There are some key differences between operating at scale in the cloud and operating at scale at the edge:

• Remote hands — getting hands on the device at the edge is difficult to impossible. You don’t have the skilled personnel, and if you do, you can’t get them to the physical location.
• Consistent and reliable networks — at the edge, you’ll be using a variety of network technologies including wired, wireless, cellular, satellite, or PSTN, and each edge site may have unreliable connectivity and differing throughput capabilities.
• Consistent infrastructure — edge locations aren’t consistent, as each location may have differing power, cooling/heating, physical security, space, and other constraints.
• Management paradigm — the traditional edge IT management paradigm treats edge devices as unique, individually configured systems, whereas modern cloud practices emphasize scalable, interchangeable instances that can be easily replaced or re-deployed.
• Vendor Lock-In/Proprietary supply chain — the traditional edge environment is typically custom and proprietary software, and it can be difficult to leverage the advantages of open source software.

These differences make managing and maintaining edge environments complex, resource-intensive, and costly.

How Can ZEDEDA Help?

Michael Maxey, ZEDEDA‘s VP Tech, along with Manny Colero and Jason Grimm presented scalable edge operations at Edge Field Day 3.

ZEDEDA’s solution is brings the cloud operating model to the edge to enable you to manage your large scale edge environments and is comprised of three components:

• EVE, a lightweight Linux-based edge O/S for edge devices
• ZEDEDA Cloud, a SaaS/API platform that provides visibility, security, and control of a fleet of edge applications
• Global Marketplace, where edge operators can obtain applications

EVE, the Edge Virtualization Environment

EVE is a Linux-based environment that includes support for a variety of architectures and edge devices.

Putting security first, EVE is locked down. There is no SSH or other remote access to the system. All management is performed via the ZEDEDA APIs and management layer. The O/S is immutable so that attackers that get access to the device cannot compromise the O/S, and all I/O ports other than network are disabled.

EVE leverages the TPM and ZEDEDA works with device manufacturers to be able to do factory install of EVE, generating unique keys stored in the TPM. Devices can then be shipped directly to the edge location for zero-touch provisioning using the keys and call-home capabilities.

The entire software stack is fingerprinted and the results are stored in the TPM. During the boot process, the fingerprints are verified to attest to the software integrity. Only then is the device unlocked, admin policies executed, and the node placed in a ready state. EVE also runs a consistency check every six hours.

ZEDEDA maintains a fundamental principle of never bricking a device and never having to have hands-on on the device. Thus, when an issue is detected, the device is marked offline, but is still able to be remotely managed.

The ZEDEDA SaaS Management Console

The EVE provides an embedded modular hypervisor that enables you to run your own applications on the edge device. Also running on the hypervisor is the EVE microservices and the Edge Application Services layers to enable ZEDEDA’s management of the system.

Also running on EVE is K3S, a certified Kubernetes distribution that simplifies and secures the installation and management of production workloads in remote or constrained environments.

The ZEDEDA SaaS management console connects to the EVE APIs to manage the system and the workloads. This is the enabler that lets you switch to the modern management paradigm where you define the desired state and the system makes whatever changes are necessary to achieve that desired state.

Most importantly, ZEDEDA designed the management console to enable you to manage your plethora of edge devices as a fleet of devices. When you standardize your environment — devices, apps, and workloads at the edge, you can gain efficiencies. And when you group your standardized environments together into fleets, you get even more efficient.

While you can push new configurations and apps to the edge, EVE also calls home on a routine basis to get updates. This ensures that you can manage and maintain your environment when challenged by intermittent connectivity.

The ZEDEDA Marketplace

While the ZEDEDA team didn’t discuss the marketplace, it appears that the marketplace is similar to other solution provider marketplaces — a place where you can get tools and applications certified for ZEDEDA.

Open Challenges

ZEDEDA said that you can install your own legacy and custom applications by putting them into your own private marketplace. Again, while they didn’t get into the details, this may be a complex methodology in an otherwise simplified environment.

Another issue is the embedded Kubernetes environment. Kubernetes is designed to manage a few clusters that may have many nodes. In the ZEDEDA / EVE environment, there will be many clusters that each have only 1 node. This may cause problems with Kubernetes, and ZEDEDA is working with the Kubernetes developers on solutions.

Simplifying the Edge at Scale

Making edge computing at scale effortless is no small feat, given the complexities of managing remote devices, inconsistent networks, and diverse infrastructure. ZEDEDA’s innovative approach brings the cloud operating model to the edge, offering solutions that simplify the traditionally challenging management paradigm. By leveraging EVE’s secure and immutable architecture, ZEDEDA’s cloud-based management, and a robust marketplace, you can more efficiently manage large-scale edge environments. While challenges like Kubernetes limitations remain, ZEDEDA’s efforts to collaborate with the open-source community demonstrate their commitment to overcoming these hurdles. With their solution, managing edge devices at scale becomes not only feasible but streamlined and secure.