Secure Edge-Native Architecture (SENA)

A comprehensive new vision for securing and managing edge computing environments at scale, with support from Intel.

Tackling the unique requirements  of edge locations

Running rich new cloud native applications at the edge has the potential to transform your business. But edge environments are challenging to manage — and present unique security risks that conventional solutions built for data centers and public clouds do not address.

SENA is the answer. It brings together the best of edge hardware and software, working in unison to secure edge locations at scale with zero-trust principles and deep root security from the silicon to the app.

“At Tevel, securing our edge devices, and the software and data on them, is absolutely critical. We are so excited to see how the SENA architecture comprehensively addresses security and manageability at the edge, step by step. Bringing together Palette Edge, the Kairos project and Intel platforms is an incredibly powerful combination, and sets a new benchmark for security across the edge computing lifecycle. This technology is a scale enabler for us.”

Yaniv Maor

CEO, Tevel

The best-of-edge hardware and software

SENA is first and foremost a solution architecture that defines several essential requirements for securing edge computing environments, setting a benchmark for the industry as a whole to follow in developing edge solutions.

We’ve also mapped out our own incarnation of SENA: a set of solutions to meet these requirements, by combining Intel’s trusted platform and Smart Edge technologies, Spectro Cloud’s Palette Edge Kubernetes management, Kairos.io and other open source projects. These solutions deliver end-to-end security:

Across every stage of the edge device lifecycle

At any scale, from hundreds to thousands of devices and locations

Without compromising choice, flexibility or performance

SENA step by step

We’ve designed SENA to integrate dozens of security and management features, for seamless protection across the three stages of the edge lifecycle.

Deploy trusted devices, quickly and easily

Take devices from manufacturing to staging to live in the field, without friction, without risk.

The first SENA requirement covers the initial deployment of edge hardware. To meet this requirement, you can use Palette Edge’s range of device onboarding options. It enables you to bring devices into management via GUI, API, low-touch QR code scans or zero-touch auto registration — even in air-gap environments. We support the FIDO specification for device onboarding.

Provision the complete stack from OS to app — verified

Verify integrity and minimize risk when deploying software stacks to the edge device.

Next, SENA mandates control of the software supply chain you’re deploying on your hardware. Here, Palette’s native scanning suite — security, conformance, compliance and SBOM — catch vulnerabilities in the images you plan to deploy.

Kyverno integration and SLSA help ensure artifact integrity from end to end in the software supply chain.

Operate the edge runtime with confidence

Protect against threats when it matters most.

SENA’s third requirement sets standards for protecting apps and data executed on the edge device in the field.

Here, the Kairos factory delivers the OS and Kubernetes stack on the device as an immutable, tamperproof image. Then, when the device boots, Intel’s Trusted Platform Module (TPM) is used to decrypt and verify the boot. Trusted eXecution Technology (TXT) dynamically assesses runtime state. When workloads start, all internal and external communication between services is secured via mutual TLS encryption. Both container and VM workloads are isolated in hardware-based memory enclaves using Intel Software Guard eXtensions (SGX).

Manage the edge lifecycle at scale

The SENA model stresses that security is not a ‘one and done’ thing: it requires day to day attention through effective management.

This is where Palette’s core strengths as a management platform come into play. Palette’s always-on declarative reconciliation loops ensure that the desired state of the edge nodes is maintained, with zero configuration drift.

When needed, patches and upgrades are delivered at scale, OTA, with zero downtime; OS and K8s image updates are provided atomically.

Operations teams are always in control of even large-scale edge environments via edge-optimized monitoring dashboards. Ongoing management actions are secured via Spectro Cloud’s granular RBAC with Zero Trust authentication, and delivered via integration with CI/CD, IaC and ITSM tooling.

Palette provides robust backup and restore functionality for running Kubernetes clusters, and in the event of a problem, Intel vPro provides powerful remote management and recovery of each device.

Learn more about the SENA requirements and our solutions

Download the in-depth white paper, co-authored by Spectro Cloud and Intel, to learn more about the Secure Edge-Native Architecture and the technical security and management capabilities it brings to your edge deployments.

Read the white paper