Spectro Cloud Palette Edge enhancements boost security in edge Kubernetes environments
Spectro Cloud announced new Palette Edge features, including secure “immutable” stack and new hardened edge Kubernetes distribution.
Kubernetes at the edge has spurred the interest of businesses around the world as they seek to enhance competitiveness and agility. To date, however, K8s at the edge has failed to realize its true potential. Why? A study by Dimensional Research found 72% of Kubernetes users effectively said: “It’s too challenging to deploy and manage Kubernetes on edge devices.”
The Palette Edge platform, first launched in March 2022, earned Spectro Cloud recognition as a 2022 Gartner Cool Vendor in Edge Computing solves this problem, enabling organizations to re-define how cost-efficiently they can deploy and manage edge K8s clusters at scale, including at locations with small form factor devices, no on-site IT skills and marginal connectivity.
Palette Edge delivers remote troubleshooting, zero-downtime rolling upgrades and patch management, even in single-server edge deployments, due to its A/B OS partition, multi-node failsafe design and support for both ARM and x86 architectures, including Intel’s Trusted Platform Module (TPM).
Palette Edge derives its functionality from Spectro Cloud’s core Palette platform, which enables organizations to manage K8s clusters across their full lifecycle, across public clouds, virtualized or bare metal data centers, as well as edge locations.
Through an extension of Cloud Native Computing Foundation (CNCF’s) Cluster API, Palette enables IT teams to model their full Kubernetes stacks from the OS to the application in a true declarative model, creating project-curated, reusable Cluster Profiles while providing a choice of operating systems, K8s distributions and tools from the broad K8s ecosystem.
Palette is architected to scale, delivering centralized and automated management combined with decentralized orchestration and policy enforcement — together enabling a virtually infinite scale from few to tens of thousands of clusters.
Extending this core Palette foundation, Palette Edge adds security, visibility and usability capabilities, setting a new industry standard for deploying and centrally managing edge K8s at scale, lowering total cost of ownership and risk for organizations of any size expanding to the edge.
Palette Edge is purpose-built to support key industry use cases including Internet of Things device management and orchestration, data ingestion, streaming, analytics and AI inference.
“For us, edge is an enabler to help clinicians deliver better patient outcomes by deploying technology closer to the user,” said Vignesh Shetty, SVP & GM Edison AI and Platform at GE Healthcare Digital. “The need for a secure, cost-effective approach to manage Kubernetes at the edge at scale is more relevant than ever before.”
The new Palette Edge delivers on the key priorities for edge K8s users with:
Security for Kubernetes at the edge: Spectro Cloud research found that security is the #1 concern when adopting edge Kubernetes.
Edge Kubernetes devices deployed in remote, unmonitored locations are particularly vulnerable to deliberate tampering and unintentional configuration drift, where their operating system, distribution and other software elements move out of compliance through ad hoc configuration changes.
Palette Edge now enables operations teams to build highly secure configurations for edge devices, including their preferred Kubernetes distribution and the underlying OS, which once deployed become immutable, read-only and unmodifiable by the application user, just like the firmware on a smartphone. The now-immutable stack also enables zero-downtime rolling upgrades, due to a failsafe deployment design.
Palette eXtended Kubernetes Edge (PXK-E): This new edge-optimized Kubernetes distribution version of Spectro Cloud’s CNCF-upstream Kubernetes distribution is available now to all Palette customers.
PXK-E incorporates Palette’s new immutability capability, along with NIST-800 security hardening. It is certified for more than 50 open source and commercial cloud native integrations and provides high availability and zero-downtime rolling upgrades even in single-server configurations.
With Palette Edge, businesses can choose the PXK-E distribution or Palette-optimized versions of any other K8s distribution, verified and supported by Spectro Cloud.
A NOC-like dashboard: Now organizations scaling to thousands or tens of thousands of edge devices have the power to manage their fleet more easily and with greater control than ever before.
Palette Edge’s Network Operations Center-like (NOC) dashboard provides intuitive user experience with live status for key events, plus advanced capabilities to filter, tag and drill down to clusters by location, status or other attribute. Importantly, operators can define powerful workflows for managing clusters, with almost infinite possibilities: for example, they can phase deployments of cluster updates by location for canary testing, or schedule patching to follow the sun.
Edge device onboarding: In edge Kubernetes projects, organizations can find the act of deploying new devices in remote locations incredibly problematic; often, costly field engineering truck rolls are needed.
Palette Edge makes it easy for non-specialist staff to power up and onboard a new device into a managed cluster, using a variety of methods, such as through Palette Edge’s user interface, leveraging its open API, the Spectro Cloud Terraform provider, or by simply scanning a QR code on the edge device itself.
The features delivered in this new Palette Edge release reflect real customer requirements of K8s at the edge. To address them and also contribute to the broader cloud native community, Spectro Cloud is now leading an open source project which delivers failsafe immutability at the edge: Kairos.
This is another example demonstrating Spectro Cloud’s continued commitment to foster innovation as a member of the CNCF and Linux Foundation, contributing to major Kubernetes ecosystem projects such as Cluster API and the Cluster API Provider for Canonical MAAS.
These new features are available in Spectro Cloud’s Palette Edge edition and further position Palette as a choice for organizations running Kubernetes at the edge at scale, enabling them to bring modern applications and data close to their end-users.
Customers of Palette Edge are already realizing benefits by avoiding otherwise necessary field engineering visits at edge locations, which can result to up to 90% reduction in operational costs.
“A key use case for 5G Edge compute is mission critical, ultra-low latency, workloads. That means cyber-security is a foundational principle for Edge and not an afterthought. Spectro Cloud is delivering a customer solution for deploying modern apps to the Edge that can integrate readily into end-to-end Zero Trust architectures,” said Dr. Ken Urquhart, Global Vice-President, 5G at Zscaler.
“This brand new set of capabilities is making edge K8s locations as easy as a cloud for our customers,” said Spectro Cloud co-founder and CEO Tenry Fu.
“With a platform that can scale to tens of thousands of edge locations, requirements like security, resiliency and ease-of-use can be game changers, and this has been our focus in the latest release. At Spectro Cloud we are committed champions of the innovation coming out of the open source community, and we couldn’t be more excited to collaborate with some of the most interesting projects to deliver some of those new capabilities.”, Fu continued.