As businesses increasingly rely on connected devices to streamline their operations, the number of IoT endpoints and OT technology is growing.

Unlike user devices like computers, laptops, and phones; server infrastructure, many IoT and OT devices did not show agent installation and are currently unmanaged, making them invisible to IT and security teams, further increasing risk, as these devices were not designed with security in mind. security and lack modern controls such as: complex credentials and automated patching.  The business risk associated with IoT and OT is distinct and significant.

Azure IoT Edge for Linux on Windows (EFLOW) enables you to run containerized Linux workloads alongside Windows applications. Connecting your devices to Microsoft Azure lets you quickly bring intelligence from the cloud to your business. At the same time, running workloads on devices enables rapid response on instances with limited connectivity and lowers bandwidth costs.

Azure IoT Edge for Linux on Windows works by running a Linux virtual machine on a Windows device, this virtual machine comes pre-installed with Azure IoT Edge, all modules deployed on the device run inside the virtual machine, while applications Windows applications run on the Windows host device, these applications can communicate with modules running on the Linux virtual machine.

Use the following components to enable Linux and Windows workloads to run and communicate seamlessly:

A virtual machine: Based on Microsoft’s CBL-Mariner operating system, it runs Azure IoT Edge and serves as a supporting environment for Azure IoT Edge workloads. CBL-Marimer is an internal Linux distribution for infrastructure, it is designed to provide a consistent platform for these devices and services by enhancing Microsoft’s ability to keep up with Linux updates.

The EFLOW virtual machine is based on a comprehensive three point security platform:

  • maintenance updates
  • Read-only root file system
  • firewall blocking

Windows Admin Center: An extension that makes it easy to configure and diagnose Azure IoT Edge on the Linux virtual machine. This component can deploy Azure IoT Edge for Linux on Windows either on the local device, or it can connect to and manage target devices remotely.

Microsoft Update: This integration allows you to update the Windows runtime components, the CBL-Marimer Linux virtual machine, and Azure IoT Edge. When security vulnerabilities arise, CBL-Mariner makes the latest security patches and fixes available for maintenance through EFLOW’s monthly updates. The virtual machine does not have a package manager so it is not possible to manually download and install RPM packages, all updates to the virtual machine are installed using the EFLOW A/B update mechanism.