Overview of how IBM Edge Computing for Devices works

IBM Edge Computing for Devices is designed specifically for edge node management to minimize deployment risks and to manage the service software lifecycle on edge nodes fully autonomously.

IBM Edge Computing for Devices architecture

Edge computing solutions typically focus on one of the following architectural strategies:

• A powerful centralized authority for enforcing edge node software compliance.
• Passing the software compliance responsibility down to the edge node owners, who are required to monitor for software updates, and manually bring their own edge nodes into compliance.

The former focuses authority centrally, creating a single point of failure, and a target that attackers can exploit to control the entire fleet of edge nodes. The latter solution can result in large percentages of the edge nodes not having the latest software updates installed. If edge nodes are not all on the latest version or have all of the available fixes, the edge nodes can be vulnerable to attackers. Both approaches also typically rely upon the central authority as a basis for the establishment of trust.

In contrast to those solution approaches, IBM Edge Computing for Devices is decentralized. IBM Edge Computing for Devices manages service software compliance automatically on edge nodes without any manual intervention. On each edge node, decentralized and fully autonomous agent processes run governed by the policies that are specified during the machine registration with IBM Edge Computing for Devices. Decentralized and fully autonomous agbot (agreement bot), processes typically run in a central location, but can run anywhere, including on edge nodes. Like the agent processes, the agbots are governed by policies that are configured during the agbot creation. The agents and agbots handle most of the service software lifecycle management for the edge nodes and enforce software compliance on the edge nodes.

For efficiency, IBM Edge Computing for Devices includes two centralized services, the exchange and the switchboard. These services have no central authority over the autonomous agent and agbot processes. Instead, these services provide simple discovery and metadata sharing services (the exchange) and a private mailbox service to support peer-to-peer communications (the switchboard). These services support the fully autonomous work of the agents and agbots.

Each of the four IBM Edge Computing for Devices component types (agents, agbots, the exchange, and the switchboard) has a constrained area of responsibility. Each component has no authority or credentials to act outside their respective area of responsibility. By dividing responsibility and scoping authority and credentials, IBM Edge Computing for Devices offers risk management for edge node deployment.

For more information about how IBM Edge Computing for Devices works, review the following topics:

• Discovery and negotiation

  IBM Edge Computing for Devices is primarily decentralized and distributed. The autonomous agent and agbot processes collaborate on the software management of all registered edge nodes.

• Security and privacy

  IBM Edge Computing uses geographically distributed autonomous agent processes and agbot processes to maintain anonymity and security.

• Edge software management

  IBM Edge Computing relies on geographically distributed autonomous processes to manage the software lifecycle of all edge nodes.