 Hello everyone, my name is Kathy Jory and I work at Zedita. I'm going to share my presentation here. Okay, as I said, I work at Zedita, which is an edge software orchestration company. But the talk I'm going to present today primarily focuses around Evo s, which is an open source project under the Linux foundation. And the really cool thing about Evo s is already revolutionizing the way that we manage the edge, the deployed edge to act more like the cloud so that you can have it people that have ownership over the edge hardware. But then the deployed applications and software are a sub tier developer operations and operational technology that the IT people don't have to fall into ransomware traps of those applications because they can always boot them out. So IT people rather than being deployed in the field can actually securely have remote ownership over that box. That saves a lot of money for and they can access from work from home from anywhere these days, which is important in these times. So just a little bit about me and why I'm doing this presentation why I like this is I'm an electrical engineer so I really appreciate good software tools and tooling that makes my life a lot easier. I really love the benefits of open source software been a big, big fan big user for a long time. A couple projects that I personally use and recommend for for example for programming microcontrollers. I use micro blocks dot fun. Best tool out there. Great for learning but just great for double ease where you don't have the pain of software problems as much. IO is a project that spun out of Mozilla I worked on that project when I was at Mozilla. It's now a community project. I use that to have greater privacy over my smart home. It's a great, great project for that. And on the open source side, the focus of this talk like I said is really Eve. So you can find that under LF edge and all the services on GitHub. And of course I'm biased but the best commercial controller service for managing you know the centralized management of deployed Evo S boxes is found at Zita. First, I'm going to start off with a little background what is edge computing. When I talk about edge computing. I really mean it's anything outside the cloud cloud is somebody else's problem in terms of the hardware, the maintenance of the host OS on this on the cloud. And the edge you know there's sort of that regional access edge, and then there's the user edge and so the focus of Evo S is really on the user edge not at the micro controller level, but more at the Linux embedded application processor level. So smart, you know device edge on premises data racks and servers and stuff like that. And what's different about these two the cloud versus all these other edges is really how you deploy and use applications so when you're in the cloud, and you want to manage applications there over on the right side of this slide. You just ask which one am I deploying on AWS or TCP or Azure IoT or you know what am I one of my using and do you know what host OS do you know what hardware server racks power you know you don't know anything. You just know what software you can use. Instead, at the deployed edge, you're like well what hardware is there. What's it running. Do I need like what's my network access how do I reach it. What questions you having like, how do I get my software to it and is it going to conflict with something else. So there's a lot more problems right now with the deployed edge then that have been overcome by abstracting away those things at the at the cloud. So why you know as an IT person why should you offer that up to your application developers well it's because application developers don't like to have to manage the host OS and the security problems around it and manage the upgrade by the host OS and see if it conflicts with their application. So the, you know the specialized OS is cater to that. They let you live in the world of containers. And you just deploy your known little isolate isolated container. And you know it can be multi tenant you can run many on on the same machine. Choose choose whatever versions of dependent packages you want, you know less, less chance that somebody else is going to crash your application or service. This is the idea of cloud native this container orchestration. But So, so, because of that you can you can approach it as app development is one container at a time. And the difference at the edge is usually you have to pay attention to host OS it's not as easily easy to be hardware agnostic. And if you look at Docker container registries they're, they're dominantly in x86 architecture, compiled applications, and there's arms popular and certain niches like vision AI ML, but there's not in us not completely agnostic. And I optimistically hope that to see risk five servers coming, even even next year. Depending on chip shortages, of course. The other thing about the edges the host OS fragmentation is just you know what installation package management and servers and of course you can run containers but are you limited to only containers what about your legacy software you know it's not always easy to containerize that and then you just deploy more hardware to deal with legacy and containers at the same time. And then, if you are multi tenants, could other things crash your application. So, the OS does become the integration point at the edge, and you often have to, you know, find good service providers to help you help you manage that. So what is evil us. Again, is an open source operating system for the edge. Unlike many OS is it's, it's not standalone, it doesn't actually function on its own it's secure by design boot process requires an external controller like the first thing it does is phone home and say, who's telling me what to do, because I don't do anything told. And, and so the controller manages it over this open eva PI which has a whole bunch of security requirements that require the messaging certificate based messaging over the transport layer security so it's secure by design, and the OS itself is very lightweight meant for virtualizing everything underlying hardware so the applications can be multi tenant, and it includes very little extra just for reliability and security. And the way it does that you get your hardware layer and actual hardware deployed in the field, but it's similar to the ease of managing software in the cloud, in the sense that the edge virtualization engine has a container layer of VMs and containers and again this is under the LF edge of the Linux foundation. It's also designed for reliability in the sense that there are two partitions Eve takes about 250 meg of space for hardest space, and there are two partitions so that you always have have to set aside 500 meg so that you can always fall back when you're doing an upgrade. And then something happens during the upgrade. It manages the containers through container D, the orchestration. It always is being commanded by the controller over that open API and then on the application side there could be K3S clusters and Azure IT edge run times and you can deploy windows, you know, host OS, whatever you want, multi tenant containers. So it actually turned your edge nodes into a part of the cloud if you're in the DevOps position because again it has deployed these things in windmills and trucks and robots and all these places. And then the developer operation just sees them as yet another container or VM that they're running and hardware people or IT people get to actually choose their favorite hardware. The DevOps get to choose their favorite operate applications and clouds. And so everyone's happy and you save money with this centralized management and less complexity. And the way I look at it is the edge software today, it gets exposed to the weather of cyber attacks, right, because it's out there it's in a different space. And if you put the Zedita umbrella, or the umbrella over it, then your IT people on top, pull all of that edge software into the developer operations centers. So that makes it much easier. And now I just want to talk a little bit more about what's under the hood of EvoS, it heavily leverages Alpine Linux. Alpine is, you know, rather than being a full blown big stack, it's, you know, just enough OS for any occasion. So it's like your integration hub of apps. And if you compare its size, for example, good tasting core components. If you compare its size compared to a server or desktop OS of Linux, it is a lot smaller. So there's a busy box in the land. So no nonsense in it system. It's going to get you there with a little extra. And it has just enough package management fresh port serve daily. I can smell that fresh bread yum. So you have packages as you need. The packages are nicely organized by the Alpine Linux community. And it's basically a, you know, composed of EvoS's unit integration is an OCI container image. So it's again, heavily leverages the Alpine Linux community. And within that of EvoS also leverages Linux kit and container D. So OCI containers are composed by Linux kit, which is the build tool and collection of software. And the final image about 250 megs and times two is 500. That's how we got to that about that size you'll need on your edge hardware. And at runtime everything is orchestrated by container D. So now I have doing pretty well on time here. Now I'm going to do install demo using iPixie. So let me pull over. Oops, wait, I got it. Oh yeah, there we go. I'm going to show you a couple of tabs. So we can open this up for a demo. Actually, I'm going to show you a preview of the demo first. What I'm going to do is I'm going to use the combination of Equinix metal which has bare metal servers that you can just rent. I'm going to rent one of their servers. And then I use an iPixie config file to bring up EvoS on that server. It's in some data centers, but I'm pretending that data center is my edge field operation site. I'm going to deploy EvoS onto it in real time from scratch. And then I'm going to use its IP address, which is kind of the only thing I know about it right now because I don't have actually have physical access to the hardware. And it kind of cheat news that IP address is a unique ID to bring it in and onboarding it to my ZCloud orchestration service. And so how this works is we have release images of EvoS on GitHub. And in these releases, there's a bunch of configuration files for different purposes. This one that has the little .ip.cfg, iPixie, is a configuration file that will let me do this kind of bootstrapping of onboarding it with the IP address. Essentially, we're booting EvoS from GitHub. And we use this a lot in software deployment testing and configuration. You don't have to physically build up other servers. The way that iPixie allows you to do this is really quite handy. And you could also use it to set up staging environments for training or pre-production testing, whatever you want. This is what happens in this configuration file is just points to the URL of the source code. And then there's a whole bunch of instructions for the download for the boots and stuff. So let me see if I can pull up that. Just exit for a second and find that other window. Here we go. Now I got to get on the glasses so I can see the fine print. This page under the EvoS project under the docs folder deployment.md has a section about deploying with iPixie. So you get to this section deploying EvoS physical environments on bare metal and running the installer image via iPixie. So the first thing I have to do is log into my next metal account. And pull up a server on demand. Again, the first part of this is actually described in this document of how I would do this. And I want a server close by, let's say in Silicon Valley. I'm going to pick the cheapest one. T1 small x86 and I'm going to do the custom iPixie build. And then I'm going to fetch this config right here. I know that since I wrote that doc, we're up to about version 12. It doesn't actually matter too much what version you get in there because once you get it onboarded and orchestrated, you can just upgrade EvoS to the latest version. So this is going to be my Silicon Valley T1 small. I'm going to do it's just so we can see the ones, whoops, two. Okay, so this is our ones demo of the Silicon Valley node. And that's actually all I have to do. I could also optionally just write this whole config by adding user data, but since the config is already done for me, I'm just going to deploy that now. What that does is it's actually throwing that config file onto this box. And on this box, it's going to boot it up and quickly I already get a network here. So I already have an IP address I can use for my onboarding. And with that, I better log in here to my site control account. So we have an LF edge kind of demo space. And for my edge nodes, I'm going to just go back here. I'm going to add an edge node. So this process of doing one's demo. And select the people project. And I could add tags and asset IDs and asset locations all sorts of stuff, but not going to do that. So for this serial number, I need to add my IP address so I'm going to copy that IP address, and that's going to be my serial number. And then you need the secret onboarding key, which I have copied over in my other doc. You can get that from me, you can get that from Zavita. And then I have to know the brand of the box and this happens to be pretty sure it's a super, it's a super micro. I'm going to show the T1 small x86. There we go. And now that knows because of that model it knows the network interfaces and all the other ports, everything is virtualized I'm going to sign the Ethernet networks to the management interface. So with nice usage, you could, you know, unused management interface, which is management is like that, the Z Cloud, like control interface or a specific app or runtime or, or what have you. So you can assign all of those. And this is just a demo and I want to immediately activate that edge node. So if I click, and then I have requested. So basically now my is a control box is looking for this box. So here's my ones demo KG. So now it's provisioned on the controller side eaves controller knows to look for it and now even self is booting and having to deploy all the software and once it gets everything done the certificates and so forth. Then it's going to phone home. So my equinex metal box is my deployed edge server pretend, and it's got an IP address. It's alive and if I look at maybe it's traffic, tiny bit of traffic maybe coming inbound. So that that's a good sign. You can look up all sorts of things about it and network interfaces and you. And when you're done with these because you rent them by the hour, the thing I'll do after this demo is overall just delete the whole thing and proof it's gone. And it's seven cents an hour so it won't set me or the company back too far. So if you look at this document you to just review what we did I selected a server I did custom my pixie boots and deployed that and you can also use a CLI so there's an API to talk to next metal so you can do this all software programmatically to create your devices. So this is all the other ways that you can bring up evil as you can install. Most of the time you install using just a USB stick, and you plug the USB stick into the hardware box and it has an installer image that goes into that boots evil as onto the bare metal onto the hard drive with the Raspberry Pi you can even flash a live evil as image onto your SD card or you can use the USB approach, which writes to the SD card. You can use the virtual images ways to do it in virtual environments to play around with it but anyway check out in general check out Eve has this docs folder, which is just full of great information right from the start for me. It talks about everything about the security, the containerization how the controller works, the runtime configs and then the whole idea is application software management in managing the life cycles of yourself or blowing them away upgrading them. It's changing them and never losing the secure ownership of the box itself. Here's my server so what what we want to look for in said control is there's even events that is ready to be provisioned and then it usually takes about, I would say five minutes for this whole server process to complete and for it to phone home, and finally get the secure TLS handshake between it and its controller, which is also in the cloud. Let's take a look at that. And we'll look at this basic info slide. Once it shows it has a IP address we know it's, it's on board. And then the other things that I could show you while we're waiting here is the marketplace of different types of applications that I might want to deploy. There's a lot of different types foundry and Fledge, and you know hello Eva something that's playing around with which is deploying a little web service, but there's, you can run Kubernetes and Azure IoT and TVs and empty TT and also to crazy stuff including a boom to full blown host OSes so there's a lot that you can deploy. And then there's a lot of different hardware models that that you can deploy to. And so let's go back to our node. Oh, and I missed it. Here we are status is online if I go back to the events. You see that it registered a change from provision to online it's, it's now online and then now it's ready to to for me to deploy something to it. For example, I could take this Hello Eve application here, and I would just deploy it as an edge app. And I go through and select the project deployment, which know I want to deploy to next and some of these. And all sorts of other stuff. And the Kubernetes clusters there's a whole page for Kubernetes clusters and inter instances so that you get the, again it's more like the IT technology part that you have to set up. If you want to do that, then people manage it as if it's part of the regular cloud so this is my. Oh, this is my Hello Eve for arm this is the one I deployed in my Raspberry Pi so never mind this I'm going to cancel this it's not going to run on me. X86, but you get the idea. Here's my. Whoops, back to my back to my online. Hardware and here's my basic info. And then here's where you would set up in the adapters you would set up all of your it. So instead of the rules, actually this is in the applications you set up the rules for all of the port forwarding or ins and outs or things like that. And so it looks like one of these ethernet interfaces is up and once not. And if we look back here this traffic, we see a little bit more traffic going in and out. That's basically it, you know so you see how quickly I took Evo as I took the IPC install, and I put the whole thing together with the deployed box and the controller, and now I'm able to deploy my software to it and manage it. How I want. So, drop that again. I'm going to go back to this and the, the key takeaway that I want you to all to get out of this talk is that a lightweight Evo s can actually offer heavyweight security. This is one of the just, it's going to revolutionize the edge in terms of how we can centrally manage simplify and reduce the it costs of ownership and not lose control to ransomware and cyber attacks because the only person with the keys to the box is that TLS link to the controller. And everything else is untrusted software over the top. So, the more you can push your, your teams that have to deploy edge boxes toward this approach or if you have applications that you want to be deployed, you know, to the edge, then get your applications into the marketplace of the commercial controller or package them so that they can be deployed containerized or as the ends. Anybody running Evo s will be able to do that. So, key takeaway lightweight Evo s heavyweight security. And I want to thank you all for your time, and let you know that I run the developer program at Zedita so my commercial advertisement here is that if you contact me with my email Kathy at Zedita calm I can probably get you into our developer free access to Zed cloud account and get to try all this out. It's great for system integrators OEMs and of course customers that have to manage their services in the field. So thank you all for your time and I hope you enjoy the rest of the edge networking event. Thank you.