Spectro Cloud Launches the Secure Edge-Native Architecture (SENA) for Securely Deploying and Managing Edge Computing Environments at Scale

SENA was developed in collaboration with Intel and leverages zero-trust principles for deep root security from the silicon to the application.

• SENA is an enterprise-ready solution architecture built on zero-trust principles, to effectively deploy, provision, operate and manage Kubernetes edge environments at scale.
• This new industry framework was developed with support from Intel and is based on today’s real-world edge requirements, providing for the tight coordination of security and management capabilities that span across the infrastructure silicon to application software, enabling enterprises to tackle the unique challenges and capture the business opportunities of modern edge applications, without needing to compromise on choice or performance.
• SENA integrates best-of-edge Intel, Spectro Cloud and open source technologies to raise the industry’s standard of securing edge environments, including Intel Smart Edge; Spectro Cloud’s Palette Edge Kubernetes management platform; and the open source Kairos.io project.

SAN JOSE, Calif.—Apr. 18, 2023—Spectro Cloud, a leading platform provider of modern Kubernetes management, today announced the Secure Edge-Native Architecture (SENA). SENA, an enterprise-ready solution architecture built on zero-trust principles that was developed with support from Intel, brings tightly-coordinated capabilities that span from the silicon to the application, to enable teams to efficiently deploy, provision, operate and manage edge environments at scale. With this solution architecture, Spectro Cloud and Intel are  accelerating the entire edge industry by providing IT solution providers and enterprises with a new reference architecture that provides easy, cost-effective and secure management of edge environments at scale, thereby addressing the unique requirements of modern edge applications and deployments. SENA provides flexibility and manageability across all layers: from the hardware to the OS, Kubernetes distribution, any additional integrations and tools, all the way up to the application.

“Kubernetes has rapidly evolved from largely DIY and intellectual debates about various Kubernetes distributions to optimizing management at scale across the full lifecycle and delivering flexible solutions that are fit-to-function for various use cases and environments – such as the edge" said Tenry Fu, Spectro Cloud CEO and co-founder. “Through our collaboration with Intel to develop the Secure Edge-Native Architecture (SENA), we are redefining the standard for edge Kubernetes. SENA empowers teams with a blueprint of best-of-edge hardware and software working in unison to address a new set of requirements that conventional solutions can’t.”

Organizations in every industry are looking to innovate, improve operational efficiency and transform the customer experience. From AI-enabled medical software at hospitals, smart shopping and hospitality, to drones maintaining power grids or inspecting crops, today’s rich container-based applications utilize vast amounts of data generated at the remote endpoints. The desire to push those new applications to improve speed and accuracy is driving today’s aggressive edge transformation.

However, edge devices and environments are difficult to efficiently deploy, provision, operate and manage remotely, introducing a new set of challenges that conventional cloud and data center hardware and software solutions designed for controlled environments cannot address. These challenges range from the risk of unauthorized physical access to the device — typically deployed in the field, outside secure data centers — which can expose confidential data; to limited or intermittent connectivity; or sizing constraints that demand light-weight footprints. In addition, Kubernetes and navigating the open source ecosystem dramatically increases the complexity for IT, platform engineering and DevOps teams, with multiple software layers consisting of heterogeneous components that need to be maintained up-to-date. The above challenges coupled with the often-high number of locations under management and the lack of on-site IT skills, make it extremely difficult for organizations to optimize their decisions on combinations of edge hardware and software components while maintaining flexibility and cost-efficiency. What further increases business risk, is the criticality of those applications, usually designed to provide a rich customer or a partner experience.

To address this, Spectro Cloud, working with Intel, has developed and delivered a next-generation edge solution architecture, SENA, bringing together hardware in any form-factor, Kubernetes full-stack management capabilities, agnostic to Operating Systems, Kubernetes distributions and integrations, and leading open source innovation. SENA provides end-to-end security based on the optimized cooperation between hardware to deliver at-scale cost-efficient management of edge locations, across every stage of the lifecycle.

"Edge applications require an ‘edge-native’ architecture paradigm to achieve capabilities and optimizations promised by distributed edge computing such as ultra-low latency, performance and quality of service. Security at the edge is especially challenging,” said Renu Navale, vice president & general manager of Edge Platforms Division at Intel Corporation. “With the Secure-Edge Native Architecture, Spectro Cloud is offering a solution that incorporates best-in-class edge hardware, Kubernetes management technologies and open source innovation, to accelerate the industry transformation to an edge-native infrastructure."

SENA combines Intel hardware and software, including Intel Smart Edge, with Spectro Cloud’s Kubernetes management platform Palette, its sponsored open source project Kairos and other innovations, to enable organizations to:

Deploy trusted devices fast and with ease even in challenging environments where connectivity and IT skills are limited. Capabilities include:

• Various onboarding methods (UI, API-based, IaC, QR code scanning)
• Support for Fast IDentity Online (FIDO) devices and hardware-enabled authentication.
• Online encryption leveraging hardware-based handshake.
• Support for air-gapped deployments and locations where connectivity is intermittent.

Provision the complete stack from the OS, to any Kubernetes distribution and required integrations continuously verifying origin and compatibility, complying with provenance and attestation principles, leveraging easy integrations with leading security standards including:

• Pre-deployment scans across all layers to ensure full-stack compatibility (OS, Kubernetes distribution, add-on integrations, application).
• Out-of-the-box integration of the CNCF open source project Kyverno, enabling easy consumption of Sigstore Cosign and System Log Signing Authority (SLSA).
• Support for Software Bill Of Materials (SBOM) scanning capabilities, in order to trace vulnerabilities and track versions for images.

Operate the edge runtime with confidence, ensuring the application stack and data are encrypted and cannot be tampered with at-rest, with hardware-enabled policy enforcement and adhering to confidential computing standards:

• OS and Kubernetes-agnostic immutability combined with cryptographic co-processing functionality to eliminate risk of tampering.
• Enhanced hardware encryption to statically measure boot and seal the user data while dynamically assessing device runtime state.
• Complete workload isolation for both containers and Virtual Machines with memory enclaves and in-transit mutual TLS encryption across all layers (internal between processes as well as external network traffic between Kubernetes pods).

Reduce complexity and easily perform any lifecycle management operation at scale across the full edge stack, to meet enterprise-grade governance requirements, without compromising on flexibility or performance. Capabilities include:

• Complete set of integrated day 0 to day 2 features, from cost visibility, quota resource control, backup and restore, penetration, conformance and security scans, monitoring, logging and alerting, including remote hardware management and recovery capabilities.
• Support for scaling to thousands of locations without performance degradation based on a decentralized architecture with local policy enforcement.
• Automated, orchestration of the complete Kubernetes stack (OS, distribution, integrations), based on always-on reconciliation loops and self-healing.
• Management of any device fleet with an edge-optimized dashboard, including live status for key events and advanced filtering and tagging.
• Faster, zero-downtime rolling upgrades with A/B OS partitioning.
• Easy access to more than 50 out-of-the-box integrations (packs), including OSes, Kubernetes distributions, monitoring, logging, with the option of importing additional.
• Native integration with IaC, CI/CD, ITSM and other tools.
• Zero-trust access model across management plane and locations, with granular Role Based Access Control (RBAC).

“The healthcare industry is undergoing a renaissance with new, richer applications delivered at the edge, powered by new technologies such as artificial intelligence,” said Vignesh Shetty Senior Vice President & General Manager. Edison AI & Platform at GE Healthcare. “As we continue to see these new capabilities emerge, it’s clear that there needs to be a new way of thinking when it comes to securely managing these new edge applications at scale. Excited to see today’s announcement of Spectro Cloud’s Secure Edge-Native Architecture (SENA), with support from Intel, that offers a solution architecture that will help organizations meet these challenges head-on and unlock the full potential of these new technologies.”

“We chose to work with Intel and Spectro Cloud to help us explore the limits of delivering Kubernetes-based apps at the edge,” said Yaniv Maor, founder & CEO of Tevel. “Security, complete control and management at scale across every stage of the lifecycle are paramount for us.”

The SENA solution architecture adds to Spectro Cloud’s ongoing commitment to advancing broad industry initiatives including CNCF’s Cluster API, Cluster API Metal As A Service provider, Kairos.io and now its participation in the Confidential Computing Consortium, where Spectro Cloud will work with Intel and other key industry members.

SENA’s release follows last year’s Palette 3.0 launch and Palette Edge announcement, which set a new industry standard for security in edge Kubernetes environments.

Read the Intel blog here.
Read the Spectro Cloud blog here.
Download the white paper here.
Register for the webinar here.

About Spectro Cloud

Spectro Cloud uniquely enables organizations to deploy and manage Kubernetes in production, at scale. Its Palette enterprise Kubernetes management platform gives platform engineering and DevOps teams effortless control of the full Kubernetes lifecycle even across multiple clouds, data centers, bare metal and edge environments. Ops teams are empowered to support their developers with curated Kubernetes stacks and tools based on their specific needs, with granular governance and enterprise-grade security. Co-founded in 2019 by CEO Tenry Fu, Vice President of Engineering Gautam Joshi and Chief Technology Officer Saad Malik, Spectro Cloud is backed by Stripes, Sierra Ventures, Boldstart Ventures, Westwave Capital, Alter Venture Partners, Firebolt Ventures, T-Mobile Ventures and TSG. For more information, visit https://www.spectrocloud.com or follow @spectrocloudinc.

© Intel Corporation. Intel, the Intel logo and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Other names and brands may be claimed as the property of others.

About Kairos

Kairos is an open-source project which brings Edge, cloud, and bare metal lifecycle OS management into the same design principles with a unified Cloud Native API. With Kairos, users can build immutable, bootable Kubernetes and OS images for your edge devices as easily as writing a Dockerfile. For more information, visit https://www.kairos.io or follow @Kairos_OSS.