Skip to main content


Embedded Virtualization Powers Mixed-Criticality IoT Systems

As the Industrial IoT (IIoT) continues to expand, more and more systems need to run enterprise applications alongside real-time processes. But putting mixed-criticality workloads on a single device can compromise the determinism of industrial workloads. To overcome this, developers are adopting embedded virtualization technology.

Recap of Enterprise and Embedded Virtualization

Virtualization creates an abstraction layer that allows multiple virtual machines (VMs) to run on the same hardware. Programs within a given virtual machine behave as if they are running on dedicated hardware, with a hypervisor managing the shared hardware.

In enterprise environments, virtualization can improve flexibility and maximize resource utilization. Using symmetric multiprocessing (SMP) techniques, general-purpose OSs like Microsoft Windows or Linux can distribute workloads evenly across multiple, homogeneous cores or processors (Figure 1). Distributing applications in this way can increase compute density, reduce hardware requirements, lower power consumption, and cut maintenance costs.

Figure 1. Symmetric multiprocessing (SMP) spreads workloads across shared resources. (Source: Samson Richardson)

Another popular use of enterprise virtualization is to run different OSs in VMs. For example, the same physical system could run Windows, Linux, and macOS (Figure 2).

Figure 2. Virtualization allows different OSs to run on the same hardware. (Source: DynaSis)

Embedded virtualization for IIoT systems offers similar benefits to its enterprise counterpart, but implementing it comes with a more nuanced set of challenges.

To ensure safe and reliable operation, industrial processes are often managed by real-time OS (RTOS) or bare metal firmware. These workloads must be bound to dedicated hardware resources to ensure determinism, and also securely isolated from enterprise applications. At the same time, inter-process communication (IPC) with enterprise software is necessary to warrant the workload consolidation in the first place.

Unfortunately, SMP with OSs like Windows generates inherently non-deterministic management overhead when allocating core, memory, and I/O resources. This form of virtualization also can’t dedicate processor resources to deterministic industrial workloads.

Embedded hypervisors, on the other hand, can isolate workloads to specific hardware resources, but they also incur a performance penalty.

An alternative is to leverage asymmetric multiprocessing (AMP).

Asymmetric Multiprocessing for Mixed-Criticality Computing

AMP was designed to enable the scale of SMP but for systems with multiple, different processor architectures. A byproduct of AMP is that workloads can be assigned to a specific processor core or cores to maintain determinism, even systems based on a single processor architecture. (Figure 3)

Figure 3. Asymmetric multiprocessing allows developers to dedicate cores to specific workloads or processes. (Source: RTC Magazine).

On a multicore host processor, this means an AMP-enabled RTOS like TenAsysINtime for Windows and standard general-purpose OSs can safely coexist on the same IIoT system.

By modifying the Windows boot configuration, INtime partitions memory, I/O, interrupts, and other system resources so that a portion is exclusively reserved for the RTOS instance(s). Both OS types therefore run natively on their explicit cores, which enables determinism for industrial workloads while maximizing overall system performance (Figure 4).

Figure 4. TenAsys’ INtime for Windows uses an asymmetric multiprocessing (AMP) approach. (Source: TenAsys)

Still, IPC is a challenge for AMP-based virtualization architectures. The lack of shared memory prevents one OS from being the primary communications service for all system processes.

To circumvent this, INtime treats all system cores as IPC hosts, and uses “global objects” to communicate process information from instance to instance (Figure 5). Global objects can carry time synchronization, alarms, queues, and other information, and also share Windows resources like HMIs with RTOS cores.

Figure 5. TenAsys’ INtime for Windows uses global object messaging for inter-process communications. (Source: TenAsys)

Intel® processors incorporate hardware-assisted features like integrated memory management units (MMUs) and Intel® Virtualization Technology (Intel® VT-x) that simplify deploying technologies like INtime for Windows. Intel Atom®, Intel® Core, and Intel® Xeon® processors are available with a scalable number of cores, clock speeds, memory, and I/O to help developers meet their exact virtualization requirements.

Enable Industrial IoT with Embedded Virtualization

Through virtualization, IIoT designers can add enterprise functionality such as analytics, remote management, and IT security to industrial devices that were previously dedicated to tasks like motor control or power delivery. The insight enabled by the combination of IT and OT technologies opens the door to cost savings and potential revenue streams but requires a different approach to virtualization.

To ensure the safety, security, and reliability of embedded processes on IIoT systems, AMP is the virtualization architecture of choice. Through AMP, solutions like INtime for Windows and Intel processors can deliver the benefits of enterprise virtualization on technologies that industrial engineers trust.

About the Author

Brandon is a long-time contributor to going back to its days as Embedded Innovator, with more than a decade of high-tech journalism and media experience in previous roles as Editor-in-Chief of electronics engineering publication Embedded Computing Design, co-host of the Embedded Insiders podcast, and co-chair of live and virtual events such as Industrial IoT University at Sensors Expo and the IoT Device Security Conference. Brandon currently serves as marketing officer for electronic hardware standards organization, PICMG, where he helps evangelize the use of open standards-based technology. Brandon’s coverage focuses on artificial intelligence and machine learning, the Internet of Things, cybersecurity, embedded processors, edge computing, prototyping kits, and safety-critical systems, but extends to any topic of interest to the electronic design community. Drop him a line at, DM him on Twitter @techielew, or connect with him on LinkedIn.

Profile Photo of Brandon Lewis