Eclipse ioFog

ioFog is an edge computing application platform providing a standardized way to develop and remotely deploy secure microservices to edge computing devices.

Turn any hardware into a software platform

ioFog Engine standardizes running software at the edge by enabling microservices to run quickly, easily and reliably on all but the lowest powered edge devices. ioFog makes deployment simple, by abstracting the underlying hardware to provide a common compute platform that enables the same software to run on any device. This is achieved this by allowing developers to package and deploy their applications to each device using containerization technologies such as Docker and Unikernels. Beyond deployment, ioFog Engine makes it simple to manage the lifecycle of your microservices (deploy, update and rollback) and monitoring their health and resource usage.

ioFog is optimized to run on constrained hardware most commonly found at the Edge. With a one-line install, ioFog Engine can be downloaded onto any piece of hardware that runs Linux (from Yocto to RedHat). Built with constrained resources in mind, ioFog can run on devices as small as a Raspberry Pi Zero, smart cameras, autonomous vehicles, LTE base stations, Wi-Fi routers, cable boxes, smart lighting and IoT gateways.

Build Dynamic, Self-organizing Edge Compute Networks

Edge Compute NetworksIf you’ve got one edge device chances are you’ve probably got more. Tie them all together and you can create an Edge Compute Network (ECN). Here, ioFog has you covered too, making it easy to deploy and manage multiple devices at the same time. Since your ECN is likely distributed – composed of many different devices (let’s call them nodes) across multiple networks, each with potentially differing microservices – a piece of software called the Controller is used for management and orchestration. The Controller keeps track of all your nodes automatically, even across complicated network configurations, it can be used to maintain and optimize the entire fleet of devices.

ioFog Fog Services provides a suite of capabilities to create self-organizing software networks that run on top of any network connectivity. No NATs, VPNs or Firewalls needed. Protocol agnostic data messaging and delivery using flexible MIME-type data architecture also takes care of data management at the edge. Using a protocol agnostic MIME-type-like approach to describing data, ioFog applications and nodes are able to handle and route any data type, even if they don’t understand the actual payload of the data. Need complete control over data routing and messaging? ioFog supports native Geofencing of data, nodes and routing.

Ultimately the largest benefit to deploying an ECN is you to avoid costly round trips to the cloud. Local network communication can be 12,000x faster than going to the cloud and back. Not to say you can’t run ioFog nodes in the cloud too, if that’s the flexibility you need.

Security Designed for the Edge

When dealing with the Edge, cloud-based PKI security just doesn’t work. Cloud based PKI presupposes that devices are out of reach and that physical security at data centers assures only authorized personnel have access to the computing devices. The edge provides no such guarantee. Devices are out in the physical world with no one guarding a moisture sensor in a corn field, or an IoT gateway on a city bus, or smart camera on a street corner. At the edge, the cloud-based PKI model of security is like leaving your house keys on a park bench tagged with a home address. You wouldn’t be surprised if you were robbed.

At the Edge, you must plan that if someone motivated gets physical access to your device, they will not only compromise it but also access your private key. If they get your private key, they now have access to your backend. And then all your data is gone.

Real security at the edge requires the following 6 criteria:

  • shapeCreated with Sketch. Trust the Hardware
  • shapeCreated with Sketch. Secure Secrets
  • shapeCreated with Sketch. Remove Rogues
  • shapeCreated with Sketch. Trust the Software
  • shapeCreated with Sketch. Full Data Control
  • shapeCreated with Sketch. Jailbreak Awareness

ioFog’s Pure Edge Security is inspired by Blockchain. Each node in your ECN is a member of a distributed trust network. Each node is constantly validating a comprehensive set of security rules with all the other nodes, looking for minor deviations or signals of rogue nodes. When a rogue node is found, they are automatically quarantined from the ECN. If rogue nodes do not pass stringent security checks to re-enter the network, they can be remotely wiped of all software and data.

Pure Edge Security takes a multi facet approach to threat detection at the edge. From hardware root of trust all the way through microservices runtime verification ensures trust of the full hardware/software stack. Secure delivery of short-lived secrets happens at runtime, ensuring that if a device is compromised for any reason sensitive information will not endure. Additionally, the ECN architecture provides full control over data flow and policy-based geofencing assuring data goes only where it should. Instead of increasing the attack surface with devices at the edge, Edgeworx delivers a dramatically increased defense surface.