Possible uses for a guardian module include: Uses for a guardian moduleĪ guardian module can do anything any other Azure Sphere device can do, while also acting as a secure interface between existing equipment and an external network.
See the Azure Sphere website for information about hardware suppliers. You can buy guardian modules from a vendor and further customize them for your usage scenario, or you can design your own guardian module, possibly working with a hardware partner. The brownfield device communicates with the guardian module, which can respond by taking a local action or by reporting to a cloud presence such as Azure IoT Central.
The guardian module uses the Azure Sphere Security Service for certificate-based authentication, failure reporting, and over-the-air software updates. The Azure Sphere OS runs on the guardian module along with a custom high-level application and any other Azure Sphere applications your scenario requires. The brownfield device itself is not connected to the network. The guardian module connects to a brownfield device, as described in the Connectivity section of this topic. Because it's an Azure Sphere device, all the Azure Sphere security and connectivity features are available: all data is encrypted, OS and application updates are delivered securely, and authentication ensures that the module communicates only with trusted hosts. In short, a guardian module provides a way to implement secure connectivity in existing devices without exposing those devices to the internet. A guardian module is add-on hardware that incorporates an Azure Sphere chip and physically attaches to a port on a "brownfield" device-that is, an existing device that may already be in use.īy using a guardian module, you can add secure IoT capabilities to equipment that either doesn't support internet connectivity or doesn't support it securely.