At RSA we announced the preview of Azure Sphere, a new solution for creating highly-secured, connected MCU powered devices. Azure Sphere creates an exciting opportunity for device manufacturers to light up their devices with new connected experiences without compromising on security.
As we began looking closer at these MCU powered devices, and the security implications of their ubiquitous connectivity, we identified Seven Properties of Highly-Secure Devices that are required to ensure that this new category of connected devices are secured. Azure Sphere is an embodiment of these seven properties. The Azure Sphere solution includes three components that combine the best of Microsoft’s expertise in cloud, software, and device hardware—resulting in a secured platform that starts in the silicon and extends to the cloud. Together, Azure Sphere certified MCUs, Azure Sphere secured operating system (OS), and our turnkey cloud security service, provide you with the confidence and the power to reimagine your business and create the future.
Modernizing the MCU development experience with Visual Studio Tools
As you imagine the possibilities that these connected experiences bring, you might wonder what tools are used to create them. When looking at the landscape of MCU development options, we knew we needed to deliver a better experience, which is why we developed Visual Studio Tools for Azure Sphere. These development tools are important for a few reasons.
- They simplify and accelerate the experience of developing applications for MCUs, making things like debugging easier than ever, so you can bring experiences to market faster.
- Visual Studio enables teams to use version control to be agile and collaborate efficiently on Azure Sphere applications. Teams can manage source control in Git repos hosted on any provider, including GitHub or Visual Studio Team Services.
- For companies using Azure for their cloud services (not a requirement, by the way), you can connect your Azure Sphere devices quickly and easily to Azure.
Azure Sphere Application Development Experience
To develop for Azure Sphere with Visual Studio 2017 (Community, Professional, or Enterprise) you will also need the Visual Studio Extension for Azure Sphere. This adds new application templates to Visual Studio which you can use as the starting point for your application as well as SDK tooling for building and deploying your applications to Azure Sphere devices.
As an application developer using Visual Studio some of the concepts described below are somewhat hidden from you, so here’s your chance to look under the covers.
Let’s start with a view of what an Azure Sphere application is:
You will write your application logic in C, using APIs that are provided by the Azure Sphere SDK, this is compiled into your application binary using GCC. As part of the build process, tools that are part of the Azure Sphere SDK are used to generate a signed .imagepackage file that will be deployed to your development board, or through the Azure Sphere security service for Over The Air (OTA) deployment.
The .imagepackage file contains the application binary, and an application manifest. The manifest contains the list of resources that the application developer has declared that the application uses. This manifest file is used by the operating system to enforce resource access on behalf of the application. This is just one aspect of how the operating system enables defense in depth for Azure Sphere applications. For example, by declaring your endpoints in the ‘AllowedConnections’ parameter the operating system ensures your application can only connect to those endpoints. This defense in depth extends to hardware access as well. Attempts to access a resource that has not been declared will be denied, for example, accessing a GPIO pin that has not been declared.
Here’s an example of the application manifest where GPIO 8 has been declared.
The Azure Sphere SDK includes APIs to make it easy for developers to use platform features such as GPIOs, UARTs, network status, etc., and board specific features such as LEDs and buttons.
The edit, build, deploy, and debug cycle is identical to developing other application types in Visual Studio, the only difference is that the application is deployed to a USB connected Azure Sphere development board.
Below is a screenshot of Visual Studio actively debugging an Azure Sphere application.
Connecting to Azure IoT
As part of the development experience we are making it easy for you to connect to Azure IoT Hub/Central. Within Visual Studio you can enumerate the Azure IoT Hubs that are part of your Azure subscription and select a device within a given IoT Hub to connect to (if you don’t have any IoT Hubs/devices within your subscription the tools make it easy to create both). Once an IoT Hub/device is chosen the appropriate helper libraries and code are added to your project, you simply need to call into the appropriate functions.
While the process of connecting an Azure Sphere device to Azure IoT Hub/Central is simple, you can also connect to other web services running online or on-prem using a library such as Curl.
Come by and see us at Microsoft Build
I hope this has helped you understand more about Azure Sphere applications, how they interact with OS for improved security, and the upcoming development experience in Visual Studio.
If you’re attending Build this week, be sure to stop by the booth to meet our team. We have lots of great demos to share, as well as breakout sessions and workshops that will give you hands on experience with creating applications for Azure Sphere.
The Azure Sphere development kits, from Seeed Studio, will include everything you need to get started prototyping and developing Azure Sphere applications. Visit the Azure Sphere website to pre-order yours today and be among the first in line when they’re available in the coming months.