Tech innovators use Linux to create intelligent devices for homes, factories, buildings, cities or vehicles etc… These things are deployed at the edge, in privacy sensitive or business critical environments. They require ever more compute to run ever smarter applications.

A Linux distribution engineered for embedded devices running highly intelligent applications at edge scale is overdue. Let’s discuss what it takes to get there.

Micro-servers, built on SoCs

Application processor SoCs are replacing the constrained chips embedded devices used to be built upon. These SoCs integrate multiple CPUs, GPUs, memory, and other capabilities like multimedia encoders/decoders, controllers (USB, BT, wifi) on the same chip.

These SoCs are powerful enough to run general purpose operating systems and applications. They provide advanced computing capabilities in small form factors and at low price points. The result is a blurring of the line between embedded and general purpose computers.

The BCM2835 SoC at the heart of the Raspberry Pi

Hence, embedded devices increasingly look like small servers built on top of smartphone chips. From the ops perspective, a fleet of smart devices is similar to highly distributed IT infrastructure. However, just like smartphones, the apps they run rely heavily on sensors. What’s more, the compute and storage they host are on par with desktop PCs.

What should a Linux then look like for embedded devices at the edge? Probably a hybrid of traditional embedded, mobile, desktop and server Linux distributions. Let’s survey what the key elements of an edge-first embedded Linux should be.

Workload isolation

Containers and VMs aren’t first class citizens on embedded Linux yet. This, although the Linux kernel enables a rich set of options for OS-level virtualisation like Snaps, Docker, LXC. This gap can be closed since most current SoCs can support container runtimes and hypervisors.

Containers and VMs are core to the cloud-native approach, which boosted developer productivity. Similar productivity gains are attainable at the edge, through decoupling of hardware and software.

Containers isolate workloads with their dependencies, so that apps can run independently from one another on the same system. They modularise software, to the benefit of composability and reuse. They also help automate software deployment.

On the other hand, virtualisation commodifies hardware. It drives the wedge between software and hardware deeper, enabling more of the value added to move to software. This drive more software defined and app-centric hardware platforms at the edge.

App-centric industrial control platform from Bosch Rexroth

Edge ops

Optimising Linux for the edge should entail designing for maintenance and repair. IoT devices are as distributed as desktop PCs. However, IoT devices may sit in difficultly accessible locations (a cell tower, a factory, etc…). Ergo, costly repairs and long downtime.

Repair operation on industrial IoT devices (source: Bosch)

The economics of IoT device fleets are much harder than that of other classes of IT infrastructure. Data centers benefit from economies of scales through pooling. Distributed fleets of IoT devices don’t. Efficiency of maintenance and repair ops has a big impact on TCO and ROI.

What does cost-efficient ops then mean at the edge? First, remote operations seem imperative. Intervening manually on a distributed devices can get expensive due to labor and downtime. Operators need advanced device management capabilities to perform unattended maintenance actions on their fleet.

Device ops automation is even more relevant. The more devices can perform certain jobs automatically, the lower the the TCO. Software updates, backups and auto-repairs good targets for automation.

Immutable endpoints

Bluetooth, Wifi, LoRa, GPS, LTE and soon 5G, make it possible to operate distributed fleets of devices remotely. While networking introduces cybersecurity risks, these are reasonably understood and manageable with existing IT security best practices.

New sensible defaults for endpoint security

What’s new is that remotely distributed devices are mostly unattended. Therefore, they are physically accessible. Privacy sensitive data can be extracted from devices. Software can be more directly tampered with.

Modern embedded Linux should provide privacy and immutability by design, to mitigate these security risks. This means in-built encryption capabilities to protect data, tamper-proof disks, and software authentication. These capabilities are new sensible defaults for endpoint security.

Linux for the next billion devices

GNU/Linux has successfully evolved to embrace every new wave of computing technologies: desktop PCs, mobile devices, and the cloud. Judging by the pace of growth, the next wave will be dominated by IoT appliances. We build Ubuntu Core to deliver the right embodiment of Linux for the next wave.

IoT devices taking over (source: Ericsson)

IoT takes Linux to a new frontier: the physical world. At this frontier, we believe embedded Linux is at its best when secure, app-centric, and easy to operate at scale. Security drives trustworthiness. App-centricity unlocks developer productivity. Ease of operation drives TCO and ROI.

We will be discussing how Ubuntu Core implements these imperatives in a series of blogs, as we are nearing the release of Ubuntu Core 20.

Similar Posts