Shulou(Shulou.com)05/31 Report--

Using NATS's Synadia adaptive edge architecture example analysis, I believe that many inexperienced people are at a loss about this. Therefore, this paper summarizes the causes and solutions of the problem. Through this article, I hope you can solve this problem.

Overview

At Synadia, our goal is to unify all cloud, edge, and Internet of things communications. We guide companies to run secure and resilient modern distributed communications systems efficiently from now on and take advantage of the NATS.io project to get them there. The creator of Derek Collison,NATS, created Synadia and is in charge of the NATS project.

We see users deploy NATS-- in several ways, single cluster K8s deployment, NATS server cluster in the cloud, VM or bare metal. As the company grows, we see many regional deployments geographically dispersed, in data centers, between cloud providers, or, more often, hybrid deployments.

Recently, we have seen the emergence of a pattern in which a set of applications serves and receives data from edge nodes. There is usually telemetry from the edge, and sometimes edge nodes have their own command and control services and access to local data. This is not uncommon-this is joint edge computing in the Internet of things mode.

What is really interesting when companies push computing to the edge is that we see this model applied to many different vertical markets. Usually, users combine different technologies with different security domains, which will inevitably lead to system fragility, insecurity and high maintenance costs. This problem can be well avoided by using what we call Adaptive Edge Architecture (Adaptive Edge Architecture), a flexible deployment topology that covers the NATS multi-tenant security model.

Safety

In NATS 2.0, we enhanced security around the concepts of operator (Operator), Account (account), and User (user). The operator is the owner of the NATS deployment, such as a company, cloud provider, CDN service, edge provider, or mobile operator. Operators create accounts-- you can think of them as "messaging containers"-- true multi-tenancy. The account may contain users who represent a set of applications, regional deployments, or business units. Note that we are moving towards zero trust, so in operator mode, the NATS system does not store or access private NATS keys even using the concepts of accounts and users.

Https://docs.nats.io/nats-tools/nsc/nsc#creating-an-operator-account-and-user

When a NATS client connects, its credentials indicate that it belongs to a specific account. Its subject namespace, where it can send and receive data, exists only in its account. This means that by default, data never crosses account boundaries, and clients can only communicate directly with other clients in the same account, even using the same topics found in other accounts.

However, accounts can export and import streams (think telemetry) or services (think RPC) along with other accounts, allowing specific data to be shared securely and mapping topics, effectively separating data access from the application topic namespace. In deployment, streams and services can publicly import all accounts, or they can be kept confidential to comply with the strictest security policies. Because security is indeed separate from the connection, the account may exist only on a subset of the server to create a data silo.

Deployment Topology

In addition to the security in NATS 2.0, we also want to solve the problem of easily and reliably connecting NATS server clusters in different regions. In terms of interest propagation, for most use cases, a large NATS cluster distributed in different regions is too much traffic, so we created the concept of super cluster, which connects many clusters together through gateway connections. This spline-based architecture has the flexibility of multiple connections and intelligently handles the propagation of interest, thus automatically reducing redundancy. This is a necessary optimization for long-distance transmission or low-bandwidth connections at today's data rates.

In doing this, Derek (the creator of NATS) came up with the concept of leaf nodes, where the NATS server can connect to the cluster and be more like a client than the server, thus expanding the cluster, making it possible to bridge the security domain. It also provides the best latency between local applications. When disconnected from the remote cluster, it still works. At that time, we were not sure exactly how the leaf node would be received, but there were some indications that it might be a dormant node.

Https://docs.nats.io/nats-server/configuration/leafnodes

It turns out that this is much more powerful than we thought. Then, when combined with NATS 2.0 security, we finally have a truly elegant solution that can use edge computing to handle large-scale federation deployments-adaptive edge architectures.

Synadia adaptive edge architecture using NATS

This is quite simple. Building many NATS clusters at the back end-- in the data center, cloud, bare metal, or hybrid-- doesn't matter to NATS. Then the connectivity is extended to the edge through the leaf node, creating a huge data connectivity plane. This is the first layer, like the data grid. Security is the next issue-think of NATS security as a switch that determines exactly what data can flow to where, that application connections are limited by NATS accounts, and that data is shared by importing and exporting streams and services. By combining this deployment model with NATS's multi-tenancy feature, you can create a truly large system that is both manageable and secure.

Because the account contains its own theme namespace, each edge deployment looks exactly the same and there are no theme conflicts. There is no longer a need for a meeting to decide how to set up namespaces hierarchically! It is isolated, which means that your application is easy to enhance and does not affect the rest of the system. Exports and imports allow any allowed NATS client to interact securely and seamlessly with any other allowed NATS client in the deployment. Because the NATS server exists at the edge, your remote service can still operate on its own when separated from the network.

This can also mix and match SaaS-based systems with privately owned and operated systems. We see an upward trend in this pattern in NGS, where users run leaf nodes for local installation and then connect remotely for secure and reliable global communication.

Https://synadia.com/ngs

Intentional data shaft

Although you will have a complete connection, the data flow should be restricted and sometimes isolated in a shaft with limited access. People might do this for manageability-gather large amounts of sensor data at the edge, and then use AI to provide meaningful context in a streaming manner. Or, you may need to implement some strategies, such as storing health data about health in a set of servers to meet GDPR compliance. Account settings will ensure that data will never leave a location unless it should.

Simple client

Regardless of security and deployment topology, NATS clients are still simple because they only care about connecting, publishing, and / or receiving data. Do not maintain any server state, allowing you to scale or change the NATS server deployment at any time without affecting the client, effectively verifying the future of your technical solution.

Example use case-Industry 4.0

Let's look at a manufacturing use case. As manufacturing continues to transition to Industrial 4.0, the metadata related to the manufacturing process is more valuable than ever. The adoption of IIoT has created a large amount of data. Machine temperature fluctuations can be used to predict fault analysis, while metadata for components may need to be stored for decades (such as aviation). Most of them need to be processed with very low latency, in which case sending to a back-end or remote data center in the cloud is untenable.

Factory

We have a factory production line with equipment, sensors, quality control, AR to assist engineers, AI monitoring and intelligent aggregation of data. By the way, NATS works very well on the Unity platform, which is being used in industry 4.0.

Https://unity.com/solutions/automotive-transportation-manufacturing

Headquarters, factories and distribution centers

On the whole, we have headquarters, distribution center and factory. Note that all of these are connected and the data is exchanged through NATS. Although there is no diagram, the flow and availability of the data is determined by the account. This is just a simple chart; adaptive edge architecture can be used to provide supply chain to provide services that optimize logistics, inventory, and so on.

Apply to vertical market

After reading the above, have you mastered the method of sample analysis using NATS's Synadia adaptive edge architecture? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.