Tue, 26 Sep 2023 19:15:00 -0000
|Read Time: 0 minutes
Edge computing is generally defined as “a distributed computing paradigm that brings computation and data storage closer to the sources of data.1” The goal of this approach is to improve response times and save bandwidth.
Beyond this definition, edge computing is critical for enterprises to drive innovation and business outcomes. Existing approaches to the edge have led to technology silos, unscalable operations, poor infrastructure utilization, and inflexible legacy ecosystems. The massive proliferation of diverse edge devices has also increased exposure to cyberattacks. Dell has addressed these challenges with the new NativeEdge solution, a key feature of which is the ability to deploy edge devices swiftly and securely. At the root of this capability is FIDO Device Onboard (FDO), an open standard defined by technology leaders within the FIDO Alliance to automatically and securely onboard devices within edge deployments as diverse as retail, manufacturing, and energy. The FDO implementation used by Dell is based on the open-source implementation that has been contributed to the Linux Foundation Edge project by Intel.
The integration of the FIDO Device Onboard (FDO) with the Dell NativeEdge solution helps organizations to deploy and manage infrastructure at the edge by utilizing zero-trust principles and a streamlined supply chain to secure the edge environment at scale. “Intel developed and contributed the base technology that became FDO. Our work with Dell and the FIDO Alliance is a great example of the power of collaboration to address the continuously evolving threat landscape faced by our edge customers,” said Sunita Shenoy, Senior Director, Edge Technology Product Management at Intel.
Edge computing is transforming industries and we are delighted that FDO is a key component in Dell's innovative NativeEdge platform," said Andrew Shikiar, executive director and CMO of the FIDO Alliance. See the press release here: FIDO Device Onboard (FDO) Certification Program is Launched to Enable Faster, More Secure, Deployments of Edge Nodes and IoT Devices
In this blog, we will look at the edge challenges and three key elements that seek to address them: firstly Dell’s NativeEdge solution (described here), secondly the FIDO Device Onboarding (FDO) standard, and lastly the Linux Foundation Edge Open-Source software implementation of FDO (described here).
Recent years have seen a significant shift towards the edge, as more companies deploy devices that increase the demand for more data and analytics. By deploying devices to the edge, companies can reduce latency, improve the speed of data processing, and enhance security. Further, deploying devices at the edge can also help reduce bandwidth consumption and minimize the costs that are associated with transmitting large amounts of data to the cloud. The deployment of devices at the edge has therefore become a crucial component of modern technology infrastructure, enabling businesses to improve their operational efficiency and deliver better customer experiences.
The NativeEdge operations software platform enables organizations to securely deploy and manage infrastructure at the edge. NativeEdge supports a wide range of NativeEdge Endpoints. It uses zero-trust principles, combined with a holistic factory integration approach and application orchestration, to create a secure edge environment. It can start small with a single device and scale out as needed, and it can be deployed centrally or globally, regardless of network connectivity challenges, absence of technical staff, or facility environment.
In an internal Dell analysis2 consisting of return-on-investment modeling together with nearly a hundred Dell customer interviews, and a third-party environmental consultant review for methodology validation, Dell examined the potential economic impact of running NativeEdge across 25 facilities of a composite manufacturing company.
The study found that after three years, the company could expect to see the following benefits:
As these figures show, NativeEdge is designed to address the major aspects of managing an edge system. The first two of these aspects are closely linked as the ability to provide zero-touch provisioning (also known as onboarding) together with zero-trust security, a key tenet of which is, “Never trust, always verify."
Traditionally, the installation of edge devices has been a cumbersome and time-consuming process. Edge installers, who could be individuals such as retail store managers or factory plant managers, may lack the expertise to manage complex edge devices and operating system installations. This highlights the importance of ensuring that edge devices are user-friendly and straightforward to deploy, as mistakes in manual onboarding can lead to security issues as well as service outages.
With NativeEdge, anyone can easily set up a NativeEdge Endpoint by simply plugging in a network cable, powering on the device, and stepping away. By leveraging the FIDO Alliance’s open standard known as FIDO Device Onboard Specification 1.1, Dell assures a streamlined installation process that is as easy as possible. The FIDO Alliance is a standards organization with over 250 members that was formed in 2012 with the goal of “simpler, stronger authentication.”
Leaders in technology from the FIDO Alliance (including Intel, Amazon, Google, Qualcomm, and Arm) created FDO. It is an open specification that defines an approach which combines 'plug and play'-like simplicity with the highest levels of security. It fully aligns with the zero-trust security framework in that neither the edge device nor the platform onto which it is being onboarded are trusted before onboarding takes place. FDO extends zero trust from the installation point back to the manufacturer.
The following steps are aligned with the numbers in the figure:
Finally, having finished the FDO process, the device contacts its management platform, which is the platform that manages it for the rest of its lifecycle. FDO then lies dormant, although it can be re-awakened if needed, such as if the device is sold or repurposed.
Dell has integrated FDO into many elements of its NativeEdge solution, from its secure manufacturing facilities to the Dell Digital Locker used to store Ownership Vouchers to the NativeEdge Orchestrator. A full and detailed description of how FDO has been dovetailed into NativeEdge is available here.
The following diagram shows the FDO process applied within the NativeEdge environment.
The numbered steps in the diagram are explained in detail in the following steps:
Software implementations of FDO consist of several functional elements, which are highlighted in the following generic FDO tool diagram.
The numbered steps in the diagram are described in further detail as follows:
Companies have a range of options when implementing the FDO software. They can develop the software themselves directly from the specification, use one of the commercially available implementations of FDO (for example, Red Hat), or they can use the Linux Foundation Edge implementation (described here).
The FDO software within the Linux Foundation Edge has been developed and contributed by Intel, one of the authors of the FDO specification. The code is a mixture of C and Java (depending on which part of the FDO system is being implemented). It offers client software for both Intel and other processors including Arm.
With NativeEdge, Dell set a simple but critical goal; allow customers to deploy Edge solutions quickly and securely and then manage them effectively throughout their lifetime. As with all simple goals, the challenge is in developing a solution that fully delivers on the promise. With NativeEdge, Dell has taken full advantage of FIDO Device Onboarding (FDO) together with the Linux Foundation Edge FDO project code to build on top of an industry onboarding technology that fully supports Dell’s mission to simplify deployment and management at the edge while delivering the highest levels of security. NativeEdge is now available for customers to deploy at scale.
1 https://en.wikipedia.org/wiki/Edge_computing
2 Based on internal analysis, May 2023. The internal analysis consisted of internal modeling, customer interviews, and third-party environmental consultant review for methodology validation.
Tue, 26 Sep 2023 08:33:28 -0000
|Read Time: 0 minutes
IT to Operation Technology (OT) convergence is in full swing in many vertical markets and understanding the differences in each expertise from the personas who make purchasing and architectural decisions is crucial when enterprises are planning their IT and OT investments.
Many IT professionals practice port isolation in networking, which is considered a critical skill and is a well-known way of protecting applications, virtual machines, and containers and providing secure separation. Common practices include DMZs, VLANs, layer 7, or traditional firewalls. Virtualization can bring an additional layer of memory protection in these cases.
IT network port isolation is all around the isolation of networked resources. In researching port isolation, most of the results will solely focus on the IT administrators trying to isolate these ports in their network environment. Addressing applications over TCP or IP ports and implementing port isolation to protect them from network attacks, spoofing, or other methods are good practices for defending against these threats.
In OT and industrial control systems (ICS), port isolation is a crucially different task and is classified as electrical overstress (EOS) protection.
In edge and industrial environments, it is expected that devices will run continuously regardless of the interference they encounter. Therefore, ensuring resilience against electric static discharge (ESD), electric fast transients (EFT), and Lightning strikes (Surges) is crucial. Achieving good electromagnetic compatibility (EMC) for these systems can be challenging.
Port isolation is a way to protect devices from environmental electrostatic interferences in serial, industrial networking, or CAN. Many Edge devices are exposed to greater interferences due to their deployment in locations that do not provide exhaustive protection. Metal cabinets give Ingress Protection (IP) which is an international standard (IEC 60529) for the degree of protection and resistance to dust and moisture. IP protection does not protect against the EOS. The wires that communicate with the engines, sensors, conveyor belts, and pumps are often outside and fully exposed to the surroundings. These wires are all routed into the same compute endpoint and the length of these wires amplifies the exposure to EMC interference.
Helping customers that have experienced incidents that had catastrophic failures, and, sometimes, even epidemic failures can be time-consuming and costly. Often these happen not because of the lack of quality of the devices, but mainly using them outside of the validated and appropriate work areas. Special attention is needed during the purchase, architecture, and assembly of hardware components before they are rolled out into Edge environments.
Electrical components that are inside these Edge devices are vulnerable to these failures; CMOS ICs (chips), and integrated circuits built with MOSFETs. Examples: computer CPUs, graphics ICs, and computer cards.
Many people have experienced static electricity or "shocks" called electrostatic discharge (ESD) when touching a metal after walking across a carpeted floor or getting from a turning office chair and then shaking someone’s hand. However, static electricity and ESD have created serious industrial problems for centuries. In the early 15th century military forts were using grounding devices to prevent ESD —Electrostatic discharge is known for causing damage to sensitive electronics. This damage can occur in several different ways depending on the potency of the ESD and the type of electronics you are working with.
EOS damage can be degrading over time and components that have been exposed to EOS damage can work for some time in the field. Over time when components age and get damaged they will come to a point where they cannot do their work anymore.
The following figures show almost unnoticeable damage for the naked eye, but it will result in component failure over time.
Cables near motors can pick up high-voltage and high-frequency electrical fast transients (EFTs). The longer the cables the bigger of an antenna they form, making it easier for electronics to pick this up, and this can have the same effect on electronics and damage them. If these communication lines such as RS-485 use a different signal, they still can be vulnerable to these transients.
The following figures are examples of components being exposed to EFT and visible in this case. Both serial ports in this example have been exposed to high voltages resulting in even the tops of the components being blown away.
Things like lightning can cause serious damage to equipment. When lightning strikes, the energy can expose equipment to high energy, especially if the devices are in areas that are vulnerable to these incidents, without protection. For example, telco base stations could be due to the height of the poles being vulnerable to these exposures.
The following figure shows that the transformer has not been sufficient to protect against the surge that was exposed to this Ethernet port.
This effect can be increased if the location of the sensors and the computing equipment are in locations with different ground potentials. During a lightning strike, one location can be charged differently causing heavy current flow through the serial lines, which can cause surges.
Equipment has been validated to withstand a significant amount of EOS, especially our industrialized products which are designed to meet these rugged environments, but the amount of degradation that will occur in these industrial environments can vary, and the following figure indicates a scope of what can be expected in the environments. The following figure explains EOS severity; and surge voltage against the duration of EOS.
The environment where the devices are being handled can be a cause of failure and requires different measures to prevent devices from being introduced to ESD. Safe working environments typically have ESD safe flooring and ESD safe workbenches where strap bands are used to handle sensitive equipment.
High Potential (Hipot) testing or insulation resistance testing method that assures sufficient dielectric withstand is used to determine whether the ground wall can handle an over-voltage situation. An over-voltage situation is a voltage higher than the peak operating voltage of a device under test.
Preventive measures against EOS in Dell Edge Gateways
By introducing isolation components into the design and replacing traditional serial, CAN, or network ports with isolated options, the potential damage caused by surges can be reduced. Designs against the different threats can significantly reduce the damage caused to the devices and assure device uptime.
To reduce the risk and exposure to EOS, the Dell Edge Gateway 5200 and Dell Edge Gateway 3200 can be equipped with special addon. The two gateways can be purchased to introduce isolation protection. This will replace the non-isolated legacy ports and introduce protection towards endpoints that have potentially greater exposure to EOS.
SKU | SKU external description | Isolation protection |
492-BDFK | EGW-3200 isolated Canbus (EMUC-B202) | Complies with EN61000-4-5 2.5 kV Surge protection. Complies with IEC 60950-1:2005 + A1: 2009 + A2:2013 2.5kV HiPOT protection. Complies with EN61000-4-2 (ESD) Air-15 kV, Contact-8 kV. |
555-BIDQ + 492-BDFX | EGW-3200 isolated PoE Out Module (EMPL-G2P1) + EGW32/52 60 W AC Adapter (excluding power cord) | Complies with EN61000-4-2 (ESD) Air-15 kV, Contact- 8 kV. |
492-BDHQ | EGW-3200 isolated RS-422 & RS-485 Module (EMP2-X4S2) | Supports port-to-computer isolation, complies with IEC 60950-1:2005 + A1: 2009 + A2:2013 2.5 kV HiPOT protection. Complies with EN61000-4-2 (ESD) Air-15 kV, Contact-8 kV. |
492-BDHR | EGW-3200 isolated RS-232 Module (EMP2-X2S1) | Support port-to-computer isolation. Complies with IEC 60950-1:2005 + A1: 2009 + A2:2013 2.5 kV HiPOT protection. Complies with EN61000-4-2 (ESD) Air-15 kV, Contact-8 kV. |
492-BDFM | EGW-3200 isolated Gigabit Ethernet (EMPL-G201) | Complies with EN61000-4-5 1kV Surge protection. Complies with IEC 60950-1:2005 + A1: 2009 + A2:2013 2 kV HiPOT protection. Complies with EN61000-4-2 (ESD) Air-15kV, Contact-8 kV. |
SKU | SKU external description | Isolation protection |
492-BDGW | EGW-5200 isolated Canbus (EMUC-B202) | Complies with EN61000-4-5 2.5 kV Surge protection. Complies with IEC 60950-1:2005 + A1: 2009 + A2:2013 2.5 kV HiPOT protection. Complies with EN61000-4-2 (ESD) Air-15 kV, Contact-8 kV. |
492-BDFN+ 492-BDFX | EGW-5200 isolated PoE Out module (EMPL-G2P1) + EGW32/52 60 W AC adapter (excluding power cord) | Complies with EN61000-4-2 (ESD) Air-15 kV, Contact- 8 kV. |
492-BDGU | EGW5200 isolated RS-422 & RS-485 module (EMP2-X4S2) | Supports port-to-computer isolation, complies with IEC 60950-1:2005 + A1: 2009 + A2:2013 2.5 kV HiPOT protection. Complies with EN61000-4-2 (ESD) Air-15 kV, Contact-8 kV. |
492-BDFL | EGW-5200 isolated RS-232 module (EMP2-X2S1) | Support port-to-computer isolation. Complies with IEC 60950-1:2005 + A1: 2009 + A2:2013 2.5 kV HiPOT protection. Complies with EN61000-4-2 (ESD) Air-15 kV, Contact-8 kV. |
492-BDGX | EGW-5200 isolated Gigabit Ethernet (EMPL-G201) | Complies with EN61000-4-5-1 kV Surge protection. Complies with IEC 60950-1:2005 + A1: 2009 + A2:2013 2kV HiPOT protection. Complies with EN61000-4-2 (ESD) Air-15 kV, Contact-8 kV. |
492-BDFW | EGW-5200 isolated DIO |
|
About the Author: Jeroen Mackenbach
Jeroen Mackenbach is a Technical Staff – Engineering Technologist for Edge in the Infrastructure Solutions Group. He is a trusted advisor for engineering, leadership, and global customers bringing edge solutions to the market and complementing sales teams with essential technical insights. Jeroen draws on more than 25 years of expertise in embedded systems hardware and software, as well as the Linux ecosystem, helping customers address the challenges associated with edge and distributed environments. Jeroen joined Dell Technologies in 2018 and was invited to become a CTO ambassador. Jeroen is a regular speaker at Executive Briefings and industry events, including the Embedded Linux Conference in 2018 and 2019. Before joining Dell Technologies, Jeroen spent more than 20 years in Production Management and Technical Sales roles for design and manufacturing services. He speaks English and Dutch and holds technical qualifications in Electronics and Communications Engineering from the Hogeschool Rens en Rens in Hilversum, Netherlands.
Tue, 08 Aug 2023 14:31:00 -0000
|Read Time: 0 minutes
With an ever-evolving digital landscape and most edge use cases built around brownfield applications, IT operations have become a challenging matter for many organizations, particularly when bringing workloads to the enterprise edge.
These edge operational challenges include:
Edge lives outside data centers in the real world where we live. It is located where data is captured close to devices or endpoints, to generate immediate and actionable insights.
We are experiencing a perfect storm of innovation driven by an explosion of data (IoT, telemetry, video, and streaming data), technology capabilities (multicloud, AI/ML, heterogeneous computing, software-defined, and 5G), and the resulting business challenges (security, compliance, productivity, and customer experience).
Security that is required at these locations needs a different approach:
Dell is committed to assisting customers with the simplification of edge operations as the demand for secure and efficient application delivery has become paramount. The Dell NativeEdge platform leverages the power of edge computing to revolutionize application delivery in a secure environment.
NativeEdge provides a unique set of assets in an edge operations software platform which allows IT operations to deliver application orchestration, multicloud connectivity, zero-touch onboarding, a zero-trust security approach, and infrastructure management.
NativeEdge provides a standardized framework for defining and deploying applications. This simplifies the management and scalability of complex edge environments while ensuring consistency and reliability in application orchestration.
NativeEdge zero-touch provisioning is a feature that allows for the automatic and seamless deployment of NativeEdge Endpoint (OptiPlex, Gateways, and PowerEdge) without manual intervention. It enables quick and effortless setup by leveraging order and manufacturing preconfigured settings, eliminating the need for on-site configuration, and reducing deployment time and effort.
NativeEdge multicloud capabilities allow NativeEdge Endpoints to connect and integrate with multiple cloud platforms. It enables organizations to leverage various cloud services and resources, such as storage, computing power, and analytics, across different cloud providers, which enhances flexibility and scalability in edge computing deployments.
NativeEdge infrastructure management capabilities provide a comprehensive set of tools and features that enable centralized control and monitoring of NativeEdge Endpoints. It includes functions such as remote device management, software updates, configuration management, and performance monitoring—all of which enhance efficiency and simplify the management of edge computing infrastructure.
Zero trust is a security framework according to the National Institute of Standards and Technology Special Publication (NIST SP) 800-207 that challenges the traditional perimeter-based approach. It assumes that no user or device should be inherently trusted, requiring continuous verification and authentication of every access request. It aims to improve cybersecurity by minimizing risks and enforcing strict access controls regardless of location or network. A zero-trust solution starts with the seven pillars of security as defined by the Department of Defense (DoD), such as device trust, user trust, transport and session trust, data trust, software trust, the two layers that provide the visibility and analytics, and automation and orchestration. Each pillar has 45 capabilities, and each capability has 152 zero-trust activities.
NativeEdge is a powerful and secure edge computing application delivery solution that combines features like zero-touch provisioning, multicloud capabilities, and robust infrastructure management. It provides seamless edge, core, and cloud deployment, integration with multiple cloud platforms, and centralized control, which brings scale to edge operations.
Watch the overview video:
Curious to know more about NativeEdge capabilities? See Edge Security Essentials: Edge Security and How Dell NativeEdge Can Help, or visit Dell.com/NativeEdge and Dell Technologies Solutions Info Hub for NativeEdge.