unikernelize your java application

UnikernelizeyourJava ApplicationMario Zagarmario.zagar@infobip.com

Agendawhat are unikernelswhy should you carehow does java fit in

build java unikernel app

www.infobip.com

Java, .NET, nodejs, reactjsmicroservices

continuous delivery practitioners100+ deploys daily / 6 datacenters

300M+ messages per day200+ hypervisors

up to 20 VMs per hypervisor

What are unikernels?

“specialized, single-address-space machine images constructed by using library operating

systems.”

App code +

OS parts actually needed=

unikernel

Typical cloud deployment

Hardware

Hypervisor

OS + Kernel

App code & config

App runtime & libraries

VM

Typical cloud deployment

Hardware

Hypervisor

OS + Kernel

App code & config

App runtime & libraries

VM

Typical cloud deployment

OS + Kernel

App code & config

App runtime & libraries

VM

Containerized deployment

Hardware

Hypervisor

Kernel on host OS

OS

App code & config

App runtime & libraries

Container

Containerized deployment

Hardware

Hypervisor

Kernel on host OS

OS

App code & config

App runtime & libraries

Container

OS

App code & config

App runtime & libraries

Container

Containerized deployment

What if…

Hardware

Hypervisor

Unikernel

Unikernel deployment

App code & config

App runtime & libs

Specialized kernel

Hardware

Hypervisor

Unikernel

Unikernel deployment

App code & config

App runtime & libs

Specialized kernel

Unikernel

App code & config

App runtime & libs

Specialized kernel

immutable server

Hardware

Hypervisor

OS + Kernel

App code & config

App runtime & libraries

VM

Hardware

Hypervisor

Kernel on host OS

OS

App code & config

App runtime & libraries

Container

Hardware

Hypervisor

Unikernel

App code & config

App runtime & libs

Specialized kernel

Isolation Resource sharing Specialization

Abstraction

Abstraction

Abstraction

Abstraction

AbstractionAbstraction

"just enough" of the OS to run your code, nothing more.

Why should I use this?

Fast bootHighly optimized

Reduced attack surface

Why should I use this?

Small footprintFast boot

Highly optimizedReduced attack surface

Why should I use this?

Small footprintFast boot

Highly optimizedReduced attack surface

Why should I use this?

Small footprintFast boot

Highly optimizedReduced attack surface

Why should I use this?

Small footprintFast boot

Highly optimizedReduced attack surface

No, really… why should I use this?

same amount of workon less powerful VMs…

…saves $$$

Cons ?

no fork() or exec()hard to debug

“secure” is just a matter of timetroubleshooting tools

Cons ?

no fork() or exec()hard to debug

“secure” is just a matter of timetroubleshooting tools

Cons ?

no fork() or exec()hard to debug

“secure” is just a matter of timetroubleshooting tools

Cons ?

no fork() or exec()hard to debug

“secure” is just a matter of timetroubleshooting tools

Cons ?

no fork() or exec()hard to debug

“secure” is just a matter of timetroubleshooting tools

What’s out there ?

How does java fit in ?

new OS designed for the cloudC++

native Linux apps, JVMsingle address space

boots < 1 secLower administration & OS support costs

Hypervisor support

KVM, XEN - fullyVMW, VBox – exp

Cloud support

EC2 - fullyGCE – exp

a little “fatter”min image size ~20MB

Java image ~120MB

REST APIJMX/Jolokia API

cloud-init

Benchmarksredis

50% more TPSmemcached

20% more req/secTCP

20% better latency

How to build a java unikernel app?

Capstan build tool(feels dockerish)

Capstanfile

Capstanfile

base: cloudius/osv-openjdk8

build: mvn package

files: /app.jar: target/app.jar

cmdline: /java.so -jar /app.jar

$ capstan build -p vbox

$ mvn package$ capstan run target/app.jar

So where is this all going ?few users

hard to shiphard to buildhard to run

Community

unikernels + docker

”next big thing in the cloud”

Thank you!