1st open call winners
On February 29, 2024, FLUIDOS successfully concluded its 1st Open Call, receiving a total of 49 applications from applicants across Europe. After a careful selection process, a group of 10 projects were chosen: 5 to be funded with the Technology Extension grant and 5 with the Use Case grant. The applicants will be showcasing how they will leverage the FLUIDOS’ MetaOS technology in their projects.
These are the winners of the 1st Open Call:
Technology Extension Grant
Name of the Subproject
XADATU
Decentralised XACML-Authorisation and DLT-Accounting for extending Security and Zero Trust Architecture of FLUIDOS federated frameworks.
Description
XADATU aims to design and implement, integrate decentralised authorisation and accounting for geographically distributed resources and GAIAX federated framework. XADATU will delivers a secure and scalable solution for resource access control and accounting in a highly dynamic and distributed Edge/Cloud scenario, enforcing domain-specific access control policies in line with the current implementation of zero-trust paradigm of the FLUIDOS project. In particular, ODINS will leverage the Verifiable Data Registry of the Governance plane to extend the current functionalities with accountability of the access control operations via the storage in distributed ledgers (e.g. Hyperledger Fabric). Moreover, ODINS will extend the Security and Privacy Manager to implement a distributed authorisation system based on standards like XACML policy language (Extensible Access Control Markup Language) and ABAC model (Attribute-based access control).
Subproject goals and how will FLUIDOS help you achieve them
XADATU will provide a Technology Extension (TE) for the development and integration of decentralised authorisation/accounting features with the FLUIDOS framework of federated deployments for computing continuum.
The specific objectives and expected outcomes of the XADATU project are:
- Definition and planning of the XADATU solution for covering the distributed authorisation and accounting requirements of the FLUIDOS architecture. (Task 1, Deliverable 1, Initial plan)
- Design, development and integration of the distributed authorisation and accounting mechanisms based on standardized XACML language, ABAC model and DTL technology for GAIA-X federated framework of the FLUIDOS architecture. (Task 2, Deliverable 2, Developed authorisation/accounting extensions, 2 open source codes published).
- Deployment and evaluation of the XADATU extensions developed and integrated with the FLUIDOS architecture to measure and validate the key performance indicators (KPIs). (Task 3, Deliverable 3, TRL5 DEMO, KPIs monitored).
Technology Extension Grant
Name of the Subproject
FRUITFUL
Description
The need to manage Containers across IoT-Edge-Cloud Continuum using ML and to accommodate general ML workloads in cloud environments, has led to the development of Kubeflow. FRUITFUL will deploy Kubeflow, operating into FLUIDOS Node to support the entire ML lifecycle. Throughout the ML lifecycle, a tedious aspect involves generating and extracting features from raw data, and deploying these features for model training and inference. A feature store module called FEAST creates feature definitions, centralizes their registration, and ensures consistent feature availability. FRUITFUL will also integrate the FEAST feature store into FLUIDOS Kubeflow, facilitating seamless sharing and reuse of features.
Subproject goals and how will FLUIDOS help you achieve them
Although FLUIDO deals with federated on-device learning, local AI models execution and data sovereignty, it lacks up to now a ML toolbox (like Kubeflow) for Kubernetes (i.e., the main scheduler of Local node), and a feature store (like FEAST) for feature sharing and reusage. This section briefly presents how FRUITFUL aims to extend FLUIDO scope and technology, by integrating Kubeflow (Objective 1) and improve FEAST software (Objective 2). It highlights the principal elements of our design, and the relevant implementation, integration and validation processes.
The first activity (Activity 1) will focus on extending FEAST poor cloud support into a cloud-native client-server system and prepare its integration with Kubeflow. At the moment, FEAST is basically a Python SDK that manages and orchestrates other components such as the Offline Store, the Online Store, and the Registry [5]. However, all of these three components rely on vendor specific infrastructure such as storage buckets, or data warehouses. Having an open-source project like Kubeflow requires components that are vendor agnostic and can be used in various FEAST deployments. To this end, FRUITFUL will plan (during Planning Stage, see, e.g., Section 5) a new Registry backend (i.e., a complete REST API server for managing feature definitions and their metadata), which adds an extra layer on top of the stored Registry objects. The development of this management layer (during Implementation Stage, see, e.g., Section 5) will make FEAST also able to perform authentication and authorization control. Additionally, FRUITFUL will develop a client that interacts with the API server in the Kubernetes environment (Scheduler of Local Node). The time duration of Activity 1 will be 5 months (due to August 2024).
The second activity (Activity 2) of FRUITFUL is to integrate Kubeflow with FLUIDOS, selecting Kubeflow modules that are more suitable for the FLUIDOS purposes. Most probably, among the active distributions that have recent releases (within the last 6 months), the Charmed Kubeflow from Canonical will be selected, since it supports all Certified Kubernetes Distribution and the integration with FLUIDOS will be smoother (Deployment/Integration Subphase, see, e.g., Section 5). Herein, FEAST developed components will be stabilized and integrated into FLUIDO functional platform. Initial testing and results collection will take place also. The time duration of Activity 2 will be 2 months (due to October 2024).
The third activity (Activity 3) is responsible for final testing and validation (Deployment /Validation Subphase, see, e.g., Section 5). Extensive conformance testing will be performed, and validation events will be organized to reach the final software outcomes. Activity 3 is also in charge of constantly documenting all the work done in FRUITFUL, preparing the final live demo, and supporting (or receiving feedback from) FLUIDO Consortium. Activity 3 also includes exploitation and will support FLUIDO Open Call 2 (if needed). The time duration of Activity 3 will be 1 month (due to November 2024). FRUITFUL proposes to radically change FEAST functionality, and to transform it to a powerful open-source feature store, able to support various use cases and environments. To this end, several barriers and difficulties may arise, like for example the case where FEAST SDK client does not fully exploit the new API server, or the API server does not support an automated feature pipeline using Kuberflow Pipelines (KFP), etc. In all cases, even if FRUITFUL will not be able to exploit all features of its novel architecture, this will not affect the Minimum Value Product (MVP) and also possible technical glitches will not impact the core ideas presented.
Use Case
Name of the Subproject
DIHICLE
Drone-based Automated Distribution Overhead Lines and Towers Inspection through Hierarchical Inference and Cloud-Edge Interoperability.
Description
DIHICLE revolutionizes powerline inspection and maintenance practices. We’ll leverage drones, AI, and cloud-edge interoperability to create a system that significantly improves speed, accuracy, and cost-effectiveness to ensure critical power grids’ health. Key innovation lies in using hierarchical AI – small AI models deployed directly on drones will provide quick analysis, while more powerful cloud-based models will be activated for complex cases requiring higher accuracy. The system intelligently adapts to the drone’s location, dynamically selecting the best edge node to minimize delays and reduce data transmission costs by leveraging FLUIDOS architecture. By focusing on detailed fault analysis, we enable predictive maintenance.
Subproject goals and how will FLUIDOS help you achieve them
Five (5) specific Expected Outcomes (EOs) are defined to tackle the above challenges:
EO#1: Optimizing Computational Efficiency.
- EO#1.1: Develop and implement methods to optimize the execution of DL models on resource-constrained drones.
- EO#1.2: Explore techniques for reducing the computational and memory requirements of DL models without compromising accuracy.
EO#2: Enhancing Tiny-ML Performance.
- EO#2.1: Investigate and implement strategies for improving the accuracy of Tiny-ML models for specific input samples.
- EO#2.2: Determine the optimal trade-off between accuracy and model size in the context of facility inspection via drones.
EO#3: Establishing Seamless Integration of HI.
- EO#3.1: Implement an abstraction layer between the underlying physical resources and the tasks they undertake.
- EO#3.2: Develop a robust framework for implementing HI, ensuring smooth transitions between the reduced model and complete DL model.
- EO#3.3: Implement mechanisms for real-time decision-making on whether to use the reduced model or switch to the complete DL model based on performance metrics.
- EO#3.4 Cloud-edge interoperability enabling data and decision-making transfer.
EO#4: Adapting to different Inspection trajectories.
- EO#4.1: Adaptive strategies for choosing servers and data paths based on the scheduled trajectories of drones in the DIHICLE use case.
- EO#4.2: Minimize end-to-end response latency by strategically selecting servers near the drone’s current position.
EO#5: Reducing Operational Costs.
- EO#5.1: Optimize the communication strategy to omit unnecessary large data transfers between the drone and the remote server.
- EO#5.2: Implement cost-effective solutions considering the facility inspection application’s computational and communication costs.
The DIHICLE project offers FLUIDOS a unique opportunity to expand its reach into the critical domain of powerline inspection. By integrating DIHICLE’s drone-based inspection system and hierarchical AI, FLUIDOS gains several key benefits:
- Innovative Application with Market Potential: DIHICLE showcases FLUIDOS’ ability to power cutting-edge solutions for the RES industry, highlighting its adaptability and attracting new users.
- AI at the Edge: DIHICLE’s cloud-edge synergy demonstrates the power of FLUIDOS’ orchestration capabilities, optimizing complex AI deployment for real-world scenarios. Predictive Maintenance for Sustainability & Circular Economy: DIHICLE’s focus on predictive maintenance aligns with FLUIDOS’ commitment to resource efficiency, reducing waste and extending the lifespan of critical power infrastructure.
- FLUIDOS at the Edge: FLUIDOS transforms the drone into a dynamic, manageable compute node, enabling real-time AI processing. Hence, through DIHICLE, a new use case of the FLUIDOS at the edge is demonstrated.
- Intent-Based API: DIHICLE exploits its functionalities by translating the power system’s inspection objectives into optimized resource allocation, dynamically reacting to the drone’s environment.
- Telemetry for Proactive Optimization: FLUIDOS ensures constant performance by proactively reassigning resources based on network conditions, a functionality that DIHICLE employs to measure critical KPIs of the application.
- Real-World Validation: DIHICLE’s campus demonstrations solidify the solution’s practicality, attracting potential customers seeking proven technology.
Use Case
Name of the Subproject
DEAS
Distributed Edge Analytics Service
Description
The DEAS proposal aims to integrate Distributed Edge Analytics Service within the FLUIDOS framework using 5G small cells. This integration will enable real-time data processing and analytics at the network’s edge, providing telemetry and radio link information to optimize FLUIDOS service allocation. DEAS focuses on enhancing service and computing continuity in dynamic environments, such as drone swarming, by dynamically distributing computational resources among micro edges. The proposal addresses current limitations of manual configurations, aiming to create a responsive and adaptive computing continuum, significantly improving efficiency and operational resilience.
Subproject goals and how will FLUIDOS help you achieve them
The subproject goals of the Distributed Edge Analytics Service (DEAS) within the FLUIDOS framework include:
- Real-Time Data Processing: Enable real-time data processing and analytics at the network’s edge.
- Resource Optimization: Provide telemetry and radio link information for optimal resource allocation.
- Service Continuity: Enhance service and computing continuity in dynamic environments, such as drone swarming.
- Dynamic Resource Distribution: Facilitate dynamic distribution of computational resources among micro edges.
Technology Extension Grant
Name of the Subproject
FLUIDOS-MESH
Description
Increasingly, microservices Kubernetes applications are complemented by software frameworks called “service mesh”, such as Consul, Istio, Linkerd, etc. Service meshes aim to enhance the application with application-level telemetry, advanced routing of requests from service to service, and load balancing. A significant advantage of service meshes over other integrated solutions is that they provide these capabilities without requiring any changes to the application code. This project develops a FLUIDOS service mesh layer, named FLUIDOS-MESH, tailored for geographically distributed microservice applications running on FLUIDOS system. It is suitable for application providers seeking privacy-preserving telemetry alongside reliable and efficient request routing.
Subproject goals and how will FLUIDOS help you achieve them
The FLUIDOS-MESH project applies for a Technology Extension Grant (TEG). It has a twofold goal that concerns Privacy-Preserving Telemetry and Reliable and Efficient Request Routing for FLUIDOS applications.
Privacy-Preserving Telemetry – FLUIDOS-MESH telemetry function collects application-level metrics and traces with privacy protection. Application providers can only access telemetry data related to their microservice applications, ensuring complete data segregation. In addition, FLUIDOS-MESH prevents access to telemetry information unrelated to a provider’s application, including infrastructure and node data, reinforcing privacy at every level.
Reliable and Efficient Request Routing – FLUIDOS-MESH provides microservice applications deployed across FLUIDOS Nodes (Kubernetes clusters) with topology-based request routing and optimized load balancing. This means greater system reliability and a better user experience. Leveraging topology-based routing, FLUIDOS-MESH prioritizes local microservice instances within a Node, seamlessly redirecting requests to remote instances only if local ones encounter issues. Moreover, FLUIDOS-MESH advanced load-balancing strategies harness multi-gateway and multi-path solutions to dynamically route requests towards the best Pod/path pair, reducing latency and averting computing and network overloads.
Technology Extension Grant
Name of the Subproject
IAM4CC
Identity and Access Management for the Computing Continuum
Description
IAM4CC will provide containerized Identity and Access Management (IAM) components for the computing continuum. These components will enable decentralized Self-Sovereign Identity management implemented using Decentralized Identifiers, and fine-grained access control implemented using Verifiable Credentials and Relationship-Based Access Control. IAM4CC components will include: an authorization registry where access control policies can be defined, a wallet where public keys, x509 certificates, and Decentralized Identifiers can be stored and used for authentication, and an authorization enforcement module that transparently provides access control to HTTP-based APIs, supporting continuous authorization and revocation, and enabling zero-trust access.
Subproject goals and how will FLUIDOS help you achieve them
The goal of the project is to enable decentralized, fast, and continuous authentication and authorization for processes and devices. IAM4CC will enable “federated” access control policy definition allowing each member of the federation to manage the policies of it’s administrative domain independently; then all definitions will be combined during the policy decision process. FLUIDOS is anticipated to provide infrastructure and services that will allow us to experiment with containerized versions of our components executed in various, strategical network locations. Using FLUIDOS containers should be able to communicate in a transparent and seamless manner no matter their location in the network.
Use Case
Name of the Subproject
FUSION CHECK
Description
Fusion Check proposal for Use Case Grant aims to develop an interoperable set of software components for FLUIDOS and deploy a dashboard interface aimed at facility managers that need to optimize communication between IoT devices, edge servers and the cloud in large complexes such as University Campuses and Retail stores.
Subproject goals and how will FLUIDOS help you achieve them
Fusion Check utilizes FLUIDOS Network fabric to enable seamless communication between edge devices and disparate cloud applications and FLUIDOS Orchestrator to ensure high availability by combining edge and cloud servers ( university campuses, retail stores).
Technology Extension Grant
Name of the Subproject
Integrate the neuropil cybersecurity mesh protocol into FLUIDOS
Description
Our project aims to establish the zero trust approach to any kind of interaction in the FluidOS Continuum. To achieve this, we will equip all participants (applications, containers, devices, humans) with the required digital identities and establish a cybersecurity mesh network to enable the de-centralized data exchange between all participating systems.
Subproject goals and how will FLUIDOS help you achieve them
On one side our project will deliver secure an privacy preserving transmission of REAR and telemetry data for the FluidOS project. On the other side, to seemlessly integrate with the cloud-edge paradigm and to inject zero trust into any running container or device, the development of a CNI plugin is envisaged and modifications to the protocol will be done to also cover small devices. The FluidOS project defines a valuable reference architecture and extends our own robot showcase not only with the required cloud definitions, but also with precise data models to exchange telemetry data and resource usage agreements. Consequently, the FluidOS project will be used as a base layer for our robot showcase that demonstrates data ownership, and all our results will be incorporated into this showcase. We are eager to see how the combination of the FluidOS computing continuum and the neuropil cyber-security mesh works and whether common goals can be achieved.
Use Case
Name of the Subproject
TARGET
inTelligent dAta pRocessinG thE conTinuum
Description
The TARGET project will provide a real-world setting to validate the capabilities of Fluidos when combined with dataspaces, a federated data ecosystem at the centre of EU data strategy. Thanks to Meditech, we will gain access to valuable data from active ongoing projects that have invested in collecting data from Operational edges. These rich datasets include information related to human health, animal health, and the environment. Within this context, the TARGET project aims to showcase the following functionalities of Fluidos:
- Data processing on federated data ecosystem
- Edge Computing Management
Subproject goals and how will FLUIDOS help you achieve them
Main goal of the project is to move from an “home made” or manual shcedulation of computation movement in case of machine overload to a fully authomatic one also when computational units are managed by different organizations.
Use Case
Name of the Subproject
FLUIDOMOS
FLUIDOS for DOMOtic Systems
Description
The FLUIDOMOS project seeks to enhance the DELIS v2.0 automation platform by integrating it into the FLUIDOS Computing Continuum environment.
Presently, DELIS operates as a cloud platform utilising a Silos-Model, providing solutions for the design, implementation, management, and reconfiguration of home/building automation systems, facilitating the use of diverse technologies and devices.
Subproject goals and how will FLUIDOS help you achieve them
The goal of FLUIDOMOS is to transition the existing Cloud-Only architecture to a computing continuum model, thereby exposing DELIS micro services through the FLUIDOS platform. The updated DELIS micro services, in the form of deployment for Kubernetes environments, can be orchestrated between cloud and Edge Nodes, thus ensuring greater flexibility and adaptability of the ecosystem. With this approach, each service is associated with a global ingress and eventually a specific configuration on the edge node side upon external communication failure. With the adoption of Kubernetes and FLUIDOS management policies (such as pod isolation, replicas and offloading), issue resolution can be automated and managed transparently. FLUIDOS includes policies based on intents and flavors that will allow the limitation of service execution and access not only to specific roles but also to specific areas within the FLUIDOS network. Additionally, FLUIDOS approach enables energy aware computing, allowing to schedule services minimising the carbon footprint.
FLUIDOS Advantages
For the home/building automation systems addressed by FLUIDOMOS, the main advantages are obtained thanks to FLUIDOS allowing to:
- improve service continuity
- reduce on-site operator interventions
- increase privacy and security
- optimise energy efficiency and resource sharing
FLUIDOS helps achieve these goals by offering a distributed computing infrastructure that enables the orchestration and management of resources both on the Cloud and on Edge Nodes. It will therefore allow us to overcome the limits of cloud-only solutions by ensuring greater resilience and improving the interoperability and management of heterogeneous IoT devices.