1) What is EdgeView
EdgeView is a tool to allow user to interact with the remote edge devices and applications. EdgeView is implemented as a Docker container. The EdgeView container on the remote device serves as a 'server' function for EdgeView, and the same container on the user laptop serves as a 'client' function. The EdgeView client and server hops through the Dispatcher to communicate to each other. For more detail description of the EdgeView, see the EdgeView Architecture document. EVE has EdgeView support since release 8.5.0.
2) Where to get EdgeView
EdgeView is built as a Docker container, it can be pulled from docker registry with 'lfedge/eve-edgeview'. The source code is at EVE repository in pkg/edgeviw.
3) How do I start EdgeView
4) What is EdgeView Security Mechanism
First of all, to enable EdgeView on an EVE device to allow users remote access into it, the session needs to be allowed and enabled on the controller side. EdgeView configuration is part of the EVE device configuration. The configuration also defines access policies for this particular session. See EdgeView Policies for details.
A JWT token is generated when the EdgeView session is enabled for the EVE device. The token is signed by the controller and verified by the EVE device when it receives the EdgeView configuration from the controller. The token has an expiration time which is defined by the controller for this session. When the token expires, the EdgeView session, which connects to the dispatcher, will be torn down.
The remote user needs to acquire the same JWT token in order to establish an EdgeView session into the device or applications for troubleshooting or management.
Both the device and the user's laptop connect to the dispatcher, defined in the JWT token, through HTTPs session with TLS encryption. All the messages inside the EdgeView session is either authenticated or encrypted bidirectionally with a random 'nonce' which is created when the JWT token is generated by the controller. Thus even if the dispatcher server is compromised, the EdgeView messages can not be modified or viewed.
5) Why not just use SSH
SSH works fine if the user laptop and the edge device are in the same network, either they are all on the Internet or all in a private VPN network. If the edge device is behind NAT, firewall, LTE or proxy server, and the user's laptop is not, then SSH will not work. Also in the case of the user's laptop and the device belong to the same network, if multiple users want to access the device, they all need to share the private SSH key (or add multiple public keys onto the device) which sometimes is not desirable.
6) Why not just use SD-WAN
First, yes, when an edge device is behind the firewall, NAT or private LTE router, SD-WAN can be used to access that. The EVE device can be part of the SD-WAN just like any host or servers inside a company's VPN. This is in the IT domain of an enterprise. This assumes the enterprise already has the SD-WAN network and also the IT department allows the edge devices to be part of the VPN in the company.
There are many different SD-WAN solutions, different enterprises use different solutions and they have different IT policies and rules on the SD-WAN network. How to use the SD-WAN software to access the edge device and applications for troubleshooting will have to be achieved in case by case manner. The user can create a virtualized instance of the SD-WAN client as an App on the EVE device, the user's laptop has also to be part of the VPN. The correct routing needs to be setup in the SD-WAN App, the user can then access the other applications on the EVE device or the network connected to the EVE device.
Then, another solution can be to use the SD-WAN for EVE devices by the EVE controller provider independent of enterprises. The EVE controller provider manages the SD-WAN controllers and systems. The SD-WAN client runs as part of the EVE software. First of all, this needs to get enterprises IT permission to have a non-native SD-WAN into their remote locations; then to manage the SD-WAN controller itself, and make them scalable and HA is not a trivial task. There is also the challenge of security measures needed for managing multiple enterprises and synchronize the devices SD-WAN status to the EVE controllers.
While EdgeView solution is light weight, it does not need a controller for the operation. The user on EVE device controller needs to authorize and start the session, the rest of the operation is between the user and the EVE device sharing a private token which only has a limited time to live. The EdgeView does not have all the capabilities of a normal SD-WAN, it has a set of commands to be used for EVE device troubleshooting, and it allows TCP access for applications and other servers on the remote network. Users do not need to configure and run routing protocols for EdgeView which normally is required by the SD-WAN clients.
7) Why not just use WireGuard or OpenVPN
8) Does EdgeView use IP overlay
No. Unlike a normal VPN going through multiple domains (with Internet in the middle) using routing scheme, EdgeView has multiple intermediate nodes stitching the traffic bidirectionally. It does not need to use IP over IP scheme. The EdgeView message is carried in normal TCP packets without IP overlay.
9) If controller has 'Remote Console' for EVE App, is that equivalent to EdgeView
10) Why Dispatcher is needed, who controls it
11) What is EdgeView TCP channel
12) Does EdgeView work for devices behind NAT or Firewall
13) Can the device be behind a proxy server
14) How to log into remote application
15) Can I use VNC or RDP
16) Can web browser be used over EdgeView
17) Will EdgeView work for HTTPs or TLS services with remote applications
18) Does remote application need to be on EVE devices for EdgeView access
19) Why log-search if device log is already uploaded to the controller
20) Is application port mapping still needed
21) How to get 'Show TechSupport' while the device fails to onboard
Yes, it is possible to get a compressed 'techsupport' file while the device has not onboarded yet. For the detailed steps, see Show TechSupport before Device Onboarding.
22) Does the EdgeView Client script run on MacOS and Window
Yes. the generated EdgeView client script will run on MacOS, assume the docker client has been installed on the MacOS. It will run also on Window OS if the Docker Desktop for Window and WSL 2 is installed (e.g. with Ubuntu distro).