EdgeX System Management Nov 6th 2017

Agenda Introductions Adopt (e.g., LwM2M) vs. define Proposed model of management agent and managed objects Determining functions of the different MOs Refining REST interfaces Implementation Volunteers to divide and conquer

Mission Provision, monitor & manage an edge system with connected devices to insure its proper function. Scale, security and reliability are key considerations. Facilitate ecosystem formation by defining common cross vendor building blocks.

Scope Provisioning Infrastructure telemetry Bootstrap edge system Onboard devices Inventory Infrastructure telemetry Infrastructure notification/alerts Configuration and software updates

Topics Edge system secure auto-configuration Managed Objects Mgmt Agent to Managed Object API Mgmt Agent to Mgmt Service API

Secure Auto Configuration OOB Edge devices have no UI console Provisioning at large numbers while requiring manual steps is expensive Opportunity for EdgeX to define steps for secure auto-config out of the box Possibility to simplify external config server by using internal DNS This could be first option to try before reverting to external server Concern about privacy if it is known which customer is deploying which gateways Possibility to accomplish this with a shared secret if breached, this compromises all devices

Secure Auto Configuration OOB, Draft Proposal config server 1- GW manufacturing 2 - customer purchases N GWs ID1 – customer cURL & cPubK … GW ID1 GW PubK1 GW PrivK1 Config server sURL sPubK ID1 - PubK1 … sURL GW ownership list sPubK 5 - obtain customer cURL & cPubK 6 – connect w/ customer server; e.g., IoTC 3 - deployment ID1 - PubK1 ID1 PubK1 PrivK1 Config server sURL sPubK cPubK cURL 4 - obtain IP address 7 - SFTP bootstrap package PubK Defining multiple approaches EDM: automated device registration via DNS SRV Record & DHCP Option Tags Shared secret Privacy concern TLS connection

Secure Auto Configuration OOB, Feedback How to do it without WAN connectivity? Existing auto discovery solution, to find config server on LAN How to do it while preserving privacy? Intel’s EPID

Edge Function Microservices Mgmt Agent DB Mgmt Service Connected Devices Edge System Managed Object

Managed Object Name: UUID Type: [connected device, microservice, edge system] Properties as key-value pairs: [k1=v1, k2=v2, …] e.g.: make, model, serial number, time in service Metrics: [(name, units, interval, precision, accuracy, functionID), …] Actions: [(name, functionID, [name: parameter type, …]), …] Alerts: MO-UUID, metric name, value that caused alert

Mgmt Agent to Managed Object API From agent: Perform action Define alert Set property Append property Get property Get all properties To agent: Register managed object Put metric value Trigger alert

Mgmt Agent to Mgmt Service API To agent: Perform action Update managed object Put file Execute Remote terminal (SSH) Get property Get all properties

Inventory Connected devices Edge system Microservices Interrogate device metadata database for connected devices Notification of a device connection or removal Edge system K-Vs: e.g., OS version, system software, hardware ID. Metrics: e.g., CPU, IOPS, memory, storage Microservices List: name, version

Examples Heart beat as metric Ping as action Notification of battery charge, connection state Notification of edge system compute resource concerns

Examples of Configuration through Actions Firewall settings NAT traversal Change SSH port Wifi passcode Certificate revocation Installing new certificate

Software Updates Four types: Microservices Connected devices Edge device OS IoT Application (lifecycle management)

Power Management Restart or shutdown Remote restart or shutdown Might be required by system software updates Remote restart or shutdown E.g., Wake on LAN Energy saving

EdgeX for Fog Computing Using EdgeX microservices on multi computing tiers between [edge and cloud[ East-west communication Failover Load balancing Kubernetes for orchestration

Role Based Access Control Admin Monitor/read only