How MIPS virtualization for gateways brings business benefits to operators.
The “Internet of Things” promises to make everyone’s lives simpler and easier. However, the abundance of IoT devices now being introduced to our homes is already beginning to become unmanageable. IoT devices are often accompanied by an IoT hub – essentially a small gateway, whose sole purpose is to act as a base station for the particular radio standard used by said IoT devices – and this connects directly to the existing home gateway. This requirement for yet more hardware presents a daunting challenge for operators and service providers alike: it complicates the home setup, often confuses consumers and ultimately becomes unsustainable. In this post, I will examine the impact of IoT on the home gateway and introduce a new architectural approach that helps solve many of the challenges while providing operators with more flexible gateways that drive new business opportunity.
The inevitable truth of home IoT networking
Consider a typical home network topology today. Invariably, there’s a home router or gateway as the central hub of the network, whose primary task is to multiplex connections to the broadband service and provide one or more Wi-Fi networks for wireless devices to access the Internet. It’s a simple configuration. But Wi-Fi is not the only wireless communication standard and indeed is usually considered too heavyweight – either in bandwidth or power consumption – for a majority of IoT devices such as sensors and actuators. Instead, these utilise more appropriate standards such as ZigBee, Thread or Bluetooth. While it is true that the more advanced home gateways are now integrating these additional radio standards, this isn’t commonplace and instead, operators have no option but to supply some form of IoT hub to supplement the necessary connectivity.
It’s an easy solution, but this ultimately results in several IoT hubs connected to the home router. This not only increases the amount of hardware in the home, is environmentally unfriendly and potentially confusing for the consumer, but it also creates the potential for unreliable connectivity due to overlapping networks: after all, there’s no guarantee that two different IoT hubs won’t be using the same radio frequencies and networking protocols. Even if you alleviate the impact in your own home, there’s no control over the neighbours’ IoT network.
The integration challenge
Relocating that hardware – more specifically the radio technology – into the home gateway is relatively straightforward: it’s reasonably inexpensive to integrate and software-defined radio provides a very elegant solution. Indeed, Imagination offers advanced radio technologies, such as our Ensigma wireless communication cores, that enable SoC vendors to build cost-effective home gateway chips that integrate all the popular radio standards.
More daunting is the massive software integration task this creates. Diverse IoT ecosystems must now be combined within the gateway, each based on multiple standards, each with their own resource requirements, perhaps using dissimilar operating systems. Factor in the extended development time due to quality assurance and testing, and you have a formidable engineering challenge to resolve. The difficulty is in creating a secure environment in which all these IoT services can coexist while running independently and without detriment to the essential core functionality of the home gateway.
The answer is a new architecture: one that is flexible enough to enable all use-cases, for which it is easy to develop software; that is simple to test and validate; extensible so as to offer new services and one which also provides enhanced security. What we need is virtualization.
Enter a virtualized world of possibility
Virtualization has been employed in the enterprise server market for many years with the notion that a single server can run multiple software environments and services simultaneously, and by doing so reduce the associated running costs and capital expenditure on the hardware. Imagination has taken the concept further and applied the same principals to embedded SoCs: virtualization is available across the full range of MIPS processors. MIPS CPUs offer full hardware-enforced virtualization, where the chip itself provides all elements necessary to securely boot the system and maintain several virtualized environments, each completely isolated from one another, backed by supremely fast context-switching to maintain throughput across all IoT applications.
In a virtualized system a privileged piece of code called the hypervisor is run in place of the native operating system. This is established through the usual mechanisms of secure boot managed by hardware-enforced root-of-trust, which guarantees that the hypervisor is the first trusted code to execute on the processor. The hypervisor manages access to all processor cores and resources in the system including the radio communications engine and external memory. It enables the creation of virtual machines, or “containers”, each running an independent software environment secure and isolated from the rest of the system, and each behaving as if it had direct access to the underlying hardware and memory subsystem.
In the context of a home gateway, this architecture allows for the essential core gateway software to run in its own container. The system can then introduce additional containers for IoT services, each of which is secure and isolated from every other service and all of which believe they are running natively on the hardware. This means that services can use disparate operating systems, whichever are appropriate. They no longer have to use a common kernel or driver set, so could be running different versions of Linux or even a real-time operating system (RTOS). These can each run alongside the existing services unaltered with no requirement to port them to a common operating system.
A real-world example
In our example, we have the core gateway software running securely in its own virtualized environment. The second container manages a home security system based upon a RTOS. The third container provides a home control service, such as smart lighting or heating. Access to the radio resources on the gateway (be this Wi-Fi, ZigBee, Bluetooth, etc.) is multiplexed by the hypervisor and this enables services to use single unified radio frequencies to improve utilisation of the radio spectrum.
The architecture is flexible and extensible: notably, the broadband (operator) side of the gateway can be maintained separately from the home Wi-Fi and IoT networks. This affords an opportunity for firmware updates on either side, while the gateway remains operational. New IoT services may be introduced without interrupting existing services running on the gateway; likewise, service updates can be achieved on a per-container basis without needing to reboot the entire system as a whole, so operators can maintain service continuity during the upgrade.
Win-win for gateway manufacturers and operators alike
Virtualization encourages software to be modularised. This significantly reduces engineering development costs, while minimising quality assurance and testing, both of which deliver a time-to-market advantage. More usefully, the huge software integration task presented by absorbing IoT services into the home gateway is largely avoided: software that ordinarily would be deployed on the IoT hub can instead be executed on the home gateway in its own container with access to the radio communication technology, just as if running on dedicated hardware. Moreover, those essential core functions of the gateway remain in their own protected domain so, in the unfortunate instance where a service is compromised through insecurity, there’s no way to pivot across into other domains and disrupt the operation of the gateway or other services running on it.
From the operator perspective, the virtualized gateway offers a broader choice of IoT services. No longer do they need to select their IoT partners in advance before embarking on a lengthy integration effort with their chosen gateway vendor. Instead, they may choose third-party service providers at any point during the lifetime of the gateway by adding IoT software containers into the existing equipment instead of using IoT hubs, even if already deployed in the home environment. Of course the gateway must have all popular radio communications networking technology pre-integrated, however, the benefits of an operator being able to effectively control those networks, multiplexing radio frequencies to improve spectrum utilisation and deliver total reliability, quickly outweighs the up-front costs of integration.
In conclusion, virtualization of the home gateway provides tangible advantages from both engineering and commercial standpoints. Virtualized architectures lead to simpler deployments with faster time-to-market, a broader selection of third-party services with a reduction in overall costs. Moreover, it delivers a single unified gateway that is managed exclusively by the operator, placing them in control of all services, leading to increased customer choice and satisfaction.
So there you have it: truly scalable and sustainable home IoT deployments delivered through a new generation of home gateways, all harnessing the innovation within MIPS processors.