As we’re heading into a world of connected everything, original equipment manufacturers (OEMs) tasked with building the embedded systems are not using the most modern tools and methods available to them. Many embedded Linux systems and applications are still built as monolithic images that are difficult to maintain and update. When systems and applications aren’t easy to update, meeting the demand for new services can be a challenge. In the worst case, devices can end up with insecure software and firmware and outages that are not acceptable in today’s agile world of continuous delivery.
The nearly unlimited resources available in the cloud advanced software with modern DevOps strategies into a hyper-growth state of innovation. The same can not be said of embedded software and firmware, who are still building monolith systems that can be difficult to innovate on.
Keeping up with the demands of service providers and managing proprietary firmware and software solutions is increasingly difficult for the product makers. How do Original Equipment Manufacturer (OEM) continue to push the bar without having to maintaining complex firmware and software?
One way to reduce the complexity overhead for product makers is to decouple the firmware and system OS from the applications. A modular architecture implemented with containers enables operators to automatically deploy updates, new features, and security patches independently whenever they are needed.
Furthermore operators can apply updates without recompiling a monolithic embedded system each time.
Docker containers revolutionized the way developers build and deploy software applications in the cloud today. Containers package an app’s dependencies together and, when orchestrated by a container engine, can run in any environment, including embedded devices.
Because of the resource limitations on most embedded devices, the Docker runtime engine which has a large footprint is not an optimal solution for devices that are typically running in resource-constrained environments. Pantavisor is an embedded-first low spec container run-time that offers:
What’s needed for embedded systems is a lightweight version of the container runtime that can orchestrate containers on embedded systems as a universal platform across device fleets regardless of the underlying frameworks used to build the product.
How does a lightweight version of Linux containers implemented for embedded systems enable developers to take advantage of modern software architectures like microservices and automated deployment strategies to increase development velocity and security and ultimately bring embedded computing into the modern era?
As a runtime container orchestrator, Pantavisor is the second process to boot after the kernel. Because it runs low in the stack, even the system OS can be hosted in a container in the userland and updated incrementally just like any other application container. Pantavisor also manages the Board Support Packages in addition to the containers running in the userland, enabling automated continuous updates whenever they are needed.
When built into the device, manufacturers benefit through its ability to remotely manage fleets of devices out in the field.
A built-in modular embedded system provides product makers and OEMs with a number of significant benefits:
Choose from a large selection of open source tools and frameworks from the cloud native ecosystem. An open source stack reduces lock-in and allows for more choice, freedom and capabilities when it comes to building products.
Automating software and firmware updates with CICD pipelines occur more frequently with modular and immutable containers. In addition, automated pipelines remove much of the human element from complex deployments and result in more rapid and error-free deployments.
Adopting containers in embedded systems facilitates code reuse across products and boards. Reusing code saves time and complexity, reducing the number of codebases. In addition, teams can automatically build containerized apps from multiple repositories when needed across different projects.
Because you can update faster and more often, you increase security across your entire fleet. Critical vulnerabilities (or CVEs) are quickly patched, reducing your IoT device fleet attack surface.
Iterating on and deploying more frequent application changes and updates leads to higher quality code with fewer bugs and improved performance. Automated CICD pipelines also provide an easy way to roll back and roll forward in the case of an update failure.
Updating more frequently also enables CSPs to deliver new services and features. More services and functionality allow for a better bottom line and better customer retention.