Lightning Talk:

Unikernel Technologies

Michael BrightSolution Architect

What are Unikernels?

Specialized applications built with all, but only, the OS components they need.

A Unikernel is standalone able to run directly as a VM (or possibly on BM)

Compile in optional “Library OS” components such as- Network stack- File-system- Device drivers

What are Unikernels?

Hardware

Hypervisor

OS Kernel

User Processes

Parallel Threads

Language Runtime

Application Binary

Configuration Files

Hardware

Hypervisor

Unikernel Runtime

Application Code

Configuration

A Unikernel application containing only selected

« Library OS » components

A typical application

Running above a

general purpose OS

http://bit.ly/2p4o59J

THE NEW STACKOCTOBER 24, 2016Debunking Unikernel Criticisms

Unikernels are unfit for productionJanuary 22, 2016 - by Bryan Cantrill

Hacker News DiscussionJanuary 22, 2016

Contentious !

http://bit.ly/2o0Fxg0

“VMs aren’t heavy, Oses are !”,Alfred Bratterud, #includeOS

Characteristics.

• Fast to boot, very light on resources enabling on-demand services

• Single-user, Single-address space, Single-process for performance and security

• Small attack surface so potentially more secure

Why use Unikernels ?

Still very much a research area, but could be used in

• Cloud micro-services: on-demand immutable services

• NFV (Telco Cloud)

• IoT

• Networking Devices or appliances

2 main families

Unikernel

Implementations

Clean-Slate1. MirageOS (Ocaml)

2. HalVM (Haskell)

3. LING (Erlang)

Unikernel Implementations?Legacy1. IncludeOS (C/C++)

2. OSv (Java,Lua,Go)

3. Rumprun (Ruby,Go,Python…)

4. Graphene (C, linux binaries)

5. ClickOS (modular router)

6. Clive (Go)

7. HermitCore (“gcc”)

8. … and more still …

Tools1. Unik2. Solo5 / ukvm

MirageOS v3 supports more backends inc. kvm & xhyve.

• MirageOS Unikernels – “Library OS” and app - written entirely in Ocaml

• Jitsu project allows on demand “just in time spawning of unikernels”

• The mirage tool creates a build envt for the chosen backend (unix, xen, kvm, …)

MirageOS Unikernels: Clean-slate

Build/run as Linux binary

mirage configure –t unix

make depend

make

./binary

Build/run under kvm

mirage configure –t ukvm

make depend

make

./ukvm-bin unikernel-binary

[Xen incubator project] MirageOS v3 – Feb 2017

Let’s build/run a unikernel on:

- Unix (Linux)

- To run locally

- Ukvm

- To run under ukvm locally

- To run in the cloud

Demo: MirageOS

Clean-slate Unikernel

[Cloudius Systems] Osv 0.24 – Oct 2015

• Execute single app on any hypervisor

• Capstan tool builds for VirtualBox, KVM, Xen, VMWare

• Supports many application languages

• Java, C, Lua, Ruby, Go, Node.js, Scala, …

• ZFS snapshots, REST api, cloud-init

Manifesto

• Run existing Linux apps, run them faster

• Boot time ~ exec time (< 1 sec)

• Leverage memory managed platforms (JVM, Go, Lua)

• Stay open

Osv:

Demo: OSv

Let’s build/run a unikernel on:

- Unix (Linux)

- To run locally

- VM

- To run under VM locally

- To run in the cloud

[HiOA. Oslo] IncludeOS v0.10 - Mar 2017

IncludeOS

A minimal unikernel for running C++ services in

the cloud.

Currently supports – VirtualBox, KVM

(whence GCE, OpenStack)

• Single threaded by default

• Written in C++

• Async i/o only for now

• Potentially for baremetal also

Demo: IncludeOS

Let’s build/run a unikernel on:

- Unix (Linux)

- To run locally

- VM

- To run under VM locally

- To run in the cloud

[NetBSD] No releases, but very active

Runs existing unmodified POSIX software as a unikernel.

Many packages available (apache2, nginx, haproxy, redis, mysql, …)

Supports bare hardware and hypervisors such as Xen and KVM.

Based on rump kernels which provide many NetBSD OS components

such as drivers, file systems, POSIX system calls, TCP/IP stack

Extensive language support:

• C/C++, Erlang, Go, Java, Node.js, Python, Ruby, Rust …

Rumprun:

Demo: Rumprun

Let’s build/run a unikernel on:

- Unix (Linux)

- To run locally

- VM

- To run under VM locally

- To run in the cloud

[??] V0.2.14 – Aug 1, 2016

Unikernels for the cloud built on the V8 JavaScript engine.

Bundled up with an application and deployed as a lightweight and

immutable VM image.

Uses event-driven and non-blocking I/O model inspired by Node.js.

At the moment KVM is the only supported hypervisor.

Runtime.js:

Demo: Runtime.js

Let’s build/run a unikernel on:

- Unix (Linux)

- To run locally

- VM

- To run under VM locally

- To run in the cloud

We can

- build a Unikernel online

- Rumprun, IncludeOS or OSv

- Deploy online

- Pull the image and run locally

- virgo pull myapp

- virgo run myapp

Demo: DeferPanic

Unikernel IaaS

Here’s my take

• Still research projects but many early adopters

• More test and production deployments

• Better tooling through tools like Docker, Unik, OSv Capstan

• Increased collaboration across projects

• Increased Hypervisor support

• Different Unikernel technologies for different uses

• Clean-slate for lightest, most secure needs – very specialized

• Hybrid architectures with Unikernels and Containers

• Legacy Unikernels for higher performance from existing apps, e.g. HPC

What’s next ?

Thank You!Questions?

@docker

#dockercon

Unikernels: General Resources

URL

Unikernel.org https://unikernel.org

Wikipedia https://en.wikipedia.org/Unikernels

My Scoop.IT https://scoop.it/Unikernels

LinkedIn Group https://www.linkedin.com/groups/8469145

YouTube Playlist http://bit.ly/2mJ6nfw

Unikernels: Project Resources

Website GitHub

MirageOS mirage.io mirage/mirage

HalVM galois.com galoisInc/HaLVM

LING erlangonxen.org cloudozer/ling

IncludeOS includeos.org hioa-ca/IncludeOS

Rumprun rumpkernel.org rumpkernel/rumprun

Osv osv.io cloudius-systems/osv

Unikernels: Project Resources

Website GitHub

Runtime.js runtimejs.org runtimejs/runtime

Clive lsub.org/ls/clive.html git.lsub.org/clive

ClickOS cnp.neclab.eu/clickos kohler/click

Unik emc-advanced-dev/unik

Deferpanic IaaS deferpanic.net deferpanic/virgo