This is the 39th article in the “Real Words or Buzzwords?” series about how real words become empty words and stifle technology progress.
By Ray Bernard, PSP, CHS-III
Though commonly misunderstood, the concept of fog computing has become critically important to physical security systems.
This Real Words or Buzzwords? series is about terminology as it relates to the electronic physical security industry. I highlight this factor because information technology is embedding itself in the products and systems of every industry. Information tech is applied variously in each industry and its end user environments, and so where and how a piece of tech is used will vary from one industry to another and from one end user environment to another.
There is also a time factor involved, because technology trends reshape technologies (trends such as virtualization, miniaturization, low power, greater network capacity) and so technologies evolve for new applications, thus expanding or revising the original definitions of its terms. Thus today, authoritative online and print sources provide conflicting definitions for fog computing, edge computing and other terms.
As it so happens, the concepts of edge computing and fog computing have become critically important to electronic physical security systems. By not understanding them we face two dangers. First, it will be easy to dismiss fog computing by considering that “fog” is just more marketing hype about “edge” computing. Second, we’ll believe that we’ve been doing edge computing for over a decade with, for example, enterprise IP camera video surveillance systems – and thus think there is nothing really for us to learn.
When I first saw fog computing mentioned in an article online, I thought it was just another marketing hype term, and so I dismissed it. (I also made that mistake with Hyper-Converged Infrastructure.) A year later in 2015, I came across a very informative Cisco blog titled, “IoT, from Cloud to Fog Computing” by Maher Abdelshkour that provided detail on the Fog Computing concept.
The article said, “Cisco defines Fog Computing as a paradigm that extends Cloud computing and services to the edge of the network. Similar to Cloud, Fog provides data, compute, storage, and application services to end-users. The distinguishing Fog characteristics are its proximity to end-users, its dense geographical distribution, and its support for mobility.” This is true for online services like Amazon, Facebook or Google. But it’s not the right definition for physical security.
There was no mention in the Cisco article of physical security systems technology, even though the article described what we were already doing in the physical security industry with IP camera surveillance systems, so I dismissed it again as another fancy word for edge computing.”
Now, in retrospect, I can see that the Fog computing concept was still evolving (meaning that it was incomplete from today’s perspective) because the hardware and software technologies involved in it were rapidly evolving and changing what was possible to accomplish. Thus, it wasn’t evident yet that emerging-technology factors would make Fog Computing critically important to physical security system design and to the value that we could start delivering to end users in 2019. Silicon Valley area companies and some critical infrastructure organizations are now deploying such technology, and we’ll soon start seeing case studies and white papers detailing such deployments.
What Exactly is Fog Computing?
For several years I have referred to fog computing as “cloud on the ground” for two reasons. First, it makes a nice visual image with which its concepts can be easily associated. Second, fog computing uses cloud computing technologies in end-user premises deployments, including serverless computing and software-defined networks, storage and computing resources deployed as hyper-converged infrastructure (HCI). For many deployments these systems are cloud-connected and utilize cloud-computing for near-real-time applications – another reason to call it “cloud on the ground”.
Although the Wikipedia entry and many articles on fog computing equate it with edge computing, for industrial IoT systems (the technology category for electronic physical security systems) there is a distinction to be made between fog and edge computing.
See Figure 1 below, which is taken from the article titled, Cloud, Fog, Edge computing – What’s the Difference?, provided by WINSYSTEMS, INC., a company whose industrial controls products I’ve worked with since the mid-1990s, and whose WINSIGHTS blog is one of the most informative I’ve seen regarding industrial controls computing and networking.
When you try to apply the cloud, fog and edge layers to security video systems – it’s not as simple as one might hope. It’s a little blurry because video processing and on-premises data visualization is performed both on-camera (obviously an edge device) and on a VMS system’s recording or video processing server (such as an AI/Analytics video processing server). Additionally, now and especially going forward, many video analytics functions will also be performed in the cloud as well as on the cameras and VMS servers.
For cyber-security planning purposes, it makes the most sense to consider cameras as being in the edge layer, VMS and related servers in the fog layer, and cloud-based services (of course) in the cloud layer. These three layers typically have different cybersecurity measures applied to them.
The first document to address this kind of edge-vs.-fog confusion – which is really more a problem of labelling than one of system design – is the NIST Special Publication 500-325 titled, “Fog Computing Conceptual Model”, which was published in March of 2018. Figure 2 below, from page 2 of the document, shows the NIST fog computing layered model, which does fit nicely with the Figure 1 diagram that was published a few months prior by WINSYSTEMS.
At the bottom of page two, the NIST document states, “Different usecase scenarios might have different architectures based on the optimal approach to supporting end-devices functionality. The choice of such representation is rooted in the intend of capturing a complex architecture that incorporates fog computing services.”
NIST also defines six Fog Computing Essential Characteristics, all of which apply to electronic physical security systems, and of which the “Real-time interactions” characteristic is becoming increasingly feasible and valuable given the many emerging AI deep learning capabilities that can be applied to video. At its recent partner conference, Milestone unveiled an R&D project that uses AI deep learning to configure video cameras in real time, optimizing their performance based on real-time lighting and other conditions to ensure that the camera is always performing optimally for its specific purpose. (See the demonstration video at https://youtu.be/uqYlxiyAHoA.)
NIST defines Fog Node as physical equipment (such as gateways, switches, routers, servers, etc.) or virtual components (such as virtualized switches and virtual machines) that are tightly coupled with the intelligent end devices and provide computing resources to the devices. The intelligent end devices are the controllers that interact with the cameras and card readers, for example. There are also five Fog Node Attributes, all of which should be part of the design thinking for most electronic physical security systems.
Technically speaking, cameras could easily be considered a mist computing layer. I didn’t make this up. NIST describes it like this: “Mist computing uses microcomputers and microcontrollers to feed into fog computing nodes and potentially onward towards the centralized (cloud) computing services.” The thing to remember in reviewing the article by WINSYSTEMS and the NIST fog computing guidance, is that that labels exist so that we can have a commonly understood way of referring to the elements of the system designs being developed and deployed using current information technology elements. As we continue to apply emerging technology capabilities in our security products, systems and applications, the use of these labels will make more sense and have more value.
Advancing Security Technology
The system architectures and labels presented above were not designed for the legacy technology that now constitutes most of today’s deployed security technology. But they were designed for the technology that is already available from Intel, Dell, VMware, and others – technology on which companies are now building security products and systems.
Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities (www.go-rbcs.com). In 2018 IFSEC Global listed Ray as #12 in the world’s Top 30 Security Thought Leaders. He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Mr. Bernard is a Subject Matter Expert Faculty of the Security Executive Council (SEC) and an active member of the ASIS International member councils for Physical Security and IT Security. Follow Ray on Twitter: @RayBernardRBCS.
© 2019 RBCS