June 29th, 2022
Secure Access Service Edge (SASE) Experience Kit (22.05)
The 22.05 release of Intel® Smart Edge Open features a full release of the SASE Experience kit, following the limited 22.02 release. This release adds SDEWAN capability, along with the Nodus software module to provide OVN network controller functionality. It supports hosting of VM-based network functions and supports Rook extensions to Ceph open-source storage to provide self-managing storage services.Added
ICN-SDEWAN: Multiple WAN link support, WAN traffic management, NAT, firewall, IPSec, traffic shaping etc. are now added through the following components:
- SDEWAN CNF: implemented based on OpenWRT, it enhances OpenWRT Luci web interface with SDEWAN controllers to provide Restful API for network functions, configuration, and control.
- SDEWAN Custom Resource Definition (CRD) Controller: implemented as a Kubernetes CRD Controller, it manages CRDs (e.g. Firewall related CRDs, mwan3 related CRDs, and IPSec related CRDs, etc.) and internally calls SDEWAN Restful API to configure CNF.
- SDEWAN Overlay Controller: provides central control of SDEWAN overlay networks by automatically configuring the SDEWAN CNFs through SDEWAN CRD controller located in edge location clusters and hub clusters.
Nodus: An OVN network controller that allows the user to create virtual and provider networks within a cluster, and to attach workloads to these networks.
KubeVirt: An open-source project to extend Kubernetes with virtual machine support via CRDs, agents and controllers. Non-containerized workloads can now be deployed inside VMs and be managed by Kubernetes alongside containerized workloads within the same cluster.
Rook-Ceph: Transforms the open-source Ceph distributed storage software into a self-managing, self-scaling, and self-healing storage service.
SRIOV network operator: Works with the SRIOV CNI and device plugins so that application pods on a cluster can be allocated high-performing dedicated SRIOV virtual instances.
KMRA: Key Management Reference Application is a proof-of-concept software to demonstrate the integration of Intel® Software Guard Extensions (Intel® SGX) asymmetric key capability with a hardware security model (HSM) on a centralized key server. This reference application sets up a NGINX workload to access the private key in an Intel® SGX enclave on a 3rd Generation Intel® Xeon® Scalable processor, using the Public-Key Cryptography Standard (PKCS) #11 interface and OpenSSL. KMRA uses DCAP (Data Center Attestation Primitives) libraries for generating and verifying the ECDSA signed Intel SGX quote.
Reference Implementations (RIs): The Telehealth RI v3.0.0 is supported on this release.Known Issues
|Edge Software provisioner - Occasionally the USB image is not built and SE-O SASE EK provision exits with an error||Retry the ESP based provisioning|
|Edge Software provisioner - sometimes builds an incorrect image and machine fails to boot using the image||Retry the ESP based provisioning|
|Edge Software provisioner - Cannot boot USB images using legacy BIOS||Use UEFI BIOS|
|When the existing PCCS deployment on the cloud instance (AWS) exceeds 24Hrs and user is trying to provision new SASE cloud cluster, provisioning may fail||Reset SGX using "SGX Factory
Reset" option in the BIOS
|When multiple instances of the KMRA ctk_loadkey pods are run, all the pods will receive the same private key as of 22.05 release. Multiple Key configuration is not yet supported||Will be addressed in the future releases|
|For ICN-SDEWAN/Nodus integration solution, IPsec packets with vlan tag travel between SASE POP and edge clusters due to Nodus’s provider network working in vlan mode, and this limits SASE EK to work in LAN environment only for this release||Nodus switches to direct mode for next release|
|Openvino SGX sample in edgeapps repository is not functioning for a broken dependency emanating from a breaking change in Protobuf Python lib||Fix in dependency expected soon using the workaround suggested in Protobuf Python lib|
June 25th, 2022
Private Wireless Experience Kit (22.04)
The 22.04 release of Intel® Smart Edge Open features an update to the Private Wireless Experience kit. This release adds CPU management, network split functions, support for both autonomous and staged deployment through Edge Software Provisioner (ESP), and support for the Intel E810 NIC.Added
CPU Management: Native CPU manager enabling on Kubernetes node to allocate exclusive CPUs for certain pods/containers such as 5G network functions (DU/CU and UPF (User Plane Function). Requires dedicated CPU cores to achieve system stability and high performance.
Network split: A management network to deploy clusters and support remote login. A cluster network for communication between pods. This split improves efficiency and performance.
Intel E810 NIC support: Dynamically reconfigures NIC VF (Virtual Function) number and interfaces through Kubernetes operators, providing an improvement in user experience.
EdgeDNS support: Enables local DNS (Domain Name Service) functionality on edge node, support domain name query, add/delete operation.
Reference Implementation support: Support added for Wireless Network Ready Intelligent Traffic Management (ITM). Once the application is deployed, the application pod takes in recorded/live RTSP (real time streaming protocol) addresses, performs AI inference, and sends metadata with insights for each stream to an InfluxDB database. In parallel, the visualizer overlays insights metadata, displaying detected pedestrians, observed collisions and the processed video feed.
Dynamic 5G RAN installation: Provides dynamic deployment options of 5G DU/CU or 5G Core, as well as the ability to enable/disable 5G CNFs (Containerized Network Functions).
Blueprints: Efficiently build complete, private 5G standalone E2E (End 2 End) system with 5G NR gNB and 5G core network (UPF and 5GC) on a single Kubernetes cluster with 2 nodes on Intel ICX-SP server.Updated
FlexRAN/Radisys version update: Upgrade to version PHY21.07 + CU/DU v2.5.3 + 5GCN CNFs v2.5.2. UPF 3.0.1 supports helm chart deployment, CNF pods lifecycle management now done by Kubernetes, SMF (Session Management Function) supports DNS configuration and forwards DNS requests from UPF to target DNSKnown Issues
Kubernetes RPC error occurs in phy/cu/du log, this is a known issue from Radisys.
- Mitigation: this issue is not observed in Radisys 3.0 version. Private Wireless Experience Kit will upgrade Radisys version with the next release.
In Radisys version 2.5.3, DU-L2 fails with core auto-allocation due to hardcode configuration. This is a known issue from Radisys.
- Mitigation: Private Wireless Experience Kit disables DU-L2 core auto allocation for 22.04 release
May 15th, 2022
Developer Experience Kit (22.03)
The 22.03 release of Intel® Smart Edge Open features an updated Developer Experience Kit.
This release adds secure key management, management of virtual machines, and options for distributed storage.Added
Secure key management
The Key Management Reference Application (KMRA) provides end-to-end protection of customer private keys at runtime by provisioning them into Intel® Software Guard Extensions (Intel® SGX) enclaves.
The application supports multitenancy by running multiple instances of Intel® SGX enclaves.
The application also demonstrates how to integrate an Intel® SGX asymmetric key with a hardware security model (HSM) on a centralized key server. The reference application sets up an NGINX workload to access the private key in an Intel® SGX enclave on a 3rd Generation Intel® Xeon® Scalable processor, using the PublicKey Cryptography Standard #11 interface and OpenSSL. It uses Intel® SGX Data Center Attestation Primitives libraries to generate and verify the ECDSA-signed Intel® SGX quote.
This open-source project extends Kubernetes with Virtual Machine (VM) support via custom resource definitions (CRDs). It allows non-containerized applications and workloads inside VMs to be treated as Kubernetes managed workloads. This lets VM, container, and pod applications to coexist within a shared Kubernetes environment, supporting communication between Kubernetes pods, VMs, and services on the same cluster.
Rook-Ceph (storage orchestration solution)
Integrated the Rook-Ceph storage orchestration solution to provide distributed storage for edge applications. This allows storage to be automatically provisioned at the user’s request. It improves data reliability by distributing storage across the cluster, reducing the risk of creating a single point of failure.Known Issues
Edge Software Provisioner (ESP):
Occasionally, ESP fails to build the USB image and provisioning exits with an error. In this case, retry the ESP-based provisioning.
Occasionally, ESP will build the image incorrectly and the target system – the system you are installing the edge node on – will fail to boot using the image. In this case, retry the ESP-based provisioning.
Systems using legacy BIOS cannot boot from USB images. The target system must use a UEFI BIOS.
Intel® Security Libraries for Data Center (Intel® SecL-DC):
The Dell PowerEdge R750 TPM endorsement key is not signed by a known certificate authority. This causes the Intel® SecL-DC HVS application to fail to verify the TPM EK certificate. We are working on resolving this issue with Dell. As a workaround, the system administrator can provision the root CA certificate of the TPM endorsement key to HVS in out-of-band mode.
The trust agent is unable to read the Platform Configuration Register (PCR) logs from Nationz TPM in Dell R750. This causes the trust agent to fail to generate the attestation with PCR measurements, which causes the HVS create_flavor API call to fail. This will be addressed in an upcoming release.
Intel® Software Guard Extensions (Intel® SGX):
When an existing Intel® Provisioning Certification Caching Service (PCCS) deployment located on an AWS instance has been running for over 24 hours, provisioning a new DEK cluster may fail. If this occurs, reset Intel® SGX using the "SGX Factory Reset" option in the BIOS.
April 15th, 2022
Secure Access Service Edge Experience Kit (22.02)
The 22.02 release of Intel® Smart Edge Open features an updated Secure Access Services Edge (SASE) Experience Kit.
This preview release is available to a pool of early customer adopters. The full experience kit, featuring a full SD-WAN implementation, will be released in the second quarter of 2022. You can browse the documentation for the preview release or request a license for the upcoming full release.Added
Remote Attestation for Trusted Computing: Support for remote attestation using the Intel® Security Libraries for Data Center (Intel® SecL – DC). Remote attestation is the foundation for trusted compute, providing verification of whether or not the operating system is trustworthy.
Trusted application enclaves: Support for trusted application enclaves using Intel® Software Guard Extensions (Intel® SGX). Creates a secure execution environment and provides encryption for communication beyond the enclave boundary.
Automated deployment: The Intel Edge Software Provisioning (ESP) tool has been added to automate the installation of the operating system and software stack on a bare-metal hardware platform. Deployment options include a SASE cloud cluster, a SASE POP (point of presence) cluster, or on a SASE edge cluster.Known Issues
Edge Software Provisioner
There are two known intermittent issues with the Edge Software Provisioner (ESP):
- The ESP occasionally fails to build the USB image and exits with an error.
- The ESP occasionally builds an incorrect image. In this case, the target system you are attempting to provision fails to boot.
Until we are able to provide a fix, the recommendation for both of these cases is to simply retry the process.
The Edge Software Provisioner cannot boot USB images on machines that use a non-UEFI BIOS. Make sure that the system that will host the edge node has a UEFI BIOS.
When provisioning new nodes for an existing Developer Experience Kit deployment with Intel® Software Guard Extensions (Intel® SGX) enabled, Edge Software Provisioner may fail in cases when the Provisioning Certificate Caching Service module has exceeded 24 hours of runtime on an AWS cloud instance. In this case, reset Intel® SGX using the “SGX Factory Reset” option in the BIOS.
Dell PowerEdge R750 servers
The Trusted Platform Management (TPM) endorsement key is not signed by a known Certificate Authority. The Intel® SecL - DC libraries will fail to verify the endorsement key certificate. The system administrator must provision the root CA certificate of the TPM endorsement key to the host verification service in out-of-band mode.
Developer Experience Kit (21.12)Added
Expanded the Intel® Smart Edge Open edge AI capabilities to demonstrate RAN intelligence, by providing a reference implementation on 3rd-generation Intel® Xeon® platforms for near-real-time RAN Intelligent Controller (RIC) from the open-source SD-RAN project.
This reference implementation has an AI/ML-based Intelligent Connection Management xApp with significant optimization for AI inference. It uses the Intel® Distribution of OpenVINO™ toolkit to improve inference latency by approximately 10x, which helps meet 5G latency needs and expands OpenVINO AI inference to network AI use cases.
The reference implementation is available through the Intel Developer Catalog and has been announced by the Open Network Foundation (ONF) in their SD-RAN 1.4 release notes. The Edge AI capabilities in Intel® Smart Edge Open enable multi-vertical and multi-tenant AI services for network automation, intelligent operation and end-user applications.
This reference implementation with network AI can run on the same edge platform alongside other AI applications for industry, smart cities etc and can be provided by completely different type of ISVs (network software ISVs and IoT solutions ISVs).Updated
Updated four reference implementations for the Developer Experience Kit. These provide a reference for edge solution builders deploying multi-tenant services on the edge platform. They feature the following use cases:
Each reference implementation demonstrates how to use Node Feature Discovery (NFD) to match edge node resources with processing needs, and how to optimize communication between microservices with Calico CNI. The reference implementations incorporate Intel software frameworks including:
- Edge Insights for Industrial (EII)
- The Intel® Distribution of OpenVINO™ toolkit
- Intel® Collaboration Suite for WebRTC
- software libraries for media processing and acceleration
January 28th, 2022
We are pleased to announce the 22.01 release of Intel® Smart Edge Open software. This release features an updated Private Wireless Experience Kit for CentOS 7.9 that uses Intel® Edge Software Provisioner to automate deployment.Added
The Intel® Private Wireless Experience Kit supports a single orchestration domain, optimizing the edge node to support both applications and NG-RAN and NG-Core network functions such as DU/CU, AMF, SMF, and UPF.
Autonomous Deployment Through Intel® Edge Software Provisioner (Intel® ESP): Easy provisioning of a multi-node environment with CentOS 7.9. Intel® ESP enables ODMs, system integrators and developers to automate the installation of a complete operating system and software stack on bare-metal or virtual machines using a just-in-time provision process.
A new SR-IOV FEC operator to configure the Intel® vRAN Accelerator ACC100 Adapter, and a SR-IOV Network Operator to configure the Intel® Ethernet Converged Network Adapter X710-DA4. This replaces the manual process that was needed in the previous version
Wireless Network Ready Intelligent Traffic Management (ITM) application integration to demonstrate and test the capabilities of the experience kit. Once the application has been deployed on the edge node in a 5G network, the application pod takes in virtual/real RTSP (real time streaming protocol) addresses, performs inference, and sends metadata for each video stream to an InfluxDB database. In parallel, the visualizer overlays the analysis on the metadata, displaying pedestrians detected, collisions observed, and the processed video feed.
Intel® Ice Lake™ Scalable Processor Support: Support for the Dell EMC PowerEdge® R750 with 3rd Generation Intel® Xeon® Scalable ProcessorsKnown Issues
- Sometimes the Dell R750 edge node hangs during reboot when using an Ethernet card based on Intel® Ethernet Controller XL710. This is because Intel® Ethernet Controller XL710 based Ethernet cards are not in the Dell official support list. We will upgrade the Private Wireless Experience Kit to use an E810 NIC, which is supported by Dell, in the next release.
- 5G CNFs - User equipment sometimes fails to reattach when it moves from idle mode to active mode. This issue will be addressed with future 5G Core CNF upgrades.
December 17th, 2021
We are pleased to announce the 21.12 release of Intel® Smart Edge Open software.Added
The Developer Experience Kit now supports Intel® Security Libraries for Data Center (Intel® SecL-DC) for platform integrity. Platform integrity is established from a collection of both hardware and software that perform measurement and verification to ensure a platform boots into a trusted and desired state.
In addition, the Developer Experience Kit also supports Intel® Software Guard Extensions (Intel® SGX) for protection of selected code and data within a hardened enclave. Developers can now partition their application into hardened enclaves or trusted execution environments to increase application security.
We are excited to announce an O-RAN compliant near-real time RAN Interface Controller (RIC) is available for the Developer Experience Kit and will soon be available for download from the Intel® Developer Catalog. The RIC can be used for development and testing of ORAN AI/ML xAPPs. A 5G RAN simulator is provided to facilitate development and testing.
Support has been added for the next generation Intel® Xeon® D processor. More details will be provided after the product has launched.
September 30th, 2021
We are pleased to announce the first release Intel® Smart Edge Open.
Built from an OpenNESS foundation and representing more than two years of development, the 21.09 release of Intel® Smart Edge Open introduces several technical improvements including a new Developer Experience Kit and an upgraded experience kit for creating 5G private wireless networks.Added
Introduced the Developer Experience Kit
Intel® Smart Edge Open is shifting to Ubuntu 20.04 LTS as the default OS in order to simplify future OS support. The Developer Experience kit uses Ubuntu 20.04 LTS. Other experience kits will be updated from CentOS to Ubuntu in future releases
- Automated deployment process for experience kits, based on the Intel® Edge Software Provisioner (Intel® ESP). (Currently available in the Developer Experience Kit.)
- Developer Experience Release Notes
5G Private Wireless Experience Kit with Integrated RAN that combines a 5G core, 5G RAN and Intel® Smart Edge Open platform in a single, validated solution, using commercial grade CNFs.
- Support for 3rd Generation Intel® Xeon® Scalable Processors (code name Ice Lake)
- Support for Intel® vRAN Dedicated Accelerator ACC100
- Support for Intel® QuickAssist Adapter 8970
- Support for Intel® Ethernet Converged Network Adapter X710-DA4
- CNF support
- DU: L1 verified FlexRAN BBU v20.11
- DU: L2 verified Radisys L2 DU v2.2
- CU: L2/L3 verified Radisys L2/L3 CU v2.2
- UPF, AMF and SMF: verified Radisys 5G Core v2.2
- Support for Foxconn Sub6 4x4 RRH
- RPQN-7800, 3.3-3.6GHz with firmware version: v1.0.3q 432
- 5G On Premises Edge has been re-named to 5G Private Wireless Experience Kit with Integrated RAN
- Calico CNI is the default CNI for Intel® Smart Edge Open.
- All documentation for Intel® Smart Edge Open is now publicly available
- Fixed stability and reliability with 5G Private Wireless Experience Kit with Integrated RAN.
- Radisys CU support for multiple SR-IOV virtual functions has not been validated.