Skip to end of banner
Go to start of banner

Application Centric Connectivity Use Case - EdgeLake / Machine Builder Scenario

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Next »

Status: Proposed

Sponsor User: <AnyLog>

Date of Submission:  

Submitted by: Moshe

Scenario Overview

A common use case for EdgeLake involves scenarios where different companies need to share data.

For instance, a machine builder who wants to access data across all of their deployments to provide predictive maintenance, compare machine versions, configurations, and more.

Meanwhile, the machine operators (the builder’s customers) are interested in monitoring the data specific to the machines they operate.

With EdgeLake, data is hosted locally at the edge, near the machines that generate it. Using a virtual view, the distributed data (as the edge) is serviced to the applications as if it is centralized.

A blockchain layer manages security by ensuring that queries are signed with private keys. Nodes that satisfy these queries validate the senders and their permissions using public keys and security policies published on the blockchain.

This setup supports an unlimited number of nodes by forming a peer-to-peer (P2P) network where each node can satisfy queries.

For each query, the query is provided by the application to an arbitrary node in the network, This node identifies the nodes with relevant data (using metadata on the blockchain) and dynamically creates a MapReduce-like process with those nodes.

Using the MapReduce process, the reply is returned to the application that issued the query.

The Need

In the described setup, a permissioned overlay network is required to ensure secure peer-to-peer messaging between member nodes. This network must provide security guarantees that satisfies the customers.

Practically, it allows opening of ports necessary for communication on each participating node.

Solution

A secure, permissioned, overlay network that encrypts the data in transit. 

To enhance security, it is proposed that signatures and permissions can be validated at the network layer rather than at the target nodes, streamlining the overall process.

Preventing non-authorized messages to appear at the target nodes (vs. today that the security logic is contained in the node).

Architecture Proposal(s) - problem scenario(s) in block diagram

for a draft Moshe Shadmon

Resources: @Michael Bachelor, Muddasar Ahmed Moshe Shadmon

image-20241107-050052.pngimage-20241107-045905.pngimage-20241107-050130.png

BOM/SBOM

draft based on architecture

Identify components, and SW. Then use that to determine needed resources.

Outreach

Nephio

Anuket

ONAP

ODL

FIDO

L3AF

XGVela

CNTi

Paraglider

Sylva

Camara

Key contacts

Rahul Jadhav

r@accuknox.com

Get mailing list

Beth Cohen

Muddasar Ahmed to contact

Byung-Woo Jun

Santhosh.Fernandes@walmart.com

Get mailing list

Olivier Smith olivier.smith@matrixx.com

martin.matyas@tietoevry.com

Sarah McClure sarah_mcclure@berkeley.edu; Diego Vega (Azure Networking) Diego.Vega@microsoft.com

What cloud operators, SPs are here?

Get mailing list

Capabilities

  • No labels