Create a Project

Updated November 11, 2025 20:06

Introduction

A project in ZEDEDA Cloud is a logical grouping of edge nodes, edge app policies, attestation policies, and others. These are grouped together so that when an edge node joins a project, the project has all the policies predefined, and the edge nodes can be more easily managed.

When you create an edge node in your enterprise, you are prompted to assign a project to the edge node. Some planning must be done in advance to determine which policies you want your project to contain before you apply it to your edge nodes.

This article describes the process of creating the project by selecting a type (Standard or Deployment), defining the deployments, adding (and configuring) policies in the project.

Prerequisites

This is a series of articles. You will likely follow them in this order.

Add the Project

You can use projects to deploy groups of various policies to many edge nodes. The first time you add a project might be while you’re onboarding an edge node, as discussed in configuring an edge node.

However, if you are not onboarding an edge node, but adding a project separately, navigate to Projects as follows:

Hover on Administration in the side nav on the left of the page.
Click Projects.
Click Add New (at upper right).
Continue to Configure the Project Details.

Configure the Project Details

Enter the project Name.
This is unique across the enterprise and cannot be changed.
Enter the project Title.
This value is not used by the ZEDEDA Cloud system. Enter a title to give yourself more flexibility in organizing your enterprise. This can be changed after you create the object.
Enter a Description.
You can use this field to enter a value that will help you (or other admins) later recall the purpose of this project and any important details about it.
Select the project Type.
- Standard: Choose this type for simpler environments that require the deployment of only one edge application.
- Deployment: Choose this type if you are deploying in a more complex environment with multiple edge apps across a fleet of edge nodes. This environment is sometimes called a ‘tiered deployment”.
Select the Profile.
- Regular: If you selected “Deployment” for the project type, this option is automatically selected and the profile field is grayed out.
- Azure: If you selected “Standard” for the project type, you can choose Regular or Azure. Selecting Azure opens up the following sub-options. (For details about these fields, see Azure IoT Hub Integration):
  - Azure Client Details:
    1. App Id: The Application ID assigned to your app when registering with Azure Active Directory (AAD). This helps Azure recognize and authenticate your app. You can find this in the Azure Portal.
    2. App Password: This is the client secret, which is a secure key generated for your application in Azure AD. It acts as a password for your app to authenticate when accessing Azure resources.
    3. Tenant Id: This unique identifier for your Azure AD tenant specifies the directory where your app resides, and is used to control who can sign into the application.
  - Azure Service Details:
    1. Enrollment Type: Method used to register your edge devices. Select one of the following:
      - Symmetric Key: Uses a shared secret key for device authentication. This approach requires secure storage of the key on the device to prevent unauthorized access.
      - Certificate: Uses X.509 certificates for authentication. Certificates provide enhanced security through public-key cryptography.
      - TPM: This hardware-based security feature stores cryptographic keys and supports advanced security functions like remote attestation. This ensures device identity and integrity at the hardware level, and offers the highest level of security among these options.
    2. Subscription Id: The ID that identifies your paid Azure account.
    3. DPS Service Name: Select a Device Provisioning Service name. Used for registering the runtime with Azure.
    4. DPS Group Name: Select a Device Provisioning Service group name. There are multiple types of enrollments. A Symmetric key group name is used.
    5. IoT Hub Name: Enter the name of your IoT message broker service. This name must be globally unique.
    6. Resource Group Name: Select the resource group name. This depends on which DPS and IoT hub you have chosen. This is the container that holds related Azure resources.
    7. For "Attach Certificate for leaf device or edge module communication?" select Yes if you want to use certificate-based authentication instead of just password/key authentication for your edge devices that are communicating with Azure cloud. You will need to upload, or generate, proper certificates for your devices. Benefits include:
      - ZEDEDA will use X.509 certificates to securely identify and authenticate your edge devices to Azure.
      - This adds an extra layer of security since certificates are harder to compromise than shared keys.
      - Each device will get a unique identity through its certificate.
      - This enables more granular access control and better security auditing.
      - NOTE: This option is important for deployments with strict security requirements, or if devices are in physically accessible locations where key compromise is a risk.
Enter keys and values for your Tags.
You can add tags to your project, which you can use to attach it to your edge apps during project creation. If you do so, your project will be automatically applied to all edge apps with the same tag. Keys and values are free-form text. For example, you could tag them as “production” or “test” or “us-west”. If you do so, your project will be automatically applied to all edge apps instances on the nodes that belong to the chosen project. The tag assignment method ensures that when an edge node is added to the project, the edge app specified in the project's policy is deployed using the project associated with that tag.
Collect Network Flow Log: Enable this to gather detailed information about network traffic for edge apps in your project. Collected attributes include: source/destination IP address (or port), applied ACL (Access Control List) rules, and packet counters.
Send Interface Order: Enable this to define the order in which network connections will be recognized by edge devices to ensure the edge apps consistently use the correct network interface, as defined from the app template.
Click Next when finished.

Configure the Project Deployments

Enter the deployment Name.
This is unique across the enterprise and cannot be changed.
Enter the deployment Title.
This value is not used by the ZEDEDA Cloud system. It’s offered to give you more flexibility in organizing your enterprise. It can be changed after you create the object.
Enter a Deployment Tag Name.
This label gets assigned to deployments, edge nodes, or apps within a project. These tags help match deployments to specific edge nodes or edge apps, helping automate policy assignments and app deployments. Enter a value that will help you organize and manage your projects. For example, you could enter a value to help ensure the correct configurations are applied to certain devices, which might help with versioning, rollbacks, and managing different sets of devices within the project.
Click Next to continue on to Configure the Project Policies that will be included in this project.

Next Steps

This is a series of articles. You will likely follow them in this order.

After you’ve completed the series, you might be interested in the following articles:

If you’re adding a project while onboarding an edge node, then the next step might be to add edge apps from the Marketplace.
If you’re adding a project independent of the edge node onboarding workflow, then the next step might likely be to add an edge node.

Was this article helpful?

0 out of 0 found this helpful