Edge Systems Management & SD-WAN

Keeping edge applications up requires keeping remote edge systems up.

Critical to Edge Deployments: Robust Systems Management

Deploying applications to a remote server or gateway is only half the battle. The other key piece is keeping that box up, running & secure.

Systems Management Capabilities at the Edge

  •  Remote OS, firmware and package updates
  •  Remote logging: syslog, kernel logs, k8s logs, systemd
  •  System statistics: memory, disk, CPU utilization, container stats
  •  Remote terminal access
  •  Container access via kubectl and data tunneling to any remote container

Izuma Edge includes system diagnostics, stats logging, remote terminal, and secure updates. This provides one place for OS, network connectivity, system configuration, and easy onboarding overseen from a dashboard or a mobile app. Use a single software stack to do both application orchestration and remote systems management.

The systems management components are optional. Teams which are using another systems management approach for their machines are not tied to this system and can disable it. For most deployments, however, these components allow consolidation of providers. Both your systems management, edge orchestration and SD-WAN can be provided by Izuma Cloud talking to Izuma Edge machines.

Single Pane of Glass

Izuma Edge deployments are managed through Izuma Cloud and reside in the Izuma Device Directory. If you have both microcontroller devices and edge-class devices, all these can reside in the same account in the same directory, using the same APIs.

All systems management services route through outbound HTTPS. This means if your gateway or edge server can talk to Izuma Cloud, your systems management services will work. No weird ports or fancy firewall configurations are needed. This decreases setup time and hassle for your own customers or users.

Izuma Cloud’s built-in SD-WAN for Edge

Izuma Cloud in conjunction with Izuma Edge provides an SD-WAN purpose-built for orchestrating edge applications and moving their data.

The SD-WAN is built around Izuma Edge’s robust certificate management and identity capabilities. The traffic runs over TLS using a two-way handshake with both client and service having dedicated certificates (called mutual TLS or mTLS). Kubernetes APIs and all systems management components will automatically use this SD-WAN. Normally, mTLS can be difficult to manage and deploy, which is why it is not often used. Izuma’s Factor Flow tools (free tooling for our customers) help make the process of preparing certificates for each machine much easier, streamlining the prep process for a box that will live at the edge.

Teams can either choose to route data from their own applications through this SD-WAN, or they can allow their applications to talk to their own services directly across the Internet. Using the SD-WAN to move application data, however, may make deployments easier and more secure. It means that no new firewall ports need to be opened at the location where the edge machine is deployed, and it provides an extra layer of security.

Combined with the systems management components, the Edge-as-a-Service SD-WAN, provides significant control over the network behaviors of applications running on your edge machines.