How can centralized and decentralized approach fit together
The increase in internet bandwidth enabled the widespread use of a centralized cloud computing approach, such as private cloud, hybrid cloud and public cloud. Meanwhile, the increase of IoT devices at the edge of the networks produced a massive amount of data that gave rise to a new paradigm based on decentralized approach called Edge computing. Can these two opposing approaches to enterprise architecture fit together and bring value to customers? Yes, they can and there are numerous use cases in which centralized (cloud computing) and decentralized (edge computing) approach can complement one another quite effectively. In this article we present our design to a real-life scenario for one of our customers in which we applied cloud and edge computing principles and designed a highly automated private cloud solution deployable in tactical environments.
Firstly, we start with a short description of the project background. Our customer operates in the defense sector and plans to modernize its Deployable Communications and Information Systems, which provides IT services for units deployed in wartime and disaster relief operations. The main focus of the modernization is to:
- Enhance Responsiveness that results in shorter time period to deploy IT systems and higher flexibility in implementing changes to IT services.
- Decrease the system complexity, the operation of the deployable systems must be significantly reduced. This is necessary because the customer does not want to depend on highly skilled engineers while acting in a war zone or field conditions.
- Maintain high level of cyber security, the system must comply with the customers strict security and environmental standards.
- Data and interface compatibility with the existing IT systems.
In addition, the system resilience and service quality must be aligned with the strictly defined customer SLA. The stated key business needs and other numerous business and technical requirements were transformed into the following principles that formed the basis for system architecture and product selection:
- Orchestration and automation – automation and orchestration of infrastructure and its services in order to provide IaaS services (Infrastructure layer).
- Infrastructure resiliency and high availability – implementation of N+1 component redundancy where reasonable, applying no Single Point of Failure (SPOF) principle, clustering and virtualization of compute, network and storage infrastructure.
- Software designed infrastructure – including compute (SDC), storage (SDS), network (SDN)
- High climatic and environmental endurance – choosing Commercial of the Shelf (COTS) products that provide the best figures regarding tempest, electromagnetic compatibility, anti-shock hardness, climatic control, humidity, etc.
- High security – strict security separation into isolated domains for classified and unclassified systems.
- Scalability – vertical and horizontal scalability of ICT resources without the need of changes in the solution architecture and design.
- Modularity, standardization and unification – system designed based on standardized compact architectural building blocks based on common open standards and compliant with the customer regulation.
Our team of experts designed a solution that from the logical perspective contains cloud computing elements (virtualization and orchestration), edge computing elements (hyperconverged ICT infrastructure), security elements (Firewalls, IDS/IPS, physical segregation, etc.), technological infrastructure (ruggedized and tempested casing modules, end-user equipment’s, housing modules, etc.), and business/infrastructure applications running on top of the IaaS platform. We will further describe each element (see Figure 1) except the application layer, which was out of scope of this project.
Figure 1 – Logical architecture
The most critical and complex component of the whole solution is the Orchestration platform. In a typical private cloud solution, the Orchestration platform automates the provisioning and decommissioning of IT services and operates in one or many interconnected reginal data centers. However, in order to deploy a private cloud solution in a decentralized environment running on edge computing, we have to take a different approach. The orchestration platform and automation of provisioning is based on a Blueprint concept. Each Blueprint is a collection of formalized and structured design information that can be automatically run with a set of hierarchical services to populate the Edge infrastructure from scratch to the final mission specific configuration state (including SW components install and configuration and end-user services setup). In other words, the customer can have multiple specific blueprints. For example they can have a blueprint called “Humanitarian support”, that will contain IT services (that can be IaaS services or higher level services) designed for this kind of mission. Once the customer decides to deploy a humanitarian mission to any place in the world, the blueprint will be activated, which will automatically provision IaaS services including pre-installed applications on top of the Edge infrastructure. Once the technologies are deployed in the designated location, they can run in isolated mode without the need to synchronize with the central orchestration platform. With this approach the deployment of mission specific systems can be cut down from weeks to hours and still retain the ability to apply configuration changes in the deployed infrastructure. Figure 2 describes the relation between Blueprints and IaaS services including the process from Design to Service decommissioning.
Figure 2 – Service lifecycle
For the virtualization platform we have used a single platform based on VMware products that stacked compute virtualization, storage virtualization, network virtualization and cloud management and monitoring. Software-defined virtualized layers enable the hardware to be agnostic and provide the provisioning and decommissioning of IaaS services. These services will be further managed by the Orchestration platform.
The Edge computing element is based on Edge hyperconverged platform from HPE Edgeline portfolio which provides ultra-compact and dense form factor devices suited for cases with small dimensions and are designed for light weight, full ruggedization and enhanced environmental endurance in tactical environments. This platform provides required modularity and flexibility by operating a mix of diverse workloads at the edge. It includes compute, storage and network components that were integrated into a special custom-made and easily shipped and plugged-in cases.
By implementing Edge computing closer to the data source (see Figure 3), the solution offers:
- Interoperability between legacy and state-of-art devices
- Lower latency, faster response requirements on the edge
- Real-time analytics on the edge nodes vs. centralized business intelligence analytics processed in the cloud (on-premise/private or public)
- Reliable operations with intermittent connectivity
- Higher security chain
- Standardized compliance
- Cost effectivity
Figure 3 – Overview of Edge and Cloud components
The security aspects of the solution can be divided into two areas. Firstly, we have designed hardware and software components focused on security, such as Firewalls, Intrusion Detection Systems, etc. and secondly, we have applied a strict separation of devices into physically separated domains that are classified based on the customers requirement. Particularly, each hardware component is dedicated to one domain exclusively and the communication is allowed only through special gateways with strictly defined rules between the domains.
The Supporting infrastructure consists of housing elements providing cooling and heating, lightweight high strength cases that contained all the ICT infrastructure, ruggedized, tempested and high-quality power supply elements, transmission systems (i.e. radios) and various ancillary elements.
The main benefit of a centralized private cloud system that embraces the edge technologies is the high degree of automation that enables the organization to rapidly decrease the deployment time, lowers the requirements for qualified personnel in tactical environment and increases the flexibility in deploying changes in deployed IT services. Another valuable benefit is that despite the high performance, security and reliability requirements, Edge technologies meets these requirements and besides that provide light, ruggedized and smaller equipment that reduces the logistic requirements. Lastly, these solutions empower the standardization of IT operation which facilitates the simplifying of IT operations and enables the customer to focus on mission specific agenda.
The downside in implementing a centralized private cloud solution is the time and resources required in setting up, testing, and fine tuning the solution. Comparing with traditional systems deployed without any orchestration layer, the implementation phase is more complex and requires rigorous testing. However, the resources invested in implementing the solution are restored in the lower operational costs.
Based on our extensive experience from more than a decade of implementing and supporting private clouds we strongly advice applying the principles mentioned in this article mainly for the following use cases:
- Military customers providing IT services in tactical environments in various locations requiring fast deployment, ease of use and high degree of agility.
- Crisis management & public safety customers that requires fast deployment of systems suited for the specific missions.
These are only some of the use cases that we identified with our customers, as we described in this article, cloud and edge computing create value for customers that are looking for solutions that bring automation, agility, modularity and security to environments with limited communication access.