Capabilities

Edge-only

Edge-only deployment: keep control local, minimize dependencies, and still benefit from a modern engineering workflow.

CAPABILITIESCONTACT ENGINEERING
Capabilities overview

Design intent

Use this lens when adopting Edge-only: define success criteria, start narrow, and scale with safe rollouts and observability.

  • Edge-only trades centralized visibility for autonomy and simplicity
  • Updates must still be immutable and rollbackable without cloud help
  • Local runbooks and tooling are non-negotiable

What it is

In edge-only mode, core execution and operations run on-site. Connectivity to a cloud control plane is optional or periodic depending on customer constraints.

Where it fits

  • Regulated or air-gapped environments
  • Sites with unreliable connectivity
  • Customers who want maximum local autonomy

Tradeoffs

  • Pros: minimal external dependencies; resilient to WAN outages; simpler security boundary
  • Cons: less centralized visibility; slower fleet-wide rollout; harder cross-site analytics

Operational considerations

  • Local backup/restore strategy for versions and operational state
  • Defined update method (manual, scheduled, or via controlled channel)
  • Clear runbooks for commissioning and support when remote access is limited

Design constraints

  • Edge-only trades centralized visibility for autonomy and simplicity
  • Updates must still be immutable and rollbackable without cloud help
  • Local runbooks and tooling are non-negotiable

Architecture at a glance

  • Define a stable artifact boundary (what you deploy) and a stable signal boundary (what you observe)
  • Treat changes as versioned, testable, rollbackable units
  • Use health + telemetry gates to scale safely

Typical workflow

  • Define scope and success criteria (what should change, what must stay stable)
  • Create or update a snapshot, then validate against a canary environment/site
  • Deploy progressively with health/telemetry gates and explicit rollback criteria
  • Confirm acceptance tests and operational dashboards before expanding

System boundary

Treat Edge-only as a capability boundary: define what success means, what is configurable per site, and how you will validate behavior under rollout.

Example artifact

Implementation notes (conceptual)

topic: Edge-only
plan: define -> snapshot -> canary -> expand
signals: health + telemetry + events tied to version
rollback: select known-good snapshot

Related deep dives

Deterministic ControlFleet OrchestrationTelemetryProtocol SupportObservabilitySecurityControlled rollouts + rollbackDeterminism under load

Deep dive

Practical next steps

How teams typically turn this capability into outcomes.

Key takeaways

  • Edge-only trades centralized visibility for autonomy and simplicity
  • Updates must still be immutable and rollbackable without cloud help
  • Local runbooks and tooling are non-negotiable

Checklist

  • Define local backup/restore for versions and operational state
  • Plan how updates happen (manual/scheduled/controlled channel)
  • Ensure local observability and runbooks exist without cloud access
  • Validate resilience to WAN outages with store-and-forward where needed

Next steps

Related topics

Deterministic ControlFleet OrchestrationTelemetry

Deep dive

Common questions

Quick answers that help align engineering and operations.

What do you lose in edge-only mode?

Centralized visibility and fast fleet-wide rollout. You gain autonomy and a simpler security boundary, but you must invest in local operations tooling.

How do we handle updates safely without cloud orchestration?

Use immutable artifacts, explicit change windows, and a deterministic rollback path. Avoid “ad hoc” updates that can’t be audited.

What is the biggest edge-only risk?

Operational inconsistency across sites. Standardize runbooks and keep version artifacts traceable and recoverable locally.