 Hello, my name is Jason Shepard and with me is Roman Chposhnik and we're here to talk to you about building the Android for the IoT Edge related to Project EVE within LF Edge, so Hey everyone All right. So that's us. You can find us online You're there and both of us work with the company called Zedita and we leverage EVE as part of our commercial offer So, you know, what is EVE? Rome is going to talk in a lot more detail about EVE as a foundation for IoT Edge applications, but you think of it as a universal abstraction layer for Edge hardware and it's really focused on hardware outside of a secure data center So it could be a gateway. It could be a server on a factory floor But just anything out, you know in the wild that you need to make sure is very secure You want to abstract all that complexity from the hardware and make it much more easy for developers to to deploy applications orchestrate those applications remotely Completely open obviously as part of Linux my nation and and ultimately it's about providing these open API's that enable you to take advantage of that abstraction and Prevent lock-in for any particular application stack hardware, etc. So that's kind of even a nutshell and we'll get into more details, but Just to make sure it's clear where we play so recommend you check out the LF Edge taxonomy paper that came out earlier this summer you can find that online Lots and lots of detail won't go through all the detail here, but you know think of Eve as Being the serving the IoT component of the smart device edge as covered in that paper So this means anything outside of a secure data center out distributed out in the field But still capable of running apps if you go one step further left now You're you're highly constrained in terms of a device You know it's more embedded software of your custom tools for everything But once you have enough memory to abstract that that bare metal foundation for virtualization and containers There's a lot more that you can do and it simplifies is a lot of that complexity and so You know Eve is focused on that lots of great tools for the data center But really a challenge when you get outside of a physically secure data center You know lots and lots of different diversity many types of you know x86 hardware arm hardware What a legacy step out there all kinds of different things to deal with scale factors, so when you're in the The cloud you know talk about the public cloud There's tens of public clouds that really matter when you get to the device edge, especially the constraint devices So eventually be trillions of devices out there and now the the IoT Edge where compute's happening you know it's somewhere in between but just massive scale over time that you have to Comprehend it's just different than what's in the data center And the other big thing is when you're not in the data center Not only do you not have physical security all the time, but also you don't necessarily have a network perimeter You know you don't necessarily know that there's a firewall or have control over that So you need a solution that that's built to be out you in the wild built to to be secure regardless of How you deploy it and so that's a big Enablement that Eve is looking to go do and if you really look at it, you know the smart device edge includes Mobile devices client devices a very well-solved problem you with Windows and iOS and Android The the IoT compute edge is also part of that as defined in the taxonomy And that's that's the Wild West right now And so think of Eve doing for the IoT Component of the smart device edge what Android did for the mobile complaint component You create a universal foundation make it super easy to deploy apps you can build an ecosystem on top, but Way more we make way more easier than by basically death by a thousand cuts hacking away at you know All this different kind of hardware and whatnot So a very very important you know part of we think of scaling embedded computing to meet the needs of your IoT and edge And so just you know real quick on kind of the philosophy behind Eve in terms of architectural approach So there's a variety of ways of doing it You know Roman will describe a little bit more but you know Eve is a bare metal abstraction layer So you sit right on top of the hardware You know we support both virtual machines and containerized workloads. That's important when you're in in a legacy World where you've got say some Windows applications that you want to put next to modernized You know cloud native apps so Very much focused on more constrained hardware You still has enough memory to support the abstraction, but but a lot more constrained than a rack of servers that you would see in a data center completely Open API in terms of how you build Interface into Eve, so you're not going to get locked in any particular interface so that's that's You know at a foundation only foundational level like what it is about and of course the other big things that your bare metal is You're not necessarily going to break that device or you won't break that device out in the field Compared to some other ways of doing it When you're looking at the alternatives today, there is a number of proprietary bare metal solutions You can get some similar benefits because you've got that lower level hardware access But you will be locked in to only the controller that supported with that abstraction layer The other big thing you know with those solutions is you know all of the solutions that we see today are really focused at the data center Class equipment not stuff that's distributed out in the wild. That's more constrained So that's that's one option we see out there and the other option We see often is where you take an OS So you put an agent on top and that talks with the controller But the problem with that is if you don't do a lot of integration between the agent and the OS You're very likely going to break that device out in the field If you don't do hardening of the OS you're going to have security issues So the whole point is if you integrate the agent with the OS well, you've just built Eve So the idea is edges use Eve and let's go build a community around that and again Kind of do that Android thing for the IT edge and make it just a lot easier to to scale long-term So you real quick before I hand it over to To Roman is kind of give you an example So one of the patterns that we see all the time people have a legacy Applications they need to be able to support those you can't just get rid of existing investments You want to run some new containerized applications on the same hardware? so you imagine a gateway or a server deployed, you know could be in a retail store could be on a In an office space, you know, even a factory floor doing Video surveillance, you know, obviously we're moving more and more to computer vision and whatnot, but classic video surveillance use case Most video surveillance applications VMS is our windows based today Very often today what happens is someone goes in the poison box. They put it in a closet They started running its recording and then they leave you know the technician they leave and then they never see it again And so Eve can provide a lot of visibility into that That foundation but also help you run more modernized workloads next to it in terms of containers So maybe you want to put a an AI model next to that foundation for Object detection it could be a licensed place could be people etc Various different things and then send that data could be on-prem into the cloud Maybe you're gonna put something like Azure IoT edge next to it. Maybe you're using some sort of protocol conversion Service you're running in there. You can assign to different cores and and Co-processing elements. So it's it's really about how do I provide that hardware abstraction? How do I make it very very easy to deploy and orchestrate hardware and software any device any application? Any cloud any on-prem system? So the Eve is that becomes that universal abstraction layer So with that I'll hit it off to Roman to provide a little more detail on the project and where we're headed Absolutely, thank you Jason for a wonderful introduction So hopefully we got everybody's attention and sort of interest and digging a little bit deeper into Eve And let me just again reiterate what Eve is So conceptually, it's basically an operating system like You know Offering so the closest analogy in the existing space would be if you're familiar with VMware It would be something like ESX or ESXI, you know from VMware It's basically something that you deploy on an edge node, right? You know could be a small computer could be you know as small actually as Raspberry Pi I will talk about Raspberry Pi is a little bit later, but you know, typically it's a computer The size of the Intel's nook You know that's attached to some kind of an equipment or basically this you know data acquisition and processing and Eve just gets deployed as an operating system. So it boots And once it boots it has all of these different services that you can see on this slide Essentially being in support of running Virtual machines and containers and those become user applications, right? So we'll get into all of these different services, but you can see that you know at the end of the day Eve is that You know appliance almost operating system, right? That doesn't really require any kind of management because all of the management is built right into it So if you look into the key capability key capabilities that Eve actually provides to the application layer We spend a great deal on making sure that the trust and security becomes as easy as possible Because all of these you know small devices nowadays can actually a pretty decent Route of trust infrastructure, you know, typically expressed as a TPM, you know, Intel or T or similar infrastructure on arm But using it, you know from your application becomes a challenge a lot of times, right? So Eve Takes care of that on its own side and then presents a virtualized view into that security infrastructure back to the application so obviously We you know are pretty efficient in terms of how we manage resources like CPU memory, you know device ports, but on the device ports, we also provide an additional level of security Making sure that you can actually Remotely turn on and off, you know things like USB ports for example So that you cut down on the attack factors in your infrastructure or you can assign individual USB ports, you know to individual applications So let's say a container that actually needs to get some data out of a machine gets a USB ports assigned But not none of the other containers running on me if we'll get you know anything We support, you know some level of What you would describe as you know serverless infrastructure So we have this way of running tiny VMs called unique kernels and you can actually build a VM Full-flash VM to be as small as one megabyte, which is actually a pretty decent, you know size Again CPU assignment is obviously given for any kind of virtualization system But we're also taking care of GPU assignments, which becomes a use case a lot of times for AI applications on the edge And especially applications that tend to do a lot of acceleration, you know on the GPU And finally when it comes to patching, you know security updates all of that is built right into Eve itself Just like Android, you know, we use this blue-green partition So that you never really are in danger of breaking your device even if you update Eve itself But obviously updating an application Running on Eve is as easy as just deploying a new version of the application and you know killing the old one Right, so it's a very cloud native way of looking at your application deployment And at the end of the day, that's what Eve is trying to do So Eve is basically trying to turn all of your edge infrastructure into something that looks like yet another cloud So we actually had a few things, you know for our project roadmap for 2020 And we kind of actually got quite a few of them done, but there's still you know a few Outstanding so I'll just call out the ones that you know are pretty interesting and you can actually play with them already So one of them was integrating KVM and acorn hypervisors into Eve Eve began as a technology based on Zen hypervisor But from the beginning we actually wanted it to be hypervisor agnostic and to keep us honest, obviously We integrated KVM, you know pretty quickly But the fact that Intel has donated, you know acorn a hypervisor that specifically aimed at Industrial and real-time use to Linux foundation accelerated our integration with acorn and Intel team actually did all the work Which is a great, you know news for us because you know as any open source project We're always looking for community members to contribute So that's pretty interesting and you can play with it already. We actually added You know we shrunk Eve front time quite a bit So right now we can you know fit into 256 megabytes of RAM and about you know The same size of the flash Honestly, you know to be absolutely comfortable we probably need you know 512 but you can actually start playing with Eve even in that small footprint Just a quick, you know summary on the internal composition of Eve, right? So any kind of workload Or any kind of resource that you need to be expressed as a user resource on Eve Basically gets expressed in a similar manner to Kubernetes CRDs and you know for those of you familiar with Kubernetes CRDs stand for custom resource definitions So basically anything that runs on Eve will get a CRD like definition And in fact, we're actually working with the community to see maybe we can migrate to the CRD Format itself. So then Eve basically becomes even more even closer to the Kubernetes, you know as we all know it today But what do those CRDs actually express? Well fundamentally on Eve, you basically have three kind of resources, right? You have volumes which basically signify storage and those volumes could be just you know virtual machine volumes like you know Block disk or they could be container or CI volume, you know, which is a file system, you know POSIX file system like interface We give you a pretty flexible way of managing them But you know that basically storage management. The second type of resource is network So we actually abstract away all of the complexity of networks So for example, you can basically say I want a resource that is a network that is connected to an Amazon DPC with the following set of credentials and Eve will just instantiate that network and make it available on the system and Finally once you have volumes and networks Basically, there has to be something that takes care of you know, actually using them and that something is a runnable entity and any Runnable entity on Eve gets represented as a task. So tasks are basically Either containers or VMs or unicornals that essentially consume volumes and networks and do something useful, right? You know, they also obviously consume CPU and RAM But CPU and RAM are kind of table stakes of you know, I don't really call them out separately So that's in a nutshell the whole composition of the Eve, you know, that's how kind of how you have to think about the system So if you would see a manifest of what gets deployed on Eve That manifest would look very similar to a Kubernetes manifest or you know, HashiCorp Terraform So you would feel right at home if you're familiar with the typical DevOps, you know tool tool chain Now finally, you know one exciting bit is a full support of Raspberry Pi 4 You know before Raspberry Pi 4 Raspberry Pi's were not really capable as you know computers in terms of virtualization Because they were not implementing geeks correctly But with Raspberry Pi 4 we have a full flash platform, you know on ARM, you know, which is very exciting for us So there was a lot of work done with the Zen community between Zen and Eve to make it Available, you know, but now you can basically check it out You know, you can go to the Eve's project website And it's probably the easiest way to start playing with Eve, right, you know to get yourself a Raspberry Pi board and just Trying it out. Now before you do that, you might actually want to give it a try on the laptop and we allow for that as well. In fact, we actually have a brother or sister project, you know To Eve called Eden, which is essentially a three-tharming knife for open source Eve management So again, think of Eden as you know a bit of a HashiCorp-like tooling Essentially tie all of the different things that you need to have running to basically make a fleet of Eve devices useful And today Eden supports, you know, three different kind of Eve You know, you can run Eve locally on your laptop, which is I'm about to demo quickly You can run Eve on your Raspberry Pi. You can Eve or run Eve as a virtualized instance on Google Cloud Compute And the tooling of Eden basically mimics a popular DevOps toolchain. So demo time Alright, so the first thing that you need to do once you download Eden from GitHub is to build it Which we will use make to do make build and Eden is written in Go. So I could have just easily used Go compiler But it's just a little bit nicer to use make but this is the last time we will be using make everything else is done through the Eden utility itself So it comes with a lot of helpful commands. We will be exploring a few of them today So the first command that you should know about is called Eden config and Eden config is modeled after Kubernetes a Context so it's basically allowing you to manage different profiles of flavors of Eve. So let's start with adding the default Config but before we do that, let's see what options are available. So as you can see, we have a Raspberry Pi option We have a Google Compute option But today we will be using the easiest the simplest one of all which is running Eve directly on my laptop using QM So this is the default config that we've just generated and now let's set this config up So there's a command called Eden setup which essentially is Downloading and generating all of the bits and pieces that you could easily download and generate manually yourself But it's just a little bit nicer to use Eden and orchestrate all of these different steps So right now, for example, it creates certificates to install into the Eve image. So when Eve comes up, you know There's a mutual TLS that protects, you know any kind of connection that it does It also downloads a particular release of Eve. So right now it downloaded this release from Docker Hub And it needs to unpack this release and basically turn it into an image that has all those certificates built in So it's done. It's not too bad. It's not the running for too long and besides it's just one-time action So now that we have everything set up correctly, let's start everything up. So there is a command called Eden start Which essentially is running a whole bunch of containers and you can see which ones by just doing Docker PS All of the Eden containers are prefixed with Eden. So it's pretty easy to see what they are But it also started the QMU. So that's the Eve itself And if you want to take a look at what Eden thinks about your system, you can always do Eden Status and it will basically show you that, you know, a lot of things are green The only thing that is yellow is Eve is actually running, but it hasn't been registered with a controller So Eve is not known to Eden just yet Let's fix it by issuing Eden Eve on board command And I will run it in the background because it takes a little bit of time And the reason it takes a little bit of time is because Eve follows an old Hollywood principle You don't call us, we call you. In that sense, you cannot really establish an inbound connection into Eve So for example, now that Eden needs to Register Eve. It cannot really just call Eve It needs to wait for Eve to call it and then it can basically exchange security information that would Allow it to recognize that this is indeed the Eve that needs to be trusted and managed So it needs to wait for an internal Eve timer to elapse, you know, and for Eve to contact you While it's doing that, let me actually show you another useful command, which is Eden Eve Console And this is just inside of the Eve itself, right? You know, we are right now inside of a Unix instance, Linux instance That is Eve itself So you can run PS and see the processes that are running on the system It's just a console into a system, right? But it looks like, you know, the Eve node has been provisioned and the reason I know this is because it gets the UID as its hostname So let's exit this and see what Eden thinks of our running Eve instance now So for that, obviously, let's rerun Eden status Command and right now everything seems to be green. So Eden knows and understands the remote Eve APIs So now the only question is what can you do with this setup? Well, what I tell everyone to do is to run a hello world type of a docker container Which typically is nginx. So let's do just that Eden comes with pod command, which basically allows you to deploy different types of containers and VMs And sort of modeled after docker. So it's pretty easy for people to get their head around So let's use Eden pod deploy command and deploy and nginx, but also proxy it's 84 to 8028 on my local computer So let's run it As you can see, Eden is basically creating a configuration for Eve that Eve will later contact controller and ask for But if you want to know the status that your container is in, you can run Eden pod PS command and you will basically see that your container is in configuration It hasn't really been requested or provisioned by Eve just yet But the whole system knows about it. So it takes a little bit of time for the container to be requested and provisioned But by the time we are done, you will basically have a running nginx instance And just so that we don't waste time waiting for it. I'll cut down to when it's actually running Now as you can see the state of the container changed to download started This is basically an indication that Eve has started downloading it from docker registry By the way, Eden actually runs a private docker registry on your laptop So I could have just you know created the custom container and put it on my registry here But this one is being downloaded from docker hub. So let's wait a little bit for it to finish Okay, it looks like right now our container is up and running. So everything went correctly again. It took a little bit of time That's why we're doing this, you know jump cuts. So the container is up and running. So let's see if I can curl this container Tada, you now have your first container running on Eve and that concludes our demo back to you Jason Cool. All right. Thanks Roman. So, um, yeah, just we'll kind of wrap it up here You know, obviously we welcome you guys to join in on Eve and help contribute You'll explore you grab a grab a raspberry pi and start hacking Um, you we've actually been growing as a community. So we're up just over 50 unique contributors Um, these days Zidia that you are company Roman and crew contribute. Of course, we've had a lot coming in from Xilinx and Intel a variety of others and so the community is growing. Um, and we're seeing Eve being deployed in a variety of a different vertical market. So Industrial spaces Um, people interested in it and from a healthcare standpoint if I'm deploying in hospitals and I don't necessarily on the network as a as a solution only a mental hospital, uh, you know, out in the wind turbines out in the middle of nowhere where it requires like a helicopter ride to go out there and and, uh, um, touch anything. So having that remote management really helps. Um, so it's just a variety of use cases and it's really about bringing together the best, uh, solutions into A holistic package and then exposing that open API to where people can just kind of simplifies the whole development experience and then you can just go You innovate So with that, I think, um, we'll wrap up. There's a there's some links here. Um, you know, we encourage you to go check out and And, um, you go check out, you know, look at the the codes out there. Of course, you know, lots of documentation online. We run, um, You know, weekly office hours if you if you have any questions or just want to get involved there And, um, with that, I think we've got time for a few questions if there's questions in the chat. Um, otherwise that's a wrap for us and, uh, You know, thanks for listening. Yeah, thank you so much