Big yellow machines move earth today, but soon they may also move bits to
improve productivity and reduce cost thanks to the Internet of Things and edge
computing. Imagine a construction site with dozens of pieces of equipment. The
construction company wants to know how productive the equipment is, such as
how many hours it operates, how many loads it lifts, and precisely how it
traverses the site. The company also wants to know how well the various
components of each equipment piece is performing: are the bearings in the
wheels vibrating? Is the hydraulic pump overheating? With this knowledge, the
company can avoid over- or under-provisioning equipment and minimize downtime
for unneeded periodic maintenance or unexpected machine failure.
To implement this vision, the construction company could deploy an
edge-computing node onsite connected to a Microsoft Azure Cloud via a slow and
expensive satellite link. Various sensors on each machine use a local wireless
technology to send data to the edge-computing node, which handles the bulk of
analysis locally to minimize processing latency and uploads only selected data
to minimize bandwidth use.
Taking this vision one step closer to reality,
NXP,
Microsoft and
Sequitur Labs
have developed a secure edge-computing solution that ties together edge
computing and
platform security
technologies I’ve blogged about this past year. This solution is easy
to deploy, resistant to attack and reduces processing latency. As such, it
addresses key concerns holding back IoT deployment and creates new market
opportunities, ushering in the new secure and responsive IoT era.
Once considered to be at odds with each other, provisioning ease and security
are now aligned in the collaborators’ solution. As in the insecure era,
IoT nodes and gateways are simply plugged in and turned on. But now, the
gateway boots securely, autonomously and securely registers with the cloud,
and downloads from the cloud the containers providing the services hosted
locally. It’s these services that elevate the gateway to a
fully-fledged edge-computing node. Constrained in capability compared with the
gateway, the IoT leaf nodes have a simpler startup process but still must
authenticate themselves, which they do with the gateway before coming online.
Here’s a video demonstrating all of this in action.
To make this all work, the gateway must securely manage keys and communicate
with the cloud. To keep everything working securely, the gateway must
continually monitor the integrity of its code and data while it runs. Such
real-time integrity checking is a key part of the new solution. This video
shows an attacker injecting code into the edge-computing container. Detecting
this attack, the gateway displays a notification and restarts, relying on the
secure boot process to purge itself of the foreign code.
A key benefit of edge computing generally is the reduction in processing
latency by running cloud services close to the IoT leaf nodes. This solution
uses
Microsoft’s Azure IoT Edge, a service that delivers cloud
capabilities at the edge. The edge-computing nodes are not unanchored but instead
cooperate with services hosted in the Azure data center, forming a hybrid cloud.
This yields additional benefits.
Companies can manage IoT and edge/gateway nodes from the cloud. IoT
applications run even when nodes have intermittent WAN connectivity, relying
solely on the local edge node for cloud services. With data digested locally,
less needs to be transmitted over the WAN to an Azure data center. With its
greater capacity, the data center can accumulate received data and perform
larger scale analysis than the edge-computing nodes.
Enabled by the ease of use of solutions like that collaboratively developed by
NXP, Microsoft and Sequitur and not deferred owing to security concerns,
innumerable other uses will emerge for IoT and edge-computing technologies
beyond the construction-site example. NXP is pleased to collaborate with
Sequitur Labs on enabling these platform-trust capabilities for system
developers and with Microsoft on edge computing. For their take on this new
edge-computing platform,
see securing-the-intelligent-edge. The three companies are ready to plow
forward with customers ready to dig
into secure IoT and edge computing.
NXP’s Role
Readers of my other
blog posts
will have a good idea of NXP’s role in this collaboration. We make the
secure processing hardware. The demonstrations above use the company’s
QorIQ Layerscape
LS1012A
processor. It’s the entry-level processor in the Layerscape family,
less costly than other Layerscape processors owing to reduced “speeds
and feeds” but without skimping on compatibility and security. It is a
64-bit Arm V8 processor with cryptography accelerators and implementing
NXP’s Trust Architecture. Arm compatibility means the Arm ecosystem is
available to system developers, including standard Linux distributions and
Azure IoT Edge. Accelerated cryptography enables secure SSL or IPsec
connections to the cloud without unduly robbing IoT applications of CPU
cycles. The Trust Architecture enables platform security features, including
the secure boot and runtime integrity checker discussed above.