Стас Павлов «Построение безопасной архитектуры IoT решений на примере Azure IoT референсной архитектуры»

Transcript

1. Microsoft Confidential

2. From endpoint to insight to action, across the enterprise, and

   around the world Built on the industry’s leading cloud Recognized as a leader in Business Intelligence and Analytics Platforms Recognized as a the leading visionary for Internet of Things platforms Secure End-to-end From the endpoint, through the connection, to data, applications, and the cloud Open Connect anything Any device, OS, data source, software, or service Scalable Grow effortlessly Millions of devices, terabytes of data, on-premises, in the cloud, in the most regions worldwide Fast Start in minutes Preconfigured solutions for the most common IoT scenarios Insights Action Things Control

3. Field Gateway Device Connectivity and Management Devices RTOS, Linux, Windows,

   Android, iOS Cloud Gateway Event Hubs Field Gateway Protocol Adaptation

4. Field Gateway Device Connectivity and Management Devices RTOS, Linux, Windows,

   Android, iOS Cloud Gateway Event Hubs Field Gateway Protocol Adaptation IoT Hub

5. Field Gateway Device Connectivity and Management Devices RTOS, Linux, Windows,

   Android, iOS Protocol Adaptation Cloud Gateway Event Hubs and IoT Hub Field Gateway Protocol Adaptation IoT Hub

6. Field Gateway Device connectivity and management Devices RTOS, Linux, Windows,

   Android, iOS Protocol Adaptation Cloud Gateway Event Hubs and IoT Hub Field Gateway Protocol Adaptation Cross Platform C Code OS abstraction layer/OS bindings C API .NET API Java API Javascript API IoT Hub

7. Field Gateway Device connectivity and management Analytics and operationalized insights

   Devices RTOS, Linux, Windows, Android, iOS Protocol Adaptation Batch Analytics and Visualizations Azure HDInsight, AzureML, Power BI, Azure Data Factory, Azure Data Lake Hot Path Analytics Azure Stream Analytics, Azure HDInsight Storm Hot Path Business Logic Service Fabric and Actor Framework Cloud Gateway Event Hubs and IoT Hub Field Gateway Protocol Adaptation IoT Hub

8. Field Gateway Device connectivity and management Analytics and operationalized insights

   Presentation and business connectivity Devices RTOS, Linux, Windows, Android, iOS Protocol Adaptation Batch Analytics and Visualizations Azure HDInsight, AzureML, Power BI, Azure Data Factory, Azure Data Lake Hot Path Analytics Azure Stream Analytics, Azure HDInsight Storm Presentation and Business Connectivity App Service, Websites Dynamics, BizTalk Services, Notification Hubs Hot Path Business Logic Service Fabric and Actor Framework Cloud Gateway Event Hubs and IoT Hub Field Gateway Protocol Adaptation IoT Hub

9. Devices Device connectivity Storage Analytics Presentation and action Event Hubs

   SQL Database Machine Learning App Service Service Bus Table/Blob Storage Stream Analytics Power BI External Data Sources DocumentDB HDInsight Notification Hubs IoT Hub External Data Sources Data Factory Data Lake Mobile Services BizTalk Services { }

10. Device Management Portal Provisioning API Identity and Registry Stores Stream

    Event Processor Analytics/ Machine Learning Data Visualization and Presentation Device State Store (last known state) Field Gateway Azure IoT services reference architecture Storage IP capable devices Legacy IOT devices Low power devices Device and Event Processing Data Transport Devices and Data Sources Azure Event Hubs and Service Bus Agent Agent

11. Device Device Environment Field Gateway Cloud Gateway Services

12. Device Field Gateway Cloud Gateway Services 2.3.1.1 2.3.1.2 2.3.1.3 2.3.1.4

    2.3.1.5 2.3.2.1 2.3.2.2 2.3.3.3 2.3.3.1 2.3.3.2 2.3.2.2 2.3.3.3 equiv. 2.3.1.4 2.3.4.3 2.3.1 Device Environment 2.3.1.1 Physical Interference 2.3.1.2 Direct Control Surfaces 2.3.1.3 Intermediated Control Surfaces 2.3.1.4 Peered Controllers (wired and wireless) 2.3.1.5 Broadcast and multicast (wired and wireless) 2.3.2 Field Gateway 2.3.2.1 Device to Field Gateway 2.3.2.2 Controllers to Field Gateway 2.3.3 Cloud Gateway 2.3.3.1 Device to Cloud Gateway 2.3.3.2 Field Gateway to Cloud Gateway 2.3.3.3 Controller to Cloud Gateway 2.3.4 Service 2.3.4.1 Service to Field Gateway 2.3.4.2 Service to Cloud Gateway 2.3.4.3 Controller to Service

13. Azure IoT services Microsoft Azure IoT Suite Azure IoT Suite

    Predictive maintenance Remote monitoring Asset management And more… Addresses common scenarios: Enables you to Mine data Take action Connect assets M o n i t o r i n g

14. Elements of Azure IoT Suite 1.Connect and Manage Devices &

    Gateways Gateway & Devices Preconfigured solutions Connect and control 2. Analyze streaming data & Generate predictive insights* Real time analytics Predictive analytics* Data visualization 3. Integrate into business systems Workflow integration Push and broadcast notifications ID and access management 4. Secure IoT Infrastructure 5. Customize IoT Architecture * Only applies to Predictive Maintenance

15. Elements of Azure IoT Suite 1.Connect and Manage Devices &

    Gateways Gateway & Devices Preconfigured solutions Connect and control 2. Analyze streaming data & Generate predictive insights* Real time analytics Predictive analytics* Data visualization 3. Integrate into business systems Workflow integration Push and broadcast notifications ID and access management 4. Secure IoT Infrastructure 5. Customize IoT Architecture * Only applies to Predictive Maintenance

16. IoT Security

17. Why securing Internet of Things is hard Information Technology Operational

    Technology System of Systems

18. Why securing Internet of Things is hard Information Technology Specialists

    Hardware Device Specialists System of Systems

19. The evolution of attacks Volume and Impact Script Kiddies BLASTER,

    SLAMMER Motive: Mischief 2003-2004

20. 2005-PRESENT Organized Crime RANSOMWARE, CLICK-FRAUD, IDENTITY THEFT Motive: Profit Script

    Kiddies BLASTER, SLAMMER Motive: Mischief 2003-2004 The evolution of attacks

21. 2005-PRESENT Organized Crime RANSOMWARE, CLICK-FRAUD, IDENTITY THEFT Motive: Profit Script

    Kiddies BLASTER, SLAMMER Motive: Mischief 2012 - Beyond Nation States, Activists, Terror Groups BRAZEN, COMPLEX, PERSISTENT Motives: IP Theft, Damage, Disruption 2003-2004 The evolution of attacks

22. Trustworthy Internet of Things Trustworthy IoT Security Privacy Reliability Safety

    Environment Threats System faults Human errors

23. Azure IoT Suite security features Device security Connection security Cloud

    security Securely connect millions of devices . . . Over a secure internet connection . . . To Microsoft Azure – built with security from the ground up

24. Defense in depth – Important roles IoT solution operator IoT

    solution deployer IoT cloud and solution provider IoT solution developer IoT hardware manufacturer and integrator

25. Elements of Azure IoT Suite 1.Connect and Manage Devices &

    Gateways Gateway & Devices Preconfigured solutions Connect and control 2. Analyze streaming data & Generate predictive insights* Real time analytics Predictive analytics* Data visualization 3. Integrate into business systems Workflow integration Push and broadcast notifications ID and access management 4. Secure IoT Infrastructure 5. Customize IoT Architecture * Only applies to Predictive Maintenance

26. © 2017 Microsoft Corporation. All rights reserved. Microsoft, Windows, and

    other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.