The explosion of data is driving a necessary increase in processing at the edge for reasons including latency, bandwidth savings, security, privacy and autonomy. However, deploying compute at the distributed edge for use cases spanning IoT, AI, 5G, network virtualization, and security is especially challenging because the landscape is inherently heterogeneous, consisting of a diverse mix of technologies, legacy investments and skill sets. In order to scale edge computing, we need to tame this complexity by supporting a variety of deployment models in a more standardized and open way, in addition to enabling continued use of legacy investments.
Project EVE is building EVE-OS, a universal, open Linux-based operating system for distributed edge computing. EVE-OS aims to do for the distributed edge what Android did for mobile by creating an open foundation that simplifies development, orchestration and security of edge computing nodes deployed on-prem and in the field. Supporting Docker containers, Kubernetes clusters, virtual network functions, and virtual machines, EVE-OS provides a flexible foundation for distributed edge deployments with choice of any hardware, application and cloud.
EVE-OS can be deployed on any bare metal hardware (e.g., x86, Arm, GPU, RISC-V) or within a VM to provide consistent system and orchestration services and provides the ability to run applications in a variety of formats. Support for VMs enables users to continue to use existing software investments while building new containerized innovations in parallel. Compared to agent-based edge management solutions, the bare metal EVE-OS eliminates the possibility of bricking a device in the field during an update, requiring an expensive truck roll.
Orchestration of the underlying hardware and installed software is achieved through the open EVE API, providing developers with consistent behavior across a diverse mix of technology ingredients. Offering consistency and flexibility while maintaining a robust, state-of-the-art security posture is a key project tenet.
Key Capabilities
The goal of Project EVE is to enable edge computing deployments with the following capabilities:
- Access to hardware root of trust (e.g. TPM) when deployed on bare metal, supporting functions such as crypto-based ID (no device usernames and passwords), measured boot, remote attestation, signed updates, encryption, etc.
- “Secure by default” deployment profile
- High efficiency and usage of device resources including remote control of CPU, memory, networking and edge device I/O ports
- Hosting of any combination of apps in virtual machines, containers and Kubernetes clusters
- Hosting of any guest operating system deployable in a virtual machine
- Ability to assign CPU cores and co-processing (e.g. GPU) to specific apps
- Ability to block unused I/O ports to prevent physical tampering
- Remote updates of entire software stack with rollback capability to prevent bricking
- Automated patching for security updates
- Automated connectivity to one or more backends (cloud or on premises)
- Distributed firewall to securely route data over networks per policy
To access this functionality remotely the project offers a basic open source reference controller and users can leverage any fully-featured 3rd-party commercial controller that supports the open EVE APIs. When combined with a remote controller, EVE-OS enables scalable, centralized management for large volumes of highly-distributed edge compute nodes. Visit the EVE in the Market page for a list of available controllers and supported hardware.
EVE-OS is complementary to LF Edge application frameworks such as EdgeX Foundry and Fledge. The EVE community is working to harmonize with other LF Edge infrastructure projects.
Architecture
In order to handle the edge-unique capabilities as well as the more common VM and container runtime needs, EVE-OS is internally structured using a multitude of microservices loosely depicted in the architecture diagram below. Different microservices provide the security foundation, ensure that EVE-OS can robustly update itself, can robustly remain connected to its controller, and invoke the EVE API to deploy, operate, and debug the application instances.
Roadmap
Project EVE aims to build the only foundation required to support the diversity of the distributed edge by abstracting hardware complexity while enabling orchestration flexibility. The following are key 2023 project goals identified by the Technical Steering Committee (TSC):
- Continue to harden security by further leveraging TPM and investigating ARM security enhancements
- Implement advanced network diagnostics
- Add interactive installer to allow users to modify defaults of EVE installer images on the fly
- Improve testing/validation processes across EVE-OS, hardware, and applications
- Implement automation to accelerate EVE-OS qualification testing
- Investigate dis-aggregated container-attached storage
More roadmap details are available within the EVE Wiki.
The project is seeking users and feedback. We welcome contributions to help establish EVE-OS as a common foundation for distributed edge computing deployments, both in terms of support for more hardware and adding new capabilities.