SUSE – Delivering a Secure Nexus Point for Edge Computing, Powered by NVIDIA
- Earlier today, NVIDIA founder and CEO Jensen Huang announced the IGX platform for edge AI computing. The new platform brings security and functional safety into sensitive areas of edge computing, such as manufacturing, logistics, energy, and retail.
- SUSE has the software-defined infrastructure components needed to remove complexity and scale the computing edge, and we look forward to bringing our product ecosystem to the NVIDIA IGX platform.
Now, let’s recall the definition of edge computing, its significance and potential.
Edge computing – far and beyond
NVIDIA’s “Top Considerations for Deploying AI at the Edge” technical overview provides a simple yet effective definition for edge computing as “the process of bringing compute power to where the data is collected. By reducing the distance where the data is collected and where it’s processed, organizations can react quickly to real-time insights, unlocking that potential.”
Edge computing continues to grow at an impressive scale in both size and complexity. According to Gartner,* “By 2025, more than 50% of enterprise-managed data will be created and processed outside the data center or cloud,” and “By 2027, machine learning (ML) in the form of deep learning (DL) will be included in over 65% of edge use cases.”
Two key points should be clear:
- First, data created at the edge is critical (both in terms of volume, as well as for more insights).
- Second, there is a need to have both capacity and capability in edge computing devices. With that in mind: What are the capabilities and requirements to be addressed by these next-generation edge computing devices?
Nexus point for IT and OT (Industrial Automation and IoT)
When it comes to market sectors like industrial automation, the edge acts as the nexus of operational technologies (focused on outcomes) and IT (focused on data and automation). Edge devices (ex: sensors, actuators, and embedded devices) send their data to an IoT or edge gateway. Data from the gateways can be aggregated, analyzed, and combined with external (ex: IT) sources to provide richer, faster, and more intelligent, decision making. To achieve this, the compute infrastructure at the edge needs to fulfill several key requirements. The top three would be:
- Safety and Security – With the new levels of connectivity and data access, as well as the actual purpose/function of some of the edge devices, the ‘risk landscape’ becomes more complex. Product components need to support the overall reduction of liability risk.
- Performance and Reliability – Industrial equipment is built to be reliable. Computing elements added for improved decision making need to be as well. The computing edge needs to be highly performant to support the quick reaction times critical for industrial, medical, and retail environments.
- Long-term Support – Edge devices and solutions are built with longevity in mind. Associated hardware and software infrastructure should be planned for long-term usage, with minimal disruption to reduce the impact of re-qualification and/or certification of the solution stack.
Addressing edge requirements with NVIDIA IGX and SUSE Edge stack
SUSE will collaborate with NVIDIA to deliver a solution stack based on NVIDIA IGX and SUSE’s Edge stack to provide our customers with supported, secure, and reliable solutions to address the new edge computing requirements.
The NVIDIA IGX platform is a fundamental building block that provides industrial-grade hardware and software with long-term commercial support. The platform is secure by design with encrypted memory, IP protection from CPU to GPU, and security engines for key management.
The SUSE Edge consists of a series of products working together, starting with SUSE Linux Enterprise Micro (SLE Micro), which is an immutable OS built from the ground up to support containers and microservices. Moving up the stack, we provide K3s, a lightweight Kubernetes distribution fit for resource-constrained and remote location or IoT devices. Last but not least, we have Longhorn – a powerful cloud-native distributed storage solution for Kubernetes that can run anywhere. The SUSE Edge stack is complemented by two data center products: SUSE Manager for the host environment deployment and SUSE Rancher for the management of the Kubernetes (K3s) infrastructure.
Let’s review how NVIDIA IGX and the SUSE Edge stack address the requirement categories outlined in the previous section.
|Category||NVIDIA IGX||SUSE Edge|
|Safety and Security||Built-in functional safety extensions that allow customers to pursue industry-standard safety certifications.
Encrypted memory and IP protection from CPU to GPU, with security engines for key management.
End-to-end security with the latest in embedded device security, remote provisioning, and management.
|SLE Micro provides a reliable and secure OS platform for the edge. SLE common code base provides FIPS 140-2, DISA SRG/STG integration with CIS and Common Criteria. SELinux with policies included.
K3s is packaged as a tiny, single binary that reduces dependencies and steps needed to install, run, and automate a production Kubernetes cluster.
SUSE is pursuing supply chain levels for software artifacts (SLSA) Level 4 (highest level) certification to protect the integrity of the software supply chain.
|Performance and Reliability||High-performance and energy-efficient systems built for low-latency, real-time applications.||When used with SUSE Rancher, K3s provides an exceptionally reliable, comprehensive Kubernetes experience that confidently manages thousands of clusters across the edge. Combined with SUSE Rancher’s CD features, K3s users can manager up to 1 million edge clusters.|
|Long-term support||Full platform including industrial-grade hardware and NVIDIA AI Enterprise for long-term commercial support of the AI software stack.||Long-term OS support available from SUSE for SUSE Linux Enterprise.|
The future edge
We look forward to expanding our collaboration with NVIDIA and our partners, building and implementing solution stacks leveraging the best products from both companies.
Our immediate goals include qualification of SUSE Linux Enterprise Micro and SUSE Linux Enterprise Server, followed by the cloud-native stack.
Figure 1. Combined NVIDIA IGX and SUSE Edge Stack.
Call to action
For more information on the SUSE Edge stack, visit us at the following links:
- https://documentation.suse.com/sle-micro/5.2/ – For SLE Micro documentation.
- https://documentation.suse.com/sbp/server-linux/html/SBP-SLSA4/index.html – To learn more about securing the SUSE software supply chain.
- https://rancher.com/docs/k3s/latest/en/ – For K3s documentation.
- https://longhorn.io/docs/1.3.1/ – For Longhorn documentation.
- https://docs.ranchermanager.rancher.io/ – For SUSE Rancher itself.
If you’re looking to learn more about containers, Kubernetes, and Rancher – Visit us at https://rancher.com/learn-the-basics to get started with some training.