
While traditional edge computing often requires physical hardware, Virtual DM Edge lets you skip all that setup. This approach deploys DM Edge on your Azure data center, so you don't have to worry about maintaining physical machines. Whether you're dealing with tight budgets or simply don’t have time to fuss with hardware, Virtual DM Edge is the perfect solution.
Alright, now it’s time for the fun part—installing Virtual DM Edge on your Azure Kubernetes Service (AKS) cluster. Don’t worry, we’ve got your back with this easy-to-follow guide. Let's break it down step by step.
Before diving into the installation, make sure you’ve got these tools and permissions set up:
“your-cluster-hostname” and “edge-ui.your-cluster-hostname”
Ingress controllers are what help route your traffic to the right places in Kubernetes. You’ve got two choices:
As there are many ways to install Istio, select a method that is best suited to you and your organisation. Below is the procedure for one method.
curl -L https://istio.io/downloadIstio | sh -
cd istio-<version>
istioctl install --set profile=default
kubectl get pods -n istio-system
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm search repo ingress-nginx/ingress-nginx -l
helm install ingress-nginx ingress-nginx/ingress-nginx --version x.x.x --set controller.service.externalTrafficPolicy=Local -n ingress-nginx --create-namespace
If the external IP is not automatically mapped, edit and add the IP to the service (svc).
kubectl edit svc ingress-svc-name -n your-ingress-namespace
This will open the svc and enter appropriate command based on your OS specifications to edit the svc Vim file. Add the external IPs in specs section
4. Update the hosts file of your system with permissible IP and hostnames for your cluster to obtain local access.
IP your-hostname
IP edge-ui.your-hostname
Note: The hosts file can be found at the following locations:
5. Ensure the ingress setup is successful in the AZ subscription.
Every good digital ecosystem needs security, and that’s where certificates come in. Here’s how to generate them:
It’s easier than it sounds—just follow the steps to create the keys and certificates, ensuring your traffic remains secure!
openssl req -x509 -sha256 -newkey rsa:4096 -keyout ca.key -out ca.crt -days 365 -nodes -subj "/CN=Custom Cert Authority"
2. Generate a server key pair (server.key) and sign the server certificate signing request (server.csr) with the CA certificate.
server.csr [req] distinguished_name = req_distinguished_name prompt = no [req_distinguished_name] C = YourCountry (in two capitals) ST = YourStateOrProvince L = YourLocation O = YourOrganization OU = YourOrganizationUnit CN = dm-edge [v3_req] keyUsage=critical,digitalSignature,keyEncipherment extendedKeyUsage=serverAuth subjectAltName = _names [alt_names] DNS.1 = your-hostname DNS.2 = edge-ui.your-hostname
3. Create a certificate signing request (CSR) and verify the content.
openssl req -new -newkey rsa:4096 -keyout server.key -out server.csr -nodes -config server_csr.cnf -extensions v3_req
openssl req -text -noout -verify -in server.csr
4. Sign the CSR (server.csr) using the CA certificate and its private key.
openssl x509 -req -sha256 -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt -extfile server_csr.cnf -extensions v3_req
5. Generate a client key pair (client.key) and sign the client CSR (client.csr) with the CA certificate.
openssl req -new -newkey rsa:4096 -keyout client.key -out client.csr -nodes -subj "/CN=dm-edge-services"
openssl x509 -req -sha256 -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 02 -out client.crt
Now, let’s create an Edge device in the Manage Edge Devices UI in the SAP Cloud.
The YAML file contains all the configurations for your deployment. You’ll populate it with the necessary parameters, then refer to the SAP help documentation for the specifics.
export KUBECONFIG=[kubeconfig_file_path]Note: For Windows, the command is set KUBECONFIG=[kubeconfig_file_path]
kubectl create namespace [namespace]
kubectl label namespace [namespace] istio-injection=enabled
kubectl get ns -L istio-injection
5. Add a chart repository for the SAP Digital Manufacturing for edge computing Helm chart. Add a chart repository, using the repository endpoint and the technical username and password for the RBSC or your own container registry.
helm repo add [helm_repo] [helm_chart_URL] --username *** --password *** --pass-credentials
The helm_repo parameter is the name you give to a local Helm chart repository. The helm_chart_URL parameter is obtained from RBSC.
6. Check the latest version of the Helm chart.
helm search repo [helm_repo]/offline-edge --versions
Note: If you are testing beta versions, which are reserved for the quality testing window before official release, add the "--devel" option.
7. Check the configurable values of the chart.
helm show values [helm_repo]/offline-edge --version [version]
8. Create Kubernetes secrets to store different certificates. For NGINX, create all the following secrets in SAP Digital Manufacturing for edge computing namespace. For Istio, create the first two secrets (all in one secret) in Istio namespace and the third in SAP Digital Manufacturing for edge computing namespace.
1. Secret for trusted certificates, including CA certificate for SAP Digital Manufacturing for edge computing client certificate and CA certificate for Cloud Connector system certificate. Or if it's a self-signed system certificate for PoC purposes, include the Cloud Connector system certificate itself.
2. Secret for SAP Digital Manufacturing for edge computing server certificate.
3. Secret for CA certificate for Dex server certificate (in the case of embedded Dex, secret for CA certificate for SAP Digital Manufacturing for edge computing server certificate).
NGINX:
kubectl create secret generic [ca_secret_name] --from-file=ca.crt=[trusted_ca_certificates] -n [dm_edge_namespace]
kubectl create secret tls [tls_secret_name] --key [server_certificate_key] --cert [server_certificate] -n [dm_edge_namespace]
kubectl create secret generic [dex-ca-secret-name] --from-file=ca.crt=[Dex_CA_Certificate] -n [dm_edge_namespace]
Istio:
kubectl create secret generic [tls_secret_name] --from-file=tls.key=[server_certificate_key] --from-file=tls.crt=[server_certificate] --from-file=ca.crt=[trusted_ca_certificates] -n [istio_namespace]
kubectl create secret generic [dex-ca-secret-name] --from-file=ca.crt=[Dex_CA_Certificate] -n [dm_edge_namespace]
6. Install the application using Helm.
helm install [release_name] [helm_repo]/offline-edge -f [values_file] -n [namespace] --version [helm_chart_version]
The release_name parameter is a name you give to the SAP Digital Manufacturing for edge computing instance to be installed.
7. When installation is complete, check the pod status in the given namespace.
kubectl get pods -n [namespace]
The pods should be in Running status and jobs in Completed status. Additionally, you can verify the installation status in the Manage Edge Devices UI. The status should say "Installed."
Azure Lighthouse is a service offered by Microsoft for service providers that offers multi-tenant management with enhanced scalability, automation, and governance. It allows customers to share their resource logs, including Azure Monitor logs and activity logs, with providers using delegated resource management. Providers can access this data through Azure RBAC, ensuring secure, controlled access. This service helps streamline monitoring, troubleshooting, and optimization, while maintaining customer data privacy.
Therefore, these steps are optional but highly recommended for efficient resource management and enhanced service delivery.
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"mspOfferName": {
"value": "DMC_Lighthouse_Test_MSP_Security"
},
"mspOfferDescription": {
"value": "DMC Lighthouse Test Service Provider"
},
"managedByTenantId": {
"value": "[managed_by_tenant_id]"
},
"authorizations": {
"value": [
{
"principalId": "[principal_id]",
"roleDefinitionId": "[role_definition_id]",
"principalIdDisplayName": "Lighthouse Contributor"
},
{
"principalId": "[principal_id]",
"roleDefinitionId": "[role_definition_id]",
"principalIdDisplayName": "Lighthouse Managed Services Registration Assignment Delete Role"
}
]
},
"rgName": {
"value": "[nameof-your-resource-groups]"
}
}
}
Important:
Replace [managed_by_tenant_id], [principal_id], [role_definition_id], and [nameof-your-resource-groups] with actual values. These details must be provided by the DM Edge team (or your internal team managing Azure Lighthouse).
Navigate through the wizard and click on “Review + create” to create the custom deployment template.
Role Assignments
With Virtual DM Edge, you’re now equipped to take full advantage of edge computing in your manufacturing operations. This powerful technology not only accelerates decision-making but also drives real-time improvements on the shop floor—without the hassle of managing physical hardware.
Here are a few key takeaways to remember as you embark on this journey:
Zero Hardware Hassles: Virtual DM Edge allows you to deploy SAP’s edge computing capabilities directly in your Azure data center, saving you time and resources spent on physical infrastructure.
Faster Decisions, Smarter Operations: By processing data closer to the source, edge computing reduces latency, enabling faster, more accurate responses to production needs.
Seamless Integration: Thanks to a containerized approach powered by Kubernetes, scaling and managing your applications is easier than ever, giving you the flexibility you need to grow without compromise.
Security First: By using self-signed certificates and robust ingress controllers (like Istio or Nginx), you can ensure that all your edge operations stay secure while communicating effectively with the cloud.
Efficient Resource Management: If you’re a service provider, consider setting up Azure Lighthouse to streamline monitoring, troubleshooting, and optimization across multiple tenants. It’s an optional step, but it significantly enhances your ability to manage resources efficiently.
With these benefits in hand, your organization is now on the fast track to harnessing the full power of edge computing for manufacturing. Whether you’re looking to improve business continuity, scale quickly, or simply eliminate infrastructure headaches, Virtual DM Edge provides the flexibility, speed, and reliability you need to succeed.
Ready to dive deeper into edge computing? For more insights and the latest updates, click on SAP help documentation to stay on top of all things SAP Digital Manufacturing!
Happy edge computing! 🌐
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
8 | |
6 | |
5 | |
3 | |
2 | |
2 | |
2 | |
2 | |
1 | |
1 |