February 27, 2024: VMware, recently acquired by Broadcom, announced that we’re returning to the VeloCloud brand for our SD-WAN and SASE solutions. Learn more in our press release and blog, Back to the Future with VeloCloud, the Intelligent Overlay for the Software-Defined Edge.
Workloads at the edge are growing dramatically and becoming increasingly important to business outcomes. The Gartner report Hyperscalers Stretching to the Digital Edge (24 July 2023) estimates that by 2025, more than half of enterprise-managed data will be created and processed outside the data center or cloud—in other words, at the edge. SASE and edge computing are converging to redefine industry standards, particularly in sectors like retail, manufacturing, and emergency services. This blog delves into these examples, illustrating how SASE and edge intersect: SASE’s robust, cloud-native security architecture not only protects but also optimizes the flow of vast data streams from the edge, enabling smarter, faster, and more secure operations across these vital sectors.
Where is the edge?
First of all, what do we mean when we say “the edge”? The far edge of a network is factories, warehouses, hospitals, retail stores, even windmills and first-responder vehicles. These are the places where computing is done near the source of data, rather than relying on a cloud or data center. This proximity allows for quicker data processing and less latency, making it ideal for real-time applications.
These locations have always produced a lot of data, mainly from IoT devices. The emerging difference is that now the data is not only created at the edge, but also processed at the edge. Organizations are pulling back from the cloud-first mentality and asking instead how they can use all this data at the edge to make faster and smarter decisions or create new customer experiences.
Better data management leads to new ideas and applications
In the past, workloads at the edge were largely extensions of IT operations at edge sites, for example to manage workstations or printing. New workloads at the edge fall outside of traditional IT and focus on business operations. New applications such as predictive maintenance and quality inspection are emerging from the ability to process this edge data better. You see this in emerging applications, the use of AI and machine learning, and ongoing efforts to virtualize operational technology (OT).
Take the example of closed-circuit cameras, which have been in stores and factories for years to enhance security. Now with computer vision, a camera in a grocery store can detect if a spill happens and trigger an action for personnel to clean it up. A camera in a factory can detect whether workers have their appropriate safety equipment on, or if a defective product is about to make it down the line.
The use of AI and machine learning at the edge is exploding. Gartner predicts that 50 percent of edge compute deployments will have a machine learning component by 2026. Organizations want to use the data at their edge sites to their operational efficiency and AI helps to process this data quickly to add value. Last year only 5% of edge computing deployments had machine learning and this will grow 10X by 2026.
Organizations are also digitizing and consolidating traditional OT workloads such as factory equipment, industrial control systems at chemical plants, high-voltage switches at electrical power substations, and retail point of sale systems. When this equipment is virtualized, it’s more efficient and easier to maintain using IT tools.
Why a large retailer chose the edge over the cloud
A European retail customer learned that shoppers were scamming stores by taking an expensive bottle of wine and a cheap bottle of wine to the self-checkout. They would scan the cheap bottle twice, then put the expensive bottle and the cheap bottle into their bag. So the retailer wrote an application to detect whether a scanned item was the same as the item placed in the bag. When they had to choose whether to deploy the app in the cloud or at the edge, they chose the edge for two reasons.
First, the amount of data which would need to be transferred to the cloud was too large. HD video is around 25 megabytes per minute, while 4K video adds up to 100 megabytes per minute. Multiply that by the number of self-checkout stations and the number of stores and this adds up to a significant amount of data—and significant costs from their cloud provider. The second consideration is latency and network delays. Every piece of data has a lifecycle of usefulness over time. The retailer had to make a quick decision because that expensive bottle may have already left the store by the time they received an analysis from the cloud.
But enterprises still need connectivity to clouds and data centers. In fact, it’s even more important to share data and protect your edge traffic. For data sets such as logs sent between different edge sites or large inferencing models that need a lot of compute power for training, it makes sense to process that data centrally and then share it with edge sites.
The retail industry is using the edge to improve the customer experience. For example, someone walking past the window of a clothing store could see their image reflected back to them in a “magic mirror” wearing a new outfit, enticing them to come into that store and buy the clothes. Other retailers are using existing ceiling cameras to track how customers navigate the store. They create a heat map linked to point-of-sale data, then optimize store shelves to maximize profits. Retailers can also minimize and consolidate store infrastructure by virtualizing point of sale systems and combine this with other apps on a small server to simplify their infrastructure management.
Edge innovation shrinks and consolidates factory hardware
Factories today have thousands compute devices including industrial PCs (IPCs), single-function ruggedized computers. Programmable logic controllers (PLCs) are small, dedicated hardwares for motion control. Human-machine interfaces are basically industrial PCs with a display attached for worker instructions or control. All this single-function hardware is like datacenters 20 years ago with dedicated file servers, web servers, and email servers.
Managing all this hardware is difficult. When a software or security update is needed, it typically is done by technicians using a USB drive—and only during production breaks. Our automotive manufacturing customer said that in one case it took them two weeks to implement a major Windows update. But with virtualization, this equipment can be shrunk to save money and time.
In the video below, you can see an example of a sorting station powered by VMware Edge Compute Stack™. It uses a camera to view, identify and sort parts. In a typical factory, this would be done with four different hardware systems: An industrial PC with the graphics capability for computer vision; a PLC to control the converter belts; a robot control system; and the human machine interface (HMI). With virtualization, all four functions can run on a single small server, or two nodes for redundancy. Advances in virtualization speed and scheduling have made it possible to run real-time runtime and normal runtime applications on a single platform.
Manufacturers can gain a lot more agility with sophisticated edge tools. Now the OT environment can be managed with standard IT tools. When there’s a failure, they can restore from a snapshot. When there’s an upgrade, they can perform batch updates, which is particularly helpful with security updates. Finally, it is much more energy efficient to run a small server rather than eight industrial PCs, helping manufacturers reach sustainability goals.
First responders serve the public better with edge technology
VMware by Broadcom is working with the Surrey and Sussex Police in the UK to put VMware SD-WAN™ and VMware Edge Compute Stack inside their police vehicles. The trunk (or “boot” in the UK) of most police cars holds around 100 kilograms of proprietary equipment for cameras and communications. It consumes a lot of energy, so an extra battery is needed. The Surrey and Sussex Police wanted to add automatic plate number readers so that their cameras could read license plates in motion and automatically identify tags associated with stolen vehicles or outstanding warrants. But that would add yet more complexity. The officers were also burdened with poor connectivity. They needed to return to headquarters to manually upload body camera or vehicle footage after an incident, taking time away from providing public safety in the community.
Dr. Steve Conn, Technical Project Manager for connectivity and security at Surrey Sussex asked, why can’t we put SD-WAN inside the vehicle? That turned out to be a great—and viable—idea.We replaced much of the expensive and heavy equipment with a small server running VMware Edge Compute Stack with virtual machines for SD-WAN, camera control, and an automatic number plate reader from partner Jenoptiks.
Now with better connectivity, the police officers stream data when they need it, saving many hours of police time. The lower vehicle weight is also estimated to save an estimated 65,000 liters of fuel. It is now much easier to set up a new vehicle, perform yearly maintenance, and troubleshoot issues. The police force estimates they will save €15 million over five years.
Characteristics of a successful edge implementation
The edge is the opposite of the cloud. A cloud or data center might have 1,000 servers in a single location. An edge implementation is more like 10,000 retail stores, each with a single server, possibly in remote locations and with limited IT support.
There is a need for a software-defined edge which includes all the distributed digital infrastructure for running workloads across dispersed locations. This encompasses the compute infrastructure, application lifecycle management, security, and networking services.
Three characteristics will make edge implementations successful:
- Right-sized infrastructure. The compute stack should be able to run on smaller hardware with lower latency.
- Zero-touch orchestration manages edge sites remotely without any onsite personnel, and takes into account that all edge sites may not have connectivity 100% of the time. Instead of IT’s traditional method of pushing down updates, pull-based orchestration can work better. When an edge is online, it checks whether it has the latest version of the applications to run the edge site and download additional components as needed. This applies to onsite compute infrastructure and security and network components as well.
- Network programmability. If the network knows what the workload is doing, it can provide the right type of network at the right time. For example, in a police vehicle in a non-emergency situation, cameras capture a frame every four seconds. But when sirens are on, indicating an emergency, you want to stream that footage continuously. The network should be able to recognize the condition and adjust the network to fit the needs of each situation.
How does SASE fit in?
Edge compute is a market driver for SASE. With more digital data, more intellectual property, and more operations running at the edge, there is an increased need for security. As mentioned above, there is an increased need to share data sets such as logs and models so all edge sites can benefit from centralized learning and optimization.
Sometimes edge devices need to connect directly to applications in the cloud or data center. For example, one of our customers operates automated greenhouse farms. They needed secure access for a robot running on a Linux operating system. VMware SASE components, including VMware SD-WAN and VMware SD-Access, secure and manage these connections.
There is an opportunity for integrated orchestration of edge services using SASE, specifically VMware Edge Cloud Orchestrator™. If security and networking know the state of a workload, dynamic policies can optimize the services for a better software-defined edge. Central orchestration eases the burden of managing many edge sites.
SASE is uniquely positioned to adapt and expand alongside the shifting operational demands of modern businesses. This intersection of SASE and edge computing heralds a new era of streamlined, secure connectivity, where the agility of edge computing meets the comprehensive security framework of SASE. By embracing this synergy, businesses can enhance their performance, improve their security posture, and scale to millions of sites. The integration of SASE with edge computing promises to be a cornerstone strategy, enabling organizations to stay ahead in a world where speed, security, and efficiency are not just goals, but necessities for success.