Managing Atlas 500 AI Edge Stations on FusionDirector

Scenarios

Procedure

1. Choose Maintenance > NMS Registration.
   Figure 2-7 NMS Registration
   

2. Select the NMS mode.
   • Before switching the NMS mode between Point-to-point Management and FusionDirector, you need to manually uninstall the deployed service instances for firmware earlier than 20.0.0.016. For firmware 20.0.0.016 or later, existing service instances will be smoothly ported and you can manually uninstall them.
   • If service instances have been deployed before the NMS mode is switched to HUAWEI CLOUD IEF or Third-Party Management Platform or switched from HUAWEI CLOUD IEF or Third-Party Management Platform to another NMS mode, you need to manually uninstall the deployed service instances before switching the NMS mode.
   • When changing the NMS mode from FusionDirector to HUAWEI CLOUD IEF, ensure that the correct IEF certificate is uploaded. Otherwise, a message indicating switching failure is displayed on the web page. In this case, the web page automatically refreshes the NMS mode to point-to-point management.
   • Point-to-point Management: By default, the Atlas IES independently manages an Atlas 500 AI edge station in this mode. You can enter the management IP address of the Atlas 500 AI edge station on your browser to perform point-to-point device management.
   • FusionDirector: Connect the Atlas 500 AI edge station to the central management system FusionDirector for unified management. Set the parameters based on the actual situation.
     Figure 2-8 FusionDirector
     

     The firmware versions earlier than 20.0.0.016 do not support the Node ID, Server Name, FusionDirector Root Certificate File, and FusionDirector Interconnection Test parameters.

     Parameter	Description
     Node ID	ID of the device connected to FusionDirector. Retain the default value. NOTE: If the Atlas 500 AI edge station is faulty and replaced, the node ID of the Atlas 500 AI edge station must be the same as the node ID of the original Atlas 500 AI edge station. Choose Menu > Devices > Device List > Edge Devices on the FusionDirector WebUI to query the node ID information of the faulty device.
     Server Name	If you import a user-defined service certificate to FusionDirector, you need to import the root certificate of the corresponding CA to the edge device to verify the user-defined service certificate of FusionDirector. You can import the root certificate clicking FusionDirector Root Certificate File on the WebUI. In addition, you need to set the Server Name parameter to verify the domain name of the user-defined service certificate of FusionDirector. The value must be the same as the CN field of the user-defined service certificate of FusionDirector. (CN refers to Common Name.) If the service certificate preconfigured by Huawei is used, you do not need to set this parameter. NOTICE: The CN field of the user-defined service certificate cannot contain "huawei". Otherwise, the device fails to interconnect with FusionDirector. If the server name is a domain name starting with "*.", after the configuration is saved, "*." will be replaced with "fd.".
     IP Address	IP address for accessing FusionDirector.
     Account	Account for accessing FusionDirector. The default account is EdgeAccount.
     Password	Password for accessing FusionDirector. If the version of FusionDirector is 1.7 or later, obtain the password by referring to "Configuration Quick Start > Edge Device > Adding an Edge Device" in the FusionDirector Operation Guide. If the FusionDirector version is earlier than 1.7, obtain the password by referring to "Configuration Quick Start > Edge Device > Registering FusionDirector NMS Information" in the FusionDirector Operation Guide.
     FusionDirector Root Certificate File	Click to upload the root certificate file. If there are multiple levels of certificates, merge all the certificates into one file and import it. You are advised to place the upper-level certificates after the lower-level certificates in the file. This parameter is optional. You do not need to set this parameter if a preconfigured certificate is used. However, you are advised to use your own certificate and public-private key pair and periodically update them for security purposes. If the device fails to connect to FusionDirector because the certificate has expired or is revoked, import the root certificate file again. For security purposes, the root certificate must meet the following requirements: Use RSA with a key of 2048 bits or more if an asymmetrical encryption algorithm is used. Use SHA2 with a secret of 256 bits or more if a hash algorithm is used. You are advised to customize a root certificate. In addition, Huawei provides a root certificate on its official website. To obtain it, perform the following steps: Log in to FusionDirector, choose Menu > System Settings > Security > Certificates > Service Certificates from the main menu, and click Export to download the certificate package rootCerts.zip to the local PC. Decompress the downloaded certificate package to obtain the rootCertChain.crt certificate. NOTICE: After the root certificate is replaced, Docker Engine will restart, which takes about 50s. After Docker Engine is restarted, your services will also restart. Exercise caution when performing this operation.
     FusionDirector Interconnection Test	If you select Test, the node ID and the connectivity between the device and FusionDirector are tested. If the test fails, the NMS mode switchover fails. The interconnection test is performed by default. If you select Do not test, the node ID and the connectivity between the device and FusionDirector will not be tested. The NMS mode switchover is successful, but the edge station may not be managed by FusionDirector. In the offline centralized configuration where FusionDirector cannot be connected, you can skip the interconnection test. However, the FusionDirector parameters must be valid. That is, the node ID of each Atlas 500 AI edge station must be unique on FusionDirector, and the IP address, user name, and password are valid. The interconnection test is recommended in other scenarios to prevent management failures caused by incorrect input.

   • HUAWEI CLOUD IEF: The Atlas 500 AI edge station is managed by HUAWEI CLOUD IEF as an edge node.
     Click on the right of Node Certificate/Product Certificate to upload a certificate file.

     Figure 2-9 HUAWEI CLOUD IEF
     
   • Third-Party Management Platform: An Atlas 500 AI edge station functions as an edge node, connects to a third-party management platform, and is managed by the third-party management platform in a unified manner. Set the parameters based on the actual situation.
     Figure 2-10 Third-Party Management Platform
     

     Parameter	Description
     Server Name	Optional. The default server name is kubeedge.io. If the generated node certificate uses a custom server name, you need to set this parameter to verify the domain name of the node certificate. The value must be the same as the CN parameter of the node certificate. (CN refers to Common Name.)
     IP Address	Configures the IP address and port number of the third-party management platform. IP address: It is mandatory and indicates the IP address for logging in to the third-party management platform. Port number: It is optional and indicates the port number of the third-party management platform. The value ranges from 0 to 65535. The default value is 10000. If you want to set the port number, it must be the same as the WebSocket port number of the CloudCore service on the third-party management platform, which equals the value of WebSocket port in the config/cloudcore.yaml file in the installation path of the third-party management platform . Otherwise, the WebSocket connection fails.
     Node Certificate/Product Certificate	Mandatory. Click next to Node Certificate/Product Certificate to import the generated node certificate. The certificate must meet the following requirements: The extension of the certificate package name is tar.gz. The name of the certificate package contains a maximum of 256 characters, including lowercase letters (a-z), uppercase letters (A-Z), digits (0-9), hyphens (-), underscores (_), and dots (.). The maximum size of a certificate package is 10 MB. The certificate package must contain the rootCA.crt, server.crt, and server.key files. Those three files must be placed in the root directory of the package and cannot be placed in any subdirectory. The total size of the three files is 10 MB.

3. Click Save.