ONE Summit 2024 Demos

• Priority list for ONE Summit demos:
  1. Workload runtime security (OH + KubeArmor + ???)
  2. Handsfree device onboarding (OH + FDO + LF Edge Sandbox + Project EVE)
  3. Realtime workload metrics (OH + EdgeLake + Grafana + optionally KubeArmor)
  4. OpenBao + Open Horizon
  5. LFN Hybrid Cloud Blueprint (OH + Skupper + ???)
  6. ML deployment automation (OH + TinyLlama? or Yolo v8 or v9?)

KubeArmor is the gold standard for workload runtime security

Value prop: Open Horizon works with KubeArmor on bare Linux and Kubernetes clusters to enforce security at the host and workload levels.

Owner: Prashant and Sanjeev Gupta 

Todo: Review Prashant's demo and determine scenario alignment with ONE Summit objectives

Adopters: (feature sponsor: Mainsail - Falcon Tactical Edge)

Story:

1. How do we stop, not just detect.  Not post-detect strategies but active mitigation.  Ex. application without hardening has these misconfigurations/access.  KubeArmor will sandbox the application behavior to only allow the specified behavior and nothing else.
2. Multiple applications on a device.  If one is compromised, the blast radius could impact other running containers.  How do you isolate the workloads to limit the blast radius.
3. Specific use cases for Vault
4. ORRA Kamakura demo showing addition of KubeArmor to the running application to enforce network micro-segmentation

Zero-touch device onboarding with FDO is a reality

Value prop: Use Open Horizon to host your FDO vouchers and device profiles for a complete FDO onboarding hosting service

Owner: Randy and Maxey?

Todo: Find and purchase FDO-enabled hardware.
     Update: Brad Pagen from Advantech has reached out and is interested in participating, thanks Randall F Templeton 

Adopters: would Zededa be a potential adopter?

Proposed flow:

Use EdgeLake to access any edge data on-demand from anywhere

Pain points from transferring/streaming data to a central location for aggregation and insights generation:

• introduces latency before action can be taken in response
• may violate data privacy/sovereignty
• incurs overhead costs for managing, storing, maintaining
• assumes you know in advance what data is needed
• reduces flexibility and agility since change takes weeks or more to implement and may not include previous data

Value prop: Anylog can surface your edge data without the expense of moving it to a centralized location, thus reducing costs and providing insights more quickly.  And Open Horizon can automate the deployment and management of EdgeLake on your edge nodes.

Owner: Ori Shadmon and Troy Fine 

Todo: Create Grafana service and then incorporate as data dashboard.

Adopters: (feature sponsor: NS1)

OpenBao is approaching Alpha release and becoming an independent project

Value prop: Open Horizon uses OpenBao for dynamic runtime secrets binding with containerized workloads on both bare Linux hosts and in Kubernetes clusters.

Owner: Nathan Phelps and Troy Fine 

Todo: Get AIO using OpenBao, then demonstrate Hello Secrets World

Adopters: IBM Edge Application Manager, IBM Hybrid Cloud Mesh

Demo details: 

1. Create a secret in the OpenBao secrets manager named hw-secret-name
2. Register an edge node with the helloSecretWorld example service
3. Show the "<your-node-id> says: Hello <secret-value>!" output of the service in a separate terminal updating every 5 seconds ("<secret-value>" here is the contents of the hw-secret-name secret)
4. Update the hw-secret-name secret with a new value "<new-secret-value>"
5. A few seconds later in the still open terminal window being updated live with the service output, observe the output change to "<your-node-id> says: Hello <new-secret-value>!"

Demonstrate OH managing ML placement/delivery/bi-directional sync

Value prop: Models are trained in the cloud or elsewhere, but don't have the ability to deliver securely to edge devices.  OH can be that last mile delivery solution.

Owner: Jeff Lu 

Todo: Determine which models/framework to show, how to update?

Adopters:

Provide application-centric and -directed connectivity

Value-prop: Align distributed application connectivity with the applications themselves so both can be deployed and managed together by the same team.

Owner: Jeff Lu  and Sanjeev Gupta?

Todo: Create Skupper service and show how to connect a distributed application to its remote services.  Linux host to start, then Kubernetes example?

Adopters: IBM Hybrid Cloud Mesh - Red Hat Service Interconnect