- IBM booth demos:
- Workload runtime security (OH + KubeArmor + ???)
- Application-centric connectivity (OH + Skupper + ???)
- ML deployment automation (OH + TinyLlama? or Yolo v8 or v9?)
- LF Edge booth demos:
- Handsfree device onboarding (OH + FDO + LF Edge Sandbox + Project EVE)
- Realtime workload metrics (OH + EdgeLake + Grafana + optionally KubeArmor)
- Dynamic runtime secrets binding (OpenBao with Open Horizon)
...
Workload runtime security
Demo landing page link: Reduce attack surfaces on your edge nodes and workloads
Value prop: Secure and harden your edge solutions using Security-by-default principles and active mitigation measures from Days 0 - N.
...
- How do we stop, not just detect. Not post-detect strategies but active mitigation. Ex. application without hardening has these misconfigurations/access. KubeArmor will sandbox the application behavior to only allow the specified behavior and nothing else.
- Multiple applications on a device. If one is compromised, the blast radius could impact other running containers. How do you isolate the workloads to limit the blast radius.
- Specific use cases for Vault
- ORRA Kamakura demo showing addition of KubeArmor to the running application to enforce network micro-segmentation
Application-centric connectivity
Demo landing page link: Provide application-centric and -directed connectivity
Value-prop: Quickly connect deployed applications with remote resources in any location. Align distributed application connectivity with the applications themselves so both can be deployed and managed together by the same team.
...
Adopters: IBM Hybrid Cloud Mesh with Red Hat Service Interconnect
ML deployment automation
Demo landing page link: Dynamic ML association/placement/delivery/bi-directional sync
Value prop: Associate ML models with the applications that use them while allowing independent delivery and lifecycle management of each. Separate teams typically develop and maintain ML assets and their consuming applications. Why force the assets and applications to be deployed together by the same pipelines?MLOps pipelines
Owner: Jeff Lu
Todo: Determine which models/framework to show, how to update?
Adopters:
Handsfree device onboarding
Demo landing page link: Zero-touch device onboarding with FDO is a reality
Value prop: Use Open Horizon to host your FDO vouchers and device profiles for a complete FDO onboarding hosting service
...
Adopters: would Zededa be a potential adopter?
Proposed flow:
Realtime workload metrics
Demo landing page link: Use EdgeLake to access any edge data on-demand from anywhere
Pain points from transferring/streaming data to a central location for aggregation and insights generation:
...
Adopters: (feature sponsor: NS1)
Dynamic runtime secrets binding
Demo landing page link: OpenBao is approaching Alpha release and becoming an independent project
Value prop: Open Horizon uses OpenBao for dynamic runtime secrets binding with containerized workloads on both bare Linux hosts and in Kubernetes clusters.
...