Here are some of them :

• Azure HDInsight on Linux
• App Service Environment
• Azure File Storage
• Mobile Engagement
• Azure Backup

They also announced that the regions Central India (Pune), South India (Chennai) & West India (Mumbai) are now available for everyone. Here is the full list of all the supported locations.

Conclusion

These were a ton of announcements of which these were only a few. If you want to read all of them I suggest you go to the official Microsoft Azure blog.

All the sessions of AzureCon are available on-demand on Channel9.

Thanks for reading,

Tom.