Welcome to Edera

Customer training for authorized users only

Only users with authorized email domains can access this portal.
Contact support@edera.dev if you need assistance.

The Philosophy: Prevention Over Detection

Edera’s approach to container security starts with a simple but powerful principle:

Assume breach before it occurs.

This isn’t pessimism, it’s realism. If you assume that every container will be compromised at some point, then your architecture must prevent that compromise from spreading.

Production-Grade Sandboxing

Traditional container security is like having a really good alarm system in a house made of cardboard. Sure, you’ll know when someone breaks in, but they’re already inside and nothing is stopping them from hitting every room.

Edera’s approach is different: build the house out of concrete, then add the alarm system.

This is what we call production-grade sandboxing:

  • Hardware-enforced isolation boundaries
  • Minimal trusted computing base
  • Hypervisor-level security
  • Defense in depth from the foundation up

What This Means Practically

With Edera, when a container is compromised:

  1. The blast radius is contained - Can’t escape to the host
  2. Other workloads are safe - Can’t pivot to other containers
  3. The hypervisor holds - Hardware-enforced boundary
  4. You have time to respond - No urgent 2 AM pages

This is prevention-based security: architecting isolation so strong that common attacks simply fail.

Move Fast, Don’t Break Things

Security often means tradeoffs: security vs. performance, security vs. developer velocity, security vs. innovation.

But what if strong security actually enabled speed?

The Velocity Paradox

With strong architectural isolation, you can:

  • Enable self-service - Let teams deploy without gating
  • Deploy faster - Less fear of breaking production
  • Support multi-tenancy - Run untrusted workloads safely
  • Experiment safely - Isolated blast radius

Stronger security enables higher velocity.

The Developer Experience

Edera doesn’t require developers to change their workflows:

  • ✅ Use standard Kubernetes primitives
  • ✅ Deploy containers the same way
  • ✅ Standard OCI images work
  • ✅ No special annotations or configurations (unless you want them)

The security is invisible to developers and obvious to attackers (because their attacks don’t work).

From Dev to Prod: Consistent Security

One of the most frustrating aspects of traditional container security is the dev/prod gap:

  • Development: Loose security, fast iteration
  • Staging: Some security hardening
  • Production: Lockdown mode, everything breaks

With Edera, you get consistent isolation semantics across all environments:

Development:        [Container] → [MicroVM] → [Xen]
Staging:            [Container] → [MicroVM] → [Xen]
Production:         [Container] → [MicroVM] → [Xen]

No surprises, no “works on my machine,” no last-minute production issues.

The Shift-Everywhere Security Model

Traditional security: Harden production, hope for the best in dev.

Edera’s approach: Strong isolation everywhere, from laptop (thanks, Apple) to datacenter (thanks, Edera).

This means:

  1. Developers encounter security boundaries early
  2. Security issues are caught before production
  3. No divergence between environments
  4. Compliance becomes easier (same security posture everywhere)

Prevention So Good, Every Ping Has a Purpose

This is our tagline, and it’s not just marketing—it’s philosophy.

When your security is preventative and architectural:

  • You spend less time responding to alerts
  • You spend less time in war rooms
  • You spend less time explaining breaches to executives
  • You spend more time building

Every alert that doesn’t fire is a win. Every incident that doesn’t happen is time saved. Every breach that can’t occur is value created for your organization.

Detection Still Matters

Don’t get us wrong: detection-based security is still valuable.

Edera doesn’t replace your security tools—it provides a foundation they can build on:

  • SIEM and log aggregation: Still important
  • Runtime monitoring: Great for behavioral analysis
  • Network policies: Still apply
  • Admission controllers: Still enforce policy

But now these tools operate from a position of strength. They’re not your last line of defense—they’re layers on top of a solid foundation.

The Business Impact

Let’s translate this philosophy into business outcomes:

Risk Reduction

  • Lower breach probability - Architectural prevention
  • Smaller blast radius - Isolated workloads
  • Faster incident response - Contained damage
  • Better compliance posture - Demonstrable isolation

Cost Savings

  • Reduced security team overhead - Less firefighting
  • Lower insurance premiums - Better risk profile
  • Consolidation of infrastructure - Safe multi-tenancy
  • Faster innovation - Less security gatekeeping

Competitive Advantage

  • Enable new use cases - Multi-tenant platforms, GPU sharing
  • Win enterprise deals - Security is a differentiator
  • Faster time-to-market - Deploy with confidence
  • Attract security-conscious customers - Modern architecture

The Technical Bet: Hypervisors

Here’s the core technical bet Edera makes:

Hypervisors provide better isolation than Linux namespaces, and with the right hypervisor, the performance cost is acceptable.

This bet has three parts:

  1. Hypervisors are more secure - Smaller attack surface, hardware enforcement
  2. Performance is acceptable - Modern hypervisors are fast
  3. The tradeoff is worth it - Security benefits outweigh costs

The rest of this module is about proving this bet is correct.

Spoiler: It is.

Why Now?

Hypervisors have been around for decades. VMs have had strong isolation forever. So why is Edera’s approach possible now?

Technology Maturation

Three things have changed:

  1. Hardware virtualization is ubiquitous - Intel VT-x, AMD-V everywhere
  2. Paravirtualization is mature - Less overhead, better performance
  3. Type-1 hypervisors are efficient - Xen has been battle-tested for 20+ years (including in AWS)

The Container Revolution

Containers taught us:

  • Fast boot times matter
  • Lightweight packaging is valuable
  • Developer experience is critical
  • Infrastructure as code is the way

Edera brings these lessons to the hypervisor world.

The Security Crisis

Finally, the security situation has reached a tipping point:

  • Container escapes are common
  • Supply chain attacks are increasing
  • Compliance requirements are tightening
  • Insurance is getting expensive

The cost of traditional container security is too damn high.

The Path Forward

We’ve established the philosophy. Now let’s get technical.

In the next section, we’ll explore the VM-per-container paradigm and how it delivers on this philosophy in practice.

Next: VM-per-Container: How It Works →

Last updated on
The VM-Per-Container Paradigm