Powering the next generation of Digital Transformation with Windows IoT and Azure Kubernetes Service

In today's economy, data is the most valuable commodity. Enterprises around the world and across all industries are looking for ways to harness the power of data to digitally transform their operations. Leveraging Internet of Things (IoT) technology, data from sensors, machines, and processes can be collected automatically; this data can then be efficiently processed and analyzed locally or transmitted to the cloud. With rapid innovations in the processing power of embedded devices and adoption of IoT, data is increasingly processed at the edge of the network, closer to its source, reducing latency, bandwidth, and cost. This enables businesses to make real-time data driven decisions and use the power of the cloud to generate AI assisted insights for applications such as industrial automation, remote monitoring, and energy optimization. By bringing cloud-native capabilities such as microservices and Kubernetes to the edge, enterprises can unlock new opportunities for innovation, efficiency, and customer satisfaction. According to International Data Corporation (IDC) data, 62.3% of new operational data (including IoT data) will be stored and processed at the edge or local to the operation¹.

Supporting enterprise needs for building secure, cloud-native edge solutions
As edge computing becomes mainstream, enterprises are adopting it as a key strategy to enhance their operations digitally, requiring a reliable and comprehensive technology platform to fuel their ambitious goals. This platform needs to support a heterogenous device and cloud environment which enables running, deploying, and managing cloud-native applications. Microsoft is at the forefront of understanding evolving customer needs in this space and is providing solutions like Azure Kubernetes Service (AKS) Edge Essentials to run modern containerized applications on embedded devices running Windows operating systems. This blog explores the latest updates for these products and how they provide a rich platform for customers and partners to build intelligent, secure, cloud-native edge solutions with enterprise-grade security, reliability, and manageability.

Powering next generation of edge devices with Windows IoT
The first key component needed for building an end-to-end solution that effectively enables data collection, device-to-cloud communication, and AI/ML capabilities is an operating system (OS). Windows IoT is the best-in-class, secure by design and long-term serviced OS, purpose-built, and optimized specifically for running on resource constrained IoT and edge devices such as kiosks, industrial HMIs, medical devices, robots, Teams Room Devices, and edge gateways. Windows IoT serves as a versatile platform that accommodates a range of AI/ML use cases, spanning from running resource-intensive vision workloads on GPUs to conducting lightweight CPU inferencing at the edge. It also facilitates the seamless transmission of data from edge devices to the cloud, enabling the deployment of generative AI capabilities. This flexibility and configurability effectively enable customers to generate critical business insights.

Currently, Windows IoT has two versions available: Windows 10 IoT Enterprise and Windows 11 IoT Enterprise. Each version usually has two options for support to meet the varying needs of customers. The first is Long Term Servicing Channel (LTSC), which offers 10 years of support and crucial security updates, ideal for fixed purpose-type devices that have a long lifetime in the field and don’t depend on getting the latest features. The second option is the General Availability Channel, which has 36 months of support and includes monthly features and security updates.

Windows IoT comes with ready-to-use capabilities like advanced lockdown features, kiosk mode, and disk optimization, that enable enterprises to tailor the OS to their requirements. Microsoft offers world-class device management that Windows IoT devices can leverage out-of-box with management tools like Intune and Microsoft Endpoint Manager. The global-scale Windows Update service keeps drivers, OS, and apps up to date. Additionally, improvements based on customer signals are continuously released, for example, Edge Device Image Builder makes it easy to customize and build images to deploy at scale. Using .NET APIs makes hardware interfacing as easy as writing an app. Guidance and samples on how to use and control GPIOs, I2C, SPI are readily available here. As the product evolves technically, its licensing is also being updated in response to feedback. Typically, Windows IoT Enterprise was only available via direct licensing from original equipment manufacturers (OEMs) that sell IoT devices. Starting August 1^st, 2023, Windows 10 IoT Enterprise LTSC 2021 is available through Volume Licensing. With the upcoming Windows 11 IoT Enterprise LTSC 2024 release in second half of 2024, organizations can plan, adopt and build Windows 11 based devices.

Expanding the hardware compatibility of Windows based devices with ARM
Currently, Windows IoT is supported on Intel x86/x64 and Arm64 architectures. Developments in Arm architecture are bringing higher performance, power, and cost-efficient computing capabilities to embedded use cases. Microsoft is partnering closely with NXP and Qualcomm to support Windows IoT Enterprise on their latest processors to bring Arm based diverse SoCs to market. Windows IoT Enterprise is supported on NXP’s i.MX 8 Series of Multicore Arm® Cortex® Application Processors offering breadth – i.MX 8M Plus family is perfect for edge computing, machine vision, and multimedia capabilities, while i.MX 8M Mini is suitable for small form factor, low cost, and low power consumption use cases. On both NXP and Qualcomm silicon, Windows IoT supports built-in graphics frameworks to build beautiful UI, device management tools, app frameworks including Win32 apps, x86/x64 emulation, and driver compatibility for all major peripherals with industry standards and sample code for non-standardized drivers.

Bringing cloud-native development from cloud to edge with AKS
With the rise in edge computing, there is a desire to bring consistent developer experience with Kubernetes as the application platform layer to build and deploy containerized workloads that can run anywhere. Azure Kubernetes Service (AKS) is Microsoft’s Kubernetes offering that spans cloud to edge. AKS Edge Essentials extends AKS to the operational edge on small-footprint PC-class devices and constrained-resourced small servers. Since the General Availability in March (blog), monthly updates have been released supporting businesses on their own Operational Technology (OT) transformation to adopt AI, ML, and other cloud-native workloads. 

AKS EE runs Windows and Linux containers, including best in class Windows container support and Azure Linux (Mariner) for kernel to cloud security. Coupled with Azure Arc, Microsoft’s control plane which provides consistent security, governance and developer experiences, customers can build solutions that span cloud-to-edge.

Providing Security by default from silicon to cloud
As enterprises around the world look to harness the power of data from their IoT devices and process this closer to the source, customers are looking to secure their entire digital operations ranging from their sensors, machines, heterogeneous compute environments such as Servers, VMs, Kubernetes and containers. Microsoft’s security solution provides: a) Simplified, consolidated security governance across the entire digital operations estate, b) Security that scales from compute sensitive assets such as sensors to heavy compute assets such as servers, c) Security that covers heterogeneous architectures (x64, x86, Arm) and a wide variety of operating systems (Azure Stack HCI, Windows Server, Windows IoT).

Windows IoT Enterprise and AKS Edge Essentials have built-in security that plug-in to Microsoft’s overall security solution. Starting from the hardware, Microsoft has worked with ecosystem partners to ensure that the right hardware capabilities are designed, and the firmware is set up securely to provide a good foundation for secure devices. Microsoft recommends customers choose Edge Secured-core devices to ensure that they have these capabilities.

Windows IoT comes with built-in security that utilize the hardware capabilities to provide hardware backed security capabilities such as Hypervisor code integrity / Windows Defender application control, Secure boot that ensure that only authorized code can run on these devices. In multi-container environments, Windows IoT systems that are connected to Arc and Azure, can utilize the TPM for hardware backed identities and leverage this capability to measure the system integrity with Azure cloud services such as Microsoft Azure Attestation. And Arc-connected Windows IoT systems can also be monitored by security solutions such as Microsoft Sentinel and Microsoft Defender.

AKS Edge Essentials has similar design principles for security. It comes with security capabilities that enable customers to secure their workloads, operate their Kubernetes cluster securely, and consistently monitor their overall security posture. Built-in capabilities provide workload security and supply chain security to verify / control code provenance and ensure that only authorized workloads code can run. To operate Kubernetes cluster securely and at scale there’s Controlled host access, Auditing and logging of activity, Network security including, component governance and CVE management, Operationalizing security from Arc with Azure policies and Azure RBAC integration.   

Security is fundamental to customer’s distributed digital transformation journey, and Microsoft remains committed to providing solutions that ensure integrated security as outlined in the new National Cybersecurity Strategy and other US Cybersecurity and Infrastructure Security Agency (CISA) initiatives – blog.

Enabling the ecosystem to unlock new opportunities
With Windows IoT, Arc, and AKS, there is ample opportunity for OEMs, Channel Partners, SIs, and ISVs to help customers deploy and manage cloud-connected edge solutions:

1. Solutions: use reference implementations and samples from Microsoft to create solutions that address IoT scenarios, such as facility management, edge AI vision, predictive maintenance, and factory defect detection. Partners can integrate their own software or services to provide additional value and differentiation.
2. Hardware: provide certified hardware devices that run Windows IoT and AKS Edge Essentials, such as Lenovo’s ThinkEdge portfolio which includes SE10, SE30 and SE50, Advantech’s EPC-T4286 (x64) or EPC-EPC-R3720 (Arm).  These devices are designed to meet the performance, power, and form factor requirements of edge computing. Partners can customize hardware configurations, branding, offer devices as services to suit customers' needs like High Availability.
3. Support: Partners can offer support services for customers who use Windows IoT and AKS Edge Essentials, such as installation, configuration, troubleshooting, maintenance, and updates. They can leverage Azure Arc support for Windows IoT Enterprise to simplify the management and governance of both the host machines and the Kubernetes clusters using the Azure portal.

Getting started today
Windows IoT and AKS Edge Essentials are a powerful combination that enable customers to get started with a modern solution spanning cloud & edge and run cost effective operations to quickly realize business value. Whether customers want to deploy AI, IoT, or hybrid applications on the edge, Windows IoT and AKS Edge Essentials can help them achieve their goals faster, easier –  with trust at the core.

Check out the product documentation and tutorials for more guidance and best practices:

Windows IoT overview: https://aka.ms/winiotdocs

Windows IoT developer info: Windows for IoT | Microsoft Developer

AKS Edge Essentials overview: https://learn.microsoft.com/en-us/azure/aks/hybrid/aks-edge-overview

AKS quick start for quickly deploying an application: https://azurearcjumpstart.io/azure_arc_jumpstart/azure_arc_k8s/aks_hybrid/

AKS EE getting started videos: https://aka.ms/AKSEEVideos

¹ IDC’s 2022 Worldwide IT/OT Convergence Survey: Summary of Findings, doc # US49666722, September 2022