...
4) What is EdgeView Security Mechanism
First of all, to enable EdgeView on an EVE device to allow users remote access into it, this needs to be allowed and enabled on the controller side. EdgeView configuration is part of the EVE device configuration. The EdgeView configuration also defines policies for this particular session. See EdgeView Policies for details.
A JWT token is generated when the EdgeView session is enabled for the EVE device. The token is signed by the controller and verified by the EVE device when it receives the EdgeView configuration from the controller. The token is the expiration time which is defined by the controller for this session. When the token expires, the EdgeView session, which connects to the dispatcher, will be torn down.
The remote user needs to acquire the same JWT token in order to establish the EdgeView session into the device or applications.
Both the device and the user's laptop connect to the dispatcher defined in the JWT token through HTTPs, in which the packets are encrypted. All the messages inside the EdgeView session is either authenticated or encrypted by a random 'nonce' when the JWT token is created in the controller. Thus even if the dispatcher server is compromised, the EdgeView messages can not be modified or viewed.
5) Why not just use SSH
SSH works fine if the user laptop and the edge device are in the same network, either they are all on the Internet or all in a private VPN network. If the edge device is behind NAT, firewall, LTE or proxy server, and the user's laptop is not, then SSH will not work. Also in the case of the user's laptop and the device belong to the same network, if multiple users want to access the device, they all need to share the private SSH key (or add multiple public keys onto the device) which sometimes is not desirable.
...