Edge Computing - Pulpocon 2022

Transcript

1. Edge computing

2. What is edge computing? Cloud| Datacenters Edge|Devices Fog| Nodes

3. What is edge computing? Near Edge 100-1000km <5-10ms 1-5 racks

   MEC Video Surveillance CDN IoT Apps Far Edge 1-100km <1-5ms 5-10 servers vRan AR-VR Gaming User/Customer Edge <1km 40-80μ 1-3 servers SD-WAN Core >1000km 20-50ms Multiple Racks 5G core (HSS/PCRF) cEPC CP AWS Wavelength AWS Outpost AWS Lambda Zones Cloudflare Edge Azure Stack Edge

4. Use case | Gradiant Counter UAS

5. IoT started a trend of lifecycle management, and OS have

   begun to follow in a way to do safe updates and rollbacks. OS lifecycle improvements Raspberry Pi was launched in 2012, and started the revolution. From there, multiple companies launched new SBC with different capabilities. Powerful boards Right now, the ecosystem is familiar with an external control-plane, and the industry now has years of experience. Control Plane ecosystem Why Now

6. Control plane | Data plane

7. • Raspberry PI was introduced in 2012. • Compute modules

   are now normal. • Nvidia launched Jetson boards where an AI workload can run with a minimal low consumption (7w) • Tons of IoT projects that help the adoption of new solutions Powerful SBCs

8. • No longer cattles! • Yocto project • OTA Updates

   ◦ Rpm-ostree (fedora-iot) ◦ Snap (Ubuntu-core) ◦ FreeRTOS OS Lifecycle

9. What change for us? HOW WE MANAGE HOW WE DO

   SECURITY HOW WE BUILD HOW WE SHIP

10. How we build: Decentralized GET /PubKey POST /login POST /data

11. PULL PUSH - Secrets are stored on the Device. -

    Connection needs to be open or watchdog - LTE-M PSM (Power Saving mode) - Push Notifications - Device needs to have *external access - NAT and other network issues. - By default no sensitive data is on device

12. IPSec CANsec or MACsec TLS or SecOC PGP, SSL, SSH

    Physical Transport Network Data Link Session Presentation Application 1 4 3 2 5 6 7 TPM- Trusted Platform Module A tamper-resistant secure crypto-processor that can store/limit the use of cryptographic keys, and also it provides a unique RSA key. Protecting data At the edge maybe there is no physical security, so things like having the hard disk encrypted should be always required, what kind of information is stored. Trusting connected devices A connected device needs to be trusted at some point. Having a Secure-boot enabled, and validate what interfaces are enabled, USB, JTAG. At the same stage, things like ROM/EEPROM should be considered vulnerable.

13. What’s Next? Smart Contracts Energy consumption WASM HTTP/3

14. Thanks [email protected] 🐦 eloycoto