Edge Operations Require a Solution Built for the Edge

The edge is in transition as organizations look to modernize business operations at dispersed locations such as retail stores, factories, health clinics, and ships. As edge computing continues to gain momentum, enterprises are faced with the challenge of managing their edge devices and systems efficiently. To meet these challenges—including difficulty in scaling, limited network availability, edge-specific hardware and protocols, lack of onsite technical staff, and unique security needs—requires different solutions than those used in traditional data center and cloud management. Successful edge deployments need a purpose-built OT (operational technology) software infrastructure.

How edge technologies are changing the enterprise 

AI, in the forms of computer vision, machine learning, and generative AI, is being implemented to increase agility, operational efficiency, or to provide new customer experiences. Gartner predicts, “By 2029, at least 60% of edge computing deployments will use composite AI (both predictive and generative AI [GenAI]), compared to less than 5% in 2023.” [Gartner, Market Guide for Edge Computing, March 2024].

Retailers are using computer vision not only to restock shelves and prevent theft in real time but also to delight customers with new experiences like just-in-time coupons or interactive mirrors to show an outfit in a different color. Manufacturers are implementing Smart Factory technologies like predictive maintenance to increase machinery uptime and machine learning to more precisely control machine operations such as robotic welding. In the electric utility industry, the move to green energy sources like wind farms and solar increase the variance of power delivery. Moving to virtualized control systems at substations​​ increases the agility to respond to power shifts while lowering costs.

There are vast amounts of data available at these edge sites which, when processed quickly, can help make faster, smarter decisions. But it’s too costly and inefficient to ship all this data to the cloud. Edge operations often need to make real-time decisions rather than wait on a response from a cloud service—and often, OT devices need to continue operating even if the network is down. Thus, customers are using edge computing to run these applications locally. 

Our customers’ edge compute journeys often begin with the deployment of an initial edge application or discrete OT workload. Once the benefits of that initial deployment are realized, the challenge of scaling that application or workload across many sites and adding more edge applications begins. Without the right tools and platform, running and maintaining these applications can deteriorate business outcomes.

Edge challenges

Running workloads at the edge presents some unique challenges that can be difficult to address with traditional data center infrastructure solutions. These challenges mostly fall into five categories.

1. Scale: Edge deployments tend to involve a small number of workloads, running in many locations when compared to data center deployments. Data center infrastructure solutions, which have traditionally been designed to scale to many workloads running in a relatively small number of locations, struggle to accommodate managing edge infrastructure that can span hundreds, thousands, or tens of thousands of locations.
   
2. Limited or unreliable network connectivity: Most data center infrastructure solutions are designed based on the assumption that workload hosts will have robust and reliable connectivity to the management plane at all times. Unfortunately, in the case of edge workloads running in places like power substations, oil rigs, and shipping vessels, this isn’t always possible. Even outside of harsh or isolated environments, connectivity can be challenging. One of our retail customers with 800 stores across the U.S. observed that at any given time, 10 to 15% may be offline. At the same time, edge workloads can be just as mission-critical as those running in the data center, so you can’t afford to sacrifice the ability to continue operating when edge hosts have limited bandwidth, excessive latency, or a complete loss of connectivity to the management plane for potentially extended periods of time.  Even where reliable bandwidth is available, the local networks on which edge workloads run are often isolated from external inbound connections, and are sometimes not even managed by IT. In these scenarios, it can be difficult (if not impossible) to accommodate solutions where a centralized management plane must initiate connections to hosts running at the edge. This is because of the need to either allow inbound access to an isolated network (e.g. OT networks on a factory floor or power generation facility), and/or accommodate overlapping IP space (e.g. franchise retail stores with networks that aren’t managed by IT).
   
3. Edge-specific hardware and protocols: In addition to support for traditional server hardware and networking protocols, edge locations can have unique requirements that traditional data center infrastructure solutions simply aren’t able to accommodate. From a hardware perspective, edge environments may require ruggedized equipment and/or unique I/O interfaces to support WAN and device connectivity. Additionally, support for protocols like Profinet, PRP, etc. may be required to interact with edge devices. 
   
4. Limited onsite personnel: Deploying and servicing edge infrastructure is not always a simple matter of having a local IT professional on hand with a crash cart at a moment’s notice. In fact, the nearest senior IT resource might be hundreds or even thousands of miles from a given edge location—so solutions requiring skilled, hands-on interaction to image/configure hosts and integrate them with the management plane are often not feasible to support.
   
5. Edge security: Edge sites are typically characterized by a mix of industrial (e.g. industrial robots) and consumer IoT (e.g. security camera) devices. Because they are exposed to both internal and outside personnel, these devices expand the security threat vector greatly. The average cost of a successful attack on an IoT device exceeds $330,000 according to research by PSA Certified. A zero-trust access and strict security posture between the IT and OT layers is therefore essential to secure the edge across multiple layers. (A good example is the Purdue model framework for Industrial Control Systems.) In addition to protection, OT administrators also seek 360^o visibility to identify potential risks a priori. Compared to data centers, physical security controls are often weak at locations. For example, at a retail store, the server may be in the back room or under the counter. Without the high security of a data center, edge servers need to protect data in the event of theft or tampering.

VMware Edge Compute Stack: Purpose-built OT software infrastructure

VMware Edge Compute Stack was designed specifically to address edge challenges, all while retaining a rich suite of VM and container runtime capabilities.

1. Scale: The VMware Edge Cloud Orchestrator (VECO) is designed with both a pull-based management plane and a decoupled control plane, allowing for independent scaling of the management plane to support even the largest deployments consisting of thousands of edge locations. The Edge Compute Stack runtime also facilitates VM and container deployments with full support for single-node and clustered designs.
2. Limited or unreliable network connectivity: Another benefit of decoupling VECO management plane functionality from the control plane is that edge hosts have no dependency on connectivity to VECO for control plane functions like VM/container operation, clustering, etc. By embedding these control plane functions in the Edge Compute Stack runtime on the hosts themselves, workloads can remain fully functional with minimal bandwidth, excessive latency, and extended periods of no connectivity at all. This also results in an architecture that can tolerate NAT translation between hosts and the management plane to accommodate IP overlap and/or sites without private WAN connections.
3. Edge-specific hardware and protocols: In addition to providing full support for VMware’s already extensive list of hardware partner platforms, Edge Compute Stack supports an extensive hardware compatibility list to support ruggedized servers, industrial PCs, and other edge-specific devices.  This not only expands support for edge-specific I/O requirements, but can solve for a wide array of edge use cases when combined with Edge Compute Stack’s support for edge-specific networking protocols.
4. Limited onsite IT personnel: VMware Edge Compute Stack drastically simplifies the requirements for onsite staff, minimizing the time and expense involved with dispatching senior IT personnel.  Installation of the Edge Compute Stack runtime is fully scripted, so imaging can be as simple as installing a flash drive or other bootable media and powering on the host. Beyond physical racking and cabling, no further involvement is required from onsite personnel. Once the Edge Compute Stack runtime has network connectivity, it’ll automatically connect to the VECO to complete the zero-touch provisioning process. Once done, the host accesses its designated Git repo to get the desired state for host configuration settings, as well as all of the VM and container workloads that need to be deployed, without additional human intervention.
5. Edge security: VMware Edge Compute Stack addresses edge security at multiple levels. From a network access standpoint, unlike in the datacenter, edge workloads gain a security benefit from north-south communication. When resources or communication is needed, the Edge Agent opens an ephemeral connection to VECO, thereby negating the need to keep long-lived open inbound access to the edge. The integrated VMware Edge Intelligence component provides 360^o visibility into network flows and applies AI/ML techniques to detect anomalies that may be potential security violations. By leveraging the VMware VeloCloud Edge’s secure edge functionality, customers could create IT-OT separation—ensuring that the OT network is accessed only from known networks. 

A customer’s experience with VMware Edge Compute Stack

You can see the impact of a tailored edge approach in the story of one of our international retail customers. This company is focused on delivering competitive and differentiated offers to their customers. Post-pandemic, the market is crowded, loyalty is hard-fought, and retailers are competing solely on price and discounts. As a result, this retailer is looking to optimize its business operations and increase margin, while improving in-store experiences to attract customers back to the store.

Their strategy is to invest in technology to transform ‌in-store processes. They are leveraging the data generated at stores and connecting them with the operation backend, freeing up labor to focus on high-value tasks and customer engagement. They are investing heavily in computer vision applications to address issues that deteriorate their margins such as loss and theft prevention, self-service checkout, and store safety. This is done by using off-the-shelf software and in-house development.

VMware Edge Compute Stack has been designed to address these challenges, providing a platform that can host multiple use cases. The Edge Compute Stack zero-touch provisioning process greatly simplifies the onboarding of new sites with minimal involvement from IT personnel. The integrated edge runtime supports existing VM-based deployment and newly developed containerized applications, giving the development team autonomy to push new updates while sharing their scarce resources to meet the cost profile demanded by the business.

Across many industries, VMware Edge Compute Stack is solving the challenges of deploying and managing edge applications so customers can focus on their business goals. To learn more, visit the main VMware Edge Compute Stack site, or try it yourself by signing up for our free Tech Showcase.