Azure Sphere Guardian 100 - Review

Table of contents

RoadTest: Azure Sphere Guardian 100

Author: mnitin59

Creation date:

Evaluation Type: Development Boards & Tools

Did you receive all parts the manufacturer stated would be included in the package?: True

What other parts do you consider comparable to this product?:

What were the biggest problems encountered?: Installation procedure, server communication and debugging hardware.

Detailed Review:

Unboxing -

I would like to thank @Randall Scasny and Element14 community for giving this opportunity to test Azure Guardian 100

Introduction -
In the developing technologies of the Internet of things and computer networking, security is a major concern nowadays. The Azure Sphere module provides secure connectivity with cloud services which have potentials of getting cyber-attack, data malicious malware injection transmission or the operating system overriding scripts. This is the same process which we use anti-virus application to our computer. The difference is the Guardians Azure Sphere helps to secure the network and data communication at the end-user destination. The device is applicable at the major industrial and consumer area where the security is essential for the business and the commercial purpose.image

 

 

Features -

Avnet Azure Sphere Module based on MT3620AN SoC that features:-

 

-1x 500MHz ARM Cortex A7, 4MB SRAM

-2x 200MHz ARM Cortex M4F cores, 192KB TCM, 64KB SRAM (per core)

-On-chip QSPI flash memory (16 MB)

-Dual-band 2.4/5GHz Wi-Fi (802.11 b/g/n)

-Dual-band 2.4/5GHz chip antenna (Pulse W3006)

 

- Ethernet 10BaseT interface, RJ45 connector and magnetics

- USB 2.0 Device interface and USB power (USB type-B connector)

- USB 2.0 Debug/Program interface (internal microUSB connector)

- 7x Status User LEDs: Power, User-1,-2,-3, Debug/Prog USB, Ethernet-A,-B

- 5V to 3.3V DC/DC Power Regulation (2A max, with over voltage protection)

- Operating Temperature: -30°C to 85°C (USB) / 0°C to 70°C (using Ethernet)

- Dimensions: 108mm x 85mm x 32mm (including mounting flanges)

 

Block Diagram -


image

 

 

Review -

I received the parcel on 25th January 2020 and started my research on the Azure Sphere. It took some time for activation of the Microsoft Azure Account as there was some issue at the beginning but later solved while working on the installation process and setting up at the initial test of the Guardian module. In the Avnet box, the installation brochure has mentioned about the important process in stepwise but it's not easy to acquire such skills at once. I have to crosscheck with the documentation for the azure sphere before processing it with this device as some steps are not mentioned in the brochure as we need to go through azure sphere documentation before we hit any error for communicating with our network rather than connecting to the cloud at an instance. In the installation section, I have mentioned all the steps while communicating with the hardware.

 

 

 

Installation process -

 

1. The Azure sphere setup is not completely mentioned in the brochure so I suggest you to follow this link.

The overview of the Azure Sphere module setup is given briefly and has good information on the hardware prototyping and updating the hardware. The procedure for this module requires a few software setups demonstrated in the link. The prerequisite is as follows:

 

 

It is mandatory to download all the file mentioned in the link for initial setup to the local server and setup to cloud connection.

image

 

The connection mentioned in the brochure for installation of the hardware mentioned using the given port in the figure. the LAN port is needed to connect at the router and the USB port should be connected to the computer as this will give a communication portal for the initial level.

 

image

When we connect the azure sphere guardian 101 module to the computer we only get the one com port connection but in the installation, it mentioned that we get 3 port.

image

 

The FTDI CDM Driver setup is necessary for communicating the developer port for updating the network to our local server and claiming device on the Azure cloud.

image

 

The Azure Sphere SDK setup helps to configure the communication portal on the operating system and use resources program for executing the image strategy on the hardware debugging and the initializing the azure sphere command prompt application.

image

 

After ticking on the license agreement and then clicking on the next button we get the important information that is the installation will provide TAP drivers as a 3rd party.

image

 

Another tool which we require is the iPerf server which helps to communicate using TCP, UDP and SCTP for checking the speed performance between devices and computers.

image

 

While installing the driver the pre-compiled binaries are essential for the setup of servers dependencies and libraries for windows.

image

 

coming to the Azure Sphere SDK installation, the TAP driver will ask many times security option for installing the adapter's drivers. Please note that the V9 Network a virtual network interface that provides the functionality needed by various VPN clients to facilitate a VPN connection.

 

image

 

After installation of the Azure Sphere SDK software, you can close the window.

 

image

 

Click on the Windows button and check Azure Sphere folder either in the search or at the window application list. Click on the command prompt it will show the following details.

 

image

 

After successful installation of the azure sphere SDK, we can check the adapter driver install in the network connections. this adapter driver is necessary for the secure edge device for configuration and testing purpose.

 

image

As the connections in the installation manual, it has not specified while connecting on the hardware about the port the best way to check is looking into the official documents provided on the azure sphere cloud. We need to open the enclosure of the module and connect the micro USB cable to a hidden port mentioned in the figure. this will allow us to debug the hardware configuration and helps to communicate and update the os for our secure edge.

 

image

After connecting the micro USB cable to the port we can check the com status as it shows the 3 com port same mentioned in the installation manual.

image

 

we can also check the network adapter list in the following figure. the next step if configure the TAP adapter the given port configuration of the device IP address.

image

 

After the device is configured through the TAP adapter. open the Azure Sphere Developer Command Prompt Preview and type "azshpere device show-attached" and hit enter.
we can check that the device is detected the ID, IP address and connection path mentioned in the figure.

image

 

In the next step, we need to check the WiFi network. In the command prompt preview can type "azsphere device wifi scan" and check the result. As I have D-link router so it has detected successfully about the wireless network.

image

 

As the Azure Sphere module need to connect the wifi as this process need to be done manually. the command is the "azsphere device wifi add  --ssid {Name of wifi} --psk {password}

image

 

After connecting to the wifi device we need to be update os once for security reasons. This can be done using command "azsphere device recover"

the recovery image gets downloaded and reinstalled for better communication purpose.

image

 

For checking the device version, we can command "azsphere device show-os-version"

image

 

For more information and setting changes, you can check the command "azsphere device --help"

image

 

Now the connection of our azure sphere is connected to the local network and we want to claim our device on the azure cloud we need to connect our azure device on the cloud by logging in the cloud.

for this, we need to use the command "azsphere login"

image

this will open the Azure Sphere signing page. We need to enter the email ID from which the Azure Cloud we have already logged in.

image

 

After signing successfully we need to create a Tenant Name then cloud claim our device ID and generate a tenant ID in the backend.

you can use "azsphere tenant create --name {user_name}"

 

image

 

As we can also check the list of tenant while connected to cloud if we have multiple devices.

the command is "azsphere tenant list"

image

 

After completing all the task finally we can claim our device on azure cloud. we simply need to command "azsphere device claim". This way we have successfully claimed our device ID on cloud and we will receive automatic updates.

image

 

After processing the above steps the azsphere lose its wifi connection. In my case, it happened but not sure about the other installation process. We can check the status using the command "azsphere wifi show-status"

image

 

The best way to reconnect the wifi setting is either connecting again or restarting the device. So I have restarted my edge module and rerun the command and it worked.

image

 

The final stage is to check the deployment status for running on the remote server at the initial stage. The command for checking is "azsphere device show-deployment-status". In this, the module OS version is a showcase with the latest updates check on the hardware and cloud.

image

 

After completing all the services installation, claiming and checking on the device. It was time to run on the server for checking the speed of the data transfer and receiving. The iPerf server which we have installed is needed to call in the azure device. the command is "iperf3 -s -1". In the first case, I mentioned directly which given the error so it is necessary to go the directory path where the files are saved and based on the file instructions the server will initialize at the computer which device is getting operated. 

image

 

On the other Azure Sphere Developer Command Prompt checking the communication host. We can check the local host speed using command "iperf3 -c localhost". This will provide the necessary result of the data transfer and receiving from the computer to the device. In my case using the CAT-5E Lan cable is provided up to 2.26 Gbits/sec bandwidth on my network.

image

 

 

Testing -

The device is tested on the local server where the data is processed on the SQL Database from the remote computer. The device works well and provides efficient services and security. I have only processed with the basic installation process and the checking on the application network. The attacks are let to make and furthermore the challenges are needed for better securing the network as part of the bridging a firewall system to the high tech network.

 

Cons and advantages -

The device inspection with researcher and product manufacturer. I have come to the cons and advantages stage.

First I like to mention about the advantage as follows:

1. The Edge device helps to secure the network

2. Any 3rd party network is not bypassed through any resources.

3. It has good remote access provision

4. Firewall bridges are indicated using the LED stages as 1, 2, 3. Where 1 is the hit stage and 3 is the critical stage.

 

Now going to the cons as follows:

1. Time-consuming for initial setup

2. The proper installation process is needed

3. Hardware enclosure should be encapsulated with the secure 3D printed model. This way it is easier that hackers may not process on the flashing the IC or reverse-engineering the connection.

 

Conclusion

The Azure Sphere guardian 101 modules can help to provide security monitoring and remote control services. The modules setup has also provided its application uses in some industry and commercial users like Starbucks cafeteria and it is essential nowadays to bridge the firewall in the IoT devices and Automation for reducing the risk on exposing the data to the unknown party or the hackers and provide safety measure as per the industrial and cybercrime rules. I think this can be used in digital twins technology and industrial automation as a major advantages on the cloud flexibility on the services connected on the azure sphere module.

Anonymous
  • I have proceeded as per the guide documents but due to the space limitation, I can't trace back the details now.

    What I did was in one system the iPerf3 Client and iPerf3 Server made both in the same network subnet which was connected via the same network router and run the azure command.

    So I got this result for the local network. I still need to set up in the home server. I will update on it soon.

  • Could you please elaborate on how you carried out your iPerf3 tests as I am little confused by your write up. It looks as if you had one computer acting as server using the "iperf3 -s -1" and then another computer (not the Guardian) acting as a client using the "iperf3 -c localhost" command. How did the client then find the server. You must have configured the network in a certain way. It also appears that the way you tested the network differs from the instructions given in Guardian100 user manual (Appendix section 14). Maybe you explain why. Thanks.