Windows 10 for IoT solutions Dmitry Teteruk Cloud Solution Architect Kolding June 12, 2018 #IoTinActionMS
Core aspects of the Internet of Things Devices Analytics Data Connectivity
EDGE AND CLOUD COMPUTING DRIVE IOT Need a cohesive computing environment Security is a major concern Devices need versatile connectivity SUCCESSFUL IOT SOLUTIONS DEMAND ROBUST EDGE COMPUTING CAPABILITIES T H E R E I S A S H I F T I N G B A L A N C E B E T W E E N E D G E C O M P U T I N G A N D C L O U D C O M P U T I N G - A B I R E S E A R C H
Microsoft Windows 10 IoT Enterprise One platform optimized for all IoT devices Leading user experiences and connectivity to empower business scenarios Streamlined manageability including lockdown and bulk provisioning to help enable industry-specific scenarios Enterprise-grade security specifically designed for enterprise devices
WINDOWS 10 IoT EDITIONS Windows 10 IoT Core Smaller OS footprint; low level bus and hardware access support Headless/Headed; UWP ARM Windows 10 IoT Enterprise Rich user experience Windows 32 and UWP apps X64 Windows 10 IoT Mobile Lockdown, multi-user support and cellular Windows Server 2016 for Embedded Systems (for IoT) Advanced multi-layer security Cloud-ready application platform 512MB RAM, 2GB storage* X86, X64, or 2GB RAM, 16GB Storage X86 or Modern Shell and UWP apps 1GB RAM, 8GB storage ARM Smart Devices Powerful Industry Devices Ruggedized Handheld Devices IoT Server Appliances *For details see: https://msdn.microsoft.com/en-us/library/windows/hardware/dn915086%28v=vs.85%29.aspx
IoT Gateways Handheld Terminals Thin Clients Industry Tablets POS Terminals Digital Signs ATMs Industry Robotics Medical Devices
Secured Identities Secured Data Secured Devices
Interoperability across devices Easy incorporation of sensors and peripherals Seamless connectivity to Microsoft Azure
Feature Highlights for Windows 10 IoT Enterprise Feature Benefit Mobile Device Management (MDM) Granular UX Control and Lockdown Machine login with Azure AD Join and Azure State Device Guard* Credential Guard* Custom Branding (logon and boot) AppLocker Next Generation Credentials HORM Image Configuration Designer (ICD) Consistent management framework across devices (1 st or 3 rd party) Provide a predictable and consistent device experience Simplify device access to cloud resources Protect operating system from running unwanted apps and increase security on mission critical devices. Protect device credentials from pass the hash attacks Helps create a custom device experience Prevent users from installing and using unauthorized applications. Reducing reliance on passwords, increasing resistance to theft and phishing Boot fast to a known state on the device Easily customize the device experience/image * Requires UEFI 2.3.1 or greater; Virtualization Extensions such as Intel VT-x, AMD-V, and SLAT must be enabled; x64 version of Windows; IOMMU, such as Intel VT-d, AMD-Vi; TPM 2.0; BIOS Lockdown;
Windows Universal App Platform Converged APIs: write ONE Universal App and target all Windows 10 editions. Reuse existing development skills. Languages C++ /CX C#, VB JS Python Node.js Universal Windows Platform Common & Consistent APIs UI Frameworks HTML Xaml DirectX APIs WinRT Win32.NET Wiring Deployment and Execution APPX XCopy App Isolation Tools Visual Studio PowerShell
Windows Universal Driver Platform Write ONE Universal Driver and target all Windows 10 editions converged device areas/apis We scanned over 100k drivers to create a universal driver API set for you. WDF Audio Bluetooth Buses (USB, SPB) HID (Retail), Buttons Camera Graphics & Display Location Networking - Wired Networking - WLAN Security - Biometrics Security - Crypto Security - Smartcard Security - TPM NFC Sensors Thermal Touch UEFI Video
Why move to Universal Driver? If you are using Actions to take Why Inbox/Class drivers It just works! Core device-types (storage, mouse, keyboard, touch, video, etc. ) Your device automatically leverages a large ecosystem of peripherals Kernel Mode drivers High backwards-compatibility for converged device areas Make minimal changes and test User Mode drivers and services Know that Windows Universal Platform Win32 API surface is smaller than desktop Windows Use replacement APIs where available Re-design/re-implementation if APIs are not available and test Your driver runs on more editions Your driver runs on more editions
Choose the peripherals that are right for you New New MagStripe Reader Barcode Scanner Receipt Printer Cash Drawer
Building Classic Desktop apps for retail Application developers can build Classic Desktop applications using a UnifiedPOS implementation to integrate retail peripherals into solutions. UnifiedPOS implementations for Classic Desktop include (click links for additional information): POS for.net OPOS JavaPOS
Consistent device management for all Windows 10 IoT devices Enterprise and OEM/MSP device management Customer can select from both models in one platform Windows 10 IoT Industry Devices One Windows Converged MDM Stack Platform Common CSPs CSP CSP CSP Custom DM OMA DM Device Twin Device Twin 3 rd Party MDM Azure IoT Hub
MDM in Windows 10 Un-enrollment with alerts Removal of Enterprise configuration (apps, certs, profiles, policies) and Enterprise encrypted data (with EDP) Full device wipe Remote Lock, PIN reset, Ring, & Find Enhanced inventory for compliance decisions Curated Windows Store Business Store Portal (BSP) app deployment; license reclaim Enterprise App management Simplified LOB app management Win32 (MSI) app management App inventory (LOB/store apps) App allow/deny lists via Applocker Enterprise data protection One consistent set of MDM capabilities across Mobile, Desktop, and IoT Provisioning Bulk enrollment Simple bootstrap Converged protocol Azure AD Integration Additional device inventory Extended set of policies Client certificate management Enterprise Wi-Fi VPN management Email provisioning MDM Push Device Update control Kiosk, Start screen, Start menu configuration and control
Enterprise grade security for mission critical devices Next Generation Credentials BitLocker Device Guard Windows Defender Advanced Threat Protection Enterprise Data Protection
Advanced lockdown for mission critical devices Create a consistent and predictable device and user experience for Line of Business apps + +
Create consistent and predicable device experience Protect system against write operations Easily create read-only devices Improve system up-time & reduce IT support Create dedicated LoB device experiences Keep users focused on line of business app(s) that matter Customize the layout to meet the needs of the device and user experience. Keep users focused on line of business app(s) that matter Targeted Provide a consistent & predictable experience
Lockdown comparisons Windows Embedded 8.1 Industry Pro Windows 10 IoT Enterprise Lockdown Capability Feature Mapping Protect devices physical storage media Unified Write Filter -----> Unified Write Filter Boot fast to a known state on the device HORM -----> HORM * Suppress Windows UI elements displayed during Windows logon and shutdown Embedded Logon -----> Embedded Logon Block edge gestures Gesture Filter -----> Assigned Access Block hotkeys and other key combinations Keyboard Filter -----> Assigned Access / Shell Launcher Launch a desktop app on login Shell Launcher -----> Shell Launcher Launch a Universal Windows app on login Application Launcher -----> Assigned Access Suppress system dialogs & control processes that can run Dialog Filter -----> AppLocker & MDM policies Suppress toast notifications Toast Filter -----> MDM & Group policies Configure lockdown features Embedded Lockdown Manager -----> ICD / Provisioning package(s) Restrict USB devices / peripherals on system USB Filter -----> MDM & Group policies Launch a Universal Windows app on login plus lock access to system Assigned Access -----> Assigned Access Custom brand a device by removing and/or replace Windows UI boot Embedded Boot Experience / Embedded Boot Experience / -----> elements Unbranded Screens Unbranded Screens Suppress Windows UI elements displayed during logon and logoff Embedded Logon -----> Embedded Logon * HORM capability available in Windows 10 IoT Enterprise LTSB 2016 and SKUs.
Bringing it all together The latest connectivity options Ethernet, Mobile Broadband MBB USB Class driver, OEM BSP support Wi-Fi, Wi-Fi Direct, Bluetooth, BTLE Your devices work together Device interoperability with open standards Sensor access from Universal Windows apps Directly interact with hardware busses to build innovative IoT devices Sensor to Cloud Azure services to build IoT solutions
Activation states for Windows 10 IoT Enterprise Has never connected to the Internet Deferred Activation Image is fully functional No access to MSFT and/or 3rd party services No disruptive activation notifications or watermarks Windows Product Key is injected or installed into each device during manufacturing Device deployment Internet connectivity Device will reach AVS server for activation Upon successful activation access to online services Note: Activation failure UX will be appear if activation fails
Semi-Annual Channel vs. Long Term Servicing Channel Capabilities Recommended IoT use scenario Value of the latest features as they are released Several months to consume feature updates Semi-Annual Channel Modern UWP device experiences Long Term Servicing Channel (LTSC) Traditional embedded devices with Win32 1 st party browsing choices Microsoft Edge, IE 11 IE 11 Support for Cortana and some 1 st party Universal apps Ability to load universal apps Support for Microsoft Store Ongoing security updates for the lifetime of the branch No feature upgrade required to stay supported
Semi-Annual Channel (ex-) WaaS Servicing Cadence There are only 2 active s at any given time. is declared after ~4 months of servicing of the active CB has ~8 months of servicing. First occured in July 2015. All updates contain a delta of previous updates CB RS2 CB CB RS1 CB TH2 Windows 10 IoT Editions Windows 10 IoT Enterprise () CB TH1 Windows 10 IoT Core Windows 10 IoT Mobile Summer Fall Spring Summer Fall Spring
LTSC (ex-ltsb) WaaS Servicing CB 10 years of servicing ( 5 Main + 5 Extended ) Security, and required reliability/performance fixes only No feature additions All updates are cumulative Infrequent, every 2-3 years CB CB CB CB CB CB LTSB Future CB CB CB Windows 10 IoT Editions CB CB Windows 10 IoT Enterprise (LTSB) CB CB RS2 CB TH1 CB TH2 CB RS1 LTSB 2016 (Redstone 1) LTSB 2015
Mange tak! (Thank you!)