Welcome to Edera

Secure access for authorized customers only

Only users with authorized email domains can access this portal.
Contact support@edera.dev if you need assistance.

What is Edera?

Edera is a secure-by-default, cloud-native platform built on a reimagined memory-safe type-1 hypervisor that provides container isolation without performance tradeoffs.

Overview

Edera provides true container isolation by running containers in lightweight virtual machines called “zones.” Each zone has its own dedicated Linux kernel, eliminating the shared-kernel security risks inherent in traditional container deployments.

Key Features

Zone-Based Isolation

  • Lightweight VMs: Containers run inside “zones” - lightweight virtual machines that boot in milliseconds
  • Dedicated Kernels: Each zone has its own Linux kernel, providing complete workload isolation
  • OCI Compatible: Fully composable using standard OCI container images
  • Near-Native Performance: Performance within 5% of baseline with no hardware virtualization required

Memory-Safe Architecture

  • Rust-Based Hypervisor: Built on Xen, re-engineered in Rust for memory safety
  • Type-1 Hypervisor: Direct hardware access for maximum performance and security
  • Crash Containment: Workload failures are isolated and don’t affect other zones or the host

Cloud-Native Integration

  • Kubernetes Compatible: Seamless integration with existing Kubernetes clusters
  • Cloud Agnostic: Deploy across AWS, Azure, GCP, and on-premises environments
  • No Vendor Lock-in: Works with any container runtime or orchestration platform

How It Works

Zones vs. Workloads

  • Zone: A lightweight virtual machine that serves as an execution sandbox
  • Workload: An OCI container image running inside a zone

Core Components

  1. Hypervisor Layer

    • Manages CPU scheduling, memory allocation, and interrupts
    • Supports paravirtualization with hardware virtualization fallback
    • Enables fast boot times and high performance

  2. Host Kernel (Dom0)

    • Manages host-level operations and resource allocation
    • Coordinates between hypervisor and user space

  3. Zone Kernels (domU)

    • Dedicated Linux kernel for each workload
    • Provides complete namespace isolation
    • Minimal init process for fast startup

  4. User-Space Daemons

    • Daemon: Central coordinator between hypervisor and user space
    • Styrolite: Container runtime inside each zone
    • Orchestrator: Provides Kubernetes integration

Product Offerings

Edera for Containers

  • Optimized resource management for containerized workloads
  • Complete workload isolation with dedicated kernels
  • Seamless Kubernetes integration

Edera for GPUs

  • Secure GPU resource sharing across multiple workloads
  • Isolated GPU drivers in separate zones
  • Reduced cloud costs through efficient resource utilization

Technical Advantages

  • Security: Eliminates shared-kernel attack vectors
  • Performance: Near bare-metal performance with minimal overhead
  • Flexibility: Supports both manual zone management and Kubernetes orchestration
  • Scalability: Lightweight architecture scales efficiently
  • Compatibility: Works with existing container images and tools

Use Cases

  • AI/ML Workloads: Secure isolation for sensitive machine learning training and inference
  • GPU-Accelerated Computing: Safe sharing of expensive GPU resources
  • Multi-Tenant Environments: Strong isolation between different customers or teams
  • Sensitive Data Processing: Additional security layer for handling confidential information
  • Edge Computing: Lightweight isolation for distributed computing scenarios

Learn More

For detailed technical information, visit our documentation:

Last updated on
System Requirements