We are excited to announce the public preview release of a new seamless Azure experience for Azure Sphere users. Azure Sphere (Integrated) enables you to manage your Azure Sphere catalogs and devices directly from the Azure portal and Azure CLI. This is driven by a new API integrating the Azure Sphere Security Service into the Azure Resource Manager, Azure’s control plane management platform.
In this blog post, we will illustrate the advantages and new features of Azure Sphere (Integrated), and tell you how to take next steps to try this out using either existing or new Azure Sphere devices.
The Azure portal provides comprehensive views of your Azure Sphere fleet, including products, device groups, and devices in an easy-to-navigate interface where you can claim devices individually or in bulk, quickly configure device group property settings, or create and deploy new applications in a single step. Administrators will appreciate new views, such as the Device Groups view below, where you can simultaneously see each device group’s current OS feed, its current app update policy, and whether crash dump files are being collected from devices in the group or not.
Other conveniences of working directly in Azure portal include being able to view which resource group and subscription a given catalog belongs to, and easily finding help when you need it. Experiencing an issue? Simply search troubleshooting content directly in the Azure portal, or quickly file a support ticket, complete with pre-populated case information such as the resource ID and Azure subscription ID.
The new Azure Sphere extension for Azure CLI allows you to manage Azure Sphere devices from the command line in the native Azure CLI tool, fluently performing Azure Sphere tasks right alongside your other Azure tasks. Like the existing Azure Sphere CLI tool “azsphere”, the Azure CLI extension "az sphere" supports commands that operate on locally-attached devices via USB (e.g. configuring WiFi settings or sideloading an application), as well as commands that interact with the Azure Sphere Security Service via the new Azure Sphere (Integrated) API (e.g. to deploy an application over-the-air to remote devices).
User administrators will appreciate the power of Azure Role Based Access Control (RBAC) that delivers the ability to configure granular user permissions for Azure Sphere catalogs, products, and device groups individually. Using the new Azure Sphere built-in RBAC roles, you can quickly assign specific Azure Sphere permissions for your organization’s Azure Active Directory (AAD) users and groups. For example, you can enable development teams to manage their development and test devices and deploy new software to them, while simultaneously only allowing operations teams to manage or update production devices deployed to customer installations.
All remote device administrators appreciate the ability to remotely monitor, immediately identify, and remotely diagnose and resolve issues without needing to dispatch a technician to a physical site. With Azure Monitor’s new support for Azure Sphere devices, you can quickly set up fleet monitoring and event logging using pre-built Azure Sphere queries and Azure’s standard Diagnostics configuration. Azure Monitor brings greatly expanded troubleshooting capabilities to your fleet management as it collects data and log events from both the Azure Sphere devices and the Azure Sphere security service itself. Azure Monitor’s metrics, diagnostics, and event logging capabilities provide you a comprehensive view where you can easily analyze unexpected behaviors and immediately correlate potentially related events across other Azure services such as IoT Hub with the Azure Sphere security service, leading to deeper insights and faster issue resolution.
The integration into Azure Resource Manager is achieved through a new Azure Sphere (Integrated) REST API. This API has been launched in Public Preview alongside the existing Azure Sphere (Legacy) API – also known as Azure Sphere PAPI. Here is a summary:
Azure Sphere (Integrated)
Azure Sphere (Legacy)
An Azure Sphere ‘tenant’ is a logical grouping of Azure Sphere resources within the Azure Sphere (Legacy) interface - including products, devices, device groups, and software images. Since the name 'tenant' is already in use within Azure, to avoid ambiguity we are using a different word - 'catalog' - for the same logical grouping in Azure Sphere (Integrated).
An existing Azure Sphere (Legacy) tenant can be integrated into an Azure Sphere (Integrated) catalog while still being accessible via the Legacy PAPI-based interfaces. This causes a new catalog to be created that relates to the same devices that are present in the PAPI tenant. It’s important to understand that the underlying Azure Sphere resources themselves (products, devices, device groups, and images) are not changed, duplicated, or deleted in this process. As the illustration below shows, you can user either interface to manage the same set of Azure Sphere resources that have been integrated to an Azure Sphere (Integrated) catalog.
Because both interfaces can be used at the same time, existing customers can continue to use the Azure Sphere (Legacy) interface as normal (e.g. for production use cases), while developing and testing new tooling/scripts/processes based on the Azure Sphere (Integrated) interface. No point-in-time "migration" is required.
Integrating a (Legacy) tenant into an (Integrated) catalog can be accomplished using the Azure Portal:
As described above, Azure Sphere (Integrated) adds many new features to Azure Sphere device management, and we are excited for you to try this preview out and share your feedback with us via email at azsppgsup@microsoft.com. If you have existing Azure Sphere devices, you can get started by integrating your existing Azure Sphere (Legacy) tenant. If you are new to Azure Sphere, we recommend you start by acquiring an Azure Sphere development kit and claiming it into a new Azure Sphere (Integrated) catalog. Further details and guidance can be found in the Azure Sphere documentation.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.