How To Manage and Update Edge Devices That Aren’t Always Online

At ZEDEDA, we know that at the distributed edge connectivity isn’t guaranteed, it’s a spectrum that ranges from always-on to completely air-gapped. Your most critical operations might be in remote locations with spotty satellite links, on factory floors with strict “no internet” policies, or industrial or military complexes that are completely air-gapped for security. These connectivity challenges are not just hypotheticals; they are a daily reality for many industries.

We recently hosted a technical webinar, “No Connection, No Problem: Managing Air-Gapped and Remote Edge Infrastructure”, to tackle these exact issues head-on. Here’s a look at the key insights for businesses operating on the front lines of intermittent connectivity.

Edge Connectivity Spectrum: It’s Not Just “On” or “Off”

Edge connectivity isn’t a binary state; it’s a spectrum. Your operational needs, networking options available, physical location, and security requirements will determine where you fall on this spectrum, from always-on SaaS management to fully disconnected, on-premise solutions.

• Intermittent Connectivity: Devices that are sometimes connected and sometimes not, due to cellular gaps or satellite availability. The key here is an eventually consistent management approach, ensuring devices get the right configuration when they do connect, without someone tampering with them while offline. This is especially true in transportation industries like maritime, cruise lines, and rail.
• Policy-Driven Disconnection: These scenarios are driven by security and regulatory compliance. For example, industrial environments often need to isolate factory floor systems (OT) from external networks (IT) . Solutions like data diodes , which allow one-way communication, can be used for observability in these cases, but aren’t sufficient for control operations.
• Air-Gapped Environments: The most extreme case, where infrastructure is physically and logically isolated from external networks. This is common for critical infrastructure and regulated manufacturing, where security is paramount.

Why Connectivity Matters: Insights and Operations

Despite the challenges, we need connectivity to the edge for two fundamental reasons:

• To Gather Insights: Edge applications collect and generate business data. Whether it’s for improving predictive maintenance models based on vibration monitoring or refining an edge AI model for machine vision, that data needs to translate into actionable insights. For instance, iterating and deploying updated AI models requires a mechanism to get those new models to the edge at scale
• To Update and Manage Applications: Managing the full lifecycle hundreds or thousands of distributed devices and their applications one-by-one is not scalable. Centralized orchestration ensures deployment consistency, delivers speed of change, and maintains a strong security posture by enabling rapid rollout of critical updates, application patches, security updates, and ever-changing AI models. The goal is fleet management, not just node management.

Bridging the Gap: How ZEDEDA Enables Management without Direct Connectivity

The central challenge is clear: how do you achieve the benefits of centralized fleet management when your devices can’t “phone home” to a central cloud?.

This is where ZEDEDA Edge Sync comes in. As demonstrated in our webinar, Edge Sync is a powerful local management solution that acts as a bridge for your disconnected or air-gapped environments.

Here’s how it works:

• Centralized Configuration: You continue to manage your entire fleet, even the disconnected devices, from the central ZEDEDA cloud, which remains your single source of truth. You can update applications, change configurations, and prepare new deployments just as you normally would.
• Secure, Out-of-Band Transfer: The new configuration is securely exported as an encrypted “blob”. This file is signed and can only be decrypted by the specific target device, using its hardware root of trust (like a TPM). This blob is then transferred into the isolated site using any approved out-of-band method, like a USB drive or a secure jump host.
• Local Application: The ZEDEDA Edge Sync service, running as a lightweight container within the local network, receives the configuration blob. The target edge nodes on that local network then pull the update from Edge Sync, just as they would from the cloud.

This process allows you to maintain a consistent, centrally-managed approach across your entire fleet, whether it’s a small site with 10-15 nodes or a larger deployment. It delivers true fleet management for air-gapped environments without the operational overhead of deploying a full on-premise controller for every small site.

Live Demo Highlights: From Connected to Air-Gapped and Back

During the webinar, our ZEDEDA expert, Sergio Santos, showcased Edge Sync in action. The demo featured a fleet of two edge nodes running an NGINX application.

• Initial Deployment: The devices were provisioned online, connecting to the ZEDEDA cloud and the local Edge Sync instance. An application was deployed to the fleet from the cloud seamlessly.
• Going Dark: Internet access was then blocked, simulating an air-gapped environment. The applications on the edge nodes continued to run without interruption.
• Offline Update: The application was updated in the ZEDEDA cloud, and the new configuration blobs were downloaded. Using the Edge Sync UI, these blobs were imported into the local network and applied to the nodes. The application updated successfully, all while being completely offline.
• Reconnecting: Once connectivity was restored, the devices reconnected to the cloud in their new, updated state, maintaining perfect configuration consistency.

This demonstration proved that with the right architecture, intermittent connectivity and air gaps don’t have to mean a loss of control or a break in your operational workflow.

Takeaway: No Connectivity Doesn’t Mean No Control

Disconnected, intermittently connected, or air-gapped edge environments no longer have to mean manual processes, security gaps, or operational delays. With Edge Sync you can:

• Securely manage disconnected devices.
• Maintain consistency across your fleet.
• Ensure resilience in operations, whether connected, intermittent, or completely air-gapped.

What’s Next for Your Edge?

Whether you’re dealing with intermittent connectivity, planning a self-hosted deployment in a private cloud, or operating fully air-gapped sites, ZEDEDA provides a flexible solution to meet your unique needs.

If you’re facing connectivity challenges at the edge, you don’t have to compromise on security, scalability, or control.

Interested in learning how ZEDEDA can solve your disconnected edge use case? Reach out to us today or schedule an intro to see it for yourself.

 

FAQ

Q1: How do I manage and update edge devices when they aren’t always online?

Manually updating devices in remote or disconnected environments is costly and risky. With ZEDEDA Edge Sync, you can centrally prepare updates in ZEDEDA Cloud, export them as secure, signed configuration files, and then transfer them into the site using approved out-of-band methods (such as USB or secure jump hosts).

• Devices continue running their workloads without interruption.
• Updates are applied consistently once the configuration “blob” reaches the site.
• When connectivity returns, devices seamlessly sync with ZEDEDA Cloud, preserving consistency.

Q2: How do I securely enforce policies in disconnected or air-gapped sites?

Security is often the reason sites are disconnected in the first place. ZEDEDA ensures policy enforcement through:

• Hardware root of trust (TPM): Only the target device can decrypt and apply updates.
• Signed configuration blobs: Eliminates the risk of tampering during transfer.
• Zero Trust architecture: Security is built in from the ground up, not bolted on.

Q3: What happens to applications if connectivity drops suddenly?

Operations can’t grind to a halt just because the network goes down. 

With ZEDEDA:

• Applications already running on the device continue without disruption.
• Devices remain in their last known good state until new updates are imported.
• Updates staged in ZEDEDA Cloud will be waiting for the next connectivity window or offline import.

Q4: How do I get business data out of sites that connect only occasionally?

Whether you’re running predictive maintenance models or refining AI for computer vision, the edge generates valuable data. 

ZEDEDA enables:

• Prioritization of critical data during limited connectivity windows.
• Eventual consistency, ensuring all data is reconciled once connectivity is restored.
• Flexible architectures that integrate with existing analytics pipelines.

Q5: How do I avoid deploying a full on-prem controller at every site?

Traditional approaches require heavy infrastructure at each remote location. 

ZEDEDA’s approach:

• Centralized ZEDEDA Cloud remains your single source of truth.
• Lightweight Edge Sync containers handle local distribution.
• Works for small sites with 10 nodes or large fleets with hundreds.

Q6: Can I still achieve centralized fleet management across connected and disconnected sites?

Yes. ZEDEDA delivers true fleet management, not just node management, across the connectivity spectrum:

• Always-on SaaS management for connected sites.
• Policy-driven disconnection with one-way data transfer for secure sites.
• Fully air-gapped environments with out-of-band synchronization.