Linux-based Virtualization for IoT Edge Devices

Linux-based Virtualization for IoT Edge Devices

November 27th, 2018

By Lynnette Reese, Editor-in-Chief Embedded Intel® Solutions, Embedded Systems Engineering

Linux containers, which enable virtualization anywhere, are now a standard tool in cloud development and deployment workflows. One company, balena, has harnessed all that container goodness for the embedded world in IoT, greatly improving reliability, power efficiency, and security in Edge devices.

Editor’s Note: Embedded Systems Engineering Editor-in-Chief Lynnette Reese (LR) interviewed Alison Davis Riddell; Director, Product and Commercial Strategy at (Note: balena recently changed its name from

At first glance, may seem like “just another company who works with IoT,” but balena provides a vital service for companies who want the benefits of the big data that IoT is driving but don’t have the time to mount the learning curve. By creating and managing the IoT infrastructure, lets developers concentrate on building IoT applications. The company’s expertise pays for itself as its customers avoid costly mistakes and the expense of building and maintaining an infrastructure while making it to market faster than the competition.

LR: What exactly does balena do?

Alison Davis Riddell is Director, Product and Commercial Strategy at balena. Founded in 2013 as (and adopting the name balena in 2018), the company is a pioneer in bringing container technology to constrained devices and IoT applications.

Alison Davis Riddell (ADR): We are an IoT infrastructure company. We provide tools for organizations to build, deploy and manage fleets of connected devices. The goal is to remove friction for fleet owners at every stage of their IoT projects.

Much of our offering is built around container technology, as we believe Linux containers are the best way to benefit from virtualization on embedded devices. We’ve adapted containers for the constrained operating environment of the edge, where users are faced with intermittent power, low-bandwidth connectivity, constrained memory and compute resources, heterogenous device fleets, and so forth. The benefits of using containers are numerous, including portability across platforms, minimal overhead, and more control for developers over how their code runs. Balena provides a platform for developers called balenaCloud, a container-based service for developers to build and deploy code and remotely manage fleets of connected devices [Figure 1].

Figure 1: Balena provides a platform for developers called balenaCloud. (Image: primer)

LR: How does Balena add value to connected Linux IoT devices?

ADR: Balena lets developers concentrate on building IoT applications, not creating and managing infrastructure. By using our platform, developers can get their projects to market faster and cheaper than if they had to build and maintain this infrastructure themselves. Once devices are deployed, IoT fleet owners can continue to grow and improve their project by seamlessly provisioning new devices, pushing frequent updates without fear of bricking their code, and monitoring the health of their fleet from anywhere in the world.

LR: Balena is known for widely contributing to open source tools. What are some of the open source projects balena has developed?

ADR: balena is the developer of:

  • balenaOS, which is a minimal Yocto Linux-based host operating system that’s packaged with balenaEngine;
  • balenaEngine, which is a lightweight, Docker-compatible container engine for IoT;
  • balenaEtcher is a tool we created to flash SD cards, device storage, and other media;


  • openBalena, which provides the open source building blocks of balenaCloud that can be used to host your own device deployment and management server.

LR: A customer’s first 10 IoT devices are free and “full-featured.” What does “full-featured” mean?

ADR: It’s important for us to maintain a low barrier to entry; to enable developers to try out our platform before committing as paying customers, or so they can use it for free for personal projects. So, every capability offered in balenaCloud is available at no cost on up to 10 devices, and there’s no limited trial period. To extend a project beyond 10 devices, a user simply moves up to a paid subscription plan. Otherwise, they can remain on a free plan for as long as they like.

Figure 2: Once your services are up and running, you can use the dashboard to monitor and interact with them. (Image:

LR: Zephyr is a small Linux OS intended for IoT. Does Balena support any Linux-connected device, or just the Yocto-based distro that balena provides?

ADR: For devices to work with balenaCloud, those devices currently need to run balenaOS, our Yocto-based distro. That said, developers can run the operating system of their choice from within their application container(s). We also provide many base images with several common Linux distributions to make this easier. To investigate this further, you can find out more at

All the code for balenaOS is open source, and balenaOS currently supports more than 30 device types from a common layer called “meta-balena,” which can be found on GitHub at

Support for each individual device type is then added in specific GitHub repos, such as for x86 devices

More details can be found at; a site that explains how our OS is designed to run Docker containers on embedded devices.

LR: How does balena use Docker containers?

ADR: We think virtualization is a great match for IoT devices. Virtualization enables features like isolating application failures and executing efficient updates, which are ideal for connected edge devices. Developers benefit from the friendliness and flexibility of cloud-native workflows, too.

LR: This sounds cloud-intensive, and containers are primarily associated with server-based applications. How does balena resolve the differences?

ADR: Since containers were originally designed for the datacenter, balena made required modification for use in the IoT ecosystem. For example, we support a wide variety of devices compared to the relatively homogenous world of cloud servers and desktop machines. To make updates more efficient in the field, we also reduced the size and build time of images to deal with the less reliable and more bandwidth-sensitive connectivity common to remote devices. We also worked to build in resiliency to interruptions from network or power failure, which isn’t a typical consideration in datacenters. You can learn more about how we use containers on our blog at

LR: Security is a very large concern for IoT. How does assist with security?

ADR: Balena primarily assists with security of devices by offering reliable, fast, over-the-air updates of everything from the bootloader on up to the user application, defending from all issues that are patched upstream. Our fine-grained permission system allows developers, operators, and device administrators to have access to relevant information while making sure they can only do what they have permissions to do. One core means for implementing this security approach is through API access control. To effectively explain how we handle security, which gets deep, we would need a very long discussion indeed. For a more detailed explanation, read about how we handle device access, run time management with VPN, support access, building images, and how we handle backend security at

Figure 3: Run Docker containers on embedded devices. balenaOS is a minimal OS ideal for running containers on embedded devices. BalenaOS supports almost 20 distinct device types, has a robust networking and provisioning story, emphasizes reliability over long periods of operation, and enables a productive developer workflow.

LR: Do containers benefit security?

ADR: Containers benefit security by isolating applications from the rest of the system and making it easy to use the latest sandbox technology of the Linux kernel like namespaces, seccomp, etc.

LR: Does balena work with Intel products? If so, which ones?

ADR: Yes! balena supports x86 IoT devices such as the Intel NUC. The balenaOS image for the Intel NUC is actually a generic x86 image and will usually “just work” on any x86 device.

LR: What type of application or enterprise would best benefit from balena’s model?

ADR: Anybody building and managing an IoT project can benefit from balena. Our customers span verticals and industries, including start-ups and large enterprises, from farms to factories, from energy to medicine, from real estate to robotics. If you’re deploying fleets of connected Linux devices, then balena is for you.

For specific real-world examples, see and

Contact Information


Seattle, WA,