Atym Runtime
The Atym Runtime is the on-device execution layer of the Atym platform. It runs on each edge device and is responsible for executing application containers, enforcing isolation and security boundaries, and abstracting differences in hardware and operating systems. Together with the Atym Hub, the runtime enables centralized management while preserving reliable, autonomous operation on the device.
Atym provides two primary runtime variants to address different classes of edge hardware:
-
Atym Zephyr Runtime - Designed for microcontroller-based systems, the Zephyr Runtime integrates directly with the Zephyr RTOS and effectively serves as the device firmware.
-
Atym Linux Runtime - Designed for embedded Linux systems, the Linux Runtime runs as a system service and provides a lightweight alternative to traditional container engines.
These two runtime variants share the same application execution and management model, allowing applications to be built, packaged, and operated consistently across both variants. This enables teams to target a broad range of edge hardware—from deeply constrained MCUs to embedded Linux systems—without adopting different development or operational workflows for each environment.
Runtime Architecture and Foundation
At the core of the Atym Runtime is Ocre, an open-source, WebAssembly-based container runtime hosted by the Linux Foundation and governed by a vendor-neutral community (see the Ocre project). Ocre provides the foundational container execution and isolation capabilities used by both runtime variants.
Atym builds on this foundation by integrating Ocre directly into the Zephyr and Linux runtimes and extending it with additional components required for enterprise-grade edge deployments. These extensions enable secure device onboarding, runtime integrity, lifecycle management, and seamless coordination with the Atym Hub—capabilities that go beyond a standalone container runtime.
Together, Ocre and Atym’s runtime extensions provide a production-ready execution environment that balances open standards and community governance with the operational requirements of large-scale, mission-critical edge systems.
Atym Runtime Capabilities
At a high level, the Atym Runtime provides the following capabilities on each device:
-
Application Execution and Isolation - Executes containerized workloads in a sandboxed environment with strong memory isolation and controlled access to device resources.
-
Device Lifecycle and Connectivity - Manages device startup, configuration, and secure communication with the Atym Hub, while maintaining autonomous operation if connectivity is interrupted.
-
Container Lifecycle Management - Oversees container creation, execution, updates, and termination using a well-defined and predictable execution model that supports safe, incremental updates.
Together, the Atym Hub and Atym Runtime form a complete, enterprise-grade platform for managing containerized applications on resource-constrained edge devices.
Platform Architecture Overview
Both the Zephyr and Linux runtime variants share a common architecture above a platform abstraction layer. This shared architecture provides a consistent execution environment, application lifecycle, and developer experience across devices, regardless of the underlying operating system or hardware.
Above the abstraction layer, common runtime elements provide container execution, isolation, and system interfaces. Below it, each runtime integrates with the native capabilities of its target platform. For microcontroller-based devices, this integration is provided by the Zephyr RTOS. For Linux-based systems, the runtime integrates with the host operating system and distribution.
This layered approach allows Atym to present a uniform programming and execution model to applications while accommodating the unique constraints and capabilities of different device classes.