DEVOPSdigest

Spectro Cloud announced the Secure Edge-Native Architecture (SENA).

SENA, an enterprise-ready solution architecture built on zero-trust principles that was developed with support from Intel, brings tightly-coordinated capabilities that span from the silicon to the application, to enable teams to efficiently deploy, provision, operate and manage edge environments at scale. With this solution architecture, Spectro Cloud and Intel are accelerating the entire edge industry by providing IT solution providers and enterprises with a new reference architecture that provides easy, cost-effective and secure management of edge environments at scale, thereby addressing the unique requirements of modern edge applications and deployments. SENA provides flexibility and manageability across all layers: from the hardware to the OS, Kubernetes distribution, any additional integrations and tools, all the way up to the application.

“Kubernetes has rapidly evolved from largely DIY and intellectual debates about various Kubernetes distributions to optimizing management at scale across the full lifecycle and delivering flexible solutions that are fit-to-function for various use cases and environments – such as the edge," said Tenry Fu, Spectro Cloud CEO and co-founder. “Through our collaboration with Intel to develop the Secure Edge-Native Architecture (SENA), we are redefining the standard for edge Kubernetes. SENA empowers teams with a blueprint of best-of-edge hardware and software working in unison to address a new set of requirements that conventional solutions can’t.”

Spectro Cloud, working with Intel, has developed and delivered a next-generation edge solution architecture, SENA, bringing together hardware in any form-factor, Kubernetes full-stack management capabilities, agnostic to Operating Systems, Kubernetes distributions and integrations, and leading open source innovation. SENA provides end-to-end security based on the optimized cooperation between hardware to deliver at-scale cost-efficient management of edge locations, across every stage of the lifecycle.

"Edge applications require an ‘edge-native’ architecture paradigm to achieve capabilities and optimizations promised by distributed edge computing such as ultra-low latency, performance and quality of service. Security at the edge is especially challenging,” said Renu Navale, vice president & general manager of Edge Platforms Division at Intel Corporation. “With the Secure-Edge Native Architecture, Spectro Cloud is offering a solution that incorporates best-in-class edge hardware, Kubernetes management technologies and open source innovation, to accelerate the industry transformation to an edge-native infrastructure."

SENA combines Intel hardware and software, including Intel Smart Edge, with Spectro Cloud’s Kubernetes management platform Palette, its sponsored open source project Kairos and other innovations, to enable organizations to:

Deploy trusted devices fast and with ease even in challenging environments where connectivity and IT skills are limited. Capabilities include:

- Various onboarding methods (UI, API-based, IaC, QR code scanning)
- Support for Fast IDentity Online (FIDO) devices and hardware-enabled authentication.
- Online encryption leveraging hardware-based handshake.
- Support for air-gapped deployments and locations where connectivity is intermittent.

Provision the complete stack from the OS, to any Kubernetes distribution and required integrations continuously verifying origin and compatibility, complying with provenance and attestation principles, leveraging easy integrations with leading security standards including:

- Pre-deployment scans across all layers to ensure full-stack compatibility (OS, Kubernetes distribution, add-on integrations, application).
- Out-of-the-box integration of the CNCF open source project Kyverno, enabling easy consumption of Sigstore Cosign and System Log Signing Authority (SLSA).
- Support for Software Bill Of Materials (SBOM) scanning capabilities, in order to trace vulnerabilities and track versions for images.

Operate the edge runtime with confidence, ensuring the application stack and data are encrypted and cannot be tampered with at-rest, with hardware-enabled policy enforcement and adhering to confidential computing standards:

- OS and Kubernetes-agnostic immutability combined with cryptographic co-processing functionality to eliminate risk of tampering.
- Enhanced hardware encryption to statically measure boot and seal the user data while dynamically assessing device runtime state.
- Complete workload isolation for both containers and Virtual Machines with memory enclaves and in-transit mutual TLS encryption across all layers (internal between processes as well as external network traffic between Kubernetes pods).

Reduce complexity and easily perform any lifecycle management operation at scale across the full edge stack, to meet enterprise-grade governance requirements, without compromising on flexibility or performance. Capabilities include:

- Complete set of integrated day 0 to day 2 features, from cost visibility, quota resource control, backup and restore, penetration, conformance and security scans, monitoring, logging and alerting, including remote hardware management and recovery capabilities.
- Support for scaling to thousands of locations without performance degradation based on a decentralized architecture with local policy enforcement.
- Automated, orchestration of the complete Kubernetes stack (OS, distribution, integrations), based on always-on reconciliation loops and self-healing.
- Management of any device fleet with an edge-optimized dashboard, including live status for key events and advanced filtering and tagging.
- Faster, zero-downtime rolling upgrades with A/B OS partitioning.
- Easy access to more than 50 out-of-the-box integrations (packs), including OSes, Kubernetes distributions, monitoring, logging, with the option of importing additional.
- Native integration with IaC, CI/CD, ITSM and other tools.
- Zero-trust access model across management plane and locations, with granular Role Based Access Control (RBAC).

The SENA solution architecture adds to Spectro Cloud’s ongoing commitment to advancing broad industry initiatives including CNCF’s Cluster API, Cluster API Metal As A Service provider, Kairos.io and now its participation in the Confidential Computing Consortium, where Spectro Cloud will work with Intel and other key industry members.

SENA’s release follows last year’s Palette 3.0 launch and Palette Edge announcement, which set a new industry standard for security in edge Kubernetes environments.