From Cloud to Edge: How Atym is Democratizing Embedded Software for All Developers

If you’re a cloud-native developer like me, the thought of developing code for embedded devices and systems such as sensors, cameras, industrial controllers, IoT gateways, robots or vehicles has probably

never been front of mind. 

Embedded is a whole different world - mired with devices with limited resources, tight coupling of software to hardware, real time performance requirements, and more.  In many ways, embedded software is still developed today like server software was built in the late 90’s before VMware came along and started a trend that eventually led to containers and now Kubernetes.

The majority of developers don’t have embedded experience (with ~80% not knowing how to code in C/C++), but what if they could develop tiny, containerized apps for these types of devices in choice of programming language and deploy them as easily as pushing to production in the cloud?  This would provide these developers with an entirely new footprint for software-defined innovation that leverages the billions of devices that can’t support traditional containerization technologies like Docker.

Similarly, this capability would be a game-changer for embedded developers in terms of accelerating project schedules, simplifying cross-organizational collaboration, protecting IP, improving security, and streamlining updates in the field. This might all sound like fantasy, but it's becoming a reality for both camps based on the power of WebAssembly (Wasm).

Read on to learn more about how we at Atym are leveraging Wasm to completely redefine how developers of all backgrounds - cloud, AI, mobile, web, IoT and embedded - build and deploy apps for resource-constrained devices.  We’re blurring the lines between the cloud and the edge and enabling developers to do more without having to learn entirely new tool sets.

Containerization Changed Everything!

I have spent the last decade working in the cloud-native world, mainly in the industrial IoT space. Over that time, I have seen amazing progress in tooling and techniques to build, deploy, scale, observe, and debug these environments. It’s quite impressive to think back on that progress and how much easier it is to accomplish all those things today, compared to just 10 years ago. That’s not to say it’s a cake walk! It’s, of course, still quite challenging to do those things well.

Today teams can develop, test, and deploy applications faster using containerization, ensuring consistency across development, staging, and production environments. Through continuous integration and deployment (CI/CD) pipelines, releases become more reliable, enabling rapid iteration and faster time-to-market for new features.

Containers eliminate the classic "works on my machine" problem by packaging applications with all their dependencies. This ensures consistency, meaning CI/CD pipelines can confidently move the exact same containerized artifact through development, testing, staging, and production environments.

Containerizations also allows for faster workload provisioning and results in significantly faster feedback loops during all phases of a product’s lifecycle. Developers receive quicker feedback on code changes through automated testing in production-like environments, while faster deployment cycles mean features reach users sooner and issues can be identified and resolved more rapidly.

But many of these benefits haven’t historically extended beyond the cloud to the world of embedded development.

Embedded Development is Hard

Embedded development is difficult. Most embedded systems use microcontrollers, compared to the CPUs and GPUs leveraged by systems further up the edge to cloud continuum. Hardware constraints, such as limited processing power and memory, and the need for ultra-low power consumption, are all issues to contend with.

This means software must be highly optimized, with efficient algorithms and minimal computational overhead. Developers must understand hardware specifications, write device drivers, manage memory mapping, and handle many other nuances. The tight coupling between hardware and software in the form of firmware or embedded Linux creates integration challenges that don't typically exist in cloud-native development.

Debugging embedded systems is notoriously difficult due to limited tools and the inability to easily inspect system state during runtime. Traditional debugging techniques like print statements may not be feasible, and specialized hardware debuggers are often required.

Complicating things further, embedded systems often have long product lifecycles with strict certification requirements, making code maintainability and regulatory compliance ongoing challenges.

Macro Trends are Necessitating a Fresh Approach

If you work in the embedded world, you’re already aware of these challenges. Streamlining the embedded development process has been a “nice to have” for many years but brute force has predominantly prevailed. However, macro trends such as increasing device capability, on-device AI, and growing cybersecurity requirements (including the soon to be enforced Cyber Resilience Act) are now forcing organizations to completely rethink their approach to embedded development.

Take AI for example. Embedded devices have traditionally followed a “set it and forget it” model – do one thing well and be updated only when absolutely necessary (usually for security vulnerabilities). Adding local AI capabilities for real-time analysis of video, audio, or other sensor telemetry represents a fundamental shift in this paradigm.

First, AI models inevitably evolve over time as they are retrained and optimized.  Integrating the associated code into monolithic firmware and subsequently flashing entire devices to update models creates major challenges throughout the development and deployment lifecycle. Also, AI developers aren't typically skilled in building lower-level device drivers. They know Linux and Docker, not monolithic firmware. They code in languages like Python, Rust, and Go, not C or C++.

A universal device abstraction layer supporting containerized software would make it easier for embedded and cloud engineers to collaborate, with each of their contributions being able to exist on different lifecycles.  AI developers would greatly benefit from the ability to containerize their code and deploy to devices without having to worry about the complexities of the underlying hardware, just like they would in the cloud.  Meanwhile, embedded developers would be able to evolve their lower-level device functionality without affecting the application layer on top.

Introduction to Atym

Historically, the containerization paradigm and associated tooling have been out of reach for most of the embedded world, but we’re working to change that here at Atym! At the core of our solution is the central Atym Hub which represents the tooling, CLI, and optional UI that developers use to deploy and manage Atym containers on devices in the field at scale. 

The Atym Hub is designed to be leveraged by connected product OEMs who want to integrate the tooling with their own UI and backend systems using our comprehensive APIs. However, developers using Atym containers as an alternative to Docker on Linux can simply subscribe to the SaaS version of our Hub and start deploying containerized workloads, just like they would with a cloud service like Azure or AWS. The main difference is that in this case the target hardware is highly distributed in the field versus located in centralized data centers.

The Atym Hub works in concert with the on-device Atym Runtime. Powered by WebAssembly, it comes in two flavors: 1) the Atym Micro Runtime which integrates with the Zephyr RTOS and effectively becomes the firmware with containerized apps on top, and 2) the Atym Core Runtime, which runs on Linux as a service.

The Micro Runtime is ideal for containerizing apps running on MCUs in sensors, cameras, appliances, drones, robots, vehicles, and more.  Meanwhile, the Linux Runtime is a great fit for CPU-based routers, switches, industrial controllers, IoT gateways, set-top boxes, and digital signage sticks that have less than 2GB of memory.

Container binaries are portable across the two runtimes, unlocking entirely new efficiencies and capabilities for embedded development. 

While not the focus for Atym, you could technically run Atym containers in cloud services as tiny, high-performance functions with near-instant startup time.  We think we’re only scratching the surface of where this could go.

Rooted in Open Source

At the heart of the Atym Runtime is Ocre – an open-source container runtime for resource-constrained devices.  Ocre leverages WebAssembly  to support OCI-type application containers in a footprint ~2,000 times smaller than traditional Linux-based container runtimes. 

Atym contributed the original Zephyr-based version of Ocre to the Linux Foundation's LF Edge project in August 2024 so that Ocre could be evolved with vendor-neutral community governance. Recently, we contributed the Linux variant so that it too could be evolved in collaboration with the open source community.

WebAssembly provides a stack-based virtual machine with a compact binary format that's designed for fast loading and execution.  It offers near-native performance when AOT-compiled, while maintaining security through sandboxing and memory isolation. Originally created for web browsers, Wasm has evolved into a general-purpose runtime that can execute outside browser environments. It's increasingly used in server-side applications, edge computing, and embedded systems as a portable, secure runtime environment.  If you’d like to learn more about Wasm as an enabling technology, check out this two-part blog from Atym Co-Founder Stephen Berard.

Important to note is that the Ocre runtime is agnostic to underlying operating system. The community has already seen developers experimenting with ports to other RTOS versions such as FreeRTOS and NuttX. On the Linux front, we expect to see variants based on popular distributions such as Raspberry Pi OS, Ubuntu, and Debian, as well as Yocto-based builds.

“Cloudifying” Embedded Development

The following is an overview of the various benefits of Atym/Ocre containerization. These benefits will sound very familiar if you’re a cloud architect like me, but this is groundbreaking stuff in the embedded space – especially for microcontrollers!:

• Application Portability: Developers can write applications in high-level languages (C, C++, Go, Rust, Python, etc.) that compile to WebAssembly and run consistently across different hardware platforms.

• Enhanced Security: Leveraging Wasm’s sandboxed execution environment provides memory isolation and controlled access to system resources, crucial for security.

• Dynamic Loading: Applications can be updated or loaded at runtime without requiring full firmware updates, enabling over-the-air updates and modular system design.

• Resource Efficiency: The two versions of the Atym Runtime are optimized for resource-constrained environments, making it suitable for microcontrollers with limited memory and processing power and enabling developers to save hundreds of megabytes of memory on Linux machines when using it as an alternative to Docker.

• Development Flexibility: Teams can use familiar programming languages and tools while targeting embedded systems, bridging the gap between web and embedded development.

A Deeper Look into the Atym Hub

The Atym Hub provides the following facilities for secure management and orchestration of containerized software on edge devices:

• Ahead-of-Time (AoT) Compilation: Developers write code once and the Atym Hub performs AoT compilation to WebAssembly on the fly to optimize it for the specific instruction set of each target device during deployment. This write-once, deploy-anywhere approach eliminates the need to maintain separate codebases, ensures apps run with as near native performance as possible, and supports chipset-specific acceleration for advanced applications such as edge inference and ML.

• Fractional Updates: In contrast to monolithic firmware, the Atym Hub enables individual container updates — meaning smaller updates, faster delivery, shorter startup time, and lower risk. Updates deploy without reboots or downtime, making them ideal for mission-critical systems that can't afford service interruptions.

• Centralized Logging and Monitoring: Live container logs are available through the Atym Hub or can be streamed directly to your own logging infrastructure. No need to write custom loggers, fly blind, or drive out to a site for physical access — observability is built in.

• Unified DevOps: Atym containers are OCI-compliant and can live in the same repositories as Docker containers. The Atym Hub supports modern workflows with CLI tools, APIs, and CI/CD integrations. You can use the built-in container registry or bring your own. Developers can deploy directly through the Atym Hub or integrate and automate with their existing pipelines. Code releases can become more easily repeatable, testable, and scalable.

Demystifying Embedded

Early in my career I did product development for integrated circuits. Occasionally I would need to add some functionality to my test setup using an embedded device. Generally, these needs were highly specific and didn’t require me to get deep into the device details, but that experience did give me a glimpse into some of the challenges of embedded development.

Fast-forward to recently, when I leveraged the Atym Hub to program my first embedded device in nearly 20 years. I was amazed at the ease I experienced connecting a device to the Hub and deploying my first Hello-World Container!

I get a very familiar, cloud-native experience when developing and deploying my applications with Atym. Additionally, I have the advantage of choosing from many different programming languages. C/C++, Golang, and Rust are some of the mature options currently supported by Wasm, but many others are actively being worked on by the community.

The transformation I experienced - from struggling with embedded complexity to deploying applications with cloud-native simplicity - represents a fundamental shift happening across the industry. Just as containerization has revolutionized cloud development over the past decade, WebAssembly as a foundational technology, open source runtimes like Ocre, and commercial solutions like Atym are poised to do the same for embedded systems.

Blurring the Lines Between the Cloud and the Physical World

Historically, the embedded market has been an entirely different world than the cloud, web, and mobile spaces, but the lines are increasingly blurring. Operational Technology (OT) is converging with IT. Real-time systems are being deployed over wide area networks using time-sensitive networking. On-device AI necessitates close collaboration between developers with diverse skill sets.

These mashups are happening from two different trajectories, which we at Atym refer to as "cloud down" and "device up”. The benefits realized by each developer persona vary.

Developers approaching the intersection of embedded and IT systems from from the “cloud down” trajectory (this includes those from the AI, web and mobile spaces) are able to realize the following benefits with Atym:

• Save space when using Atym containers as an alternative to Docker, or pick a lower cost memory BOM, reduce power consumption, or lower thermal load  

• Innovate on entirely new solutions by being able to deploy tiny apps to microcontrollers without having to learn new workflows or how to program in C/C++.  An example here is edge AI.

• Improve security through Wasm’s strong sandboxing capabilities. Each Wasm module runs in its own isolated memory space, reducing security risks compared to Embedded Linux.

• Accelerate startup times and performance.  The small footprint of Atym containers makes them ideal for serverless functions and edge computing scenarios where quick cold starts and minimal resource usage are crucial.

For embedded developers approaching the intersection from a “device up” angle:

• Achieve cross-platform portability through a single Wasm binary that can run across different hardware architectures (e.g. Arm M and A-class, x86, RISV-V, ESP) and operating systems (both RTOS and Linux flavors). This dramatically simplifies deployment and maintenance across diverse hardware platforms.

• Increase productivity while still achieving performance and resource efficiency by re-using existing C/C++ code together with other high-level languages and modern tool chains.

• Protect IP when collaborating on solutions with external partners by sharing containerized binaries instead of raw source code.

• Improve security over traditional firmware and embedded Linux through robust application sandboxing with granular permissioning for intercommunication with each other and the outside world.  The Atym Micro Runtime effectively creates a “soft MMU” function for MCUs, providing each app with dedicated memory space.  This is compared to traditional firmware where all code shares the device’s memory space, and any single flow can compromise the entire device and give hackers access to the network.

• Update individual containers over-the-air without having to reboot devices. This fractional update capability is groundbreaking stuff in the MCU space which has historically involved monolithic firmware that requires a full recompile and retest for any single changes!

In Summary

As devices become more capable and virtualization technologies like WebAssembly enable binary portability spanning CPUs and MCUs, the historical barriers between cloud and embedded development are set to dissolve.

Embedded developers can focus on solving business problems rather than wrestling with the traditional challenges of firmware and embedded Linux. Cloud developers working on edge solutions can reclaim hundreds of megabytes of memory compared to Docker, enabling them to build more complex apps or save on BOM costs or power consumption. Despite coming down in cost over the years, memory isn’t free. What could you do with a few hundred extra megabytes of memory at your disposal?

Alternatively, cloud engineers can take advantage of the billions of MCU-based devices in the physical world as an entirely new addressable footprint for software-defined innovation, without having to learn new tool sets. 

Ultimately, the question isn't whether this transformation will happen - it's whether your organization will help lead it or be left behind. If you’d like to learn more, drop us a line here at Atym or check out Ocre on GitHub to gets hands on with the open-source foundation powering this revolution.