TechXchange: Hypervisors, Containers, and Virtual Machines

Building embedded system software can be challenging given the wide range of constraints from the amount of available memory to hardware security capabilities. Technologies like hypervisors, containers, and virtual machines (VMs) can make this task easier by providing isolation between software components. The content in this TechXchange focuses on the different approaches to application and operating-system isolation and security.

We're interested in what environment you're targeting now with respect to virtualization and containers. Take our quick poll and see what others are using.

Go to Table of Contents

Virtualization vs. Containers

There are many ways to provide isolated software environments depending on the hardware available plus the security and performance requirements of the application. Hardware virtualization tends to be the most secure, but it requires additional hardware found in higher-end processors that's often missing in microcontrollers.

Articles in this section look at the different approaches, including hardware virtualization, containers with and without operating-system support, and embedded language environments like Java and Python that utilize software VMs.

Go to Table of Contents

Hypervisor and Virtual-Machine Architectures

Virtual machines and hypervisors can be supported in more than one way. These articles explore these approaches, especially for embedded applications.

Go to Table of Contents

Languages and Virtual Machines

While it's possible to build VMs for programming languages like C and C++, the results aren't necessarily useful or as secure as one might like simply due to the limited boundaries of the languages.

On the other hand, some high-level languages like Python and Java can be used with interpreted software- or compiler-based VMs that limit the access of applications within the confines of the language specification. These articles and videos examine what's available and the ensuing tradeoffs.

Go to Table of Contents

Containers, Interpreters, and Kernel Architectures

Containers provide software isolation within an operating system or operating environment. This can be done using compiler technology to make sure the application can't exceed the limits of the virtual machine. These articles look at the different implementations and approaches available to embedded developers.

Go to Table of Contents

Virtualization, Containers, and Security

One reason for using virtualization or containers is to improve security. Isolating applications can help reduce platform-level threats, but developers need to understand the details as well as the types of attacks that can be perpetrated. These articles examine aspects of system security, isolation guarantees, and attack surfaces, as well as common misconceptions about security.

Go to Table of Contents

Virtual-Machine and Container Environments

This section looks at some implementations of VMs and container environments for embedded applications. One area where virtualization has taken off is in the automotive space and particularly software-defined vehicles (SDVs).

Go to Table of Contents

I/O Virtualization

I/O virtualization is typically associated with hardware virtualization. It can isolate the application from the underlying hardware as well as enable sharing of a single device among different VMs in a transparent fashion. For example, a single Ethernet adapter can connect all of the VMs on a machine to the network.

Different approaches exist, such as single-root I/O virtualization (SR-IOV) and VirtIO. Articles in this section explore the I/O side of things. Containers and software VMs don't have to contend with these details as I/O is typically part of the software support provided to the isolated applications.

Go to Table of Contents