Cloudifying the Enterprise Edge with Open Source Components

author-image

By

Edge computing is entering the mainstream as organizations look to extend cloud to on-premises and to take advantage of IoT and transformational digital business applications. I&O [infrastructure and operations] leaders must incorporate edge computing into their cloud computing plans as a foundation for new application types over the long term.1

Bob Gill, Gartner Analyst

Challenge

Technologies for handling and processing enterprise computing workloads—spanning operational technology (OT), communications technology (CT), and information technology (IT)—have undergone a steady evolution in recent years. The challenges of managing complex interactions in an environment that stretches from the data center to edge and includes hybrid and multicloud services require capabilities for scaling compute, storage, and networking resources fluidly to accommodate rapidly shifting requirements. Fifty percent of enterprise data is expected to be created and processed at the edge by 2022, and that is expected to grow to seventy-five percent by 2025.2 This growth in data processing at the edge is accelerating the use of cloud-native edge computing and distributed cloud services.

Communication service providers (CSPs) are under pressure to monetize 5G investments. Edge computing presents various opportunities for CSPs to fulfill Enterprise Edge use cases using various 5G capabilities like ultra-reliable low-latency (uRLLC) to grow enterprise revenue and customer experience. Developing AI models at the edge and management of these models represents a key challenge for CSPs in addressing new Enterprise Edge use cases.3

Cloud-native edge computing has emerged as an effective means for meeting enterprise requirements. Many organizations are exploring the use of a converged, standards-based infrastructure based on container technology and microservices to improve agility, enhance security, and establish low-latency, high-bandwidth connections between the cloud and the edge.

Prior efforts to meet enterprise needs used virtualized network hardware and employed Virtual Network Functions (VNFs) to cut expenses and develop additional value-added services. Relying heavily on virtual machines to balance workloads and resources, this model has achieved some success across the industry, but it also places heavier computing demands on the network running the VNFs. A nimbler, resource-efficient model also deployed on universal customer premises equipment (uCPE) takes advantage of container technology and open source components to deliver a more resilient, more manageable solution.

The key problems faced by enterprises evaluating edge computing implementations in their organization to consolidate OT, CT, and IT operations include:

  • Gaining easy access to cloud-based services: Enterprise customers need an open, flexible, cost-effective way to access the benefits gained when extending the cloud to the enterprise edge. The speed and ease with which networks can be configured to reach the edge is an important consideration.
  • Improving business agility: Enterprise customers strive to build systems that can respond to rapidly changing business conditions without investing large sums in specialized hardware components or proprietary software. Agility is also enhanced by the availability of a simple, secure means to gain business-wide Internet connectivity without needing a custom, proprietary solution.
  • Simplifying personnel requirements: Organizations need a means for reducing the personnel training requirements on-site through automated software lifecycle management, policy control through a single pane-of-glass viewpoint, and streamlined maintenance processes.
  • Finding ways to reduce CapEx and OpEx costs: By consolidating CT, IT, and OT workloads on a single edge server, cost savings can be realized, lowering equipment expenditures and reducing operational costs.
  • Developing reliable, interoperable CPE implementations: Selecting the hardware and software components for deploying a proven, functional cloud-native solution requires addressing diverse issues, including networking connectivity, orchestration, organizational security, and platform development.
  • Helping protect data and meeting data residency and privacy regulations: Enterprises can benefit by taking advantage of the various machine learning applications that cloud services deliver while protecting their data.
  • Improving application latency: Data processing is increasingly required closer to where the data is generated, especially with predictive AI analytics applications.
  • Enhancing visibility: CloudOps teams managing large numbers of edge cloud sites and applications need consistent visibility of their digital platform for each site.
  • Increasing availability: On-premises distributed edge-cloud sites help to increase system availability, reducing the need to depend on manual processes.

Solution

A technology partnership forged by Intel, IBM®, and Red Hat provides a forward-looking cloud-native solution to enterprise customers seeking to capitalize on edge-to-cloud services built with standards-based components. A new Enterprise Edge solution for universal CPE—featuring Red Hat® OpenShift®, IBM Cloud Satellite, and IBM Cloud Pak for Network Automation—addresses the key challenges encountered by enterprises migrating to cloud-native environments and connecting on-premises systems at the edge with cloud resources. Using commercial off-the-shelf (COTS) hardware based on Intel® architecture, this Enterprise Edge solution delivers a broad range of network services, including a software-defined wide-area network (SD-WAN) for higher availability, firewall, routing and switching services, Wi-Fi, and more. Additional functionality can be enabled within the solution, such as a wireless access gateway (WAG), artificial intelligence/machine learning (AI/ML) support, Internet of Things (IoT) capabilities, and so on.

The solution addresses these challenges:

Access: The tested and validated hardware and software components provide a streamlined approach for developing and implementing a cloud-native infrastructure on-premises. The solution delivers seamless connectivity for enterprises communicating with branch offices anywhere in the world in a manageable, secure, easy-to-deploy framework. The Kubernetes-based environment runs on Red Hat OpenShift Cluster Manager, allocating compute, networking, and storage resources and balancing workloads, giving enterprise customers flexible, extensible access to cloud-based services. IBM Cloud Satellite extends IBM Cloud services on the enterprise edge with Red Hat OpenShift Kubernetes Service (ROKS).

Agility: The container platform—Red Hat OpenShift Container Platform Plus—represents the first cloud-native solution for handling virtualized and containerized processes. This platform lets enterprise customers quickly deploy applications and microservices in on-premises branch offices and apply automation, advanced provisioning features guided by AI, and software lifecycle management to support business practices and policies. IBM Cloud Pak for Network Automation contributes to the solution, providing enterprises with AI-driven automated network operations and a platform for rapidly developing and deploying new services at the edge. IBM Cloud Satellite provides consistent dev tools to improve development velocity across public cloud and edge application deployments.

Simplified personnel training needs: The Enterprise Edge solution minimizes the need for specialized, trained personnel to perform maintenance, updates, and configuration tasks in the network or with the uCPE at the edge. The solution’s centralized control model provides policy-driven automation and can be combined with AI tools

to intelligently manage many enterprise edge processes. IBM Cloud Satellite is an IBM-managed cloud services solution giving a single pane of glass for workloads across distributed cloud, Site Reliability Engineering (SRE) management of cloud services and rule-based configuration and delivery of Kubernetes resources.

Lower CapEx and OpEx: The OpenShift Container Platform makes it possible to run diverse applications across a shared kernel, supporting the consolidation of CT, OT, and IT operations on a single server. Using containers for enterprise operations presents a much smaller footprint and lower energy use than full-function virtual machines.

Development and management of VMs can be complex. Each VM by design contains a separate image of the operating system and has a storage footprint that typically ranges to several gigabytes. Portability of applications across hybrid clouds or edge computing installation is very limited. In comparison, containers have excellent portability across on-premises and cloud environments, providing a smaller footprint typically in the megabyte range, simpler management than VMs, a built-in method for efficient software updates and patches, and fast application startup times. IBM Cloud Satellite Infrastructure services provide on-premises dedicated cloud Infrastructure as a Service (IaaS) with monthly OpEx consumption and flexible sizing with no long-term infrastructure commitments. These factors contribute to lower CapEx and OpEx values for the enterprise.

Reliance on standards-based components: The Enterprise Edge solution for universal CPE is built with open source components, making it easier to design, develop, and deploy a complete solution, minimizing interoperability issues, and offering numerous add-ons and enhancements through the edge computing and IoT ecosystem. Architecture support for Intel® Smart Edge Open gives developers access to a Multi-Access Edge Computing (MEC) software toolkit for enhancing service capabilities and optimizing performance for a wide variety of enterprise use cases.

The Red Hat OpenShift Container Platform extends the flexibility and interoperability of an open, standards-based infrastructure to a wide range of cloud-native use cases, providing automation and advanced management capabilities to enterprises operating at the edge.

High availability and security: The available cloud-native network functions, encompassing container firewall and smart SD-WAN capabilities, deliver strong security and high availability for external connectivity options.

Red Hat Ingredients and Contributions

The Enterprise Edge solution includes Red Hat OpenShift Container Platform Plus, a next-generation platform for hosting cloud-native applications. Red Hat OpenShift Container Platform is an enterprise-ready Kubernetes container platform with full-stack automated operations to manage hybrid cloud and multicloud deployments. It helps deliver applications faster and make developers more productive. Automated lifecycle management delivers increased security, tailored operations solutions, easy-to-manage cluster operations, and application portability. This landmark solution—the first market-ready, cloud-native implementation for delivering extensive uCPE services—has been optimized for enhanced performance and reliability for running on an Intel architecture-based platform.

Red Hat OpenShift Platform Plus provides a single hybrid cloud platform for enterprises to build, deploy, run, manage, automate, and secure intelligent applications at scale. OpenShift Platform Plus includes:

  • Red Hat OpenShift Container Platform – a complete set of services that helps developers code applications with speed while providing flexibility and efficiency for IT operations teams.
  • Red Hat Advanced Cluster Security for Kubernetes – a solution that provides Kubernetes-native security to enhance infrastructure and workload security through the entire application lifecycle.
  • Red Hat Advanced Cluster Management for Kubernetes – for extended visibility of an entire Kubernetes domain with built-in governance and application lifecycle management capabilities.

In this solution, the capabilities of Red Hat OpenShift Container Platform Plus are complemented by several other Red Hat solutions, including:

  • Red Hat Ansible Automation Platform – Brings the foundation for building and operating automation across an organization. The platform includes all the tools needed to implement enterprise-wide automation for the deployment and configuration of uCPEs, and lifecycle management of cloud-native container network functions (CNF) and virtual network functions (VNFs) across enterprise offices located around the world.
  • Red Hat Enterprise Linux – Delivers proven enterprise reliability and scalability across a variety of operating environments—bare metal, virtual, container, and hybrid cloud.

IBM Ingredients and Contributions

IBM provides distributed cloud services on the enterprise edge with bring-your-own hardware and IaaS options with technology for automation, orchestration, and lifecycle management of network functions and applications. Technologies contributed by IBM include:

  • IBM Cloud Satellite – Deploys and runs apps consistently across on-premises, edge computing, and public cloud environments from any cloud vendor.
  • IBM Cloud Pak for Network Automation – AI-powered telco cloud platform automates network operations with zero-touch simplicity.
  • IBM Edge Application Manager – Scales and runs edge solutions across diverse hybrid environments employing autonomous management techniques.

IBM Cloud Satellite and Red Hat OpenShift enable communication service providers (CSPs) to extend the telco cloud, providing on-premises CPE capabilities from small-to-midsize businesses to large-scale enterprises. This helps create opportunities for new managed carrier-grade products and services.

Intel Ingredients and Contributions

The hardware foundation on which the Enterprise Edge solution runs features Intel® Atom® processors, Intel Xeon® D processors, and Intel® Xeon® Scalable processors. Intel has been advancing different edge implementations over several years, including IoT, enterprise, and network edge, actively collaborating with ecosystem partners to achieve more efficient convergence of workloads using emerging uCPE technologies. Solution reference designs and performance verifications ensure proven, predictable workload processing and high reliability.

Configurations for the Enterprise Edge solution vary according to specific use cases. Working closely with Red Hat as digital transformation became widely adopted by communications service providers, Intel developed an network functions virtualization infrastructure (NFVI) reference design to provide production-grade service for CSPs. The reference design provides a foundation for independent software vendor (ISV) partners building network cloud design solutions, including uCPE implementations, to ensure interoperability of components. Performance-testing details to use as a metric for establishing service level agreements is another useful feature of the reference design.

As the agile platform for establishing a cloud-native architecture, Intel ingredients deliver these advantages to enterprise customers:

  • Flexible workload capacity – The architecture, based on the Intel Atom processor, Intel Xeon D processor, and Intel® Xeon® Scalable processor product family, accommodates the full range of workloads encountered at enterprise edge. Application use cases include web, database, networking, security applications, cryptography, big data, and AI inference.
  • Strong container security – In environments in which high security is prioritized, virtualization technology based on Intel architecture features helps ensure that containers and associated microservices are isolated at the container level.
  • Accelerated cryptographic operations – Support for streamlined, high-speed cryptographic processes delivers optimal protection for data in use, in transit, and at rest.
  • Enhanced data security – For confidential computing tasks, applications distributed using container technology can be strictly confined and rights precisely controlled.
  • Platform security advantages – To maintain a high level of platform security, Intel architecture-based capabilities help secure boot processes, platform attestation, and a Kubernetes-ready framework.

To complement silicon innovation, Intel has been a leading contributor for many years in open source software community development. Contributions include work for the Cloud Native Computing Foundation (CNCF) umbrella of projects dedicated to cloud-native evolution, enabling the ecosystem to fully and seamlessly exploit hardware capabilities. This also includes the foundational Kubernetes project, which supports a flexible and extensible plug-in framework, and node feature discovery (NFD) extensions that enable the discovery and consumption of unique hardware capabilities in a vendor-neutral manner.

Intel has developed a wide range of extensions in this way, as well as contributing to CNCF projects for service mesh, networking connectivity, storage, network data plane optimization, scheduling, and many more areas. While it is true that cloud-native technology and software innovation have abstracted many of the complexities of underlying topologies found in networking and edge computing infrastructure, important aspects of these market segments have not been addressed, and overhead has been introduced that failed to meet the unique requirements of certain applications in the space. Innovation from Intel makes it possible in a relatively transparent way to discover and consume hardware capabilities, making networking and edge computing first-class citizens in the cloudnative landscape.

Intel also works collaboratively with the open source community to create innovative solutions, such as Red Hat OpenShift and Intel Smart Edge Open, a royalty-free edge-computing software toolkit optimized for edge-computing use cases on Intel architecture. The toolkit offers a certified Kubernetes distribution with flexible and easy development paths and an optimized set of capabilities that help onboard and manage applications and network functions on any type of network.

Solution Capabilities and Benefits to Enterprises

Enterprises moving away from traditional appliances have a tremendous opportunity to improve efficiency, agility, and manageability by moving to a universal CPE environment based on CNFs and VNFs. The following sections summarize the capabilities and benefits that can be gained.

Convergence Increases Agility and Efficiency of Processes

Convergence is a consistent, recurring theme when evaluating the capabilities and benefits of Enterprise Edge deployments. Intel’s Bob Ghaffari, General Manager, Enterprise and Cloud Networking Division, envisions multiple approaches to convergence, including convergence of workloads, convergence of orchestration, management and infrastructure platforms, and convergence of hardware platforms. Describing some of the projects in which Intel is involved, Ghaffari said, “A good example of this technology trend is a retail video analytics workload for the edge on a uCPE platform running side by side with networking and security functions. We are seeing our ecosystem partners building solutions around this convergence; one

When we have the ability to take open-standard specifications, define an open architecture, and create open platforms that everyone can innovate with, it means we can all get solutions to market much quicker. That's how openness allows us all to win through collaboration. But it also allows us to deliver innovative solutions for our customers and drive the industry forward much faster.4

Rajesh Gadiyar, Vice President and CTO, Network Platforms Group, Intel

example is QNAP. They have integrated video surveillance and video analytics functions on top of a uCPE platform, which also runs SD-WAN and vFirewall security functions. Video analytics use the OpenVINO™ toolkit on the software layer, and on the hardware layer Intel Movidius™ Myriad™ X Vision Processing Unit (VPU) to provide a dedicated neural compute engine for accelerating deep learning inferencing. They also integrated microservices from Intel Smart Edge Open toolkit as part of their NFVI OS to add cloud-native orchestration capabilities.”5

DevSecOps Practices Strengthen Enterprise Security

As malicious attacks on enterprise networks increase, DevSecOps (development, security, and operations) has gained momentum as a means for preventing breaches. Delivering secure containers for critical business applications at the enterprise edge requires enacting a DevSecOps workflow and integrating the planning and design of security provisions at the very earliest stages of development. To provide guidelines for organizations that want strong protections for containers, the US Department of Defense published the Container Hardening Guide in October 2020. The guide outlines the DevSecOps practices that should be applied to prevent security breaches and mitigate risks when using container technology.

In developing its enterprise-grade Kubernetes platform—Red Hat OpenShift—Red Hat built a complete DevSecOps framework that includes many integral capabilities, available DevOps toolchains, and recommended security partner solutions to provide methods for more easily deploying containers while minimizing risk and identifying and blocking attack vectors. The framework and its capabilities are discussed in a Red Hat DevSecOps solution overview, How to deploy a comprehensive DevSecOps solution.

The challenge of establishing an effective and secure Kubernetes environment to support vital business applications takes foresight and planning. DevSecOps practices can enhance an organization’s mission and strengthen the security across the entire container platform.

Automation Reduces Maintenance Chores and Lifecycle Management

The maintenance tasks associated with cloud-based branch offices connected through SD-WANs can be substantial and large-scale manual processes are prone to human error. By using intelligent automation, complex network systems and servers can be managed effectively with greater visibility into component functionality and the overall efficiencies of the infrastructure.

IBM Cloud Pak for Network Automation delivers intelligent automation capabilities to orchestrate virtual and cloud-native network functions in minutes and a portfolio of edge-enabled applications and services. With the orchestration layer provided by IBM to bind all components of the stack together, CSPs can reap the full benefits of automation, such as zero-touch provisioning. CSPs are then able to create greater competitive differentiation from new services involving use case-specific network functions and slices implemented without the need for custom integration.

IBM Edge Application Manager enables CSPs to deploy and manage up to 40,000 edge nodes. It leverages autonomous workload management to continuously monitor the health of endpoint nodes. It also monitors the performance of applications, including AI inferencing applications, running within these nodes.

Container Technology Enhances App Portability and Interoperability

Containerized deployments at the enterprise edge offer agility, security, and portability in support of cloud-native infrastructures, providing a way to use familiar components, tooling, and workflow processes that developers typically use in IT environments. Distribution of business application patches and updates in containers makes it possible to manage software lifecycles in an efficient, highly visible manner. This capability also improves security because any detected vulnerabilities can be quickly fixed by distributing new application binaries in containers across multiple branch offices in a streamlined, automated manner.

Containers built to OCI-compliant guidelines will function reliably across all cloud-native infrastructures that adhere to OCI standards. This approach is an improvement over proprietary solutions for software deployment that complicate processes and tasks. Containers simplify portability of apps at the enterprise edge and provide efficient use of available network, system, and storage resources through virtualization.

Around 10% of enterprise-generated data is created and processed outside a traditional centralized data center or cloud. By 2025, Gartner predicts this figure will reach 75%.”6

Conclusion

The Enterprise Edge solution—combining Intel, Red Hat, and IBM ingredients in a standards-based framework—brings cloud-native CPE edge services to enterprises, providing the equivalent of a cloud for network services that can operate on-premises for customers. Enterprise customers with widespread branch locations, service providers, and others stand to gain a reliable, cost-effective means for deploying network functions with the lightweight portability of the Red Hat OpenShift container platform and the orchestration software provided by IBM. The Intel architecture-based infrastructure can provide the level of processing needed for diverse applications at the enterprise edge, from compact, energy-efficient Intel Atom processors to the Intel Xeon D processor family for heavy workloads to the high-performance Intel Scalable processor family for AI/ML and analytics.

Learn more

Intel Smart Edge Open

Visit the Smart Edge Open site for more information about building networking applications for cloud-native enterprise operations.

Intel Network Builders

Intel Network Builders fosters a vibrant ecosystem to lead the network transformation of tomorrow.

Learn more ›