With advances in multi-processors, high-performance memory, and security features, embedded systems are becoming increasingly sophisticated. They are deployed in wide-ranging applications for safer and more efficient cars, personalized and effective medical systems, efficient and productive industries, and more.
At the same time, customer expectations are soaring, and they want systems to be connected, reliable, easy to use, and secure. The growing complexity of embedded systems poses several challenges for developers. To overcome these challenges, embedded developers are embracing proven IT system technologies such as modular design, containerization, continuous integration, and continuous delivery methods.
Container technology is fundamentally changing how systems are developed, tested, deployed, and managed. The main functions of embedded containers are to wrap up applications and services with all their dependencies and to isolate multiple software components running on the same hardware.
Embedded developers can benefit from the infrastructure-agnostic, scalable execution environment containers enable. Instead of being limited by the number of development boards available, companies can exploit the elasticity of the cloud to set up multiple instances of a system on demand.
Advantages of containers in embedded systems
• Security: Isolating applications from each other helps prevent security breaches.
• Performance: Containers can reduce the resources required by running applications in their isolated environment.
• Portable: Containers can be deployed quickly and easily, making it easier to keep applications up to date.
Challenges in adaption
Container use has been scarce in small-footprint and long-life cycle edge embedded systems in the operational technology (OT) realm. Embedded devices such as those for industrial, medical, and automotive systems often require lightweight, reliable software with long life cycles. Existing container technologies and platforms, such as those in enterprise Linux, are often bloated or need updates too frequently to run effectively on these embedded systems.
• Containers are software packages containing all necessary elements to run in any environment. This way, containers virtualize the operating system and run anywhere, from a private data center to the public cloud or a developer’s laptop.
• People are familiar with containers as part of cloud-native architectures in which applications are decoupled from the infrastructure — including hardware and operating systems — on which they run. The benefits of this approach include automating the software pipeline to remove manual errors, standardizing tools, and accelerating the rate of product iterations.
Though containers have several merits and are widely used in the IT ecosystem, some challenges may persist when using them in embedded systems.
• Resource constraints: Embedded devices often have limited resources, such as the CPU (central processing unit), memory, and storage. Containers can be resource-intensive, so choosing the right container image and configuration for a specific device is important.
• Security: While containers are isolated from each other, they are still vulnerable to attack. It is important to secure containers by using strong passwords, firewalls, and more.
• Life cycle management: Containers can be difficult to manage and update. It is essential to have a plan in place for managing containers in embedded systems.
Despite these challenges, containers can be a valuable tool for embedded systems. By taking steps to mitigate challenges, containers can improve your embedded systems' security, performance, and agility.
Overcoming container challenges
Here are some specific ways to address the challenges of using containers in embedded systems:
• Choose the right container image and configuration: When choosing a container image, selecting one that is lightweight and does not require too many resources is important. Configuring the container to use only the resources needed is also important.
• Secure containers: Containers must be secured with steps such as using strong passwords, firewalls, and intrusion detection systems.
• Manage container life cycles: It is important to have a plan in place for managing container life cycles. This includes creating and destroying containers, updating container images, and monitoring container health.
By taking these proactive steps, you can use container technology to improve your embedded system’s security, performance, and agility.
Types of containers
A wide variety of container run-times are available in the market, each with advantages and disadvantages. Some of the most popular container technologies include:
• Docker: The most popular container technology, it is easy to use and has a large community of users and developers.
• LXC: A Linux container technology that is built into the Linux kernel. It is a lightweight and efficient container technology but does not have as many features as Docker or Kubernetes.
• Podman: Podman is a rootless and daemon-less container built explicitly by RedHat to make it better than Docker. Non-root users, too, can use Podman container-based applications.
The best container technology for you will depend on your specific needs.
Selecting the right container
When choosing a container technology for embedded software, it is essential to consider the following factors:
• Type of application: Some applications are more suited to containerization than others. For example, applications designed to run on Linux and that do not require many resources are good candidates for containerization.
• Hardware platform: Not all hardware platforms are compatible with all container technologies. For example, Docker is not compatible with Windows Server.
• Budget: The cost of containers can vary. For example, Docker is free for personal use, but there is a fee for commercial use.
Considering these factors, you can choose the best container technology for your embedded software application.
Containers in the day-to-day embedded development life cycle
Develop: A multi-architecture container can run on multiple hardware architectures. This is useful for applications that need to be portable and can run on various devices. Developers can develop software on the available platform (need not be target architecture) and seamlessly build a container image for the target architecture. It enables software development without target hardware dependency. Docker and Arm have built multi-architecture container images with transparent support for the Arm architecture to facilitate multi-platform portability.
Package: Yocto is a widely used open-embedded Linux image creation tool. It can also be used to create container images. Using Yocto, the build system creates a container image that contains add-ons on top of the base image.
Deploy: In an embedded world, applications need access to device drivers such as a USB, serial port, and CAN apart from standard interfaces like Ethernet and storage devices. Further, the host operating system may not have the necessary drivers for all the devices you need. Also, you may want to use a different version of a driver than the one provided by the host operating system.
There are various ways to provide device drivers in a container. One is to use the device flag when you create the container. This flag allows you to specify a device available on the host operating system that will be accessible to the container.
Another is to use the volume flag. This flag allows you to mount a directory from the host operating system into the container. If the directory contains device drivers, they will be available to the container.
Device driver passthrough allows a container to access a physical device connected to the host machine. This can be useful for containers that need privileged access to hardware devices such as GPUs or network cards.
Device passthrough provides benefits such as improved performance and increased functionality. At the same time, it comes with challenges of security risks and complexity. Hence, carefully considering the benefits and challenges before using this technology is important.
Containers bring various features and benefits but pose challenges. It is advisable to ensure that the container suits the requirement, understand the complexity, and enable the right setoff features.
About the author
With 20+ years of experience in solutioning interdisciplinary technology and collaborating on complex engineering solutions, Praveen’s expertise lies in collaborative leadership skills with strong product management, product development, and design thinking for Software Defined everything (SDx) and Software container transformation. He provides thought leadership to business stakeholders with market research and go-to-market strategies for new offerings. He is a core member of the Intelligent Product Platform (IPP) initiative at Cyient.