Delivery: ~June 2018
The main theme for the California release of EdgeX is to provide a solid open source foundation for commercialization and deployment in a wide variety of Industrial IoT edge use cases.
Key to this is the first implementation of priority APIs and reference microservices for security and manageability. Another key theme for the California release is improving overall performance and lowering the baseline footprint of the code base. Work is currently underway for drop-in alternatives for key microservices (e.g. Core Services, Export and Device Services) based in Go Lang with a stretch goal being select implementations in C. Overall, the California release will improve EdgeX ease of use among a larger, more polyglot, development community.
Planned features to be delivered (as of January 2018 TSC Face-to-Face meeting).
A OS reverse proxy will be selected and integrated to EdgeX
Integrate with AAA service (see below)
With no (or very few) changes to existing micro services at this time
Currently looking at Traefik for dev/test and possibly NginX for prod
This will be for HTTP/S only (meaning security for MQTT and other protocols will not yet be provided)
An open source Authentication and Authorization server (s). (E.G., Keycloak, Dex, Hydra, …) will be selected and integrated to EdgeX
Prod deployment models will require integration with centralized AAA. Initial solution will be to integrate with reverse proxy
Data Protection Services via HashiCorps’s Vault will be integrated with EdgeX
This will provide Key Management, Certificate Services, Encryption
API abstraction to allow 3rd party implementation/extensions
Some additional research/work needs to be finalized for California around license, external CA support, local crypto library, bootstrap provisioning, local secure store for bootstrap credentials, unattended startup
System management API (action, alerts, metric) as discussed and outlined here
System management Agent
The target is to run all of EdgeX (all the services to include the virtual device service) on a Raspberry Pi 3 (1 GB RAM, 64bit CPU, at least 32GB storage space, running Raspbian Linux distro)
This is not an endorsement of the platform as our favorite or otherwise endorsed platform
It only suggests the general characteristics of a “developer community” target platform
This may not be entirely feasible without all Go replacements, but is the target and the development community will report back when/where this is not possible
For example, it is unlikely the target security implementation will fit on this size platform
Additional “developer community” targets
Startup in 1 minute or less (post OS boot – from micro service start to all services up and available)
Throughput for one piece of data (with one IP device connected by hard wire – versus WiFi) from data ingestion at the Device Service layer, through Core Data, to Rules Engine and back down through Command Service finally to Device Service for actuation will be < 1 second