Edge computing is generally defined as computing, the hardware, applications and networking, taking place close to an end-user or event. In short, organizations across the world are using edge computing to:
- process data at greater scale with less cost
- process data faster
- make real-time decisions
- unify the physical world with the digital one
- meet different types of regulatory compliance
Gartner predicts that by 2025 at least 50% of enterprise-related data will come from and/or be processed at the edge.
With these known advantages at hand, building an edge strategy to solve problems is probably a good idea. But as all teams find, developing and deploying edge applications can become a significant project. At Izuma Networks we have worked hard to develop an edge solution that fits into modern IT and DevOps team’s workflows, and which does not lock customers into proprietary standards.
Izuma Networks provides a turn-key solution for deploying applications at the edge. Our Edge-as-a-Service (EaaS) offering allows development teams to immediately focus on developing the business logic of important applications that will live at the edge. Our offering is based on Kubernetes (k8s), the industry standard way of orchestrating application containers. When using our services to deploy apps at the edge, teams simply use normal k8s APIs. This means a huge amount of tools and existing knowledge can be leveraged.
Chances are your edge strategy involves:
- Various locations
- A myriad of different hardware types
- A strong focus on security
Additionally “edge” may mean running applications on:
- One or more servers at remote locations
- On smaller hardware such as “gateway class” machines or even machines as small as a Raspberry Pi
or - Dispersed instances with a hyperscaler in various geographies or availability zones.
All of these things can constitute edge, and in all cases Izuma Networks can greatly simplify deployments.
Izuma Networks takes care of the time-consuming and DevOps heavy task of maintaining and running Kubernetes, and the difficult engineering of making Kubernetes run at the edge, while greatly improving security and manageability.
How it works:
- Izuma Networks spins up a private instance of Izuma Cloud for you team.
- Izuma Cloud is a NoOps solution. So we manage the DevOps of the cluster itself. We also offer a co-DevOps solution and an on-premise solution for isolated networks or special deployments.
- Izuma Cloud provides a full Kubernetes cluster which will scale as needed.
- Izuma Edge, a Linux runtime stack, can be installed on most versions of Linux in minutes.
- Once installed, any Izuma Edge machine becomes a k8s node in the Izuma Cloud instance.
Izuma Cloud allows you to manage a single Kubernetes cluster, globally, across WANs / Firewalls / WAFs with k8s nodes being on even the smallest Linux hardware.
We built Izuma Edge based on real-world needs from multi-national organizations that deploy applications across the world in thousands of locations. We focused on:
- Very strong security at the Edge, with a Zero Trust design at each node.
- Highly durable connectivity for each node. Each node’s connectivity must handle: strict firewall, NAT and WAF implementations, low bandwidth, moderately unreliable networks
- The ability to handle frequent periods of disconnectivity with aplomb: power outages, staff just unplugging it, etc.
- A standard k8s design where DevOps teams familiar with Docker containers and k8s could immediately use the product and take their best practices with them to our platform.
To meet these goals Izuma Cloud and Izuma Edge are built on these core pieces of technology:
-
True Kubernetes at the Edge
True Kubernetes at the Edge
True k8s at the Edge. Orchestrate everywhere. A single cluster.
Our goal was to utilize Kubernetes in the most natural way when thinking about edge applications. Deployed Izuma Edge nodes are first-class k8s nodes, able to execute workloads as other k8s nodes in your cluster.
Use normal k8s orchestration to deploy pods needed in specific locations. Run part of your workload in the cloud and part of it on a node deep down in a remote network. Services can still work together as usual.
Almost any Linux machine with 4GB of RAM and reasonable compute can be a node in your Izuma Cloud instance. Marketing terms and analyst buzzwords abound around edge... Izuma nodes can scale from large "network edge" systems, like a xlarge AWS instance down to a palm size gateway device sitting in a small office. "Device edge", the "gateway edge", the "compute edge" or "network edge" ...chances are Izuma can work for you. -
Edge Security
Edge Security
Edge require better security.
The edge is distributed by nature, and that means you have a higher surface area of attack.
Deployment of anything at the edge requires hardened security with the best encryption & practices available. Izuma Cloud provides a complete solution for device identity management.
Each device is given a unique certificate, and any device can be blocked at any time. All communication utilizes TLS two-way handshakes with both client and server having certificate-based identity. Izuma Edge and Izuma Connect can both utilize hardware root-of-trust technology to secure identity keys when available.
Learn More -
Integrated SD-WAN
Integrated SD-WAN
Izuma Cloud and Izuma Edge provide a purpose-built SD-WAN for your distributed k8s cluster.
This SD-WAN allows you to develop applications that may need access to services on the Internet or in your own private clouds. Deployed apps, even if running deep down in a customer network, behind NAT or Application Firewalls, can ride this SD-WAN to access their critical services.
This built-in SD-WAN provides connectivity for:- k8s control plane communications
- intracluster pod communication
- LAN communications at Izuma Edge nodes
- external cluster communications
Consolidate the amount of ingress and egress across your cluster by having pods communicate with exterior services through a central point of control. -
Fully Managed. No Ops.
Fully Managed. No Ops.
Izuma Cloud fully managed instances include complete dev ops support.
We make sure your cloud is always up and running and can communicate with your Izuma Edge and Izuma Connect deployed devices. However, you still have complete autonomy to deploy applications at will using k8s APIs, and to deploy Izuma Edge & Connect devices when you want. This means that on Day 1, your deployment is running at full production quality. -
Edge Systems Management
Edge Systems Management
Counting on your applications running at the edge? Then you must also count on a machine being up and running.
Izuma Edge provides full systems management capabilities for remote nodes. These services run outside the k8s control plane allowing for system-level fixes to the operating system.
These optionally configured components work well when deploying on dedicated hardware such as IoT gateways or remote bare metal servers. Features include full remote terminal access, logging, and the ability to update OS level components including the boot loader. Upgrade facilities are entirely pluggable, and can even be used to update firmware on attached hardware. -
Fully Managed, Comanaged, or On‑Premise
Fully Managed, Comanaged, or On‑Premise
Deploy Izuma Cloud in the manner you need.
We offer a private instance of our services for every customer. Private instances use AWS, in the Availability Zone of your choice, and we handle all of the cloud's DevOps. This option allows customers to immediately start deploying Izuma Edge or Izuma Connect devices and start deploying applications. In this option, edge applications can start being deployed within a day.
Izuma Cloud can also be deployed on your hyperscaler of choice, where the deployment is co-managed. In this scenario, Izuma Networks takes responsibility of deploying Izuma Cloud, and then once running provides a set number of DevOps hours. Customers can use this option when they prefer to run our services inside of their own management accounts, utilizing the hyperscaler they already use, and with features they have as part of a corporate plan. (Option availale in Q3 2023)
Izuma Cloud can also be deployed on bare metal infrastructure with k8s. In this scenario, the IT teams should provide a running k8s cluster. Deployments are possible as long as the k8s cluster is standards-compliant and has the minimum compute and memory footprint. These deployments are for when there is little if any Internet connectivity, or where critical uptime/compliance requirements make it mandatory to run services locally. (Available in Q1 2024)
-
True Kubernetes at the Edge
True Kubernetes at the Edge
True k8s at the Edge. Orchestrate everywhere. A single cluster.
Our goal was to utilize Kubernetes in the most natural way when thinking about edge applications. Deployed Izuma Edge nodes are first-class k8s nodes, able to execute workloads as other k8s nodes in your cluster.
Use normal k8s orchestration to deploy pods needed in specific locations. Run part of your workload in the cloud and part of it on a node deep down in a remote network. Services can still work together as usual.
Almost any Linux machine with 4GB of RAM and reasonable compute can be a node in your Izuma Cloud instance. Marketing terms and analyst buzzwords abound around edge... Izuma nodes can scale from large "network edge" systems, like a xlarge AWS instance down to a palm size gateway device sitting in a small office. "Device edge", the "gateway edge", the "compute edge" or "network edge" ...chances are Izuma can work for you. -
Edge Security
Edge Security
Edge require better security.
The edge is distributed by nature, and that means you have a higher surface area of attack.
Deployment of anything at the edge requires hardened security with the best encryption & practices available. Izuma Cloud provides a complete solution for device identity management.
Each device is given a unique certificate, and any device can be blocked at any time. All communication utilizes TLS two-way handshakes with both client and server having certificate-based identity. Izuma Edge and Izuma Connect can both utilize hardware root-of-trust technology to secure identity keys when available.
Learn More -
Integrated SD-WAN
Integrated SD-WAN
Izuma Cloud and Izuma Edge provide a purpose-built SD-WAN for your distributed k8s cluster.
This SD-WAN allows you to develop applications that may need access to services on the Internet or in your own private clouds. Deployed apps, even if running deep down in a customer network, behind NAT or Application Firewalls, can ride this SD-WAN to access their critical services.
This built-in SD-WAN provides connectivity for:- k8s control plane communications
- intracluster pod communication
- LAN communications at Izuma Edge nodes
- external cluster communications
Consolidate the amount of ingress and egress across your cluster by having pods communicate with exterior services through a central point of control. -
Fully Managed. No Ops.
Fully Managed. No Ops.
Izuma Cloud fully managed instances include complete dev ops support.
We make sure your cloud is always up and running and can communicate with your Izuma Edge and Izuma Connect deployed devices. However, you still have complete autonomy to deploy applications at will using k8s APIs, and to deploy Izuma Edge & Connect devices when you want. This means that on Day 1, your deployment is running at full production quality. -
Edge Systems Management
Edge Systems Management
Counting on your applications running at the edge? Then you must also count on a machine being up and running.
Izuma Edge provides full systems management capabilities for remote nodes. These services run outside the k8s control plane allowing for system-level fixes to the operating system.
These optionally configured components work well when deploying on dedicated hardware such as IoT gateways or remote bare metal servers. Features include full remote terminal access, logging, and the ability to update OS level components including the boot loader. Upgrade facilities are entirely pluggable, and can even be used to update firmware on attached hardware. -
Fully Managed, Comanaged, or On‑Premise
Fully Managed, Comanaged, or On‑Premise
Deploy Izuma Cloud in the manner you need.
We offer a private instance of our services for every customer. Private instances use AWS, in the Availability Zone of your choice, and we handle all of the cloud's DevOps. This option allows customers to immediately start deploying Izuma Edge or Izuma Connect devices and start deploying applications. In this option, edge applications can start being deployed within a day.
Izuma Cloud can also be deployed on your hyperscaler of choice, where the deployment is co-managed. In this scenario, Izuma Networks takes responsibility of deploying Izuma Cloud, and then once running provides a set number of DevOps hours. Customers can use this option when they prefer to run our services inside of their own management accounts, utilizing the hyperscaler they already use, and with features they have as part of a corporate plan. (Option availale in Q3 2023)
Izuma Cloud can also be deployed on bare metal infrastructure with k8s. In this scenario, the IT teams should provide a running k8s cluster. Deployments are possible as long as the k8s cluster is standards-compliant and has the minimum compute and memory footprint. These deployments are for when there is little if any Internet connectivity, or where critical uptime/compliance requirements make it mandatory to run services locally. (Available in Q1 2024)
Most solutions on the market for Kubernetes at the Edge, or Edge-as-a-Service, focus on utilizing tools in what is called “Multi-cloud.”
These solutions involve spinning up an entire k8s cluster at each edge location. Customers then use a proprietary “multi-cloud” toolset, which Gartner has recently termed as Multicloud Networking Software (MCNS), to manage multiple k8s clusters. Some of these deployments may be traditional k8s clusters at a hyperscaler, and others may be the “edge clusters.” The “edge clusters” are variations of mainline Kubernetes, a popular example being k3s. While these solutions can work well, depending on your deployment needs, bear in mind - every time you create a new cluster you increase management complexity and increase risk by expanding the surface area hackers can attack.
And we aren’t the only ones saying “multi-cloud” adds complexity.
“The huge cost and complexity of a multicloud implementation is effectively a negative distraction from what you should actually be doing that would improve your uptime and reduce your risks…"
- Lydia Leong, Gartner
TechRepublic, Oct ‘21
Izuma Networks takes a different approach. With over a decade’s worth of patented security and systems technology, we have developed a standards-based k8s cluster that allows deploying applications across the Internet while still having the ease of manageability of a single Kubernetes cluster.
It’s still possible and sometimes desirable to have multiple k8s clusters. In this case - by using Izuma Cloud you can instead break clusters up by the purposes they serve or the groups which have operational responsibility - which is a more security-centric way of organization (as an example, look at our MDC use-case). Clusters are not confined to a specific location/data center or a managed WAN. Nor do DevOps teams need to be concerned with special networking needs or third party SD-WAN systems for remote nodes. All Izuma Edge nodes in the Izuma Cloud cluster talk back to the cluster’s control plane and other nodes over HTTPS using two-way TLS (mTLS). Additional systems management features are part of Izuma Edge, easing DevOps team’s deployments more.
–
Along with the growth of edge comes the risk of increased attack surfaces for malicious actors. It’s imperative to have a security-by-design solution when deploying edge applications. Izuma Edge builds on years of experience and development of the Izuma Cloud product.
Read more about our Edge security model.
