service overviewfigure 3-4 ief security solution open compatibility ief is based on the open-source...

Intelligent EdgeFabric

Service Overview

Issue 01

Date 2020-08-03

HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2020. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without priorwritten consent of Huawei Technologies Co., Ltd. Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respectiveholders. NoticeThe purchased products, services and features are stipulated by the contract made between Huawei andthe customer. All or part of the products, services and features described in this document may not bewithin the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,information, and recommendations in this document are provided "AS IS" without warranties, guaranteesor representations of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute a warranty of any kind, express or implied.

Issue 01 (2020-08-03) Copyright © Huawei Technologies Co., Ltd. i

Contents

1 What Is Intelligent EdgeFabric?........................................................................................... 1

2 Functions................................................................................................................................... 3

3 Advantages............................................................................................................................... 7

4 IEF Instance Editions.............................................................................................................11

5 Application Scenarios........................................................................................................... 12

6 Basic Concepts........................................................................................................................16

7 Billing....................................................................................................................................... 18

8 Requirements......................................................................................................................... 19

9 Permissions Management................................................................................................... 21

10 Quotas................................................................................................................................... 22

Intelligent EdgeFabricService Overview Contents

Issue 01 (2020-08-03) Copyright © Huawei Technologies Co., Ltd. ii

1 What Is Intelligent EdgeFabric?

Cloud computing capabilities are centralized, which are far from devices such ascameras and sensors. It will cause long network latency, network congestion, andservice quality deterioration in scenarios where high real-time computingperformance is required. Furthermore, the computing capabilities of devices areinsufficient and far behind those in the cloud. This is where edge computingcomes in. By deploying edge nodes near devices, the computing capabilities in thecloud are extended to the edge nodes.

Intelligent EdgeFabric (IEF) provides you a complete edge computing solution, inwhich cloud applications are extended to the edge. By leveraging edge-cloudsynergy, you can manage edge nodes and applications remotely and process datanearby. In addition, you can perform O&M in the cloud, including devicemonitoring, application monitoring, and log collection.

As shown in Figure 1-1, IEF extends cloud capabilities such as AI applications andfunctions to edge nodes, which are close to devices. In this way, the edge nodeshave the same capabilities as the cloud and can process device computingrequirements in real time.

Intelligent EdgeFabricService Overview 1 What Is Intelligent EdgeFabric?

Issue 01 (2020-08-03) Copyright © Huawei Technologies Co., Ltd. 1

Figure 1-1 Edge cloud computing

Intelligent EdgeFabricService Overview 1 What Is Intelligent EdgeFabric?


2 Functions

Edge Node ManagementIEF can connect to a large number of edge nodes, automatically generateconfiguration information about edge nodes, and efficiently and convenientlymanage edge nodes where Edge Agent is installed. In this way, all edge nodes canbe managed, monitored, and maintained in the cloud.

Figure 2-1 Edge node management

Edge Device ManagementDevices can be connected to IEF through edge nodes by using the MQTT, Modbus,or OPC UA protocol. After devices are connected to IEF, you can manage them onIEF in a unified manner.

Intelligent EdgeFabricService Overview 2 Functions


Figure 2-2 Edge device management

Edge Application ManagementIEF allows containerized applications and functions to be deployed on edge nodes,and manages these containerized applications and functions.

● Containerized applicationsIEF allows edge applications to be deployed on edge nodes as containers.Specially, edge applications are packed into container images and pushed toSoftware Repository for Container (SWR) of HUAWEI CLOUD. Then, edgeapplications are deployed on edge nodes by using the edge applicationtemplate created on IEF. In addition, IEF supports version upgrade,configuration change, uninstallation, monitoring, and log collection forapplications.The container ecosystem is prosperous, which can help your containerizedapplications seamlessly switch to other runtime environments and enhancetheir portability. In addition, containers can isolate resources better andsupport CPU/GPU scheduling.

● FunctionsIEF allows functions in HUAWEI CLOUD FunctionGraph to be deployed onedge nodes. Then, IEF can control the start and stop of the functions.Functions provide more lightweight architecture and faster deployment thancontainers. You are advised to use functions in the following scenarios:– Edge node resources are limited.– The service logic of edge applications is event-driven. In this way,

functions can quickly respond to service requirements through the event-based triggering mechanism.



https://www.huaweicloud.com/en-us/product/swr.html

https://www.huaweicloud.com/en-us/product/functiongraph.html

Figure 2-3 Edge application management

Message Route ManagementIEF provides the message routing function. Based on configured routes, IEFforwards edge messages to the corresponding service endpoint (sender orrecipient). In this way, messages can be forwarded based on specified paths,enhancing flexibility in data routing control and improving data security.

Currently, the following message forwarding paths are supported:

● SystemREST -> ServiceBus: The REST gateway interface is called to obtain fileservices on edge nodes. The collaboration with the edge file service in theedge market is required.

● SystemREST -> SystemEventBus: The REST gateway interface is called to sendmessages to SystemEventBus (MQTT Broker) on edge nodes.

● SystemEventBus -> DIS/API Gateway: SystemEventBus forwards the edgedevice data bound to edge nodes to the Data Ingestion Service (DIS) or aspecified API Gateway address. The collaboration with the edge deviceconnection application in the edge market is required. Alternatively,SystemEventBus directly forwards the edge device data to DIS or a specifiedAPI Gateway address through SystemEventBus on edge nodes.

● SystsEdgedb -> Systsdb: SystsEdgedb calls the REST interface of CloudTable atthe edge to upload the time series data of edge nodes to CloudTable. Thecollaboration with the CloudTable application in the edge marketplace isrequired.



Figure 2-4 Message forwarding paths



3 Advantages

Excessive Intelligent Edge ApplicationsIEF allows more than 20 AI models such as stream processing, video analysis,Optical Character Recognition (OCR), and image recognition, to be deployed onedge nodes. It also provides synergy between edge applications and cloud services.

You can view the detailed information about each application in EdgeMarketplace > Edge Application Center.

Figure 3-1 Excessive intelligent edge applications

High-Performance Intelligent Edge HardwareIEF provides a software and hardware integrated solution, which offers users withlow-cost, out-of-the-box, and centralized on-cloud O&M services. It uses Huaweigeneral-purpose servers and AI hardware and is deeply integrated with HuaweiAscend chips to provide high-performance, low-cost edge AI inference computingpower. IEF also supports TaiShan servers that use Huawei Kunpeng processors.

You can view the detailed information about each hardware in Edge Marketplace> Edge Hardware Center.

Intelligent EdgeFabricService Overview 3 Advantages


Figure 3-2 Edge hardware

Edge-Cloud SynergyIEF can work together with the cloud and edge. For example, in an AI scenario,ModelArts trains a large amount of data in the cloud to generate an AI model.Then, the AI model is packaged into an image and is deployed to an edge nodefor running (inference) through IEF. At the same time, data of the edge node istransmitted to the cloud through Data Ingestion Service (DIS), and thenModelArts further trains the edge node data to form a closed loop.

Figure 3-3 Building edge computing

Security and Reliability● IAM authentication

Agencies can be created in Identity and Access Management (IAM) to allowedge nodes to access HUAWEI CLOUD resources such as ApplicationOperations Management (AOM), Software Repository for Container (SWR),and DIS.

● Edge node securityEdge Agent creates dedicated service users whose accessible directories andpermissions are limited. Users can upload logs and monitoring information tothe cloud based on their requirements.



https://www.huaweicloud.com/en-us/product/modelarts.html

https://www.huaweicloud.com/en-us/product/dis.html

● Edge-cloud synergy communication securityEdge Agent initiates a request to IEF for establishing a bidirectional encryptedchannel. Messages exchanged between devices and IEF are authenticated andencrypted by certificates.

● Cloud securityThe frontend anti-DDoS protects the cloud against malicious attacks.A unique access certificate is issued for each edge node. Bidirectionalcommunication is authenticated and encrypted by certificates.

● Device securityEdge devices use certificates for identity authentication.

Figure 3-4 IEF security solution

Open CompatibilityIEF is based on the open-source software KubeEdge. Based on Kubernetes,KubeEdge provides fundamental infrastructure support for network, applicationdeployment, and metadata synchronization between the cloud and edge.

By using KubeEdge, developers can customize and tailor the edge node runtime(Edge Agent, an edge node manager) to reduce the difficulty in using edge nodes.



https://kubeedge.io/en/

Cost-effective● The combination of cloud and edge computing implements data filtering and

analysis on edge nodes, which greatly improves efficiency and reduces cloudcomputing costs.

● During cloud transmission, simple data processing is performed by edgenodes, so that the device response time is shortened, data traffic from devicesto the cloud is decreased, and bandwidth costs are reduced.



4 IEF Instance Editions

IEF offers two instance editions for you to choose.

● Professional edition: The management plane cluster is shared by multipleusers. The professional service instance allows you to manage nodes, devices,containerized applications, and functions.

● Platinum edition: Users have their own management plane clusters. Platinumservice instances allow you to manage large-scale nodes and deliver higherperformance. In addition to the functions provided by the professional serviceinstance, functions such as batch job and application governance aresupported by platinum service instances.

Table 4-1 lists the differences between the two editions.

Table 4-1 Functions provided by the two editions

Function Professional Edition Platinum Edition

Node management √ √

Device management √ √

Function management √ √

Containerizedapplication management

√ √

Edge-cloud messagerouting

√ √

Multi-network access √ √

Monitoring and O&M √ √

Batch job management √

Multi-instance √

Exclusive clusters √

Application governance √

Intelligent EdgeFabricService Overview 4 IEF Instance Editions


5 Application Scenarios

Public Safety MonitoringTraditional video surveillance systems only store videos without analyzing them. Inaddition, a large amount of data needs to be transmitted for video processing andanalysis. However, those traditional systems cannot respond in a timely manner,and therefore they cannot meet the growing security requirements.

With IEF, edge nodes pre-process videos in real time and send processed videodata back to the cloud. Analysis services in the cloud, such as Video AnalysisService (VAS) and Machine Learning Service (MLS), use the data to implementface recognition, personnel track management, and event alarm management. Inthis way, passive monitoring is changed to proactive analysis and prewarning. As aresult, in video surveillance scenarios such as campuses, residential areas,shopping malls, and supermarkets, users can predict incidents, take appropriateaction, monitor the situation, and track the results.

Advantages

● Flexible customization: Through edge-cloud synergy, edge intelligencecapabilities can be customized and intelligent algorithms can be quicklydeployed for optimal services.

● High efficiency and intelligence: Edge-side video pre-processing, combinedwith intelligent cloud video analysis, accurately and efficiently locatessuspicious situations.

● Centralized control: The lifecycle of edge applications can be managed in thecloud, reducing O&M costs.

Intelligent EdgeFabricService Overview 5 Application Scenarios


Figure 5-1 Public safety monitoring

Optical Character RecognitionOptical Character Recognition (OCR) scenarios, such as character recognition oninvoices and receipts, require high data security and application performance.

To meet the preceding requirements, IEF is used to provide a flexible, scalable, andhighly available end-to-end solution. In this solution, the edge and cloudcollaborate with each other. To be specific, the cloud has powerful computingcapabilities to deliver high application performance. IEF ensures data security bydelivering applications to edge nodes. In this way, edge nodes anonymize data andprocess and store key and privacy data locally. Then, the edge nodes upload theprocessed images to the cloud for OCR, and the cloud sends recognition resultsback to the edge nodes.

Advantages

● High security: With edge-cloud synergy, data is anonymized at the edge andOCR occurs in the cloud to protect user privacy.

● High efficiency: Unified management of edge nodes and applications reducesthe application deployment and upgrade time from days to just 30 minutes.

● Unified O&M: The cloud monitors edge nodes and applications, and managestheir logs in a unified manner, which helps you locate faults efficiently.

Figure 5-2 OCR

Visual Product InspectionsTraditional approaches in industrial manufacturing relied on naked eyes to detectproduct defects. This method was inefficient and often failed to detect flaws and



even ejected products without defects from the pool of qualified products, causinglosses in revenue and brand image. IEF combines cloud modeling and edgedecision-making to achieve automatic visual inspection, moving away fromtraditional manual visual inspections.

Advantages

● High efficiency: Edge-side deployment of visual models trained in the cloudenables real-time product prediction, improving detection efficiency andproduct quality.

● Optimal model: Model training in the cloud, data processing at the edge, andincremental model training optimization achieve optimal model.

● Unified control: IEF delivers models and monitors node status in a unifiedmanner.

Figure 5-3 Visual product inspections

CDN Node ManagementUnified management of CDN nodes deployed across the country helps usersimplement automatic application scheduling, auto scaling, and O&M of edgenodes and applications.

Advantages

● Auto scaling: IEF automatically adapts the amount of computing resources tofluctuating service load according to custom auto-scaling policies. To scalecomputing resources at the cluster level, IEF adds or reduces cloud servers. Toscale computing resources at the workload level, IEF adds or reducescontainers.

● Intelligent scheduling: Inter-node and inter-application affinity scheduling issupported.

● Dimensional O&M: Service status and edge node status are monitored in realtime to ensure stable running of applications.

● Local autonomy: Services can run properly even when edge nodes aredisconnected from cloud center networks.



Figure 5-4 CDN node management



6 Basic Concepts

Edge NodeAn edge computing device used to run edge applications, process data, andcollaborate with cloud applications securely and conveniently.

DeviceDevices can be as small as a sensor or controller or as large as a smart camera orcomputer numerical control (CNC) machine tool. They can be connected to IEFthrough edge nodes by using the MQTT, Modbus, or OPC UA protocol.

ApplicationA functional module that runs on edge nodes. Deploying the required applicationsbuilds your own edge computing capabilities.

FunctionFunctions are hosted in FunctionGraph. IEF can deliver these functions to edgenodes to quickly respond to events at the edge.

EndpointEndpoints are nodes that send or receive data. For example, if data is sent from adevice to a cloud service, the device is the source endpoint and the cloud service isthe destination endpoint.

RouteA route defines source and destination endpoints and resources. The systemforwards messages from the specified source endpoint resource to the specifieddestination endpoint resource based on the route.

ProductProduct is an abstract concept of devices. A product can connect to multipledevices. It is used by vendors to manage multiple devices in batches.

Intelligent EdgeFabricService Overview 6 Basic Concepts


https://www.huaweicloud.com/en-us/product/functiongraph.html

FirmwareFirmware is an installation package used by vendors to maintain and updatedevices. IEF allows vendors to allocate firmware to products and perform firmwareupgrade on devices managed by the products.

CertificateCertificates are categorized as node, application, and device certificates. The nodecertificate is used by edge nodes to access IEF. The application and devicecertificates are credentials for applications and devices to access MQTT Broker onedge nodes, respectively.

Intelligent EdgeFabricService Overview 6 Basic Concepts


7 Billing

Billing ItemsIEF is billed by the number of edge application instances.

For information about the IEF billing, see Product Pricing Details.

Billing FAQs1. Q: Will I be charged for registering and managing edge nodes on IEF?

A: You are billed only by the number of edge application instances.Registering edge nodes is free of charge.

2. Q: Will I be charged for registering devices with IEF?A: You are billed only by the number of edge application instances.Registering devices is free of charge.

3. Q: Do I need to pay for abnormal applications?A: Yes, you do. You are billed by the number of edge application instancesbecause IEF manages and maintains applications regardless of whether theyare normal or abnormal. Therefore, you are charged for all the applicationsand functions you can view on the Containerized Applications page and theFunctions page of the IEF console. If you do not want to use certainapplications or functions, delete them in time to avoid unnecessary fees.

Intelligent EdgeFabricService Overview 7 Billing


https://www.huaweicloud.com/en-us/pricing.html#/ief

8 Requirements

An edge node can be a physical machine or a virtual machine (VM). Edge nodesmust meet the specifications listed in Table 8-1. IEF allows you to register Atlas500 AI edge stations as edge nodes.

Table 8-1 Edge node requirements

Item Specifications

OS ● x86_64 architectureUbuntu 16.04 LTS (Xenial Xerus), Ubuntu 18.04 LTS(Bionic Beaver), CentOS 7.x and RHEL 7.x, Kylin 4.0.2,NewStart CGSL v5.5, and NeoKylin v7.0

● Armv7i (Arm32) architectureRaspbian GNU/Linux 9 (stretch)

● AArch64 (Arm64) architectureUbuntu 18.04.2 LTS (Bionic Beaver)

Memory ≥ 256 MB

CPU ≥ 1 vCPU

Hard disk ≥ 1 GB

GPU (optional) The GPU models on the same edge node must be thesame.NOTE

Currently, only NVIDIA GPUs, such as Tesla P4, P40, and T4, aresupported.If a device equipped with GPU hardware is registered as anedge node, you can choose not to enable its GPUs.

Intelligent EdgeFabricService Overview 8 Requirements


Item Specifications

Docker (mandatorywhen containerizedapplications aredeployed)

The Docker version must be later than 17.06. Docker18.06.3 is recommended.(However, do not use Docker 18.09.0 as it has a seriousbug. For details, see https://github.com/docker/for-linux/issues/543. If this version has been installed,upgrade it at the earliest. This issue has been resolved inDocker 18.09.0.60 embedded in Atlas 500 AI edgestations.)For details about how to install Docker, see https://docs.docker.com/install/overview/. You can installopen-source Docker Engine - Community (Docker CE) orpaid Docker Engine - Enterprise (Docker EE). For moredetails about Docker EE, see the official Dockerdocumentation at https://docs.docker.com/ee/supported-platforms/.NOTICE

After Docker is installed, configure the Docker process to startupon host startup. This configuration prevents systemexceptions caused by the Docker startup failure after the hostis restarted.

Glibc The Glibc version must be later than 2.17.

Port Edge nodes need to use the following ports. Ensure thatthese ports function properly.● 8102: used for reporting edge node logs to AOM● 8149: used for reporting monitoring data of edge

nodes to AOM● 8065: used for reporting edge node alarms to AOM● 443: used by edge nodes to interwork with IEF● 8883: used by the built-in MQTT Broker● 1883: port used by the external MQTT Broker● 2004: used by edge nodes to report messages to DIS

Intelligent EdgeFabricService Overview 8 Requirements


https://github.com/docker/for-linux/issues/543

https://github.com/docker/for-linux/issues/543

https://docs.docker.com/install/overview/

https://docs.docker.com/install/overview/

https://docs.docker.com/ee/supported-platforms/

https://docs.docker.com/ee/supported-platforms/

9 Permissions Management

IEF does not support fine-grained permission management using Identity andAccess Management (IAM). You are advised to log in to IEF using an account. Ifyou need to log in to IEF as an IAM user, assign permissions defined in the TenantAdministrator policy to the IAM user.

Intelligent EdgeFabricService Overview 9 Permissions Management


10 Quotas

IEF restricts the maximum amount of resources that a user can use. For detailsabout quotas, see Table 10-1 and Table 10-2.

Table 10-1 Resource quotas for the professional edition

Resource Object Default Quota

Node 10

Device 500

Device template 10

Containerizedapplication

500

Applicationtemplate

10

Applicationtemplate version

10

Tag A maximum of 20 tags for each resource

ConfigMap 50

Secret 50

Encryption data 50

Messageendpoint

20

Message route 100

Product 50

Node certificate 5000

Intelligent EdgeFabricService Overview 10 Quotas


Table 10-2 Quotas for the platinum edition

Resource Object Default Quota

Service instance 5

Node 50, 200, or 1,000, which can be selected when you create aplatinum service instance

Device Number of nodes x 50

Device template Same as the number of nodes

Containerizedapplication

Number of nodes x 50

Applicationtemplate

Same as the number of nodes

Applicationtemplate version

10

Tag A maximum of 20 tags for each resource

ConfigMap 50

Secret 50

Encryption data 50

Messageendpoint

20

Message route 100

Product 50

Node certificate Number of nodes x 500

Node group 100

Node groupcertificate

Number of nodes x 50

Service 500

Gateway 500

Virtual service 500

Batch job 20

Intelligent EdgeFabricService Overview 10 Quotas


service overviewfigure 3-4 ief security solution open compatibility ief is based on the open-source...

Documents