Microsoft Calls On Linux for Its New IoT Security Platform

By Jack M. Germain
Apr 22, 2018 5:00 AM PT

Microsoft has opted to use its own version of a Linux operating system instead of Windows 10 to drive its new Azure Sphere solution for securely connecting Internet of Things devices.

Microsoft introduced Azure Sphere last week at the RSA security conference in San Francisco.

Azure Sphere is a platform that connects microcontroller units, or MCUs, embedded in cloud-connected devices. The platform operates a new cross-over class of MCUs that incorporate real-time and application processors with built-in Microsoft security technology and connectivity.

Each chip includes custom silicon security technology that Microsoft developed. The new Azure Sphere-certified chips are based on the company’s 15 years of experience with Xbox, to secure this new class of MCUs and the devices they power, according to Microsoft.

The Azure Sphere OS is a custom built version of the open source Linux operating system.

“After 43 years, this is the first day that we are announcing — and will be distributing — a custom Linux kernel,” said Microsoft President Brad Smith.

The decision to bypass its own Windows 10 OS in favor of open source technology is a good rationale for Microsoft, said Patrick Moorhead, principal analyst at Moor Insights & Strategy.

“I believe Microsoft had to choose between shoehorning Windows IoT Core into an MCU form factor or develop a custom Linux kernel,” he told LinuxInsider. “IoT Core reshaping obviously took too much time and effort to hit a designated date.”

Deep Security

The Azure Sphere platform promises five times the performance of standard MCUs, according to Microsoft. It is a crossover chip that combines the benefits of ARM-based Cortex-A and Cortex-M processor cores.

The new chip includes the company’s Pluton security subsystem and built-in network connectivity, along with a real-time processor, an application processor, memory, flash and more.

Microsoft’s Azure Sphere is a four-layer platform with a security monitor on the deepest level. On top of that are the custom Linux kernel, on-chip connectivity services and secured application containers.

The operating system is backed by Microsoft’s Azure Sphere Security Service in the cloud, which guarantees certificate-based authentication, genuine software and automated updates.

Open Source Benefits

Azure Sphere is open to additional software innovation by the open source community, according to Microsoft. It also is compatible with any cloud, not just Microsoft’s Azure-branded platform. Even more, the chip design can be used by any manufacturer absolutely free.

Sphere’s open source foundation “marks a significant strategic departure for Microsoft and also indicates the path that the company believes will lead it into a new era and toward still-evolving commercial opportunities,” said Charles King, principal analyst at Pund-IT.

Rather than contorting Windows 10 into doing something probably beyond its design strengths, taking the open source route is a good rationale for Microsoft, he told LinuxInsider.

Windows was designed as a multipurpose OS capable of supporting a wide range of applications and system functions, King pointed out.

“By contrast, IoT devices are far more limited in terms of size, scope and functionality,” he said, “so it made more sense for the company to pursue an entirely new initiative rather than trying to develop a scaled-down version of Windows.”

That effort also allows Microsoft to bind Sphere closely to its Azure cloud platform, which is central to its IoT strategy, King said.

Assorted Strengths

Sphere’s greatest strengths are its embedded, silicon-level security functions and the associated Azure Sphere Security Service, which rest on the robust security features Microsoft developed for Windows and Xbox solutions, noted King.

Sphere’s biggest strength, in the view of Moor Insights’ Moorhead, is being more than a bag of parts from many different companies. It is a full solution, including hardware, operating system and cloud security.

“This, then, can be used with Azure IoT app services so customers have an end-to-end platform without having to cobble it together,” Moor said.

Community Response

Reactions vary as to the significance of Microsoft’s decision to build its security platform for IoT on a custom Linux kernel.

“It’s a huge deal, but not unexpected,” said Moor. “Microsoft has embraced many open source initiatives, but to productize it is a big deal.”

The decision has more symbolic than practical significance, according to King.

Microsoft’s interactions with Linux and other open source projects and communities are far more mature and sensible today than they ever have been in the past, he reasoned.

“That fundamental change in attitude — along with previous, vigorous efforts by the company — have prepared the ground for Azure Sphere. That said, the move also reflects a recognition within the company that numerous developers and developer communities are more actively engaged in open source than Windows-related efforts,” King said.

If Microsoft wants to maximize its IoT opportunities, Linux will provide a far larger net than Windows, he concluded.

Microsoft’s use of a custom Linux kernel is telling in several ways, according to Xaptum CMO Brian Gratch and VP of Product David Bild.

The significance can be broken down into three key developments, they told LinuxInsider:

  1. Microsoft has admitted that Windows is not suitable for IoT, which is an acknowledgment that Linux optimized for IoT is needed in this space.
  2. Microsoft has committed to be an active member of the Linux community by maintaining a custom kernel and keeping it fresh and widely available.
  3. Security is paramount in IoT, and the Linux kernel plays well into an IoT network-based security model that secures the complete transit of data from the device. In this case, the transit is to applications sitting in the Azure cloud.

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open source technologies. He has written numerous reviews of Linux distros and other open source software.
Email Jack.

You Might Also Like