Capabilities

Hybrid (recommended)

Hybrid deployment: a cloud control plane with edge execution, combining central governance with local resilience and low latency.

CAPABILITIESCONTACT ENGINEERING
Capabilities overview

Design intent

Use this lens when adopting Hybrid (recommended): define success criteria, start narrow, and scale with safe rollouts and observability.

  • Hybrid keeps execution local but centralizes orchestration and visibility
  • Buffering/backpressure is how hybrid stays resilient to WAN issues
  • Staged rollouts and fast rollback keep fleets safe

What it is

Hybrid combines a central backend for orchestration/versioning with edge agents and runtimes that execute close to equipment.

Where it fits

  • Fleet operations across many sites
  • Need for centralized updates and visibility
  • Balanced requirements: resilience + governance

What changes in hybrid

  • Cloud becomes the source of truth for versions, policies, and rollout orchestration
  • Edge keeps execution local and continues running during WAN disruptions
  • Telemetry and diagnostics become fleet-wide, enabling consistent operations

Failure modes to plan for

  • WAN outages: ensure edge autonomy and buffering
  • Auth/cert drift: ensure device identity lifecycle is managed
  • Partial rollouts: plan canary and health gates to avoid fleet-wide incidents

Design constraints

  • Hybrid keeps execution local but centralizes orchestration and visibility
  • Buffering/backpressure is how hybrid stays resilient to WAN issues
  • Staged rollouts and fast rollback keep fleets safe

Architecture at a glance

  • Define a stable artifact boundary (what you deploy) and a stable signal boundary (what you observe)
  • Treat changes as versioned, testable, rollbackable units
  • Use health + telemetry gates to scale safely

Typical workflow

  • Define scope and success criteria (what should change, what must stay stable)
  • Create or update a snapshot, then validate against a canary environment/site
  • Deploy progressively with health/telemetry gates and explicit rollback criteria
  • Confirm acceptance tests and operational dashboards before expanding

System boundary

Treat Hybrid (recommended) as a capability boundary: define what success means, what is configurable per site, and how you will validate behavior under rollout.

Example artifact

Implementation notes (conceptual)

topic: Hybrid (recommended)
plan: define -> snapshot -> canary -> expand
signals: health + telemetry + events tied to version
rollback: select known-good snapshot

Related deep dives

Deterministic ControlFleet OrchestrationTelemetryProtocol SupportObservabilitySecurityControlled rollouts + rollbackDeterminism under load

Deep dive

Practical next steps

How teams typically turn this capability into outcomes.

Key takeaways

  • Hybrid keeps execution local but centralizes orchestration and visibility
  • Buffering/backpressure is how hybrid stays resilient to WAN issues
  • Staged rollouts and fast rollback keep fleets safe

Checklist

  • Make cloud the source of truth for versions and policies
  • Ensure edge continues executing during WAN outages
  • Validate buffering/backpressure for telemetry uplink
  • Plan staged rollouts and rollback criteria across the fleet

Next steps

Related topics

Deterministic ControlFleet OrchestrationTelemetry

Deep dive

Common questions

Quick answers that help align engineering and operations.

What changes operationally in hybrid?

You get centralized versioning and fleet visibility, but you must manage device identity and connectivity lifecycles. Edge stays autonomous for execution.

What are the top hybrid failure modes?

WAN outages, auth/cert drift, and partial rollouts. Build for buffering and staged rollout control.

How do we keep hybrid safe?

Immutable snapshots, progressive rollouts, and gates driven by health/telemetry. Avoid fleet-wide “big bang” changes.