Scenario Overview

A common use case for EdgeLake involves scenarios where different companies need to share data.

For instance, a machine builder who wants to access data across all of their deployments to provide predictive maintenance, compare machine versions, configurations, and more.

Meanwhile, the machine operators (the builder’s customers) are interested in monitoring the data specific to the machines they operate.

With EdgeLake, data is hosted locally at the edge, near the machines that generate it. Using a virtual view, the distributed data (as the edge) is serviced to the applications as if it is centralized.

A blockchain layer manages security by ensuring that queries are signed with private keys. Nodes that satisfy these queries validate the senders and their permissions using public keys and security policies published on the blockchain.

This setup supports an unlimited number of nodes by forming a peer-to-peer (P2P) network where each node can satisfy queries.

For each query, the query is provided by the application to an arbitrary node in the network, This node identifies the nodes with relevant data (using metadata on the blockchain) and dynamically creates a MapReduce-like process with those nodes.

Using the MapReduce process, the reply is returned to the application that issued the query.

The Need

In the described setup, a permissioned overlay network is required to ensure secure peer-to-peer messaging between member nodes. This network must provide security guarantees that satisfies the customers.

Practically, it allows opening of ports necessary for communication on each participating node.

Solution

A secure, permissioned, overlay network that encrypts the data in transit.

To enhance security, it is proposed that signatures and permissions can be validated at the network layer rather than at the target nodes, streamlining the overall process.

Preventing non-authorized messages to appear at the target nodes (vs. today that the security logic is contained in the node).