Evolving Container to Unikernel for Edge Computing and Applications in Process Industry

: Industry 4.0 promotes manufacturing and process industry towards digitalization and intellectualization. Edge computing can provide delay-sensitive services in industrial processes to realize intelligent production. Lightweight virtualization technology is one of the key elements of edge computing, which can implement resource management, orchestration, and isolation services without considering heterogenous hardware. It has revolutionized software development and deployment. The scope of this review paper is to present an in-depth analysis of two such technologies, Container and Unikernel, for edge computing. We discuss and compare their applicability in terms of migration, security, and orchestration for edge computing and industrial applications. We describe their performance indexes, evaluation methods and related ﬁndings. We then discuss their applications in industrial processes. To promote further research, we present some open issues and challenges to serve as a road map for both researchers and practitioners in the areas of Industry 4.0, industrial process automation, and advanced computing.


Introduction
Industry 4.0 represents a new industrial revolution, enabling suppliers and manufacturers to leverage new technologies, i.e., Internet of Things (IoT), Big Data analytics, Edge Computing, Cloud Computing, and Cyber-Physical Systems to improve various processes ranging from wafer fabrication and electronic manufacturing to oil refinery and pharmaceutical production [1]. It promotes the development of manufacturing towards informatization, digitalization, and intellectualization. Edge computing and cloud computing play an important role in realizing the vision that industry 4.0 promises. In particular, edge computing can handle the data locally and provide delay-sensitive services. Cloud computing can deal with large-scale aggregated data, e.g., data mining, training of deep learning models, in different applications of industrial processes. Virtualization technologies are key elements of edge computing and cloud computing.
Virtualization technologies have been in use for years. It makes large expensive mainframes of computing easily shared among different user applications. It can enable users to run multiple operating systems on a single physical server. In this physical server, each operating system runs as a self-contained computer [2]. Virtualization is becoming increasingly important in different scenarios (e.g., computing, storage, and networking). It can improve system efficiency, reliability, and availability, reduce cost, and provide great flexibility to users. In order to be shared over diverse applications, the virtualization of Information Technology (IT) infrastructure enables the consolidation and pooling of IT resources. It abstracts physical computing resources logically, producing a computing environment that is not limited by the configuration and architecture of physical hardware [3]. It is the creation and orchestration of small virtual computational chunks in the form of an abstract computing platform. Virtualization technologies are widely used in cloud computing [4,5], which can offer an efficient method to harness the cloud power by fragmenting a cloud physical host into small manageable virtual portions [6]. They make cloud computing services simple, convenient, and cost-effective. Hypervisor (e.g., VMware and VirtualBox [7]) has been widely used in hardware virtualization of cloud computing. However, there are some problems, such as high resource overhead [8], long start-up time [9], and large attack surface [10,11]. To overcome its disadvantages, lightweight virtualization technology (e.g., Container and Unikernel) with fast deployment and high efficiency is now applied to cloud computing and edge computing [12,13]. Docker container [14] is gaining great attraction in the IT community, since it allows users to deploy applications in most environments faster and more efficiently than using virtual machines (VMs). Container can use only one kernel for multiple isolated environments or operation systems. Containerbased application virtualization is viewed as an appropriate isolation solution with less overhead than VMs. Container has several advantages, e.g., rapid development, portability across different machines, and simplified maintenance [14]. They solve the problems of traditional VMs. As a result of their ease-of-use and performance enhancements, such containers as Docker [15], OpenVZ [16], and Linux Container (LXC) [17], are being widely adopted in industry, academia, and other scientific communities. Undoubtedly, Containerbased virtualization delivers a lightweight and efficient environment, but raises some security concerns as it allows an isolated process to utilize an underlying host kernel [18]. Moreover, Docker container is not suitable for IoT applications with frequent interaction of small data and resource-constrained IoT devices [19].
In order to solve the problems of VMs and the low security of Container in the applications, Madhavapeddy et al. propose a lightweight virtualization technology called Unikernel [20]. It has high level security, simplified architecture, and high efficiency. In addition to its container features, it can take full advantage of the resource management and isolation techniques of Hypervisor to provide high-level security. It can also be deployed directly on bare metal hardware without any system dependencies, which is beneficial to the application of an edge computing paradigm in IoT scenarios. Hence it promises to be a virtualization technology beyond containers. Edge computing is an extension of cloud computing at the edge network [21], and it promotes the IoT development. Lightweight virtualization technology is a key to facilitating the realization of edge computing. This paper focuses on the research and applications of lightweight virtualization technology, Container and Unikernel, in edge computing. In Section 2, the research and applications of Container for edge computing are summarized. The applicability of Unikernel for edge computing are illustrated and the comparison between Container and Unikernel is depicted in Section 3. We describe the evaluation metrics and results of lightweight virtualization technologies in Section 4. The applications of Container and Unikernel to industrial processes are discussed in Section 5. Open issues related to lightweight virtualization technologies are analyzed in Section 6. The conclusion of this review paper is concluded in Section 7.

Container for Edge Computing
Container-based virtualization can be considered as one of the lightweight alternatives to Hypervisor-based virtualization. Traditional VMs has been applied for a decade in cloud computing with resource virtualization and isolation. VMs are based on Hypervisor, which operates at the hardware level and supports standalone VMs. In each VM instance, a full operating system (OS) is installed on top of the virtualized hardware. Thus, the image files of based on VMs are large and its overhead is non-negligible.
Container avoids the virtualization of hardware and drivers [22]. It implements the virtualization at the OS level. It shares the same OS kernel with the host machine, making it possible to isolate standalone applications that own independent virtual network interfaces, independent process space, and separate file systems. The shared kernel feature allows Container to run a higher density of virtualized instances with small image volume on a single machine. Docker Container is popular and has achieved much more practical use recently, which is a high-level platform. It introduces a container engine, which allows easily one to build, run, manage, and remove containerized applications. It has been widely used for deployment, live migration, orchestration, and isolation of applications in edge computing. A large number of container applications are managed by different orchestration tools and cluster managers such Google Borg, Docker Swarm Manager, and Kubernetes [23]. To realize the resource management of edge nodes with relatively low computing power, Park et al. [24] propose a method of dynamic container layer replacement for a serverless architecture-based Function-as-a-Service, considering a resource-limited environment on edge nodes. Its experimental results show that it can improve boot-up latency by using their proposed method, and provide faster service than container creation. The boot-up latency of the proposed method is lower than that required to create the container. The smaller the size of the dynamic container, the much lower the boot-up latency. Mendki [25] uses Docker container-based analytics services to process the data locally in edge computing. Their feasibility is verified by setting up a deep learning framework on Raspberry Pi for real-time analysis of surveillance video. Its performance benchmarking shows that its overhead is negligible in terms of central processing unit (CPU) processing compared with the bare metal deployment. Deploying the analytics solution in Docker container can provide ease of service management and orchestration for edge nodes. Anand et al. [26] use Docker container to deploy a practical, edge analytics framework in resources-constrained heterogenous environments. It provides an agnostic logical abstraction layer residing over existing hardware and software layers enabling ease of orchestration. Through the framework and use case, it demonstrates how to employ an edge analytics framework that integrates existing systems agnostically and seamlessly.
To solve the problems of live migration for offloading services in mobile edge computing environment, Ma et al. [27] propose an edge computing platform architecture, which uses Docker container to support seamless migration of offloading services. In contrast to the state-of-the-art service handoff method in edge computing, the system yields 80 percent (56 percent) reduction in handoff time under 5 Mbps (20 Mbps) network bandwidth conditions. In edge computing, virtualized resources can support and enhance service provisioning. However, migration of edge-enabled services poses significant challenges in the edge computing environment. Bellavista et al. [28] propose an edge computing platform architecture that supports service migration through Docker Container among heterogeneous edge devices. Their experimental results confirm that proactive migration can significantly minimize the service downtime in the case of layered services, by imposing a very limited overhead on the overall support infrastructure. Other studies [29][30][31] use Container for live migration in a mobile edge computing environment, which can reduce the service downtime to ensure the quality of services (QoS) for users. In terms of security concerns in edge computing, Maurantonio et al. [32] discuss the security of Container in different application scenarios, e.g., Augmented Reality, Smart Home, Smart Cities, E-health, and smart factories. Container can leverage the flexibility given by the additional layers between application images and hardware to provide seamless patching, and ease the need for updates. It is less vulnerable to be attacked than Real Time Operating System (RTOS). Soltesz et al. [33] provide insights into resource, security and isolation for avoiding crosstalk unwanted snooping and fault propagation between containerized systems, although container usage for provisioning security isolation may not seem favorable [34,35]. Table 1 summarizes the studies of Container for different functions. According to [27,28], resources, e.g., computing, storage, and networking ones, can be virtualized by Container without regard to their heterogeneousness. Container is running on OS and their images occupy some memory, and edge devices in IoT edge computing have no OS, and are resource-constrained. They are suitable for edge computing but not for IoT edge computing. Container can be utilized for image deployment, resource management, and orchestration services, which only imposes little time to the systems. In addition, Container directly shares the kernel with their host machines. They occupy fewer resources and have lower virtualization overhead than VMs. Container-virtualization technologies used in edge nodes with relatively rich resources produces an almost negligible impact for edge computing systems' overhead. In terms of security isolation, Container is able to protect Container-specific information from unwanted leakage to some extent. However, Container-based applications share the same system core, which challenges system security.
In addition, Container has been applied in edge computing platforms. Next, we present a review of the work concerning the combination of an edge computing platform and Container. ParaDrop is a research project in Wisconsin Wireless and NetworkinG Systems (WiNGS) laboratory at the University of Wisconsin-Madison (Madison, WI, USA) [36]. It is suitable for IoT applications and uses Container (Docker) to isolate the operating environment of different applications. A single edge server can run multiple tenant applications. All applications on the gateway are deployed and revoked by a cloud server. EdgeX Foundry is founded by the Linux Foundation to create an interoperable, plug and play, and modular IoT edge computing ecosystem. It is a standardized microservice framework focusing on IoT applications, and its design meets the independence of hardware and OS. All microservice applications in EdgeX Foundry can run in various operating systems in the form of Container [37]. FocusStack [38] is developed to support the deployment of complex applications to IoT devices. Container on edge devices supports its OpenStack services, including virtual network access and application-based granularity configuration. CloudPath [39] is an edge computing system to support the on-demand allocation and dynamic deployment of a multi-level architecture. Its PathExecute module has a container architecture and supports lightweight application functions. AirBox is a secure, lightweight system with scalable edge functions. Its edge functions are deployed through system-level containers [40]. Central office Re-architected as a Datacenter (CORD) is an open-source project for network operators. It can reconstruct the existing network edge integration implementation by using a software-defined-network (SDN), network function virtualization (NFV), and cloud computing technology. OpenStack in CORD is used to manage computing and storage resources, create and configure VMs, and provide an Infrastructureas-a-Service (IaaS) function. Docker as a Container engine uses Container technology to instantiate services provided to users [41]. AKraino Edge Stack is an open-source project for high-performance edge services, and provides an overall solution for edge infrastructure. It includes an application, middle, and infrastructure layers. The application layer is dedicated to creating an ecosystem of virtual network function (VNF) to promote the development of edge applications [42]. Azure IoT Edge is a fully hosted service built on the Azure IoT center launched by Microsoft. Its IoT Edge modules run as Docker, which can deploy Azure services, third-party services or custom code to IoT Edge nodes, which are locally executed at the nodes [43]. OpenEdge [44] is an open-source edge computing system developed by Baidu. It adopts modular and containerized design. KubeEdge [45] is an open-source edge computing system that relies on container arrangement and scheduling capabilities based on kubernetes to achieve cloud-edge collaboration.
After introducing the existing virtualization techniques of these edge computing systems, we can conclude that Container, especially Docker, are widely used in edge computing systems due to their rapid deployment and resource management services. Yet some edge computing systems adopt the virtualization mode of combining VMs and Container to manage the hardware resources and application services. Table 2 shows the illustration of virtualization technologies used in an edge computing system.

Platform Virtualization Technique Application Scenarios
ParaDrop [36] Container IoT EdgeX Foundry [37] Container IoT FocusStack [38] Container IoT CloudPath [39] Container Mobile AirBox [40] Container IoT CORD [41] VM and Container No Limit AKraino Edge Stack [42] VM and Container No Limit Azure IoT Edge [43] Container No Limit OpenEdge [44] Container No Limit KubeEdge [45] Container No Limit Container can be utilized in edge nodes with relatively sufficient resources, e.g., edge servers. It is not suitable for edge nodes without OS and enough resources, especially for edge devices in IoT edge computing environment. In addition, security is another vulnerability of Container. We demand other lightweight virtualization technologies for edge computing. Unikernel to be discussed next, stands out as such lightweight virtualization technology.

Unikernel for Edge Computing
Unikernel [46] is a single-purpose appliance that is specialized at compile time into standalone kernel and sealed against modification after deployment. Additionally, it provides increased security through a reduced attack surface and better performance by reducing unnecessary components from the applications. It was designed initially for cloud computing, but its small footprint and flexibility make it suitable for edge computing, especially upcoming IoT edge computing. The attack surface of Unikernel is strictly confined to the application embedded within. It does not include a uniform operating system layer, and everything is directly compiled into the application layer. Therefore, each Unikernel may have a different set of vulnerabilities, which implies that an attacker that can penetrate one may not threaten to others. In addition, Unikernel is principally designed to be stateless. Therefore, edge intelligent algorithms (e.g., compression, encryption, and NFV) can be executed easily with it.
Due to its small image file size and high security, Unikernel has been under active research and development since its inception in 2013, especially for edge computing. Expending it from cloud computing to edge computing, researchers focus on the issues related to migration, orchestration, network, and isolation for edge computing. To enable service migration in mobile edge environment, Ramirez et al. [58] develop a practical framework for service management in vehicular networks. Docker and Unikernel are used as the migration techniques for the migration of a Network Memory Server. Experimental results show that the average migration time with Unikernel is less than one with Docker, and Unikernel can support new applications and services in highly mobile environment. To provide reliable network storage in highly mobile environments, Ezenwigbo et al. [59] explore how services can be migrated as users travel around. They use migration techniques, e.g., Docker and Unikernl, to implement the migration of a simple Network Memory Server. Their results show that the migration time based on Unikernel is less than other virtualization technologies in proactive and reactive service migration scenarios.
In [60], a fog-enabled cellular vehicle-to-everything architecture is proposed, which provides resources at core, edge and vehicle layers. This architecture enables the connection of VMs, Container and Unikernel to form an Application-as-a-Service function chain, which can efficiently manage and orchestrate all the underlying physical resources. In a cellular Vehicle-to-everything (C-V2X) use case, the live migration and scaling functionalities are evaluated, and the experimental results demonstrate that the proposed scheme maximizes the accepted requests, without violating the applications' service level agreement. To support the composition and deployment of machine learning-based data analytics in IoT devices, Zhao et al. [61] design a Zoo system to address these challenges. MirageOS, a Unikernel technology, is utilized for the model deployment. Deploying Unikernel is proved to be of low memory footprint, and thus quite suitable for resource-constrained IoT devices. Supporting to expand into multi-core processor VM system; Supporting limit scale computing.

Cloud computing
An orchestration framework is proposed to enable edge-cloud collaborative computing for road context assessment [62]. Mirage OS Unikernel is utilized for developing this orchestration platform due to its multiple advantages in terms of isolation, memory footprint and fine-grained function encapsulation. Experimental results illustrate the Unikernel's boot time is substantially lower than Amazon Firecracker microVM's. In addition, it is suitable for processing a small amount of information. To efficiently exploit the resources of constrained edge devices through fine-grained computation offloading, Fine-Grained edge offloading with Unikernels (FADES) is proposed [63]. It takes advantage of MirageOS Unikernel to isolate and embed application logic in concise Xen-bootable images. Its performance is evaluated under various hardware and network conditions. The results show that FADES can effectively strike a balance between running complex applications in the cloud and simple operations at the edge.
Valsamas et al. [64] propose an elastic content distribution platform, which serves the Internet content using tiny Unikernel-based VMs. It provides a dynamic deployment service at the edge. It is demonstrated that the proposed platform is valid. Virtualization technologies are widely used in NFV. In [65], VMs, Container and Unikernel are utilized to deploy virtualized network functions at the network edge. Their performances are evaluated by deploying two services, i.e., Apache and Redis with them. Experimental results show that Unikernel has a small image size and very small memory consumption. Moreover, Unikernel can eliminate the overhead of context switching, applications with high context switching between user and kernel mode can outperform than other two. Filipe et al. [66] also compare the use of two virtualization technologies, e.g., Container and Unikernel, for virtual network function (VNF) instantiation in edge computing. They develop a failure detection and recovery mechanism to ensure VNF reliability. The experimental results show that the mechanism can ensure near zero downtime. In a resource-scarce isolated environment, multiple virtualization techniques including VMs, Container, Unikernel, and kata-containers are explored to deploy network functions [67]. The performance of NFV virtualization by deploying web services is analyzed. Experimental results show that Unikernel is secure, lightweight and is suitable for running applications requiring many interactions among various smart devices or smart objects. Table 4 summarizes the studies of Unikernel for different functions. According to the above analysis and discussion, we conclude that Unikernel has a smaller image size and very small memory consumption. It can be used for the migration in a mobile edge computing environment, especially Vehicular Networks. It can quickly respond to user requests. Since its image size is small, it can run on the edge devices with highly limited resources. It can also reduce the attack surface that can help guarantee code integrity and ease of updates, and keep high security isolation. Its OS overhead is negligible, and it is suitable for running applications with high context switching, processing a small amount of information.
VMs, Container and Unikernel virtualization technologies, are expected to co-exist for cloud computing, edge computing and IoT edge computing. We can choose an appropriate virtualization technology to meet different requirements. The three virtualization architectures are shown in Figure 1. Table 5 summarizes their main characteristics the comparison among VMs, Container and Unikernel. respond to user requests. Since its image size is small, it can run on the edge devices with highly limited resources. It can also reduce the attack surface that can help guarantee code integrity and ease of updates, and keep high security isolation. Its OS overhead is negligible, and it is suitable for running applications with high context switching, processing a small amount of information. VMs, Container and Unikernel virtualization technologies, are expected to co-exist for cloud computing, edge computing and IoT edge computing. We can choose an appropriate virtualization technology to meet different requirements. The three virtualization architectures are shown in Figure 1.

Evaluation for Lightweight Virtualization Technologies
A number of metrics can be used to evaluate the performance of Lightweight Virtualization technologies, e.g., CPU performance, memory performance, Disk Input/Output (I/O) performance, and Network I/O performance.
Watada et al. [68] present a performance comparison between Container and Unikernel. They use some standard benchmarks called Sysbench (CPU performance); Iperf (for checking network bandwidth) and STREAM (measuring sustained bandwidth of entire cache hierarchy). Their experimental evaluation is done by using HP-Blade server with 64-bit Ubuntu 16:04. They choose tiny OSv and Rumprun VMs on top of Xen and kvm as unikernels. The CPU performance for lightweight virtualization technologies (e.g., Docker, LXC/LXD, OSv, and Rumprun) are tested by Sysbench. Their experimental results

Evaluation for Lightweight Virtualization Technologies
A number of metrics can be used to evaluate the performance of Lightweight Virtualization technologies, e.g., CPU performance, memory performance, Disk Input/Output (I/O) performance, and Network I/O performance.
Watada et al. [68] present a performance comparison between Container and Unikernel. They use some standard benchmarks called Sysbench (CPU performance); Iperf (for checking network bandwidth) and STREAM (measuring sustained bandwidth of entire cache hierarchy). Their experimental evaluation is done by using HP-Blade server with 64-bit Ubuntu 16:04. They choose tiny OSv and Rumprun VMs on top of Xen and kvm as unikernels. The CPU performance for lightweight virtualization technologies (e.g., Docker, LXC/LXD, OSv, and Rumprun) are tested by Sysbench. Their experimental results show that CPU performance of Docker is near that of the native system for a single instance, but performance significantly drops down for multiple instances. OSv and Rumprun reveal the worse performance than other containers. Their network performances are evaluated by iperf. They have tested them via two instances (one acting as server and the others as client). Their experimental results show Docker container and OSv are promising. In terms of memory performance, Rumprun offers the better performance than others. In [65], the performance of Container and Unikernel are also evaluated, including image size, memory utilization, CPU utilization, the time serving each request, and transfer rate. Experimental verification is done by using Intel Next Unit of Computing (NUC) device equipped with a Kingston SODIMM DDR4 RAM with 16 GB capacity and Intel(R) Core (TM) i7-7567U CPU with 3.5 GHz clock rate. Ubuntu 18.04.1 LTS is utilized as the host OS (64-bit Ubuntu 16:04) for all the platforms. Docker container engine (version18.06.1-ce) is installed for running containers on the system. The experiment has two instances, i.e., Apache Hyper Text Transport Protocols (HTTP) server and Redis. Experimental results [65] show the image size of Rumprun unikenels for both services are significantly lower than Docker container. This is because unikernels only contain the dependencies required to run the application. Additionally, the memory usage of containers is much less than Rumprun unikernels. The main reason is that containers can have the efficient and dynamic usage of memory. However, Rumprun unikernels have the fixed size memory allocation. In the idle mode, the CPU utilization of the services based on Container and Unikernel is very low. It increases drastically, when more and more service requests arrive and the corresponding services are performed. This is especially true for Rumprun unikernels aas caused by their poor process management. By evaluating the transfer rate of the service, Rumprun performs poorly and has a lower transfer rate than containers.
In another study [67], the performances of Container and Unikernel are evaluated in terms of the image size, boot time, memory utilization and CPU utilization. Its system comprises of a Xen server with DDR4 4 GB RAM and 10 GB storage capacity. Ubuntu 18.04 LTS is used as the host OS for all platforms. Unikernel uses QEMU, and Docker engine (version 18.09.5) is installed for running docker containers. The Apache Benchmarking tool is installed on the host operating system to send requests and analyze their performances. The experimental results and findings of [67] are similar to those of [65].
In summary, Container has satisfactory performances in almost all aspects on servers with rich resources. It provides near real-time and good resource utilization, and its overheads are negligible. Its image size is bigger than Unikernel's, and it is not free from an issue regarding isolation and security. From the perspective of its maturity and performance evaluation, Container is highly suitable for edge servers with sufficient resources in edge computing. Unikernel offers promising features such as significantly reduced memory footprint, fast booting, high-level security, efficient resource utilization, and many more. Unikernel offers important advantages for those cases with many IoT devices and especially fit to IoT edge computing whose nodes have highly limited processing power and storage facilities. It is not suitable for processing the services with large volumes of data. However, to achieve the desired technical maturity, much work remains to be done, including microprocessor stability, process management, and persistent storage.

Applications to Industrial Processes
With the development of artificial intelligence, IoT, digital twin [69], and parallel intelligence [70], the manufacturing industry is moving towards the goal of smart manufacturing. A number of edge computing frameworks or applications based on virtualization technologies are deployed to different industrial processes, e.g., semiconductor manufacturing [71], robotic assistance for emergency management [72], explosion prevention in mining industry [73], maintenance management [74,75], Fabric defect detection for textile production [76], oil and gas production [26,77], spectroscopic inspection for olive [78], and Augmented Reality for shipbuilding [79]. In this section, we focus on illustrating equipment fault diagnosis and computation of scheduling tasks. Additionally, we depict the reasons for adopting a specific lightweight virtualization technology for this application.

Fault Diagnosis Processes
Fault diagnosis in industry can improve the production efficiency, and reduce equipment maintenance cost. Machine learning (ML) has been applied to fault diagnosis [80,81]. Figure 2 is a data-driven and edge-cloud collaboration-based fault diagnosis system for an industrial process (semiconductor manufacturing). It includes three tiers, i.e., edge devices, edge servers, and cloud data centers layers. The models of fault diagnosis are deployed to edge servers by Container and Unikernel. Thus, it can reduce the delay time of fault detection by edge computing. In this system, models are trained in cloud data centers rich with resources, and the processes of inferring faults are executed in edge servers. Additionally, the unidentified fault data can be transmitted to the cloud data center for updating models, and then updating the corresponding models in edge servers. In edge nodes and servers, we need to install Docker container environment, and then Docker-based model image can be deployed and executed quickly. It greatly facilitates the deployments and execution of applications. Unikernel can also be used to deploy models to edge nodes with limited resources, and it has high security isolation.
Augmented Reality for shipbuilding [79]. In this section, we focus on illustrating equi ment fault diagnosis and computation of scheduling tasks. Additionally, we depict th reasons for adopting a specific lightweight virtualization technology for this application

Fault Diagnosis Processes
Fault diagnosis in industry can improve the production efficiency, and reduce equi ment maintenance cost. Machine learning (ML) has been applied to fault diagnosis [80,81 Figure 2 is a data-driven and edge-cloud collaboration-based fault diagnosis system fo an industrial process (semiconductor manufacturing). It includes three tiers, i.e., edge d vices, edge servers, and cloud data centers layers. The models of fault diagnosis are d ployed to edge servers by Container and Unikernel. Thus, it can reduce the delay time fault detection by edge computing. In this system, models are trained in cloud data cente rich with resources, and the processes of inferring faults are executed in edge server Additionally, the unidentified fault data can be transmitted to the cloud data center f updating models, and then updating the corresponding models in edge servers. In edg nodes and servers, we need to install Docker container environment, and then Docke based model image can be deployed and executed quickly. It greatly facilitates the d ployments and execution of applications. Unikernel can also be used to deploy models edge nodes with limited resources, and it has high security isolation.   In our experiment [81], the Tennessee Eastman dataset is used, which contains 52 process variables and 21 process faults. Firstly, we use a dimensionality reduction algorithm called fisher discriminant analysis (FDA) to extract fault features. Then, an ensemble learning method called AdaBoost is utilized for classifying faults. We build the image files based on Container and Unikernel for fault diagnosis, and then deploy them to Raspberry Pi 3B+. Experimental results show that Unikernel image only occupies 81 MB, thus only 11.86% of Docker's 683 MB.
It only takes 24.003 s to package the Python file into Unikernel image and execute the program, thereby requiring 68.6% of Docker's 35.022 s. Thus, Unikernel has some advantages over Container, especially for edge devices with constrained resources.

Oil Extraction Process
An oil extraction process in the Oil and Gas industry is a fault-sensitive process. It requires high reliability and extra safety measures to protect the surrounding environment. Thus, efficient and environment-friendly oil extraction is a challenging operation. To overcome these challenges and protect the environment from pollution, one needs to build smart oil fields with many devices (e.g., sensors and actuators) for achieving clean oil and gas extraction. Cloud data center can handle the generated data by devices, but impose high latency, which cannot for detecting oil spill anomalies [82], and analyzing a large amount of data to predict the oil spill spread direction and quantity [83]. Figure 3 is the system architecture of collaborative edge computing for environment-friendly oil extraction, where an edge scheduler-based an edge device in every oil extraction site is demonstrated. The system includes three tiers, i.e., IoT, edge nodes, and cloud data center layers. IoT devices, including physical sensors of smart oil fields, takes physical quantities. Edge nodes are located locally for processing data. Containers satisfy latency-sensitive operational requirements. Instead, edge computing can provide delay-sensitive services, due to its ability to process data locally. Thus, edge computing systems are utilized to each rig of smart oil fields. To overcome the limited resources of single oil rig and rapid deployment of edge computing systems, it is necessary to build a collaborative edge computing platform with nearby oil rigs at the edge, thus sharing computing resources among each other [77].  Figure 3. System architecture of collaborative edge computing for environment-friendly oil extraction.
In this scenario, the computation tasks of each rig can offload to nearby edge nodes (rigs). In this system, edge machines own limited storage, computing, and networking resources, which are placed on the platform of oil rig. They process different tasks, e.g., image processing, are used, which makes the migration and deployment of applications In this scenario, the computation tasks of each rig can offload to nearby edge nodes (rigs). In this system, edge machines own limited storage, computing, and networking resources, which are placed on the platform of oil rig. They process different tasks, e.g., image processing, are used, which makes the migration and deployment of applications easy. To verify the system model, Minimum Expected completion Time (MECT) [84], Success with Computational Certainty (SCC) heuristics, and Highest Probability of Success [77] are adopted to evaluate the resulting system. Experimental results show that they can greatly reduce improve task deadline miss rate.

Open Issues and Challenges
In this section, we discuss the technical challenges research issues for Container and Unikernel. To promote the development in industrial applications, we must focus on the following issues of Container to achieve its convenience, faster and easier deployment, and greater elasticity.
(1) Weaker isolation. The existing Container isolation mechanism [68] is much weaker than that of Unikernel. It shares one kernel for multiple isolated environments, thus facing the risk to collapse the entire containerized environment. To solve the security problems of Container, several methods can be explored, including using trusted images, managing container secret, securing the runtime environment, and vulnerability scanning [68]. (2) Lack of tools and support. To realize the large-scale application of containers, the container monitoring and managing tools are needed. However, we have only Container orchestrators, like Kubernetes. More container management orchestrators need to be researched and developed to support the management of different containers (3) Generalization for all services. Container is suitable for microservices and it does not well support monolithic architecture. For a monolithic architecture, Container only provides simplified a delivery mechanism by offering easy packaging technologies. (4) Data storage. Container is not suitable for storing permanent data, i.e., data collected for IoT sensors. It is risky to storage significant data on edge nodes due to both the volatile environment of edge nodes and the security risks of containers. Therefore, important data need to be stored in centralized nodes or cloud datacenters and retrieved on demand. This may reduce the feasibility of lightweight virtualizationbased edge computing in some highly data-intensive applications. To address the situation, we should improve the Data Volumes of Container, which are needed to be implemented in more seamless way.
Although Unikernel has many advantages, e.g., faster booting, small size, and high security, it has the following problems and challenges.
(1) Unikernel's usability. Unikernel does not have a shell and not support online debugging. If Unikernel fails, we can only reboot it. It does not support online upgrades and updates either. If the application and configuration need to be updated, the user needs to recompile the source code to produce a new Unikernel and deploy a new version, which can be very costly and sometimes prohibitive. We can build a mechanism similar to Docker container's to realize the remote deployment, update, and upgrading of Unikernel. (2) Security. Unikernel's security is guaranteed by the isolation provided by the underlying operating system or Hypervisor, and it is more secure than Container. However, it is just a process in application space, and thus it is vulnerable to various traditional attacks. Process management needs to be improved for promoting Unikernel's security.
Blockchain technologies [85] can be considered. (3) High development cost of Unikernel based on library operating system(LibOS). LibOS is the core technology of Unikernel. When developing it, we should consider not only specific application requirements and programming languages, but also the association and boundary among the underlying operating systems. To solve this problem, we can build a platform adaption layer, which can resolve the dependencies of LibOS on the underlying host operating systems, and improve its compatibility. (4) Construction and deployment. There are no mature compilation tools for Unikernel, and there are certain technical barriers to build and deploy Unikernel. It is very inconvenient that different unikernels need to build and generate a matching tool chain, and configure the corresponding development environment. So we can build comprehensive and easy-to-use tools for quickly compiling application into Unikernel, like Unik [86] to facilitate more applications, e.g., [87][88][89][90][91][92][93][94][95][96][97].

Conclusions
In this paper, we have summarized lightweight virtualization technologies in edge computing, and compared the characteristics of Container and Unikernel to indicate what edge computing scenarios they fit. According to their performance evaluation results, we have discussed which lightweight virtualization technologies fit to what application scenarios. We have presented their possible applications in some industrial processes in which lightweight virtualization technologies are required. Finally, we have discussed some technical challenges and open issues for future research in this area. We hope that this review article can stimulate more researchers and engineers to apply recent edge computing technologies to their various industrial processes and realize what industry 4.0 promises to bring.