copyright | years | lastupdated | title | parent | grand_parent | nav_order |
---|---|---|---|---|---|---|
2020 - 2023 |
2023-02-27 |
SDO agent install |
Edge devices info |
Edge devices |
7 |
{:new_window: target="blank"} {:shortdesc: .shortdesc} {:screen: .screen} {:codeblock: .codeblock} {:pre: .pre} {:child: .link .ulchildlink} {:childlinks: .ullinks}
{: #sdo}
SDO {:target="_blank"}{: .externalLink} (Secure Device Onboard), created by Intel, makes it easy and secure to configure edge devices and associate them with an edge management hub. {{site.data.keyword.edge_notm}} ({{site.data.keyword.ieam}}) supports SDO-enabled devices so that the agent will be installed on the devices and registered to the {{site.data.keyword.ieam}} management hub with zero touch (by simply powering on the devices).
{: #sdo-overview}
SDO consists of these components:
- The SDO module on the edge device (usually installed there by the device manufacturer)
- An ownership voucher (a file that is given to the device purchaser along with the physical device)
- The SDO rendezvous server (the well-known server that an SDO-enabled device first contacts when it starts the first time)
- SDO owner services (services run on the {{site.data.keyword.ieam}} management hub that configure the device to use this specific instance of {{site.data.keyword.ieam}})
Note: SDO only supports edge devices, not edge clusters.
{: #before_begin}
SDO requires that the agent files are stored in the {{site.data.keyword.ieam}} Cloud Sync Service (CSS). If this has not been done, ask your administrator to run one of the following commands as described in Gather edge node files:
edgeNodeFiles.sh ALL -c ...
{: #trying-sdo}
Before you purchase SDO-enabled edge devices, you can test SDO support in {{site.data.keyword.ieam}} with a VM that simulates an SDO-enabled device:
-
You need an API key. See Creating your API key for instructions to create an API key, if you do not already have one.
-
Contact your {{site.data.keyword.ieam}} administrator to get the values of these environment variables. (You need them in the next step.)
export HZN_ORG_ID=<exchange-org> export HZN_EXCHANGE_USER_AUTH=iamapikey:<api-key> export HZN_SDO_SVC_URL=https://<mgmt-hub-ingress>/edge-sdo-ocs/api export HZN_MGMT_HUB_CERT_PATH=<path-to-mgmt-hub-self-signed-cert> export CURL_CA_BUNDLE=$HZN_MGMT_HUB_CERT_PATH
-
Follow the steps in the Open Horizon SDO 1.11 {:target="_blank"}{: .externalLink} to observe SDO automatically install the {{site.data.keyword.ieam}} agent on a device and registers it with your {{site.data.keyword.ieam}} management hub.
{: #using-sdo}
If you have purchased SDO-enabled devices and want to incorporate them into your {{site.data.keyword.ieam}} domain:
-
If you did not create SDO owner key pairs when trying out SDO in the previous section, perform these steps:
-
You need an API key. See Prepare for setting up edge nodes for instructions to create an API key, if you do not already have one.
-
Contact your {{site.data.keyword.ieam}} administrator to get the values of these environment variables. (You need them in the next step.)
export HZN_ORG_ID=<exchange-org> export HZN_EXCHANGE_USER_AUTH=iamapikey:<api-key> export HZN_SDO_SVC_URL=https://<mgmt-hub-ingress>/edge-sdo-ocs/api export HZN_MGMT_HUB_CERT_PATH=<path-to-mgmt-hub-self-signed-cert> export CURL_CA_BUNDLE=$HZN_MGMT_HUB_CERT_PATH
-
Perform the steps in just this one section: Generate Owner Key Pairs {:target="_blank"}{: .externalLink}.
-
-
Log in to the {{site.data.keyword.ieam}} management console.
-
On the Nodes tab, click Add node.
Enter the information necessary to create a private ownership key in the SDO service and download the corresponding public key.
-
Fill in the necessary information to import the ownership vouchers you received when you purchased the devices.
-
Connect the devices to the network and power them on.
-
Back in the management console, watch the progress of the devices as they come online by viewing the Node overview page and filtering on the installation name.