Shift From The Cloud To The Edge

Overview

Things always manage to come to a complete circle and technology is no exception to this. Initially, it started with mainframe machines on which one would time-share, followed by desktop revolution, then client-server and the shift to the cloud. Note in each of these transitions, we moved from centralized to de-centralized, and vice-versa. Until now everyone believed that the answer was always the cloud (IaaS, PaaS and SaaS). However, things have changed again as we move back to a de-centralized model with the shift from the cloud to the edge.

Understanding the Drivers Behind the Shift from Cloud to Edge Computing

The cloud was always good for heavy lifting since one could provision appropriate resources based on their need to get the job done and only pay for the services consumed. However, there is always an element of latency involved since the data must travel to the endpoint in the cloud and the result must travel back to the origin. For some scenarios, this latency is not acceptable and hence decision making needs to happen closer to the device which requires the decision outcome.

Consider an example wherein a car needs to decide whether to apply brakes as a little child jumped in front of it. Though the vehicle might be sending data to the cloud, here one can clearly see that a cloud-based approach to arrive at the decision of whether to apply brakes is clearly not practical. This decision needs to be made at the edge in real time.

Another scenario – consider an example wherein an industrial boiler is overheating. It is not realistic to expect the data to make a round trip to the cloud for the decision making to happen. The decision making needs to happen locally and quickly in order to shut down the boiler before a catastrophe occurs.

Benefits of Edge Computing

Edge computing offers key benefits as outlined below:

  1. Faster response (reduced latency) as data is processed near the point of origin.
  2. Protect privacy by anonymizing at the edge as needed. Anonymized data is stored in the cloud.
  3. Reduced network bandwidth requirements.
  4. Better availability.
  5. Reduced cost.

A Quick Look at What Azure Offers

Azure recently announced support for edge computing through their IoT Edge offering. Azure mentions that IoT Edge is an Internet Of Things service built on top IoT Hub and it is meant for customers who want to analyze data on devices a.k.a. “at the edge” instead of the cloud. It is made up of three parts:

  1. IoT Edge modules are containers that contain Azure services, 3rd party services or your own code. These are deployed to IoT Edge devices and run locally on these devices.
  2. IoT Edge runtime runs on each IoT Edge device and manages these modules deployed to the device. It can run on a Raspberry Pi 3 to an industrial grade server.
  3. A cloud-based interface to help you manage and monitor the IoT Edge devices.

IoT Edge modules are essentially docker compatible containers that can be run on the IoT Edge runtime. One can package Azure services into modules that are subsequently run on the device. This enables one to perform the same type of analytics and machine learning locally on the edge device.

Note this implies that you can build in the cloud using Azure cloud-based service and then choose to package & deploy the same on the device. This “build in the cloud and run on device” model is particularly fascinating, since it allows existing customers to shift parts of their existing workload in the cloud to the edge easily and seamlessly.

The cloud-based interface allows you to manage your IoT Edge devices. Each device has a “device twin” on Azure end. The device twin has two types of properties:

  • Desired properties – This is the desired state that the device needs to be in. These are set by the Azure backend and read by the device.
  • Reported properties – These indicate the current state that the device is in. These are set by the device and read by Azure backend.

The notion of a device twin allows one to store device specific metadata in the cloud, query configurations, offline access to properties, etc. This is quite similar to “thing shadow” (aka device shadow) in AWS IoT.

Security Aspects of Edge Computing

Edge computing demands the same security rigor as the cloud service and potentially much more. Why? Because edge computing could potentially happen on a device that is physically accessible to malicious actors/hackers. Thus, it needs to safeguard against physical tampering attacks as well.

While there are several approaches to build security into the edge device, it starts with leveraging and building on security features provided at the processor level. For example – TrustedZone for ARM and secure enclaves provided by Intel chips (Secure Guard Extensions – SGX). Both of these provide for Trusted Execution Environment (TEE).

This hardening needs to continue to firmware and beyond as well. All software and modules running on the edge device need to be measured and checked for authenticity. This will help ensure that compromised software is detected immediately and not allowed to run.

When the device needs to authenticate to the cloud or elsewhere, then it should use certificate-based authentication (instead of passwords). All communication channels from the edge device to the cloud should be secured appropriately.

Proprietary algorithms and code will run on the edge device which is sitting out in the open public. Hence, it is critical to protect core Intellectual Property (IP) running on the edge device as well.

Though the device at the edge requires stringent security norms, the shift from cloud to the edge is pretty much inevitable and already happening. Vendors like Microsoft have already provided SDKs and runtime to make his shift easier and compelling for organizations.