Configuring Cumulocity IoT Edge
This section describes configuring Cumulocity IoT Edge. You can perform all the configuration only after a successful installation.
This section describes configuring Cumulocity IoT Edge. You can perform all the configuration only after a successful installation.
Configuring the network enables you to access the Edge appliance using the domain name. If there are any changes in the network configuration due to an update or changes in the network protocols, you must reconfigure the network of your Edge appliance as described below. After reconfiguring the network, you must update the IP mapping for the domain name with the new IP address in the DNS servers, if you have added an entry in the DNS servers. If you are using an alias, you must update the IP address in the hosts file of your operating system.
Do not use the IP addresses from the below blocks in your network configuration. These IP addresses are reserved for Cumulocity IoT Edge internal purpose.
Log in to the Management tenant using the Edge administrator credentials created during the installation.
Switch to the Administration application using the application switcher at the right of the top bar .
Click Edge > Network in the navigator.
The current network configuration for the Edge appliance appears.
Click Edit to reconfigure the network.
Provide the new IP address for you network. For example, 192.168.66.10
Provide the Netmask IP for your network. For example, 255.255.255.0
Provide the Gateway IP for your network. For example, 192.168.66.1
Provide the DNS for your network. For example, 8.8.8.8
For DNS, do not use the IP addresses 10.96.0.10 and 127.0.0.1.
Provide the Address range CIDR. For example, 172.18.0.0/16
The CIDR suffix must be between 0 and 27 inclusive. The default value is 172.16.0.0/15.
The Address range CIDR must not overlap with the reserved IP addresses. See Reserved IP addresses.
The network CIDR fails in the following scenarios:
The network CIDR unavailable on boot time.
Description: The default network CIDR range is not available in the network. If the network range is already utilized, the network CIDR does not start properly and the Kubernetes cluster startup fails.
Invalid network CIDR provided during IP change.
Description: You tried to change the network CIDR of the properly running Edge appliance, but the range is not available in the network.
To troubleshoot these scenarios:
The default hostname of the Edge appliance is iot-edge-server. You can define a unique hostname for your Edge appliance as required. A unique hostname ensures seamless communication within the network, avoids any hostname conflicts with other network devices and improves the security of your Edge device.
Log in to the Management tenant using the Edge administrator credentials created during the installation.
Switch to the Administration application using the application switcher at the right of the top bar .
Click Edge > Hostname in the navigator.
Click Edit to change the hostname.
Provide the new hostname and click Save.
For many use cases, and especially when using Apama, the time inside the Edge appliance must be synchronized with the network. Time synchronization helps in logging events accurately and compare the data from multiple devices.
By default, the chrony
service is responsible for time synchronization with the host operating system. For Hyper-V, the chronyd
service is disabled by default for accurate time synchronization.
Once the time synchronization is enabled, you can specify the NTP servers and the interval to trigger the time synchronization.
Log in to the Management tenant using the Edge administrator credentials created during the installation.
Switch to the Administration application using the application switcher at the right of the top bar .
Click Edge > Time synchronization in the navigator.
Use the toggle button to enable the time synchronization.
Click Edit to specify the NTP servers and the interval to trigger the time synchronization.
Microservices are server-side applications which may be used to extend the Cumulocity IoT Edge platform with customer-specific functionality. For more information, see Microservice SDK. When you enable or disable the microservice feature, the Device simulator microservice also gets enabled or disabled. To use the Device simulator, add the Simulator permission. For more information, see Global roles.
For more information about Device simulator, see Working with simulators.
If you want to use the microservice hosting feature, ensure that you do not use these IP ranges in your local network where the Edge virtual machines are configured. When you enable the microservice hosting feature, the Kubernetes system reserves these IP ranges on the Edge instances.
Enabling the microservice hosting feature takes about 10 to 15 minutes to complete.
Log in to the Management tenant using the Edge administrator credentials created during the installation.
Switch to the Administration application using the application switcher at the right of the top bar .
Click Edge > Microservices in the navigator.
Use the toggle button to enable the microservice hosting feature.
To deploy a microservice, in the Administration application, navigate to Ecosystem > Microservices, and click Add microservice.
Upload the ZIP file for your microservice application. For more information about deploying a microservice, see Deploying the “Hello world” microservice.
After you enable the microservice hosting feature, ensure that the microservices are active and healthy before using the microservices. For more information about microservices runtime, see Microservice runtime.
On some hardware configurations, enabling or disabling the microservice hosting feature may take more than 15 minutes.
Before disabling the microservice hosting feature, you should unsubscribe from all the microservices that have been uploaded. You can also delete the microservice if you are not planning to enable again and subscribe to the same microservice. For more information about developing and hosting a microservice, see Microservices SDK.
A microservice specifies an API version in the microservice manifest. Depending on this API version, the microservice runs with all or only a restricted set of Linux kernel capabilities. More precisely, all capabilities are granted to microservices with API version 1 whereas only the capability CAP_NET_BIND_SERVICE
is granted to microservices with API version 2. For more information, see General aspects > Microservice migration to API Version 2 in the Microservice SDK guide.
By default, only the Management tenant can upload and subscribe to the microservices with API version 1. To improve the security of the Edge appliance, the minimum API version has been configured to API version 2. Due to the minimum API version configuration, you cannot upload and subscribe to a microservice with API version 1 in the Edge tenant.
To upload and subscribe to a microservice with API version 1 in the Edge tenant:
The Edge appliance is security hardened by default. Furthermore, you can apply specific security configurations to enhance the security of your Edge appliance.
To apply the security configuration, follow the steps below:
Log in to the Management tenant using the Edge administrator credentials created during the installation.
Switch to the Administration application using the application switcher at the right of the top bar .
Click Edge > Security in the navigator.
Click Download configuration to download a sample JSON syntax for the current configuration. You can use the same JSON file in the POST operation using the REST API.
Click Edit configuration to edit the configuration.
You can either import a JSON file to prefill the values or enter the values manually.
Specify the following parameters:
Configuration |
Category | Parameter | Description |
---|---|---|---|
Operating system | SELinux | SELinux mode | SELinux secures the operating system from unprivileged actions of confined users. When enabled, SELinux has two modes: permissive and enforcing. permissive: In the permissive mode, SELinux policy is not enforced. The system remains operational and SELinux does not deny any operations but only logs AVC messages, which can be then used for troubleshooting, debugging, and SELinux policy improvements. Each AVC is logged only once in this case. enforcing: In the enforcing mode, it enforces the SELinux policy and denies access based on SELinux policy rules. Important
In the enforcing mode, you cannot access the Edge appliance remotely through VNC.
Default value: permissive |
SSH | SSH enabled | Enables or disables the SSH functionality of the Edge appliance. By default, the SSH functionality is enabled. Changing the value to false disables the SSH functionality. When disabled, you will not be able to SSH into the Edge appliance, locally or remotely. Default value: True |
|
Session inactivity | Login sessions inactivity timeout (seconds) | The idle duration before a user session is terminated. When configured, the user session terminates after the specified idle duration. Default value: 600 seconds Minimum value: 0 |
|
Linux Auditing System | Audit logging enabled | The Linux Auditing System helps system administrators create an audit trail, a log for every action on the server. You can track the security-relevant events, record the events in a log file, and detect misuse or unauthorized activities by inspecting the audit log files. Enables or disables Linux Auditing System. A value of true enables and creates an audit log file at Enabling auditing system increases the consumption of disk space. Important
Once enabled, you cannot disable the auditing system configuration.
Default value: False |
|
Remote logging | Audisp remote logging server | The centralized logging server to transfer the audit logs to. When configured, the operating system audit logs are transferred to the specified centralized logging server. |
|
Server | The IP address or the hostname of the destination server. | ||
Port | The port on the destination server. | ||
Remote logging | Rsyslog remote logging server | The centralized logging server to transfer the local logs to. When configured, the local logs are transferred to the specified centralized logging server. |
|
Server | The IP address or the hostname of the destination server. | ||
Port | The port on the destination server. | ||
Protocol | The protocol (TCP or UDP) used to transfer the logs. | ||
Login banner | Login banner | The login banner for your Edge appliance. | |
Kubernetes | Audit policy | Kubernetes audit policy defines the rules about what events should be recorded and what data they should include. | |
Level | The audit level controls what Kubernetes event data is recorded. When configured, the Kubernetes event data is logged to the specified level. Logging more data increases the consumption of disk space. None - do not log events. Metadata - log request metadata (requesting user, timestamp, resource, verb, etc.) but not request or response body. Request - log event metadata and request body but not response body. This does not apply for non-resource requests. RequestResponse - log event metadata, request and response bodies. This does not apply for non-resource requests. Default value: None |
||
Maximum age (days) | The maximum number of days to retain the old Kubernetes audit log files. A high value has more impact on the disk space. Default value: 30 days Minimum value: 0 |
||
Maximum numbers of log files to retain | The maximum number of Kubernetes audit log files to retain. Setting a value of 0 indicates that there is no restriction on the number of files to retain. A high value has more impact on the disk space. Default value: 10 files Minimum value: 0 |
||
Maximum size (megabytes) | The maximum size in megabytes of the Kubernetes audit log file before it gets rotated. A high value has more impact on the disk space. Default value: 100 MB Minimum value: 0 |
Click Save.
A key feature of Cumulocity IoT Edge is the ability to operate the Cumulocity IoT platform using a custom domain name. This means that you can configure the Edge appliance to serve you using a domain name of choice, for example .iot.mycompany.com rather than the default URL of Cumulocity IoT Edge. In addition, you can create subtenants using your domain. These will use <subtenantName>.iot.mycompany.com as their host names.
Log in to the Management tenant using the Edge administrator credentials created during the installation.
Switch to the Administration application using the application switcher at the right of the top bar .
Click Edge > Domain/Certificate in the navigator.
Review the domain name and the SSL certificate.
Click Edit below Domain name to edit the domain name.
Provide the new domain name.
If the existing license and SSL certificate files are compatible with the new domain name, you do not have to upload the license and certificate files.
Click Update.
If the existing license is not compatible with the new domain name, provide the license file for the new domain name.
If the existing license is compatible with the new domain name, you do not have to upload the license file.
If the existing certificate is not compatible with the new domain name, provide the SSL certificate and key files. If you do not have an SSL certificate, select Generate self signed SSL certificate.
If the existing certificate is compatible with the new domain name, you do not have to upload the SSL certificate and key files.
Click Save.
The example below describes a scenario where an existing license or certificate is compatible with the new domain name:
If you have a license for the domain myown.iot.com, you can change the domain to myown.iot.com and any single level subdomain, for example sub.myown.iot.com
If you have a certificate for the domain myown.iot.com, then you can only set the domain to myown.iot.com. If you have a wildcard certificate like *.myown.iot.com, then you must set the domain name to any single level subdomain of myown.iot.com, that is sub.myown.iot.com, but not myown.iot.com itself.
You must always have a valid SSL certificate for your domain name that is configured. If the validity of the certificate expires or if you have changed your domain name, you must upload or generate a new SSL certificate. You can upload the certificate using the GUI and REST APIs.
Log in to the Management tenant using the Edge administrator credentials created during the installation.
Switch to the Administration application using the application switcher at the right of the top bar .
Click Edge > Domain/Certificate in the navigator.
Review the domain name and the SSL certificate.
Click Edit below SSL Certificate to upload the new SSL certificate file and the key file.
Provide the new SSL certificate file and the SSL certificate key file.
If you do not have an SSL certificate, select Generate self-signed certificate to generate one.
Click Save.
For information about connecting your Edge appliance to the cloud tenant, see Connecting Edge to the cloud.
To enhance the performance and resource allocation for Karaf, you can change the environment variables for Karaf (such as JAVA_MAX_MEM
and the microservice proxy variables like MICROSERVICE_RUNTIME_PROXY_HTTP_HOST
, MICROSERVICE_RUNTIME_PROXY_HTTP_PORT
). To do so, you must update the file /usr/share/cumulocity-core-karaf/bin/setenv.
Log in to the Edge appliance.
Open the file /usr/share/cumulocity-core-karaf/bin/setenv.
Edit the parameters.
If the parameter you want to change is present in the file, update its value; otherwise, add a new line:
export <PARAMETER_NAME>=<VALUE>
at the end of the file.
After changing the file, restart the cumulocity-core-karaf
service:
[admin@iot-edge-server ~]$ sudo service cumulocity-core-karaf stop
and
[admin@iot-edge-server ~]$ service cumulocity-core-karaf start
If the system performance is slow, you must increase the memory. Stop the Edge appliance and increase the memory of the Edge appliance using the hypervisor.
Increasing the memory of the Edge appliance must be followed by increasing the memory of the JVM. To increase the memory of the JVM, edit the value of the JAVA_MAX_MEM
parameter as desired by following the steps described above. The default value of this parameter is 2048 MB.
This section describes how to change the log level for Cumulocity IoT Edge specific applications in the back-end. It does not explain how to change log settings for standard components like databases or other operating system related services.
The log level for Karaf is defined in the following file.
/usr/share/cumulocity-core-karaf/etc/org.ops4j.pax.logging.cfg
The file has the following structure:
# Root logger
log4j.rootLogger=INFO,out,osgi:*
log4j.throwableRenderer=org.apache.log4j.OsgiThrowableRenderer
# Error appender
log4j.appender.out=org.apache.log4j.rolling.RollingFileAppender
log4j.appender.out.rollingPolicy=org.apache.log4j.rolling.FixedWindowRollingPolicy
log4j.appender.out.rollingPolicy.maxIndex=10
log4j.appender.out.triggeringPolicy=org.apache.log4j.rolling.SizeBasedTriggeringPolicy
log4j.appender.out.triggeringPolicy.MaxFileSize=104857600
log4j.appender.out.rollingPolicy.FileNamePattern=${karaf.data}/log/error-%i.log.gz
log4j.appender.out.rollingPolicy.ActiveFileName=${karaf.data}/log/error.log
log4j.appender.out.layout=org.apache.log4j.PatternLayout
log4j.appender.out.layout.ConversionPattern=%d{yyyy-MM-dd} %d{HH:mm:ss} | %-5.5p | %-16.16t | %-32.32c{1} | %X{bundle.id} - %X{bundle.name} - %X{bundle.version} | %m%n
log4j.appender.out.append=true
# CXF request and response info:
# * ERROR - none
# * INFO - just headers (default)
# * DEBUG - whole, with payloads
log4j.additivity.com.cumulocity.rest.interceptors=false
log4j.logger.com.cumulocity.rest.interceptors=INFO,access
# Access appender
log4j.appender.access=org.apache.log4j.rolling.RollingFileAppender
log4j.appender.access.rollingPolicy=org.apache.log4j.rolling.FixedWindowRollingPolicy
log4j.appender.access.rollingPolicy.maxIndex=10
log4j.appender.access.triggeringPolicy=org.apache.log4j.rolling.SizeBasedTriggeringPolicy
log4j.appender.access.triggeringPolicy.MaxFileSize=262144000
log4j.appender.access.rollingPolicy.FileNamePattern=${karaf.data}/log/access-%i.log.gz
log4j.appender.access.rollingPolicy.ActiveFileName=${karaf.data}/log/access.log
log4j.appender.access.layout=org.apache.log4j.PatternLayout
log4j.appender.access.layout.ConversionPattern=%d{yyyy-MM-dd} %d{HH:mm:ss} | %-5.5p | %-16.16t | %-32.32c{1} | %X{bundle.id} - %X{bundle.name} - %X{bundle.version} | %m%n
log4j.appender.access.append=true
# Error response info:
# * INFO - just error message (default)
# * DEGUB - full stack trace
log4j.logger.com.cumulocity.rest.mediatypes=INFO
Change the following entries to adjust the log levels:
log4j.rootLogger=INFO,out,osgi:*
log4j.logger.com.cumulocity.rest.interceptors=INFO,access
log4j.logger.com.cumulocity.rest.mediatypes=INFO
Adjust the log levels by changing the level attribute according to the following values. The levels are inclusive - meaning a given level will also include all “lower” log levels, for example, when you set the level to WARN you will also get ERROR events.
Level | Description |
---|---|
ERROR | Log errors only |
WARN | Give information up to warnings |
INFO | Give information about normal operations |
DEBUG | Log all internal debug information |
Save the file. It is re-read by the application every few minutes so you do not have to restart the Java process.
The memory limit for OPCUA container is set to 2048 MB and the CPU limit is set to 256 as default values. For most use cases, these values are sufficient. You can change the values as per your requirements.
CTRL_DOCKER_OPTIONS="--memory 2048m --cpu-shares 256"
You can specify the CPU limit in --cpu-shares
or --cpus
.
--cpu-shares
specifies the share or percentage of the host machine’s CPU cycles allocated. For example, --cpu-shares 256
allocates a quarter of total CPUs available.--cpus
specifies how much of the available CPU resources the OPCUA container can use. For example, --cpus 2
allocates two CPUs out of the available CPUs from the host machine.For more information about CPU limits, see Docker documentation.
To change the memory and CPU limit:
CTRL_DOCKER_OPTIONS
to the required values.[admin@iot-edge-server ~]$ sudo service opcua-mgmt-service restart
[admin@iot-edge-server ~]$ sudo service opcua-device-gateway restart
The memory limit for Apama container is set to 2048 MB and the CPU limit is set to 256 as default values. For most use cases, these values are sufficient. You can change the values as per your requirements.
CTRL_DOCKER_OPTIONS="--memory 2048m --cpu-shares 256"
You can specify the CPU limit in --cpu-shares
or --cpus
.
--cpu-shares
specifies the share or percentage of the host machine’s CPU cycles allocated. For example, --cpu-shares 256
allocates a quarter of total CPUs available.--cpus
specifies how much of the available CPU resources the Apama container can use. For example, --cpus 2
allocates two CPUs out of the available CPUs from the host machine.For more information about CPU limits, see Docker documentation.
To change the memory and CPU limit:
CTRL_DOCKER_OPTIONS
to the required values.[admin@iot-edge-server ~]$ sudo service apama restart
To configure the “reset password” template and email server settings, perform the following steps:
Log into the Management tenant using https://<tenant-domain>/apps/administration/index.html#/configuration.
Update the email server details and templates as mentioned in Configuring password reset and Configuring email server in the User guide.
In Cumulocity IoT Edge, you can customize the appearance of your tenant to your own preferences.
To access the branding feature:
Log in to the Management tenant using the Edge administrator credentials created during the installation.
Switch to the Administration application using the application switcher at the right of the top bar .
Go to Settings > Enterprise tenant.
For information about branding configuration, see Branding in the User guide.
To connect an OPC UA device in the Edge appliance, follow the steps below.
OPC UA Management service
Check if the OPC UA management service is running in Cumulocity IoT Edge (running on port 8083):
[admin@iot-edge-server ~]$ sudo service opcua-mgmt-service status
If the agent is not running, start it with the following command:
[admin@iot-edge-server ~]$ sudo service opcua-mgmt-service start
OPC UA Device Gateway
Check if the OPC UA device gateway is running in Cumulocity IoT Edge (running on port 1099):
[admin@iot-edge-server ~]$ sudo service opcua-device-gateway status
If the agent is not running, start it with the following command:
[admin@iot-edge-server ~]$ sudo service opcua-device-gateway start
Next, you must register a device in the Device Management application with the name opcua-gateway.
Follow the description in Device Management > Connecting devices in the User guide to register a device.
In the Device Management application, click All devices in the navigator and find the OPCUA device in the device list.
For further information about managing and configuring OPCUA devices, see OPC UA in the Protocol integration guide.
Modbus is a serial communications protocol originally published by Modicon and used to establish primary-replica/client-server communication between devices.
Before you connect a Modbus device, ensure that the agent is running.
Use the following command to check if the agent is running in Cumulocity IoT Edge (running on port 6670):
[admin@iot-edge-server ~]$ systemctl status cumulocity-agent
If the agent is not running, start it with the following command:
[admin@iot-edge-server ~]$ systemctl start cumulocity-agent
The Modbus agent is pre-registered. In the Device Management application, click All devices in the navigator and find the Modbus agent (called “linux-agent”) in the device list.
For more information about connecting and managing Modbus devices, see Cloud Fieldbus in the Protocol integration guide.
If you develop a Cumulocity IoT web application using the Web SDK, for an Edge appliance configured with a certificate not trusted by Node.js (for example, a self-signed certificate), then you must ensure that Node.js trusts the root certificate.
To add the Edge appliance’s self-signed certificate to the Node.js trust store, set the environment variable NODE_EXTRA_CA_CERTS
to the path of the certificate before executing the npm
commands.
For example:
On Windows Powershell
$env:NODE_EXTRA_CA_CERTS=<path-to-the-certificate>\certificate.pem
On Windows command prompt
set NODE_EXTRA_CA_CERTS=<path-to-the-certificate>\certificate.pem
On Linux platforms
export NODE_EXTRA_CA_CERTS=<path-to-the-certificate>/certificate.pem
For more information on the Cumulocity IoT web application development, see the Web SDK guide.
In your Cumulocity IoT tenant, you can monitor the measurements of the Edge appliance listed in the table below:
Measurement |
Metrics |
Description |
---|---|---|
Disk space | - Total disk space - Free disk space - Used disk space - Percentage of used disk space |
The Edge appliance sends the disk space metrics as a measurement for both installation disk and data disk, every 10 minutes. The measurements are sent in gigabytes (GB) rounded to two decimal places. The percentage is rounded to one decimal place. The data points for this measurement are: - c8y_InstallationDisk - c8y_DataDisk If Cumulocity IoT Edge is unable to read the metrics from the installation disk or the data disk, an alarm is sent to the Cumulocity IoT tenant. The alarms have a minor severity and the data points for the alarms are: - c8y_FileSystemMeasurementErrorInstallationDisk - c8y_FileSystemMeasurementErrorDataDisk |
Memory (RAM) | - Total RAM - Free RAM - Used RAM - Percentage of RAM used |
The Edge appliance sends the memory usage metrics as a measurement every 5 seconds in gibibytes (GiB). The data point for this measurement is c8y_Memory If Cumulocity IoT Edge is unable to read the metrics from the memory, an alarm is sent to the Cumulocity IoT tenant. The data point for the alarm is: - c8y_MemoryMeasurementError. |
CPU | Percentage of CPU used Unit: Percentage |
The Edge appliance sends the percentage of CPU used at intervals over 5 seconds, 60 seconds, and 600 seconds. The data points for this measurement are: - c8y_CpuUsage5Seconds - c8y_CpuUsage60Seconds - c8y_CpuUsage600Seconds If Cumulocity IoT Edge is unable to read the metrics from the CPU, an alarm is sent to the Cumulocity IoT tenant. The data point for the alarm is: - c8y_CPUMeasurementError. |
Disk I/O | - Data read per second - Data written per second Unit: KB/s |
The Edge appliance sends the disk input/output metrics as a measurement for both installation disk and data disk at intervals over 5 seconds, 60 seconds, and 600 seconds. The data points for this measurement are: - c8y_DataDiskIo5Seconds - c8y_DataDiskIo60Seconds - c8y_DataDiskIo600Seconds - c8y_InstallationDiskIo5Seconds - c8y_InstallationDiskIo60Seconds - c8y_InstallationDiskIo5Seconds If Cumulocity IoT Edge is unable to read the metrics from the disk, an alarm is sent to the Cumulocity IoT tenant. The data point for the alarm is: - c8y_DiskIOMeasurementError. |
Network | - Data and packets sent per second - Data and packets received per second Unit: KB/s and packets/s |
The Edge appliance sends the network metrics as a measurement at intervals over 5 seconds, 60 seconds, and 600 seconds. The data points for this measurement are: - c8y_NetworkInterface_lo-5Seconds - c8y_NetworkInterface_lo-60Seconds - c8y_NetworkInterface_lo-600Seconds If Cumulocity IoT Edge is unable to read the metrics from the network, an alarm is sent to the Cumulocity IoT tenant. The data point for the alarm is: - c8y_NetworkIoMeasurementError. |
To monitor the metrics in your Cumulocity IoT tenant, you can create a dashboard and add widgets in the Cockpit application of your tenant. For more information about creating dashboards, see Cockpit > Dashboards in the User guide.
Also, you can define smart rules to create alerts or raise alarms for the metrics. For example, when the free disk space is less than 5 GB, create an alert. For more information about smart rules, see Cockpit > Smart rules in the User guide.
You can expand the disk size of the installation disk and the data disk using the UI and REST APIs. You can either expand the disk size for both the disks or any one of the disk at a time. There is no limit on the number of the disk expansion process. Before expanding the disk size, you must set or edit the disk size in the hypervisor. See the hypervisor specific documentation for editing the disk size.
Shut down your Edge appliance.
Increase the size of the installation and data disks in you hypervisor.
Restart your Edge appliance.
Log in to the Management tenant using the Edge administrator credentials created during the installation.
Switch to the Administration application using the application switcher at the right of the top bar .
Click Edge > Expand disk size in the navigator.
Click Expand.
Before restarting your Edge appliance, ensure that your appliance is in a safe state.
To restart your Edge appliance:
Log in to the Management tenant using the Edge administrator credentials created during the installation.
Switch to the Administration application using the application switcher at the right of the top bar .
Click Edge > Reboot in the navigator.
Click Reboot.