Edge Devices
Edge appliances are physical or virtual devices deployed on customer premises (OT/IT networks). They act as local sensors and control points that communicate with the Monozu Cloud platform.
Role in the system
Section titled “Role in the system”graph LR
subgraph CustomerSite ["Customer Site"]
EdgeDevice["Edge Appliance<br>(Linux / snap)"]
Network["OT/IT Network<br>(PLCs, switches, servers)"]
end
subgraph MonozuCloud ["Monozu Cloud"]
CloudAPI["Cloud Backend API"]
Ingestor["Ingestor Service"]
end
Network -->|"passively monitored"| EdgeDevice
EdgeDevice -->|"registration + commands<br>GET /api/v1/commands"| CloudAPI
EdgeDevice -->|"telemetry batch<br>POST /v1/ingest"| Ingestor
What Edge devices do
Section titled “What Edge devices do”| Capability | Cloud API path | Ingestor path |
|---|---|---|
| Device registration | POST /api/v1/devices/register | — |
| Command polling | GET /api/v1/commands | — |
| Telemetry upload | — | POST /v1/ingest (kind: telemetry) |
| Log upload | — | POST /v1/ingest (kind: log) |
| Security alert reporting | — | POST /v1/ingest (kind: security_alert) |
| Network discovery | — | POST /v1/ingest (kind: discovery) |
| Backup events | — | POST /v1/ingest (kind: backup_event) |
| OTA snap update | GET /api/v1/snaps/* | — |
Authentication
Section titled “Authentication”Edge devices use two different keys depending on which API they call:
| Key | How obtained | Used for |
|---|---|---|
| Provisioning key | Created in Cloud SPA → Settings → Edge Registration Keys (per tenant) | One-time device registration |
| Device key | Returned by Cloud API at registration | All subsequent API calls and Ingestor uploads |
The device key is specific to a single device. If a device is deregistered, its key is revoked.
Software packaging
Section titled “Software packaging”Edge devices run a snap package (edgezu). Updates are distributed as snap blobs via:
- Production: Azure Blob Storage (
AZURE_STORAGE_ACCOUNT/AZURE_STORAGE_CONTAINER=snaps) - Local dev: Local file path (
SNAP_BLOB_LOCAL_ROOT=/path/to/snap-blobs)
The Cloud Backend serves snap metadata at GET /api/v1/snaps/* and GET /api/v1/devices/:id/snaps. New snaps are published via POST /api/v1/admin/publish authenticated with SNAP_PUBLISH_TOKEN.