登録

HOT TOPIC: VIRTUALIZATION

Virtualization in Embedded and Communications Devices

Edwin Verplanke
Platform Architect
Intel® Intelligent Systems Group

Embedded usage models span a variety of devices, including IP media phones that deliver Internet and media content, industrial robotics systems incorporating real time control functionality with general purpose operating systems supporting GUI interfaces, all the way up to high-end communications infrastructure devices for control, data-plane and services processing.

Why would we want to deploy a virtualization solution in any of these devices? The answer can be summed up in two words: flexibility and isolation.

Intel® vPro technology

Intel® Virtualization Technology (Intel® VT)  is an ingredient of Intel® Xeon® and Intel® Core™ vPro™ processors, and it is supported by certain Intel® Atom™ processors.

Many of these devices support a mix of functions, and traditional designs typically involve a dedicated CPU for each. By abstracting execution environments from underlying hardware, Intel VT helps the hypervisor, or virtual machine monitor (VMM), flexibly consolidate multiple workloads on a single device to optimize power footprint and cost.

It is also important to note that guest operating systems can run without any modification, each in its own virtual machine (VM) which makes it easy to flexibly migrate execution environments from a legacy embedded device to a new device.

Intel VT includes a set of hardware extensions (known as Intel® VT-x) that speeds up the transfer of platform control between the VMM and guest operating systems. It uses hardware assist to trap and execute certain instructions on behalf of guest operating systems, relieving the VMM of such duties.

By isolating virtual machines from each other, virtualization also lets us run real-time and general-purpose operating systems and software concurrently on a single device. Each OS runs in its own isolated and secure virtual machine, without interference from other execution environments.

Intel® Virtualization Technology for Directed I/O (Intel® VT-d) makes it possible for the VMM to securely assign specific I/O devices to specific guest operating systems. Each device is given a dedicated area in system memory that can be accessed only by the device and the designated guest operating system.

This capability is implemented through the integrated DMA remap engine (IOMMU). In addition to the remap capabilities it also provides functionality such as interrupt remapping, and it can generate a fault during an erroneous DMA transaction. For instance if a device attempts to target an area of memory that has not been assigned to this device interrupts can be generated and the VMM can terminate this transaction.

To see how virtualization works, let’s look at three devices, a media phone, a factory automation system and a communications appliance.

IP Media phone

An IP media phone is a multipurpose device that combines call services with Internet-based applications, rich media such as video and personal productivity applications.

In a typical use case, a user will need to take an incoming voice call while the device simultaneously processes video content from the Internet. In traditional designs, the media phone requires a dedicated  processor to deal with call services, and a separate processor to handle more general purpose kinds of processing such as the user interface, calendaring and media-related applications. Virtualization enables us to consolidate both workloads on a single processor. 

Appliances like media phones need a small-footprint VMM to isolate the critical VM partition that hosts the phone application from the VM that hosts the general purpose processing. The hardware assist capabilities of Intel VT-x help keep the VMM small and minimize overhead.

The VMM ensures real-time capability and Quality of Service (QoS) and assigns CPU resources to a particular VM. The hypervisor ensures that processes that require real-time execution are not interrupted by other processes. In multi-core designs, VMs may be assigned to specific cores to ensure execution.

Factory automation

Industrial systems typically have real-time requirements, such as critical process control applications, but they also could benefit from closer integration with the factory’s IT network.

Traditionally, this dual role would require two separate processors, each running a separate operating system. Using Intel VT extensions and a multi-core Intel processor, device designers can now consolidate both platforms into one power-efficient and compact device.

The real-time OS handles automated processes, while the general-purpose OS, such as Linux* or Windows*, supports support the graphical human-machine interface and potentially communicates data with back-end IT systems. This virtualized architecture provides factory operators with a data that offers them new levels of visibility into plant operations, while at the same time protecting security and maximizing uptime of mission-critical control systems.

As already mentioned, industrial control equipment requires determinism, where performance is measured by low interrupt latencies. The RTOS and general purpose OS (Linux* or Windows*) are consolidated on a multi-core platform using shared system memory resources. 

Communications appliances

High-end communications appliances are increasingly called upon to support control-plane, data-plane and digital signal processing, not to mention application processing associated with IP services.

Delivering network services with great flexibility and ensuring high availability are just two examples of how virtualization can be used in communications. In addition to open source VMMs such as Xen* and KVM*, there are many hypervisor solutions available from providers within the ecosystem that are optimized for high availability QoS and security.

A particular growth area for virtualization is the consolidation of base stations, which offers service providers the ability to conserve power during periods with low call volumes.

Communications appliances require multiple instances of real-time and general purpose operating systems to support scalability, RAS (reliability, availability and serviceability) and fail-over capability. In addition, there are many other requirements that virtualization can address:

We have looked at three examples of the many use cases where Intel vPro technology, incorporating Intel VT, provides the combination of isolation and flexibility needed to make embedded and communications devices more versatile and energy-efficient. 

To learn more, investigate one of the open source VMM solutions, or discuss your specific requirements with your hypervisor vendor.