SlideShare a Scribd company logo

How to Build a Basic Edge Cloud

Mirantis
Mirantis

Slides from webinar by Mirantis about how to build a basic edge cloud using surveillance cameras. Watch the webinar recording at: https://bit.ly/mirantis-edge-cloud

1 of 26
Download to read offline
Copyright © 2020 Mirantis, Inc. All rights reserved How to build a basic Edge Cloud Featuring bear and motorcycle (and a demo)
2 Nick Chase Head of Technical Content Featured Presenters Lost his glasses over the weekend when one of his goats head butted him in the face. The goat won. Marc Meunier Technical Strategic Alliances Director Loves the outdoors and woodworking… especially outdoors.
3 A Little Housekeeping ● Please submit questions in the Questions panel. ● We’ll provide a link where you can download the slides at the end of the webinar.
4 ● What is edge and why should I care? ○ Demo of an actual edge app in action ● Edge challenges ○ Scaling ○ Security ○ Heterogeneous compute ● Sample use cases ● Q&A Agenda
5 What is Edge? And why should you care?
6 Where are my apps? West HQ - Central Control East FactoryStore EMEA Lower resiliency Higher cost to move data Higher latency
7 High level architecture picture - end to end West HQ - Central Control East Face Identification EMEA Lower resiliency Higher cost to move data Higher latency Face Detection Security Cameras Log strangers and send an alert
8 App developer: Develops the apps, tests the apps and pushes it to the repository Operator: Deploys the app where it makes sense: Cloud, Edge, IOT, or in between. Why containers at the Edge?
9 High level architecture picture - end to end West HQ - Central Control East Face Identification EMEA Lower resiliency Higher cost to move data Higher latency Face Detection Security Camera Log strangers and send an alert
10 Demo
11 Scaling out deployment Leveraging Modern application dev tools
12 Distributed Supply Chain supports Localized Edge Content • Enable “follow the sun” development with secure image promotion and image caching • Rapidly update software when new patches need to be distributed globally KEY BENEFITS • Image mirroring: Push and pull images from one registry to another based on pre-defined policies • Image caching: Extend the registry to a local cache while maintaining secure posture via encryption and access controls FEATURE / CAPABILITY
Core Cloud / Datacenter Application Registry Push1 Edge Gateway Registry Mirror Only approved apps are mirrored 3 4 Employee Stage and Promote2 Typical application flow Stage and push Update on demand Secure Engine End Devices 5 From SW source to End Device Fog Site ISVs
Core Cloud / Datacenter Application Registry Push1 Edge Gateway Registry Mirror Only approved apps are mirrored 3 4 Employee Stage and Promote2 Typical application flow Stage and push Update on demand Secure Engine End Devices 5 From SW source to End Device Fog Site ISVs
Core Cloud / Datacenter Docker Trusted Registry Sign, Push 1 Edge Gateway Registry Mirror Mirror Signed images to the Edge 3 Encrypted connections 4 • Extending the HW root of Trust to Runtime Engine • Leveraging HW keys to secure communication • Image integrity validation in Docker Engine Employee Scan, Sign, and Promote2 Expanding Chain of Trust to edge Devices Validate Edge Devices Validate source of images Secure Engine Edge Devices 5 From SW source to End Device Fog Site ISVs
16 Security Expanding the chain of trust
17 Extending the HW root of trust Edge Node Docker Engine daemon.json Trust from tboot OS Kernel Tboot Bootloader BIOS Hardware with TPM Trust from TXT
18 Validating Signed Images in End Nodes Edge Node Data Center Docker Engine Trust from Docker Enterprise Docker Engine daemon.json Trust from tboot OS Kernel Tboot Bootloader BIOS Hardware with TPM Trust from TXT Trust from Docker Content Trust
19 Security in a Heterogeneous World PARSEC Platform Agnostic Security Layer PARSEC Client Library PARSEC Client Library PARSEC Client Library
20 Heterogeneous Compute A lot more prevalent at the Edge
21 Multi-Arch builds X86 developers become Arm developers With BuildX command - Docker Desktop
22 HW Accelerators A lot more options at the Edge. How do we manage them? FPGA ASIC
23 Sample Use Cases
24 Case study: Customer environments managed by SI Customer Site #1 Fog Compute Nodes Registry Mirror Camera GPS Activator Local Actions Local Compute Data Locality Real Time Customer Site #2 Fog Compute Nodes Local Registry Camera GPS Activator Local Actions Control Plane Registry CloudIntermittent Connectivity 3G/4G Node NodeNodeNode Node Node Control Plane Control Plane Air Gapped
25 Learn how Mirantis and Intel are partnering to harden container infrastructure and backend connectivity. Download from: bit.ly/secure-docker-containers White Paper
26 Thank You Q&A We’d love to hear from you! Nick Chase nchase@mirantis.com Marc Meunier mmeunier@mirantis.com Download the slides from bit.ly/mirantis-edge-demo We’ll email you the slides & recording later this week.

More Related Content

How to Build a Basic Edge Cloud

  • 1. Copyright © 2020 Mirantis, Inc. All rights reserved How to build a basic Edge Cloud Featuring bear and motorcycle (and a demo)
  • 2. 2 Nick Chase Head of Technical Content Featured Presenters Lost his glasses over the weekend when one of his goats head butted him in the face. The goat won. Marc Meunier Technical Strategic Alliances Director Loves the outdoors and woodworking… especially outdoors.
  • 3. 3 A Little Housekeeping ● Please submit questions in the Questions panel. ● We’ll provide a link where you can download the slides at the end of the webinar.
  • 4. 4 ● What is edge and why should I care? ○ Demo of an actual edge app in action ● Edge challenges ○ Scaling ○ Security ○ Heterogeneous compute ● Sample use cases ● Q&A Agenda
  • 5. 5 What is Edge? And why should you care?
  • 6. 6 Where are my apps? West HQ - Central Control East FactoryStore EMEA Lower resiliency Higher cost to move data Higher latency
  • 7. 7 High level architecture picture - end to end West HQ - Central Control East Face Identification EMEA Lower resiliency Higher cost to move data Higher latency Face Detection Security Cameras Log strangers and send an alert
  • 8. 8 App developer: Develops the apps, tests the apps and pushes it to the repository Operator: Deploys the app where it makes sense: Cloud, Edge, IOT, or in between. Why containers at the Edge?
  • 9. 9 High level architecture picture - end to end West HQ - Central Control East Face Identification EMEA Lower resiliency Higher cost to move data Higher latency Face Detection Security Camera Log strangers and send an alert
  • 11. 11 Scaling out deployment Leveraging Modern application dev tools
  • 12. 12 Distributed Supply Chain supports Localized Edge Content • Enable “follow the sun” development with secure image promotion and image caching • Rapidly update software when new patches need to be distributed globally KEY BENEFITS • Image mirroring: Push and pull images from one registry to another based on pre-defined policies • Image caching: Extend the registry to a local cache while maintaining secure posture via encryption and access controls FEATURE / CAPABILITY
  • 13. Core Cloud / Datacenter Application Registry Push1 Edge Gateway Registry Mirror Only approved apps are mirrored 3 4 Employee Stage and Promote2 Typical application flow Stage and push Update on demand Secure Engine End Devices 5 From SW source to End Device Fog Site ISVs
  • 14. Core Cloud / Datacenter Application Registry Push1 Edge Gateway Registry Mirror Only approved apps are mirrored 3 4 Employee Stage and Promote2 Typical application flow Stage and push Update on demand Secure Engine End Devices 5 From SW source to End Device Fog Site ISVs
  • 15. Core Cloud / Datacenter Docker Trusted Registry Sign, Push 1 Edge Gateway Registry Mirror Mirror Signed images to the Edge 3 Encrypted connections 4 • Extending the HW root of Trust to Runtime Engine • Leveraging HW keys to secure communication • Image integrity validation in Docker Engine Employee Scan, Sign, and Promote2 Expanding Chain of Trust to edge Devices Validate Edge Devices Validate source of images Secure Engine Edge Devices 5 From SW source to End Device Fog Site ISVs
  • 17. 17 Extending the HW root of trust Edge Node Docker Engine daemon.json Trust from tboot OS Kernel Tboot Bootloader BIOS Hardware with TPM Trust from TXT
  • 18. 18 Validating Signed Images in End Nodes Edge Node Data Center Docker Engine Trust from Docker Enterprise Docker Engine daemon.json Trust from tboot OS Kernel Tboot Bootloader BIOS Hardware with TPM Trust from TXT Trust from Docker Content Trust
  • 19. 19 Security in a Heterogeneous World PARSEC Platform Agnostic Security Layer PARSEC Client Library PARSEC Client Library PARSEC Client Library
  • 20. 20 Heterogeneous Compute A lot more prevalent at the Edge
  • 21. 21 Multi-Arch builds X86 developers become Arm developers With BuildX command - Docker Desktop
  • 22. 22 HW Accelerators A lot more options at the Edge. How do we manage them? FPGA ASIC
  • 24. 24 Case study: Customer environments managed by SI Customer Site #1 Fog Compute Nodes Registry Mirror Camera GPS Activator Local Actions Local Compute Data Locality Real Time Customer Site #2 Fog Compute Nodes Local Registry Camera GPS Activator Local Actions Control Plane Registry CloudIntermittent Connectivity 3G/4G Node NodeNodeNode Node Node Control Plane Control Plane Air Gapped
  • 25. 25 Learn how Mirantis and Intel are partnering to harden container infrastructure and backend connectivity. Download from: bit.ly/secure-docker-containers White Paper
  • 26. 26 Thank You Q&A We’d love to hear from you! Nick Chase nchase@mirantis.com Marc Meunier mmeunier@mirantis.com Download the slides from bit.ly/mirantis-edge-demo We’ll email you the slides & recording later this week.