Skip to main content

Embedded Virtualization Powers Mixed-Criticality IoT Systems

As the Industrial IoT (IIoT) continues to expand, more and more systems need to run enterprise applications alongside real-time processes. But putting mixed-criticality workloads on a single device can compromise the determinism of industrial workloads. To overcome this, developers are adopting embedded virtualization technology.

Recap of Enterprise and Embedded Virtualization

Virtualization creates an abstraction layer that allows multiple virtual machines (VMs) to run on the same hardware. Programs within a given virtual machine behave as if they are running on dedicated hardware, with a hypervisor managing the shared hardware.

In enterprise environments, virtualization can improve flexibility and maximize resource utilization. Using symmetric multiprocessing (SMP) techniques, general-purpose OSs like Microsoft Windows or Linux can distribute workloads evenly across multiple, homogeneous cores or processors (Figure 1). Distributing applications in this way can increase compute density, reduce hardware requirements, lower power consumption, and cut maintenance costs.

Figure 1. Symmetric multiprocessing (SMP) spreads workloads across shared resources. (Source: Samson Richardson)

Another popular use of enterprise virtualization is to run different OSs in VMs. For example, the same physical system could run Windows, Linux, and macOS (Figure 2).

Figure 2. Virtualization allows different OSs to run on the same hardware. (Source: DynaSis)

Embedded virtualization for IIoT systems offers similar benefits to its enterprise counterpart, but implementing it comes with a more nuanced set of challenges.

To ensure safe and reliable operation, industrial processes are often managed by real-time OS (RTOS) or bare metal firmware. These workloads must be bound to dedicated hardware resources to ensure determinism, and also securely isolated from enterprise applications. At the same time, inter-process communication (IPC) with enterprise software is necessary to warrant the workload consolidation in the first place.

Unfortunately, SMP with OSs like Windows generates inherently non-deterministic management overhead when allocating core, memory, and I/O resources. This form of virtualization also can’t dedicate processor resources to deterministic industrial workloads.

Embedded hypervisors, on the other hand, can isolate workloads to specific hardware resources, but they also incur a performance penalty.

An alternative is to leverage asymmetric multiprocessing (AMP).

Asymmetric Multiprocessing for Mixed-Criticality Computing

AMP was designed to enable the scale of SMP but for systems with multiple, different processor architectures. A byproduct of AMP is that workloads can be assigned to a specific processor core or cores to maintain determinism, even systems based on a single processor architecture. (Figure 3)

Figure 3. Asymmetric multiprocessing allows developers to dedicate cores to specific workloads or processes. (Source: RTC Magazine).

On a multicore host processor, this means an AMP-enabled RTOS like TenAsysINtime for Windows and standard general-purpose OSs can safely coexist on the same IIoT system.

By modifying the Windows boot configuration, INtime partitions memory, I/O, interrupts, and other system resources so that a portion is exclusively reserved for the RTOS instance(s). Both OS types therefore run natively on their explicit cores, which enables determinism for industrial workloads while maximizing overall system performance (Figure 4).

Figure 4. TenAsys’ INtime for Windows uses an asymmetric multiprocessing (AMP) approach. (Source: TenAsys)

Still, IPC is a challenge for AMP-based virtualization architectures. The lack of shared memory prevents one OS from being the primary communications service for all system processes.

To circumvent this, INtime treats all system cores as IPC hosts, and uses “global objects” to communicate process information from instance to instance (Figure 5). Global objects can carry time synchronization, alarms, queues, and other information, and also share Windows resources like HMIs with RTOS cores.

Figure 5. TenAsys’ INtime for Windows uses global object messaging for inter-process communications. (Source: TenAsys)

Intel® processors incorporate hardware-assisted features like integrated memory management units (MMUs) and Intel® Virtualization Technology (Intel® VT-x) that simplify deploying technologies like INtime for Windows. Intel Atom®, Intel® Core, and Intel® Xeon® processors are available with a scalable number of cores, clock speeds, memory, and I/O to help developers meet their exact virtualization requirements.

Enable Industrial IoT with Embedded Virtualization

Through virtualization, IIoT designers can add enterprise functionality such as analytics, remote management, and IT security to industrial devices that were previously dedicated to tasks like motor control or power delivery. The insight enabled by the combination of IT and OT technologies opens the door to cost savings and potential revenue streams but requires a different approach to virtualization.

To ensure the safety, security, and reliability of embedded processes on IIoT systems, AMP is the virtualization architecture of choice. Through AMP, solutions like INtime for Windows and Intel processors can deliver the benefits of enterprise virtualization on technologies that industrial engineers trust.

About the Author

Brandon is responsible for Embedded Computing Design’s IoT Design, Automotive Embedded Systems, Security by Design, and Industrial Embedded Systems brands, where he drives content strategy, positioning, and community engagement. He is also Embedded Computing Design’s IoT Insider columnist, and enjoys covering topics that range from development kits and tools to cyber security and technology business models. Brandon received a BA in English Literature from Arizona State University, where he graduated cum laude.

Profile Photo of Brandon Lewis