How it Works

ZEDEDA Architecture and Core

ZEDEDA Infrastructure Services provide the management, security, and orchestration foundation for all edge services. ZEDEDA doesn’t touch your application data; instead, it gives you full control over data flows, while enabling secure orchestration of applications and infrastructure from a single pane of glass.

ZEDEDA’s approach combines device management, secure connectivity, and orchestration services into a unified architecture. It connects to EVE-OS devices using a secure, outbound-only channel, avoiding inbound ports and enabling a Zero Trust posture by design.

ZEDEDA’s architecture is engineered with the following key capabilities and design principles:

Built for diverse industries and edge use cases.
Runs on commodity off-the-shelf edge hardware, from lightweight gateways to powerful servers.
Scales from proof-of-concept to thousands of nodes with the same workflow.
Designed around Zero Trust principles to protect your edge perimeter.

See How ZEDEDA is Built →

ZEDEDA Infrastructure Services at a Glance

At its foundation, the ZEDEDA Edge Intelligence Platform consists of three integrated pillars built to meet the needs of modern, distributed environments:

ZEDEDA Infrastructure Services

The software foundation organizations use to centrally deploy, manage, and secure edge infrastructure and applications at scale, with integrated edge-native services that handle access, updates, and lifecycle operations.

Learn More →

EVE-OS

The secure, open-source edge operating system that runs on edge devices and abstracts hardware complexity. EVE-OS provides a trusted foundation for running virtual machines and containers side by side, with hardware-rooted identity, strong isolation, and no local user access.

Learn More →

ZEDEDA Ecosystem

A broad ecosystem of certified hardware vendors, software partners, and IT service providers that extend the platform. The ecosystem enables customers to deploy complete, interoperable edge solutions without fragmentation or lock-in.

Explore the Ecosystem →

STEP 1

Create a Project and Define Workloads

Administrators begin by creating a project, which may contain one or thousands of edge devices. Within the project, they define:

Application and network policies
Security and attestation requirements
User access rights (RBAC)
Expected hardware variations (GPU acceleration, LTE modules, etc.)

Using the ZEDEDA Marketplace, administrators select the applications and workloads to deploy. Marketplace manifests specify:

Source and Runtime Type

Image locations
Whether the workload runs as a container, VM, or Kubernetes service

Compute and Network Configuration

vCPU and memory allocations
Network and firewall configurations

Instantiation Parameters

Optional scripts or templates needed during instantiation

Hardware Requirements

Direct-attach hardware (GPU, FPGA, USB, Serial)

Once reviewed, the configuration is applied to all current devices and automatically to any new devices that meet the project policies.

STEP 2

Order or Install EVE-Powered Devices

Organizations can order certified hardware with EVE-OS preinstalled, or they can install EVE themselves in minutes.

EVE installation includes:

A secure identity workflow using a TPM-backed private key
Creation of a hardware-rooted identity that cannot be cloned
Initialization of mutually authenticated, outbound-only API connectivity to the ZEDEDA console

Once EVE is installed, the device is ready for zero-touch provisioning and can be shipped directly to the deployment location.

STEP 3

Plug In and Automatically Onboard — No IT Required

Upon connecting power and network, EVE initiates its measured boot and remote attestation workflow, which ensures:

Software stack integrity
Protection against firmware/rootkit modification
Verification of hardware and boot components
Enforcement of physical security (USB, Serial, and other ports isolated by default)
Encryption of all communications (TLS)

Only after successful attestation does the device unlock encrypted storage and request its configuration from ZEDEDA Cloud.The device is then automatically assigned to the appropriate project and downloads its application manifests.

STEP 4

Instantiate Infrastructure, Runtimes, and Applications

With configuration in place, the edge node retrieves required images from the specified repositories—cloud or on-premises—and brings up system components accordingly.

Examples of services deployed on the node include:

Windows or Linux VMs
Native containers
Kubernetes runtimes (K3s, Tanzu, MicroShift, etc.)
IoT frameworks such as Azure IoT Edge
Firewalls and SD-WAN endpoints
Virtualized network functions (NFVs)

ZEDEDA’s deep API integrations can automatically configure controllers (firewall, SD-WAN, Azure services, Kubernetes platforms) for zero-touch service enablement.

ZEDEDA also supports segmented networks and offline environments through features like air-gap delivery and eventual consistency.

STEP 5

Monitor, Manage, and Update

From ZEDEDA's console, administrators can:

Monitor device and application health
Bulk deploy workloads across fleets
Push software updates and security patches
Adjust network interfaces and I/O assignments
Add new applications or use cases dynamically
Perform zero-touch onboarding of new devices

ZEDEDA provides rich operational visibility including:

CPU, memory, disk, and network usage
Detailed network flows
Per-application performance
Geographical device distribution
Security posture and alerts

All updates to EVE-OS and applications are secure, fail-safe, and include automatic fallback to maintain uptime.

How ZEDEDA Works

ZEDEDA delivers a consistent and secure edge orchestration experience from device onboarding to full lifecycle management. The following steps illustrate how the platform works in practice.

Security at Every Layer

ZEDEDA’s security framework enforces Zero Trust at every layer, from hardware to cloud:

Measured Boot & Remote Attestation: Prevents tampering at firmware, OS, and hardware levels.

TPM-Based Identity: Keys sealed in hardware ensure nodes can’t be spoofed or cloned.

Encryption Everywhere: Data is encrypted at rest, on disk, and in-flight (TLS).

Port Isolation & Access Control: Physical interfaces (USB, Serial) are locked down, preventing tampering even when nodes are physically accessible.

Signed Artifacts: EVE and application images are cryptographically verified before deployment.

Distributed Firewall: Deploy and integrate preconfigured firewalls for every application enabling zero touch service deployment..

Secure, Fail-Safe Updates: Dual partitions allow rollback on update failure.

Threats Addressed

Compromised credentials or physical access attempts

Theft or cloning of storage devices

DDoS attacks targeting edge nodes

Exploits in runtimes or OS

Device enrollment in botnets

Learn More

Scale Operations with Automation

For advanced workflows, ZEDEDA supports Terraform and also offers northbound APIs to create workflows for complete lifecycle management, integrating with existing application controllers, CI/CD systems, and orchestration platforms.

Examples include:

Turnkey Azure IoT Edge runtime deployments, data pipelining, and Azure-to-Azure API configurations.
SD-WAN and firewall integrations
Kubernetes ecosystem integrations with leading providers.

Explore our API Documentation →

Purpose-Built for Distributed Environments: Runs reliably across air-gapped, low-bandwidth, and segmented networks

Vendor-Neutral: Open source EVE foundation ensures no vendor or platform lock-in

Consistent Operations Model: One workflow for containers, VMs, and legacy workloads

Proven at Scale: Deployed across thousands of nodes in mission-critical industries

Why ZEDEDA Works for the Edge

Schedule a Demo →

Customer Testimonials

ZEDEDA has been our trusted partner for providing a solution for orchestrating and remotely managing our expanding global fleet of devices. Their cloud-based solution empowers us to seamlessly update devices in the field and meticulously control every software layer on our edge devices.

Jamal Abdelkhalek IoT Software Engineer, BOBST

With ZEDEDA we have an automatic process that’s faster, less prone to error, and future-proofed. We can manage nodes remotely, easily update them, and have the peace of mind of knowing that if software failure happens, we can deal with it.

Ivan Arkipoff CTO, PV Hardware

ZEDEDA provides us a great way to connect the existing applications with modern applications, allowing us to run solutions with VMs or containers, all integrated in the same wire.

Claudio Fayad CTO, Emerson

Explore Customer Stories

Why ZEDEDA

Customers

News & Events

Blog

Edge Inference Services

Marketplace

Edge Kubernetes Service

Edge Kubernetes App Flows

Edge Air Gap Sync

Edge Remote Access

How Infrastructure Services Work

EVE

Security

Edge AI

Computer Vision

Hardware Consolidation

Predictive Maintenance

Remote Device Management

Industrial IOT

Industries