Clemens VastersPrincipal Architect, Azure IoT Services

Erich BarnstedtPrincipal Software Engineering Lead, Windows IoT

Sensor to Cloud: Analytics and Integration with OPC UA and Microsoft Azure

Interoperability Principles

Internet

ISP

(Mobile) Network Operators

Personal Environment and Networks

“IoT” - Connected Things

Device

Device

Device

Device

Field Gateway

Cloud Systems

Device

Cloud Gateway

Device

LocalInteraction

MNOGatewa

y

Cloud Portals and APIs

Mobile & WebInteraction

Control System

Analytics

Data Management

Watches, Glasses, Work Tools, Hearing Aids,

Robotic Assistance, …

Homes, Vehicles, Vessels, Factories, Farms,

Oil Platforms, …

Vehicle Fleets, Sea Vessels, LV Smart Grids,

Cattle, …

Local Gateway

Local Portals and APIs

Control System

Analytics

Data Management

KUKA Partner Pod OPC Foundation Partner Pod

Microsoft Azure Cloud

Optional for Redundancy

TwinCAT 3 OPC UA

RaaS Plug-In with OPC UA

FR Kinect Plug-In

FR Cloud RaaS Plug-in

ML

Stream Analytics

OPC UA Cloud Relay

Diagnostic Data Upstream

KUKA RaaS Loop

SIEMENS RFID

Harting RFID

Diagnostic Data Upstream

Booth Visitor Phone/Tablet PAD

Surface 3 Pro with consolidated NMI Beckhoff

SPS

OPC

UA

OPC UA

OPC

UA

Orange Lines – KUKA MxAutomation UDPBlue Lines – Factory-Relay TransportGreen Lines – NMI (Natural Machine Interface = UI of Solution)Black Lines – OPC UAYellow Lines – RFID (AutoID?) protocol

Factory-Relay

Factory-Relay

Factory-Relay

Azure

ServiceBus/EventHubAzure

Se

rviceB

us/E

vent

Hub

HMI 2015

Industrial Core Scenario“Private” / “Public”

+ Cost -

+ Control -

Datacenter (“Cloud”)SiteMachine/System

…

MES

Site Analyti

cs

ERP ERP

CRMAnalytics

Machine Learning

Data Lake…

…

Control

Supervision and Coordination

Analytics and Optimization, Production Data Exchange

Maintenance and Servicing

Networks and Services

Bus• 1 Machine• Physical Access Control• Latency in microseconds

(hard real-time)• Harmonized components• Proprietary protocols• Isolated communication• Scheduled servicing

windows

Local Network and Services• 100s machines• Local and network access

control• Latency <10 ms• Controlled components• Mixed protocols• Difficult to isolate

communication• Scheduled servicing

windows

Internet and Cloud Services• 100,000s of machines• Federated access control• Latency >10 ms• Autonomous components• Open protocols• No isolated communication• No-downtime servicing

Transport and Application Protocols

Bus• Link Layer Wired/Wireless• Ethernet, Industrial Buses• WiFi, 802.11, 802.15.4• BLE, NFC

Local Network and Services• IPv4, IPv6, IP6LoWPAN• IPSec• TCP, UDP• TLS• HTTP, AMQP, MQTT, DDS,

CoAP, SSH, OPC/UA, HART/IP, Ethernet/IP, Profinet, …

Internet and Cloud Services• IPv4, IPv6• TCP• TLS• HTTP, AMQP, MQTT, …

• VPN• GSM, ISM

• If it‘s not secure, it‘s not a solution• STRIDE – Spoofing, Tampering, Information Disclosure, Denial of Service, Elevation of Privilege • Threats are explicitly mitigated or left explicitly unmitigated

• Security dominates Interoperability• There is no communication or interoperability without authentication, authorization, and

protection of the communication path.

• There is no “one way” or “one standard”• Scenarios and their requirements determine the characteristics required for the protocols and

for securing the communication path.

• Complexity loses in the long run • WS-* vs. HTTP/REST, DCOM/CORBA vs, HTTP, XML vs. JSON

• Loose coupling wins in the long run• Temporal coupling, programming languages, type systems, runtime environments, operating

systems

Principles for Interoperability

• What – What Information is being exchanged?• Semantics – Common terminology and conceptual structure, shared

data types, semantic protocols, data flow• Semantic extensibility – platform, system, solution

• Who – Who are the communication partners?• Information – who may access what information under which

conditions?• Commands – who may initiate actions under which conditions?• Auditing – who may or must supervise activities under which

conditions?

• How – How does communication happen?• Networks, protocols, data encoding, encryption• Tenancy and multiplexing

Interoperability – What, Who, How

Security Principles

Policies, Procedures, Guidance

Defense in Depth

Cloud Field Gateways Devices

Physical

Global Network

Identity and Access Control

Application

Data

Physical Physical

Local Network Local Network

EdgeApplication

Data Data

HostHostHost

Data Privacy Protection and Controls

People and Device Identity Federation, Data Attestation

Trustworthy Platform Hardware, Signed Firmware, Secure

Boot/Load

Secure Networks, Transport and Application Protocols,

Segmentation

Tamper/Intrusion Detection Physical Access Security

• Network Security modeled after physical access security

• Segregated networks. Well-defined gates.

• Access control at the network/gateway level.

• Network access sufficient to access assets.

Legacy Network Design Attitude Reality

Device

Device

Device

Device

LocalInteraction

Local Gateway

Local Portals and APIs

Control System

Analytics

Data Management

AuthN/Z

Service Assisted Communication (SAC)

(CG)NATFirewall

Router

Isolated Network

Service Gateway

Client

Port Mapping is automatic, outbound

Device does not actively listen for

unsolicited trafficNo inbound ports

open, attack surface is minimized

Public address, full and well

defendable server platform

Q

Q

Device Identity

Registry/Directory

Connections are device-initiated and

outbound

Non-IP

Field Gateway

Access Control Policies

Industrial Automation

Device

Device

Device

Device

OPC UA Gateway

Cloud Systems

Cloud Gateway

Cloud Portals and APIs

Control System

Analytics

Data Management

Local Gateway

Local Portals and APIs

Control System

Analytics

Data Management

AMQP

OPC/TCP &Fieldbuses

AMQP 1.0 LinkBi-Directional

SecureReliable TransferApplication LevelNo Inbound Ports

Data Flow, Integration, and Analytics

Cloud Based IoT Solutions

Three parts of an IoT solution

1 Device connectivity & management

2 Analytics & operationalized insights

3 Presentation & business connectivity

Easy to provision, use and manage

Pay as you go, scale as you need

Global reach, hyper scale

End to end security & privacy

Azure IoT

Field Gateway

Device Connectivity & Management

IoT Device & Cloud PatternsD

evi

ces

RTO

S, L

inux,

Win

dow

s, A

ndro

id, i

OS

Cloud Gateway

Event Hubs

Field Gateway

Protocol Adaptation

Event Hubs• High scale telemetry ingestion

service• HTTP/AMQP protocol support• Each Event Hub supports

• 1 million publishers• 1GB/s ingress

• Generally available worldwide• 18 Billion messages per day• 60+ TB ingested per day

Field Gateway

Device Connectivity & Management

IoT Device & Cloud PatternsD

evi

ces

RTO

S, L

inux,

Win

dow

s, A

ndro

id, i

OS

Cloud Gateway

Event Hubs

Field Gateway

Protocol Adaptation

Additional IoT Needs• Command & control• Device identity• Device registry• Device management

Coming with the Azure IoT Suite…

Field Gateway

Device Connectivity & Management

IoT Device & Cloud PatternsD

evi

ces

RTO

S, L

inux,

Win

dow

s, A

ndro

id, i

OS

Protocol Adaptation

Cloud Gateway

Event Hubs&IoT Hub

Field Gateway

Protocol Adaptation

IoT Hub• Capability of the Azure IoT Suite• Bi-directional device <-> cloud • Up to 10 million devices• Telemetry ingestion• Command & control• Device registry & identity• Device Management• HTTP/AMQP• Extensible protocol support / MQTT

Field Gateway

Device Connectivity & Management

IoT Device & Cloud PatternsD

evi

ces

RTO

S, L

inux,

Win

dow

s, A

ndro

id, i

OS

Protocol Adaptation

Cloud Gateway

Event Hubs&IoT Hub

Field Gateway

Protocol Adaptation

Cross-Platform Device Support• Open source “agent” framework• Simple, secure device <-> cloud

connectivity & management• RTOS, Linux, Windows, Android, iOS• Easy to use, not required

Cross Platform C Code

OS Abstraction Layer / OS Bindings

C API .NET API Java API Javascript API

Field Gateway

Device Connectivity & Management

Analytics & Operationalized Insights

IoT Device & Cloud PatternsD

evi

ces

RTO

S, L

inux,

Win

dow

s, A

ndro

id, i

OS

Protocol Adaptation

Batch Analytics & Visualizations

Azure HDInsight, AzureML, Power BI,

Azure Data Factory

Hot Path Analytics

Azure Stream Analytics, Azure HDInsight Storm

Hot Path Business Logic

Service Fabric & Actor Framework

Cloud Gateway

Event Hubs&IoT Hub

Field Gateway

Protocol Adaptation

Find insights to• Power new services• Improve your

“things”

Operationalize your insights in real timeIoT Scale Object Models & Business Logic

Field Gateway

Device Connectivity & Management

Analytics & Operationalized Insights

Presentation & Business Connectivity

IoT Device & Cloud PatternsD

evi

ces

RTO

S, L

inux,

Win

dow

s, A

ndro

id, i

OS

Protocol Adaptation

Batch Analytics & Visualizations

Azure HDInsight, AzureML, Power BI,

Azure Data Factory

Hot Path Analytics

Azure Stream Analytics, Azure HDInsight Storm

Presentation &

Business Connectivity

App Service, Websites

Dynamics, BizTalk Services, Notification Hubs

Hot Path Business Logic

Service Fabric & Actor Framework

Cloud Gateway

Event Hubs&IoT Hub

Field Gateway

Protocol Adaptation

Microsoft Azure IoT services

Devices Device Connectivity Storage Analytics Presentation & Action

Event Hubs SQL Database Machine Learning App Service

Service Bus Table/Blob Storage

Stream Analytics Power BI

External Data Sources DocumentDB HDInsight Notification

Hubs

External Data Sources Data Factory Mobile

Services

BizTalk Services

{ }

insider.windows.com

One Product FamilyOne PlatformOne Store

Platform Convergence Journey

Windows Embedded Handheld 6.5

Windows Embedded 8 Handheld

Windows Embedded 8.1 Handheld

Windows Embedded 8

Windows on Devices

Windows Embedded Standard 8

Windows Embedded 8.1

ConvergedOS kernel

Convergedapp model

Windows Embedded Standard 7

Windows Embedded Compact 7

Windows 10

Windows Embedded Compact 2013

Porting Tools

Windows 10 IoT Editions

“For Industry Devices”

Based on a Desktop SKUDesktop Shell, Win32 apps

1 GB RAM, 16 GB Storage“For Mobile Devices”

Based on a Mobile SKUModern Shell

Mobile Chassis requirement

512 MB RAM, 4 GB storage

Windows 10 IoT CoreDedicated devices

No Shell/Store/MS Apps

256MB RAM, 2GB storage

Universal Apps

Requires desktop or desktop apps– Win32, .NET, WPF, etc. ?

Requires a Shell experience, multiple applications, Windows first-party

applications, or mobile voice?

Otherwise

Commercial Device Opportunities withWindows 10 IoT Core

Thin Client

Zero ClientUltra Thin

Client

Digital Sign / Kiosk

Micro KioskSimple

Digital Sign

IoT Gateway

Industrial Gateway

Smart Home

Gateway

$0 Royalty cost to device builders

Windows Universal App Platform

Windows Universal PlatformCommon & Consistent APIs

Converged APIs, write ONE Universal App and target all Windows 10 editions• Scale and get higher ROI by selling same App to all Windows 10 editions OEMs/ODMSs• Reuse existing development skills

Languages• C++ /CX• C#, VB• JS• Python• Node.js

APIs• WinRT• Win32• .NET• Wiring

Deployment and Execution• APPX• XCopy• App Isolation

UI Frameworks• HTML• Xaml• DirectX

Tools• Visual Studio• PowerShell

Windows Universal Driver Platform

Windows Universal PlatformCommon & Consistent Device Driver APIs

WDFAudio

BluetoothBuses (USB, SPB)

HID(Retail), ButtonsCamera

Graphics & Display

LocationNetworking - WiredNetworking - WLANSecurity - Biometrics

Security - CryptoSecurity - Smartcard

Security - TPM

NFCSensorsThermal

TouchUEFI

Video

• We scanned over 100k drivers to create a universal driver API set

Demo• OPC-UA Server based on ANSI C Stack• Only 1 source file required modification (Cryptography API: Next

Generation)

• Running on Windows 10 IoT Core• Investigating Universal Windows Platform

(UWP) version• Porting from .Net Stack currently available

• https://opcfoundation.org/developer-tools/developer-kits-unified-architecture

ANDREAS SCHIERENBECKCEOTHYSSEN KRUPP ELEVATORS

“We wanted to go beyond the industry standard of preventative maintenance, to offer predictive and even preemptive maintenance, so we can guarantee a higher uptime percentage on our elevators.”

Create the Internet of Your Things

Mine Data Take ActionConnect Assets

Connect assets and process data• Connect to

heterogeneous devices

• Log millions of events per second in near real time

• Process data from devices with variable load profiles

Comprehensive technology

Event Hubs | Heterogeneous client agents

Mine data to produce insights• Uncover real-time

insights from streaming data and events

• Process unstructured and semi-structured data to uncover new business possibilities

• Predict future outcomes by combining live data with historical data

Stream Analytics | Machine Learning | HDInsight | Storage options

Comprehensive technology

Mine Data Take ActionConnect Assets

Act on the data and insights to realize results• Deploy at scale IoT

dashboards

• Notify users on any platform

• Leverage decision support tools to spot risks and opportunities at a glance

Comprehensive technology

Azure Websites & Mobile Services | Notification Hubs | Power BI

Mine Data Take ActionConnect Assets

Thank You!The Internet of Things starts with your things

Build on the infrastructure you already have

Add more devices to the ones you already own

Get more from the data that already exists

Stop just running your business. Start making it thrive. Start realizing the potential of the Internet of Your Things.