Galem KAYO
on 8 November 2020
Tech innovators use Linux to create intelligent devices for homes, factories, buildings, cities or vehicles etc… These things are deployed at the edge, in privacy sensitive or business critical environments. They require ever more compute to run ever smarter applications.
A Linux distribution engineered for embedded devices running highly intelligent applications at edge scale is overdue. Let’s discuss what it takes to get there.
Micro-servers, built on SoCs
Application processor SoCs are replacing the constrained chips embedded devices used to be built upon. These SoCs integrate multiple CPUs, GPUs, memory, and other capabilities like multimedia encoders/decoders, controllers (USB, BT, wifi) on the same chip.
These SoCs are powerful enough to run general purpose operating systems and applications. They provide advanced computing capabilities in small form factors, and at low price points. The result is a blurring of the line between embedded and general purpose computers.
Hence, embedded devices increasingly look like small servers built on top of smartphone chips. From the ops perspective, a fleet of smart devices is similar to highly distributed IT infrastructure. However, just like smartphones, the apps they run rely heavily on sensors. What’s more, the compute and storage they host are on par with desktop PCs.
What should a Linux then look like for embedded devices at the edge? Probably like a hybrid of embedded, mobile, desktop and server Linux distributions. Let’s survey what the key elements of an edge-first embedded Linux should be.
Workload isolation
Containers and virtual machines aren’t first class citizens on embedded Linux yet. This, although the Linux kernel enables a rich set of options for OS-level virtualisation like Snaps, Docker, LXC. This gap can be closed since most current SoCs can support container runtimes and hypervisors.
Containers and VMs are core to the cloud-native approach, which boosted developer productivity. Similar productivity gains are attainable at the edge, through decoupling of hardware and software.
Containers isolate workloads with their dependencies, so that apps can run independently from one another on the same system. They modularise software, to the benefit of composability and reuse. They also help automate software deployment.
On the other hand, virtualisation commodifies hardware. It drives the wedge between software and hardware deeper, enabling more of the value added to move to software. This drives more software-defined and app-centric hardware platforms at the edge.
Edge ops
Optimising Linux for the edge should entail designing for maintenance and repair. IoT devices are as distributed as desktop PCs. However, IoT devices may sit in difficultly accessible locations (a cell tower, a factory, etc…). Ergo, costly repairs and long downtime.
The economics of IoT device fleets are much harder than that of other classes of IT infrastructure. Data centers benefit from economies of scales through pooling. Distributed fleets of IoT devices don’t. Efficiency of maintenance and repair ops have a big impact on TCO and ROI.
What does cost-efficient ops then mean at the edge? First, remote operations seems imperative. Intervening manually on distributed devices can get expensive due to labor and downtime. Operators need advanced device management capabilities to perform unattended maintenance actions on their fleet.
Ops automation is even more relevant. The more devices can perform certain jobs automatically, the lower the TCO. Software updates, backups and auto-repairs make good targets for automation.
Immutable endpoints
Bluetooth, Wifi, LoRa, GPS, LTE and soon 5G, make it possible to operate distributed fleets of devices remotely. While networking introduces cybersecurity risks, these are reasonably understood and manageable with existing IT security best practices.
What’s new is that remotely distributed devices are mostly unattended. Therefore, they are physically accessible. Privacy sensitive data can be extracted from devices. Software can be more directly tampered with.
Modern embedded Linux should provide privacy and immutability by design, to mitigate these security risks. This means in-built encryption capabilities to protect data, tamper-proof disks, and software authentication. These capabilities are new sensible defaults for endpoint security.
Linux for the next billion devices
GNU/Linux has successfully evolved to embrace every new wave of computing technologies: desktop PCs, mobile devices, and the cloud. Judging by the pace of growth, the next wave will be dominated by IoT appliances. We build Ubuntu Core to deliver the right embodiment of Linux for the next wave.
IoT takes Linux to a new frontier: the physical world. At this frontier, we believe embedded Linux is at its best when secure, app-centric, and easy to operate at scale. Security drives trustworthiness. App-centricity unlocks developer productivity. Ease of operation drives TCO and ROI.
We will be discussing how Ubuntu Core implements these imperatives in a series of blogs, as we are nearing the release of Ubuntu Core 20.