Spectro Cloud, a platform provider of modern Kubernetes management, has announced the Secure Edge-Native Architecture (SENA). SENA, an enterprise-ready solution architecture built on zero-trust principles that was developed with support from Intel, brings tightly-coordinated capabilities that span from the silicon to the application, to enable teams to efficiently deploy, provision, operate and manage edge environments at scale.
With this solution architecture, Spectro Cloud and Intel are accelerating the entire edge industry by providing IT solution providers and enterprises with a new reference architecture that provides easy, cost-effective and secure management of edge environments at scale, thereby addressing the unique requirements of modern edge applications and deployments. SENA provides flexibility and manageability across all layers: from the hardware to the OS, Kubernetes distribution, any additional integrations and tools, all the way up to the application.
SENA combines Intel hardware and software, including Intel Smart Edge, with Spectro Cloud’s Kubernetes management platform Palette, its sponsored open source project Kairos and other innovations, to enable organizations to:
Deploy trusted devices fast and with ease even in challenging environments where connectivity and IT skills are limited. Capabilities include:
- Various onboarding methods (UI, API-based, IaC, QR code scanning)
- Support for Fast IDentity Online (FIDO) devices and hardware-enabled authentication.
- Online encryption leveraging hardware-based handshake.
- Support for air-gapped deployments and locations where connectivity is intermittent.
Provision the complete stack from the OS, to any Kubernetes distribution and required integrations continuously verifying origin and compatibility, complying with provenance and attestation principles, leveraging easy integrations with leading security standards including:
- Pre-deployment scans across all layers to ensure full-stack compatibility (OS, Kubernetes distribution, add-on integrations, application).
- Out-of-the-box integration of the CNCF open source project Kyverno, enabling easy consumption of Sigstore Cosign and System Log Signing Authority (SLSA).
- Support for Software Bill Of Materials (SBOM) scanning capabilities, in order to trace vulnerabilities and track versions for images.
Operate the edge runtime with confidence, ensuring the application stack and data are encrypted and cannot be tampered with at-rest, with hardware-enabled policy enforcement and adhering to confidential computing standards:
- OS and Kubernetes-agnostic immutability combined with cryptographic co-processing functionality to eliminate risk of tampering.
- Enhanced hardware encryption to statically measure boot and seal the user data while dynamically assessing device runtime state.
- Complete workload isolation for both containers and Virtual Machines with memory enclaves and in-transit mutual TLS encryption across all layers (internal between processes as well as external network traffic between Kubernetes pods).
Reduce complexity and easily perform any lifecycle management operation at scale across the full edge stack, to meet enterprise-grade governance requirements, without compromising on flexibility or performance. Capabilities include:
- Complete set of integrated day 0 to day 2 features, from cost visibility, quota resource control, backup and restore, penetration, conformance and security scans, monitoring, logging and alerting, including remote hardware management and recovery capabilities.
- Support for scaling to thousands of locations without performance degradation based on a decentralized architecture with local policy enforcement.
- Automated, orchestration of the complete Kubernetes stack (OS, distribution, integrations), based on always-on reconciliation loops and self-healing.
- Management of any device fleet with an edge-optimized dashboard, including live status for key events and advanced filtering and tagging.
Faster, zero-downtime rolling upgrades with A/B OS partitioning.
Easy access to more than 50 out-of-the-box integrations (packs), including OSes, Kubernetes distributions, monitoring, logging, with the option of importing additional.
- Native integration with IaC, CI/CD, ITSM and other tools.
Zero-trust access model across management plane and locations, with granular Role Based Access Control (RBAC).
The SENA solution architecture adds to Spectro Cloud’s ongoing commitment to advancing broad industry initiatives including CNCF’s Cluster API, Cluster API Metal As A Service provider, Kairos.io and now its participation in the Confidential Computing Consortium, where Spectro Cloud will work with Intel and other key industry members.