Стас Павлов «Построение безопасной архитектуры iot...
TRANSCRIPT
Microsoft Confidential
From endpoint to insight to action, across the enterprise, and around the world
Built on the industry’s leading cloud
Recognized as a leader in Business Intelligence and Analytics PlatformsRecognized as a the leading visionary for Internet of Things platforms
SecureEnd-to-end
From the endpoint, through the
connection, to data, applications,
and the cloud
OpenConnect anything
Any device, OS, data source,
software, or service
ScalableGrow effortlessly
Millions of devices, terabytes of
data, on-premises, in the cloud,
in the most regions worldwide
FastStart in minutes
Preconfigured solutions for the
most common IoT scenarios
Insights ActionThings Control
Field Gateway
Device
Connectivity and Management
Dev
ices
RTO
S, L
inu
x, W
ind
ow
s, A
nd
roid
, iO
S
Cloud Gateway
Event Hubs
Field Gateway
Protocol Adaptation
Field Gateway
Device
Connectivity and Management
Dev
ices
RTO
S, L
inu
x, W
ind
ow
s, A
nd
roid
, iO
S
Cloud Gateway
Event Hubs
Field Gateway
Protocol Adaptation
IoT Hub
Field Gateway
Device
Connectivity and Management
Dev
ices
RTO
S, L
inu
x, W
ind
ow
s, A
nd
roid
, iO
S
Protocol Adaptation
Cloud Gateway
Event HubsandIoT Hub
Field Gateway
Protocol Adaptation
IoT Hub
Field Gateway
Device
connectivity and management
Dev
ices
RTO
S, L
inu
x, W
ind
ow
s, A
nd
roid
, iO
S
Protocol Adaptation
Cloud Gateway
Event HubsandIoT Hub
Field Gateway
Protocol Adaptation
Cross Platform C Code
OS abstraction layer/OS bindings
C API .NET API Java API Javascript API
IoT Hub
Field Gateway
Device
connectivity and management
Analytics and
operationalized insights
Dev
ices
RTO
S, L
inu
x, W
ind
ow
s, A
nd
roid
, iO
S
Protocol Adaptation
Batch Analytics and Visualizations
Azure HDInsight, AzureML, Power BI,
Azure Data Factory, Azure Data Lake
Hot Path Analytics
Azure Stream Analytics, Azure HDInsight Storm
Hot Path Business Logic
Service Fabric and Actor Framework
Cloud Gateway
Event HubsandIoT Hub
Field Gateway
Protocol Adaptation
IoT Hub
Field Gateway
Device
connectivity and management
Analytics and
operationalized insights
Presentation and
business connectivity
Dev
ices
RTO
S, L
inu
x, W
ind
ow
s, A
nd
roid
, iO
S
Protocol Adaptation
Batch Analytics and Visualizations
Azure HDInsight, AzureML, Power BI,
Azure Data Factory, Azure Data Lake
Hot Path Analytics
Azure Stream Analytics, Azure HDInsight Storm
Presentation and
Business Connectivity
App Service, Websites
Dynamics, BizTalk Services, Notification Hubs
Hot Path Business Logic
Service Fabric and Actor Framework
Cloud Gateway
Event HubsandIoT Hub
Field Gateway
Protocol Adaptation
IoT Hub
Devices Device connectivity Storage AnalyticsPresentation and
action
Event Hubs SQL DatabaseMachine
LearningApp Service
Service BusTable/Blob
Storage
Stream
AnalyticsPower BI
External Data
SourcesDocumentDB HDInsight
Notification
Hubs
IoT HubExternal Data
Sources
Data Factory
Data LakeMobile Services
BizTalk Services
{ }
Device Management PortalProvisioning API
Identity and Registry Stores
Stream Event Processor
Analytics/
Machine
Learning
Data Visualization
and Presentation
Device State Store (last known state)
Field
Gateway
Azure IoT services reference architecture
Storage
IP capable
devices
Legacy IOT
devices
Low power
devices
Device and Event ProcessingData TransportDevices and Data Sources
Azure
Event
Hubs
and
Service
Bus
Agent
Agent
Device
Device Environment
Field Gateway
Cloud Gateway
Services
Device
Field Gateway
Cloud Gateway
Services
2.3.1.1
2.3.1.2
2.3.1.3
2.3.1.4
2.3.1.5
2.3.2.1
2.3.2.2
2.3.3.3
2.3.3.12.3.3.2
2.3.2.2 2.3.3.3
equiv. 2.3.1.4
2.3.4.3
2.3.1 Device Environment
2.3.1.1 Physical Interference
2.3.1.2 Direct Control Surfaces
2.3.1.3 Intermediated Control Surfaces
2.3.1.4 Peered Controllers (wired and wireless)
2.3.1.5 Broadcast and multicast (wired and wireless)
2.3.2 Field Gateway
2.3.2.1 Device to Field Gateway
2.3.2.2 Controllers to Field Gateway
2.3.3 Cloud Gateway
2.3.3.1 Device to Cloud Gateway
2.3.3.2 Field Gateway to Cloud Gateway
2.3.3.3 Controller to Cloud Gateway
2.3.4 Service
2.3.4.1 Service to Field Gateway
2.3.4.2 Service to Cloud Gateway
2.3.4.3 Controller to Service
Azure IoT services
Microsoft Azure IoT Suite
Azure IoT Suite
Predictive maintenanceRemote monitoring Asset management
And more…
Addressescommon scenarios:
Enables you to Mine data Take actionConnect assets
M o n i t o r i n g
Elements of Azure IoT Suite
1.Connect and Manage
Devices & Gateways
Gateway & Devices
Preconfigured solutions
Connect and control
2. Analyze streaming data &
Generate predictive insights*
Real time analytics
Predictive analytics*
Data visualization
3. Integrate into business
systems
Workflow integration
Push and broadcast
notifications
ID and access
management
4. Secure IoT Infrastructure
5. Customize IoT Architecture
* Only applies to Predictive Maintenance
Elements of Azure IoT Suite
1.Connect and Manage
Devices & Gateways
Gateway & Devices
Preconfigured solutions
Connect and control
2. Analyze streaming data &
Generate predictive insights*
Real time analytics
Predictive analytics*
Data visualization
3. Integrate into business
systems
Workflow integration
Push and broadcast
notifications
ID and access
management
4. Secure IoT Infrastructure
5. Customize IoT Architecture
* Only applies to Predictive Maintenance
IoT Security
Why securing Internet of Things is hard
Information
Technology
Operational
Technology
System of Systems
Why securing Internet of Things is hard
Information
Technology
Specialists
Hardware
Device
Specialists
System of Systems
The evolution of attacks
Volume and Impact
Script Kiddies
BLASTER, SLAMMER
Motive: Mischief
2003-2004
2005-PRESENT
Organized Crime
RANSOMWARE, CLICK-FRAUD,
IDENTITY THEFT
Motive: Profit
Script Kiddies
BLASTER, SLAMMER
Motive: Mischief
2003-2004
The evolution of attacks
2005-PRESENT
Organized Crime
RANSOMWARE, CLICK-FRAUD,
IDENTITY THEFT
Motive: Profit
Script Kiddies
BLASTER, SLAMMER
Motive: Mischief
2012 - Beyond
Nation States, Activists,
Terror Groups
BRAZEN, COMPLEX,
PERSISTENT
Motives:IP Theft,Damage,
Disruption
2003-2004
The evolution of attacks
Trustworthy Internet of Things
Trustworthy
IoT
Security Privacy
Reliability Safety
Environment Threats
System faults
Human errors
Azure IoT Suite security features
Device security Connection security Cloud security
Securely connect millions of devices . . .
Over a secure internet connection . . .
To Microsoft Azure – built with security from the ground up
Defense in depth – Important roles
IoT solution operator
IoT solution deployer
IoT cloud and solution provider
IoT solution developer
IoT hardware manufacturer and integrator
Elements of Azure IoT Suite
1.Connect and Manage
Devices & Gateways
Gateway & Devices
Preconfigured solutions
Connect and control
2. Analyze streaming data &
Generate predictive insights*
Real time analytics
Predictive analytics*
Data visualization
3. Integrate into business
systems
Workflow integration
Push and broadcast
notifications
ID and access
management
4. Secure IoT Infrastructure
5. Customize IoT Architecture
* Only applies to Predictive Maintenance
© 2017 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.