EdgeX Foundry’s “California” release of its EdgeX IoT middleware adds security features and is rewritten in Go for faster boot and a smaller footprint, enabling it to run on the Raspberry Pi and other small footprint computers.
The Linux Foundation’s EdgeX Foundry project announced the second major release of its EdgeX IoT middleware for edge computing. The “California” release adds security features including reverse proxy and secure credentials storage. It’s also rewritten in Go to offer a smaller footprint This makes it possible to run EdgeX on relatively constrained edge devices such as the Raspberry Pi 3.
EdgeX Foundry was announced in late July 2017, with a goal of developing a standardized, open source interoperability framework for Internet of Things edge computing. EdgeX Foundry is creating and certifying an ecosystem of interoperable, plug-and-play components to create an open source EdgeX stack that will mediate between multiple sensor network messaging protocols as well as cloud and analytics platforms.
The framework facilitates interoperability code that spans edge analytics, security, system management, and services. It also eases the integration of pre-certified software for IoT gateways and smart edge devices.
“Our goal is to decouple connectivity standards and device interfaces from applications,” said Jason A. Shepherd, Dell Technologies IoT CTO and Chair of the EdgeX Foundry Governing Board, in an email interview with Linux.com. “EdgeX will enable flexibility and scalability through platform independence, loosely-coupled microservices, and the ability to bring together services written in different languages through common APIs. These cloud-native tenets are absolutely required at the edge to scale in an inherently fragmented, multi-edge and multi-cloud world.”
EdgeX is based on Dell’s seminal FUSE IoT middleware framework, with inputs from a similar AllJoyn-compliant project called IoTX. Dell is one of three Platinum members alongside Analog Devices, and Samsung. EdgeX Foundry now has 61 members overall, including AMD, Canonical, Cloud Foundry, Linaro, Mocana, NetFoundry, Opto 22, RFMicron, and VMware.
The California release follows the initial Barcelona release, which arrived last October. Barcelona provided reference Device Services supporting BACNet, Modbus, Bluetooth Low Energy (BLE), MQTT, SNMP, and Fischertechnik, as well as connectors to Azure IoT Suite and Google IoT Core.
The major new features in in EdgeX California aim to improve security. A new reverse proxy based on Kong helps protect REST API communications and secrets storage. The reverse proxy requires any external client of an EdgeX microservice to first authenticate itself before loading an EdgeX API.
The new secure storage facility for secrets is based on HashiCorp’s open source Vault. It lets you securely store sensitive data such as username/password credentials, certificates, and tokens within EdgeX for performing tasks such as encryption, making HTTPS calls to the enterprise, or securely connecting EdgeX to a cloud provider.
“Our Barcelona release had no security features because we wanted all the security layers to be defined by a community of industry experts such as RSA, Analog Devices, Thales, ForgeRock, and Mocana, rather than only from Dell,” said Shepherd. “The Reverse Proxy and Secrets Store is the foundation from which everything else is built.”
The other major change in California was that the code was rebuilt from the original Java with the Go programming language. The process delayed the release by several months, but as a result, California has a significantly reduced footprint, startup time, memory, and CPU usage. It fits into 42MB — or 68MB with container – and can now boot in less than a second per service compared to about 35 seconds (see chart below).
Additional new features in the California release include:
According to Dell’s Shepherd, the switch to Go was not only about reducing footprint, but to avoid the need for vendors to pay a Java license fee for commercial deployments. In addition, Go has expanded EdgeX’s developer base.
“Go’s concurrency model is superior to most programming languages, has the support of Google, is used by Docker, Kubernetes and many other large software development efforts, and is growing broadly in IoT circles,” said Shepherd. “We doubled our community in the months after the January Go-Lang Preview. There is a learning curve associated with getting a typical object (Java, C++) developer to move to Go (a functional versus object language), but overall the move has been good for fostering more enthusiasm about the platform as well as improving it.”
Shepherd noted that Go is only a baseline reference language. Developers can use the same APIs with other languages, and the project will support C in addition to Go for the Device Service SDKs. Because C can reduce the footprint even further than Go, it may be the better choice for applications built on a low-end “thin edge” gateway with a lot of Device Services, such as many different sensor protocols, said Shepherd. However, EdgeX Foundry chose Go because it is more platform independent in terms of hardware and OS.
The upcoming Delhi release due in October will include components such as manageability services, Device Service SDKs, improved unit and performance testing, and a basic EdgeX UI for demos. It will also add more security features including improved security service bootstrapping of Kong and Vault.
According to Shepherd, other security enhancements planned for Delhi include “tying Kong and potentially other security services to an access control system providing access control lists for granting access to various services.” Future versions of EdgeX will also establish a Chain of Trust API for systems that don’t have something like TPM. “We want to build out an API that allows EdgeX to establish a root of trust with the platform it rides on,” said Shepherd.
Other plans call for automating security testing, including “building an entire security testing apparatus and look at pen-testing type of needs,” said Shepherd. The project will also enhance the Vault-based secure storage system. “Today, EdgeX microservices get their configuration and secrets from the Consul configuration/registry service, but the secrets, such as passwords for database connections, are not secure. We want application secrets to come from Vault. Vault and Consul are provided by HashiCorp and we think there is a good way to use the two together.”
Looking forward to future releases, EdgeX plans to reduce the footprint even more to run in 128MB or lower. There are also roadmap items for “more integration to edge analytics, rules engines, and CEPs,” said Shepherd. “We are currently working with NodeRed as an example. “
When asked about the potential for integrating with other cloud-driven IoT platforms such as AWS Greengrass or Google’s new Cloud IoT Edge platform, Shepherd had this to say:
“Our ability to work with some of the proprietary cloud stacks depends on their openness and architecture, but we are certainly exploring the opportunities. The whole point is that a developer or end user can use their choice of edge analytics and backend services without having to reinvent the foundational elements for data ingestion, security and manageability.”
Separately, Shepherd noted: “Our completely open APIs — managed by the vendor-neutral Technical Steering Committee (TSC) to ensure stability and transparency — decouple developers’ choice of standards and application/cloud services to prevent them from being locked in via one particular provider’s proprietary APIs when the data meter starts spinning.”
Join us at Open Source Summit + Embedded Linux Conference Europe in Edinburgh, UK on October 22-24, 2018, for 100+ sessions on Linux, Cloud, Containers, AI, Community, and more.
Open source events create the best interaction points between developers and users, and one person you’re likely to meet at these events is Michelle Noorali, one of the most visible and recognizable faces in one of the biggest open source communities: Kubernetes.
Most modern software development, which is by default open source, is done by people spread across the globe, many of whom have never met in person. That’s why events like Open Source Summit are extremely important in creating opportunities for interaction for the people who are managing, developing, and using these open source projects.
Noorali, Senior Software Engineer at Microsoft, says she loves meeting people at events and learning about how they are using cloud-native tools and what they need. “I am trying to see if those tools that I work on can also meet other people’s needs,” she said.
This direct interaction gives Noorali a unique perspective for understanding the pain points. For example, “It’s really hard to pick from all of the cloud native technologies and figure out how they work together because at the end of the day, you are trying to deploy and run applications in the cloud or on bare metal,” she said. “The second point is how do I expose my developers, my teams to this stuff and get them to actually use cloud native tools, without having to learn about everything from scratch.”
Read more at The Linux Foundation
Open source is now so pervasive at organizations of all sizes that there is outsized demand for workers skilled with open platforms and tools. This has created profound changes in the job market, and across industries the skills gap is widening, making it ever more difficult to hire people with much needed job skills.
So far in this series, we’ve discussed why certification matters so much, explained the kinds of certifications that are making a difference, and covered some strategic ways to prepare for the task-centric exams that lead to certification. In this last article of the series, Clyde Seepersad, General Manager of Training and Certification at The Linux Foundation, answers some commonly asked questions pertaining to certification and exam-taking.
In a recent webinar during which Seepersad discussed these topics, one participant asked about the differences between performance-based tests or multiple-choice tests.
“I’m a very passionate believer in performance-based tests,” Seepersad said, “and the reason is that it really reflects the reality of how you do your work as an IT professional. You do your work on a live system. You do your work at the command line. You don’t do your work by being quizzed and being handed a set of answers.”
“When I think of my own role in the past as a hiring manager,” Seepersad added, “if you gave me the option between the two I would always pick the one where the candidate has proven that they can do the work in a live, timed hands-on environment because that’s going to be a better reflection of what I’m going to expect them to do in the real world. A performance-based test is definitely going to give me a lot more confidence in a candidate than a multiple-choice exam.”
In this article series, we have looked at what is involved in obtaining Linux Foundation certifications, but other organizations offer training and certification for open source platforms and tools as well. Another participant asked about the differences between Red Hat certification and Linux Foundation certification, for example.
“One of the things that I really like and respect about the Red Hat program is that just like The Linux Foundation program, it is performance-based,” Seepersad said. “It is a live system that the candidate has to work on, which is great. Red Hat continues to be a great option for users who know for a fact that they’re going to be working in a Red Hat-only environment.”
“One other distinction is that we deliver our exam 100 percent online,” he added. “For the Red Hat exams, you have to go to a physical testing center or a kiosk. From a convenience factor, depending on where you’re located, if you’re not in an urban area or if you’re in a country that maybe doesn’t have a lot of test infrastructure, being able to take an exam from your own computer and take it 24/7 can matter a lot.”
Seepersad was also asked what is meant by “exam insurance” for Linux Foundation certification exams. Seepersad said that soon after the training program was launched, they talked particularly with candidates who were taking a bit longer than expected about why that was.
“The reason was that they were trying to save up for delivering their solutions until they were really sure they were ready,” he said. “Quite often that meant they were about to run out of time. We thought about how to take the stress out of this. The way we take the stress out is by offering a no-questions-asked exam retake option. If you take either exam, LFCS or LFCE, and you do not succeed on your first attempt, you are automatically eligible to have a free second attempt.”
With certification playing a more important role in securing a rewarding long-term career, are you interested in learning about options for gaining credentials? If so, please check out the other stories in this series and stay tuned for more information about open source training and certification.
Open Networking Summit, the premier open networking event in North America, comes to Europe for the first time this year, gathering enterprises, service providers, and cloud providers across the open networking ecosystem.
Join 1000+ architects, developers, and thought leaders in Amsterdam, September 25-27, to share learnings, highlight innovation and discuss the future of open networking, including SDN, NFV, orchestration, and the automation of cloud, network, and IoT services.
Keynote Sessions Include:
REGISTER BY AUGUST 4 TO SAVE $805 »
Read more at The LInux Foundation
