Deploy at the edge. It’s a simple enough statement, but it belies the complexity within. The operational truth beneath is a convoluted process of edge application, data service and operating system management to handle updates, actions related to scale, security and compliance, plus a whole raft of procedures related to workload management, integration and reporting.
SEE: Don’t curb your enthusiasm: Trends and challenges in edge computing (TechRepublic)
Known for its chameleon-themed branding, a pleasingly hardcore and developer-centric approach, and of course its enterprise-grade Linux and wider open source software prowess, SUSE works in precisely this space.
The company is recognized for having created the most widely adopted certified lightweight Kubernetes distribution, which it combines with its enterprise-ready secure Linux operating system built specifically and exclusively for edge environments.
Motor City ignition
Using its appearance at this year’s KubeCon North America conference held in Detroit, Michigan, SUSE unveiled new advancements for Rancher, for open source container management, SUSE Linux Enterprise (SLE) Micro, a lightweight operating system for embedded software environments, and SUSE NeuVector, a zero trust container security product.
Alongside these tools and services, the company’s core edge solution is essentially a platform designed to simplify, centralize and automate Kubernetes cloud container orchestration and Linux operating system lifecycle management across distributed edge locations.
SUSE’s General Manager of Edge Keith Basil says that the current updates have been brought about to deliver on the number one challenge organizations experience when deploying edge compute structures: The need to scale.
“They need the right cloud infrastructure and edge solutions that can scale simply and successfully manage thousands of clusters across multiple geographical locations,” Basil said while speaking in Detroit this week. “The amalgamation and confluence of cloud-native technologies, increased computing speeds and artificial intelligence is accelerating edge computing. To meet this demand and continue our innovation we will significantly expand investment in our edge business in 2023.”
Edge is on the up
Still arguably considered to be a peripheral technology (no pun intended) by some enterprises, the Linux Foundation has conducted validated research this year pointing to the current growth rates in the edge sector. The findings suggest that edge computing will be four times larger than cloud and will generate 75% of data worldwide by 2025.
This term “larger than cloud” needs clarification. It is meant to suggest that more enterprise-managed data will be created and processed outside the corporate on-premises cloud data center or any cloud services provider data center.
If the above statement is only a quarter true, then there’s a huge implication for edge systems management. Just as a user’s smartphone, tablet or laptop prompts for system updates, application upgrades, new permissions and alerts every week, an edge installation also has an organic need for engineering maintenance and system changes.
The full edge stack
In line with the progressive complexity and specific application nuances currently being deployed and executed in edge computing, SUSE says it has matched its branded Edge 2.0 offering to seamlessly integrate across the “full edge stack” today. Which, if it needed defining, relates to a computing stack that spans from applications to Kubernetes to operating systems. SUSE didn’t add smaller incremental data services, connections to application programming interfaces and intermittent application plug-ins and extensions, but we can very reasonably take those as read as well.
“Indeed, baked into the new lifecycle management capabilities of SUSE Edge 2.0 are APIs to support all of the capabilities being discussed here,” Basil said. “In fact, the APIs in use here are a critical GitOps approach to management at scale.”
With varying edge uses — general edge, telecoms and automotive — that require additional capabilities, SUSE says it provides a use case-based edge solution to match the exact needs of the customer. This statement perhaps offers some insight into where real world edge deployments are currently most prevalent.
Addressing the use of unsupervised edge locations, SUSE has noted that its Edge 2.0 release has been designed to allow edge system engineers to add new devices without impacting availability. This is important because these locations typically don’t get powered down for their monthly service inspection, power wash and polish. This is, if you will, the cloud-native living edge.
SUSE Edge 2.0 manages Kubernetes and the underlying operating system from a single control plane and includes around-the-clock break-fix support and consulting services.
The latest release of SUSE Linux Enterprise Micro 5.3 is now fully integrated with Rancher.
As SUSE’s container management platform, new features with the upcoming release of Rancher 2.7 are designed to help customers secure and manage Kubernetes workloads across virtualized, cloud and bare metal environments, including adding additional operating system management functionality.
Managing mini-data centers
“With SUSE Edge 2.0, customers can securely implement edge applications at any remote location, in a mini-data center or as an industrial IoT edge device,” Basil and his team noted in a statement. “Additionally, most secure organizations such as defense and government can incorporate SLE Micro, which adheres to the commercial cybersecurity product certification that is mandated by federal procurement requirements and is planned to be listed at NIAP as under evaluation for FIPS 140-3 certification and Common Criteria.”
For application level in-cluster security, SUSE NeuVector can be added on top to provide the defense in depth protection as well as zero-trust runtime security.
“SUSE NeuVector provides the industry’s highest level of security and compliance without compromising application performance and hardware resources,” SUSE noted. “With the upcoming release of SUSE NeuVector 5.1, customers will benefit from more efficient and powerful vulnerability scanning and admission controls across multiple clusters through centralized enterprise scanning, auto-scaling scanners and support for the new Kubernetes (1.25+) pod security admission standard.”
Sealing up with Cilium
This release supports the Cilium network plug-in, cloud-native open source technology designed to secure and observe network connectivity between container workloads, which will benefit Cilium users with advanced security capabilities, including zero-trust security automation and the full layer 7 firewall protection like web application firewall, data leakage prevention and deep packet inspection.
This will also help the same security controls to scale across clusters and clouds which may have different or multiple types of CNI plug-ins. The release of open source build tools for the Open Zero Trust project, based on NeuVector, are now available for community users to create and build their own versions of Open Zero Trust.
The era of intelligent edge
We’re on the journey towards building what SUSE and others appear to be fond of calling the “next generation of intelligent edge products,” so we would do well to question where the intelligence factor really sits.
Are the cloud-native intelligence mechanics on show here mostly applied to edge applications, throughout the data layer or at the lower substrate operating system tier? The answer in the lion’s share of cases will inevitably be all three.
Where this gets us to in eight years time should be a point of greater automation, where edge systems are capable of autonomous management actions to change, update and realign in the face of that number one challenge factor — scale for growth. Why eight years? Because it will be the end of the decade, there are eight bytes in a bit and it was eight years ago that the massively edge-impacting Kubernetes was first announced by John Wilkes at the GOTO Berlin event.
Edge computing requires a lot of super-tuned lightweight software technology, but it needs to be applied with heavyweight strength.