Skip to main content

EdgeGuard

EdgeGuard is an extension of the Datasance PoT and the Eclipse ioFog Hardware Abstraction Layer Microservice. It serves as a critical security and monitoring component for edge devices running ioFog Agents.

The primary function of EdgeGuard is to monitor the Hardware Abstraction Layer (HAL) Microservice REST API, collecting comprehensive hardware details from endpoints such as lscpu , lspci , lsusb , lshw and /proc/cpuinfo. Using this data, EdgeGuard generates an irreversible hardware signature unique to the edge device.

In the event of a detected hardware signature change, EdgeGuard immediately deprovisions the ioFog Agent from the Edge Compute Network (ECN) cluster. This action ensures that unauthorized changes or tampering with edge devices are swiftly addressed, maintaining the integrity and security of the ECN.

EdgeGuard is particularly valuable for edge devices deployed outside traditional datacenters, where the risk of unauthorized access is significantly higher. By detecting potential security breaches and wiping all microservices running on the compromised ioFog Agent, EdgeGuard helps organizations adhere to strict security policies and minimize exposure to potential threats

This will be officiallay part of Agent configuration for auto deployment.For now you need to deploy it as via Application yaml kind.

Before deploying EdgeGuard

Configure abstractedHardwareEnabled as true for your Agent via ECNViewer or potctl

EdgeGuard as a traditional container

---
apiVersion: datasance.com/v3
kind: Application
metadata:
  name: edge-guard
spec:
  microservices:
    - name: edge-guard
      agent:
        name: foo
      images:
        registry: 1
        x86: ghcr.io/datasance/edge-guard:latest
        arm: ghcr.io/datasance/edge-guard:latest
      container:
        volumes:
          - hostDestination: /Users/emirhan/local-api
            containerDestination: /local-api
            accessMode: ro
            type: bind
          - hostDestination: hw-id
            containerDestination: /id
            accessMode: rw
            type: volume
        env:
          - key: PERIOD
            value: '10'
  routes: []

While deploying EdgeGuard

PERIOD env variable is used for defining time in seconds for the interval between each HAL scans

Launching the Container

The EdgeGuard images will always be available on ioFog Controllers using the catalog item ID 4.

Please refer to the catalog overview if you don't know yet how to deploy microservices using catalog items.

EdgeGuard as a WASM container

---
apiVersion: datasance.com/v3
kind: Application
metadata:
  name: edge-guard
spec:
  microservices:
    - name: edge-guard
      agent:
        name: foo
      images:
        registry: 1
        x86: ghcr.io/datasance/edge-guard-wasm:main 
        arm: ghcr.io/datasance/edge-guard-wasm:main
      container:
        rootHostAccess: false
        platform: "wasip1/wasm"
        runtime: "io.containerd.wasmedge.v1"
        volumes:
          - hostDestination: /Users/emirhan/local-api
            containerDestination: /local-api
            accessMode: ro
            type: bind
          - hostDestination: hw-id
            containerDestination: /id
            accessMode: rw
            type: volume
        env:
          - key: PERIOD
            value: '10'
  routes: []




import EditPageAdmonition from '@site/src/components/EditPageAdmonition';

<EditPageAdmonition />