The increase in internet bandwidth enabled the widespread use of a centralized cloud computing approach, such as private cloud, hybrid cloud and public cloud. Meanwhile, the increase of IoT devices at the edge of the networks produced a massive amount of data that gave rise to a new paradigm based on decentralized approach called Edge computing. Can these two opposing approaches to enterprise architecture fit together and bring value to customers? Yes, they can and there are numerous use cases in which centralized (cloud computing) and decentralized (edge computing) approach can complement one another quite effectively. In this article we present our design to a real-life scenario for one of our customers in which we applied cloud and edge computing principles and designed a highly automated private cloud solution deployable in tactical environments.
Firstly, we start with a short description of the project background. Our customer operates in the defense sector and plans to modernize its Deployable Communications and Information Systems, which provides IT services for units deployed in wartime and disaster relief operations. The main focus of the modernization is to:
In addition, the system resilience and service quality must be aligned with the strictly defined customer SLA. The stated key business needs and other numerous business and technical requirements were transformed into the following principles that formed the basis for system architecture and product selection:
Our team of experts designed a solution that from the logical perspective contains cloud computing elements (virtualization and orchestration), edge computing elements (hyperconverged ICT infrastructure), security elements (Firewalls, IDS/IPS, physical segregation, etc.), technological infrastructure (ruggedized and tempested casing modules, end-user equipment’s, housing modules, etc.), and business/infrastructure applications running on top of the IaaS platform. We will further describe each element (see Figure 1) except the application layer, which was out of scope of this project.
Figure 1 – Logical architecture
The most critical and complex component of the whole solution is the Orchestration platform. In a typical private cloud solution, the Orchestration platform automates the provisioning and decommissioning of IT services and operates in one or many interconnected reginal data centers. However, in order to deploy a private cloud solution in a decentralized environment running on edge computing, we have to take a different approach. The orchestration platform and automation of provisioning is based on a Blueprint concept. Each Blueprint is a collection of formalized and structured design information that can be automatically run with a set of hierarchical services to populate the Edge infrastructure from scratch to the final mission specific configuration state (including SW components install and configuration and end-user services setup). In other words, the customer can have multiple specific blueprints. For example they can have a blueprint called “Humanitarian support”, that will contain IT services (that can be IaaS services or higher level services) designed for this kind of mission. Once the customer decides to deploy a humanitarian mission to any place in the world, the blueprint will be activated, which will automatically provision IaaS services including pre-installed applications on top of the Edge infrastructure. Once the technologies are deployed in the designated location, they can run in isolated mode without the need to synchronize with the central orchestration platform. With this approach the deployment of mission specific systems can be cut down from weeks to hours and still retain the ability to apply configuration changes in the deployed infrastructure. Figure 2 describes the relation between Blueprints and IaaS services including the process from Design to Service decommissioning.
Figure 2 – Service lifecycle
For the virtualization platform we have used a single platform based on VMware products that stacked compute virtualization, storage virtualization, network virtualization and cloud management and monitoring. Software-defined virtualized layers enable the hardware to be agnostic and provide the provisioning and decommissioning of IaaS services. These services will be further managed by the Orchestration platform.
The Edge computing element is based on Edge hyperconverged platform from HPE Edgeline portfolio which provides ultra-compact and dense form factor devices suited for cases with small dimensions and are designed for light weight, full ruggedization and enhanced environmental endurance in tactical environments. This platform provides required modularity and flexibility by operating a mix of diverse workloads at the edge. It includes compute, storage and network components that were integrated into a special custom-made and easily shipped and plugged-in cases.
By implementing Edge computing closer to the data source (see Figure 3), the solution offers:
Figure 3 – Overview of Edge and Cloud components
The security aspects of the solution can be divided into two areas. Firstly, we have designed hardware and software components focused on security, such as Firewalls, Intrusion Detection Systems, etc. and secondly, we have applied a strict separation of devices into physically separated domains that are classified based on the customers requirement. Particularly, each hardware component is dedicated to one domain exclusively and the communication is allowed only through special gateways with strictly defined rules between the domains.
The Supporting infrastructure consists of housing elements providing cooling and heating, lightweight high strength cases that contained all the ICT infrastructure, ruggedized, tempested and high-quality power supply elements, transmission systems (i.e. radios) and various ancillary elements.
The main benefit of a centralized private cloud system that embraces the edge technologies is the high degree of automation that enables the organization to rapidly decrease the deployment time, lowers the requirements for qualified personnel in tactical environment and increases the flexibility in deploying changes in deployed IT services. Another valuable benefit is that despite the high performance, security and reliability requirements, Edge technologies meets these requirements and besides that provide light, ruggedized and smaller equipment that reduces the logistic requirements. Lastly, these solutions empower the standardization of IT operation which facilitates the simplifying of IT operations and enables the customer to focus on mission specific agenda.
The downside in implementing a centralized private cloud solution is the time and resources required in setting up, testing, and fine tuning the solution. Comparing with traditional systems deployed without any orchestration layer, the implementation phase is more complex and requires rigorous testing. However, the resources invested in implementing the solution are restored in the lower operational costs.
Based on our extensive experience from more than a decade of implementing and supporting private clouds we strongly advice applying the principles mentioned in this article mainly for the following use cases:
These are only some of the use cases that we identified with our customers, as we described in this article, cloud and edge computing create value for customers that are looking for solutions that bring automation, agility, modularity and security to environments with limited communication access.
ITAPA Congress is the biggest event in Slovakia dedicated to the IT in Public Administration.
In cooperation with the Nexteria IT club, we gave two lectures for university students in the autumn.
Cloud works like a library and looks like a big computer from a distance
Aliter Technologies at a developer-to-developer conference.