SlideShare une entreprise Scribd logo

OSAC16: Unikernel-powered Transient Microservices: Changing the Face of Software Architecture

R
Russell Pavlicek

In most current microservice-based architectures, the machine images powering the microservice are quite traditional: a full software stack from operating system to application, which takes significant resources to host and plenty of time to start and stop. As a result, most current microservice workloads are persistent, having to start before they are needed and sitting idle when there’s no work to do. This wastes precious resources and slows the application’s ability to scale out as workloads require. The arrival of lightweight technologies like Docker and containers have opened the door to lighter workloads in the microservice arena, but the advent of unikernels might be a game changer. These ultralight, highly secure workloads combine the entire software stack—from operating system functions to application—into a single, tiny package that runs directly on a hypervisor. Start times for many unikernel-based VMs can be measured in milliseconds, raising the question: why waste time and resources with persistent microservices? Why not consider transient microservices, which appear when there is something to do and disappear immediately thereafter? While the use of transient microservices could free up much computing power, it will also change the architecture and orchestration of software solutions. The concept of services that may have a lifetime measured in seconds—or less—does not currently exist in popular cloud-based systems.

Technologie
1  sur  50
Télécharger pour lire hors ligne
O'Reilly Software Architecture 2016 Unikernel-powered transient microservices: Changing the face of software architecture Russell Pavlicek rcpavlicek@yahoo.com
About the Old, Fat Geek Up Front ● Linux user since 1995; became a Linux advocate immediately ● Delivered many early talks on Open Source Advocacy ● Former Open Source columnist for Infoworld, Processor magazines ● Former weekly panelist on “The Linux Show” ● Wrote one of the first books on Open Source: Embracing Insanity: Open Source Software Development ● 30 years in the industry; 20+ years in software services consulting ● Formerly Evangelist for the Xen Project, now looking for new opportunities ● Over 100 FOSS talks delivered; over 200 FOSS pieces published
Why Am I Talking About This? ● I am not a unikernel implementer ● I had been Evangelist for Xen Project, which is at the forefront of unikernel development ● There are a number of people implementing unikernels and discussing what they've done, but relatively few discussing the big picture, and almost no one talking about the changes to S/W architecture ● This talk will attempt to examine both the forest and the trees: – We will discuss the value of the unikernel movement – We will examine several prominent unikernels and their uses ● The existence of these unikernels will alter the architecture of the cloud. Microservices will become smaller, faster, and more transient than today.
The Current Basis for Architecture ● Workloads are essentially Persistent, even in clouds – Clouds may move the the workload around, but the workload itself is virtually identical to workloads in the pre-cloud era ● Someone has to authorize their birth, check their health, and authorize their shutdown ● Services tend to be long-lived, because it takes so long to start one up or shut one down – Ever get stuck at a Point-Of-Sale terminal run off a modem? ● Services will often sit idle for long periods waiting for a client to make a request – Resources needed by the service are, therefore, underutilized
A New Basis for Architecture ● Imagine workloads which are as nimble as the clouds which deploy them ● Instant startup and shutdown – Able to be deployed the instant the need appears ● Lasting only as long as the immediate need ● And much more secure than what we have now ● Key capability to implement the Internet Of Things (IoT) ● This is a Transient workload
How Did We Get Here? ● The history of computing tells us why we have a love with Persistent machines ● Once upon a time, machines were really expensive – When I was in college, our student computer center consisted of one machine – a DEC PDP 11/34a – for the entire campus – 248kb addressable memory – 25 MB total disk storage (not including 8” floppies) – No virtualization available – One machine had to do everything for everyone, so we loaded it down with thousands of programs – This beast cost over US$100K fully configured – Startup and shutdown was slow – minutes. So Persistent service was a necessity
How Does This Match Today's Reality? ● Hardware today is dirt cheap! ● A smart phone is several orders of magnitude more powerful than my college's old PDP-11; we frequently send PCs to a landfill which would have been supercomputers by comparison ● Memory and storage are cheap and plentiful ● Virtualization is stable and available ● Startup and shutdown is much quicker ● So why are we still focused on building Persistent machines with 1000s of programs like we used to when hardware was expensive?
Let's Upgrade Our Architecture ● Much modern solution architecture is focused on leveraging physical components designed in 1980 ● Let's rethink software architecture to best use the current truths, and let go of the assumptions created in a bygone era ● Let's start with the Cloud and ask, “What should your machine images look like to be optimal today?”
A View From the Clouds What does a Really Good Cloud look like?
The Cloud So Far ● The major field of innovation is in the orchestration – The Cloud Engine is paramount (OpenStack, CloudStack, etc.) – But the workloads adapted to the cloud strongly resemble their Persistent non-cloud predecessors ● Some basic adaptations to facilitate life in the cloud, but basically the same stuff that was used before the cloud ● Applications with full stacks (operating system, utilities, languages, and apps) which could basically run on hardware, but are run on VMs instead. ● VMs are beefy; large memory footprint, slow to start up ● It all works, but its not overly efficient ● 10s of VMs per physical host
The Next Generation Cloud ● Let's turn our scrutiny to the workloads – Should be easier to deploy and manage – Smaller footprint, removing unnecessary duplication – Faster startup – Mixture of Persistent and Transient microservices – Higher levels of security – 1000s of VMs per host
The New Stuff: Docker & Containers ● Makes deployment easier ● Smaller footprint by leveraging kernel of host ● Less memory needed to replicate shared kernel space ● Less disk needed to replicate shared executables ● Really fast startup times ● Higher number of VMs per host
Docker Downsides ● Improvements, yes; but not without issues – Can't run any payload that can't use host kernel – Potential limits to scalability ● Linux not really optimized for 1000s of processes – Security ● Security is a HUGE issue in clouds ● Still working on security which brings containers up to the level of current solutions – Cumbersome add-ons won't work; security needs to be baked in – We need to raise the bar higher in the cloud; status quo is not enough ● Containers are still often run within VMs when security is needed
Security: 800 Ton Gorilla in the Room ● For too long, Security is the Red-Headed Step Child of Software Architecture – We've used bolt-on solutions – “The sysadmin will handle that!” ● Which quickly becomes “It's the sysadmin's fault that they DIDN'T handle that!” ● You only need to glance at the news to know the state of security in our industry today: IT SUCKS!
Security By Design is a Requirement ● We MUST raise the defacto level of security in our cloud and web applications! ● “Good enough” is no longer good enough ● Some enhanced level of security needs to be baked in so that even a totally incompetent idiot can deploy applications which are more secure than today's status quo
The Unikernel: A Real Cloud Concept ● Very small ● Very efficient ● Very quick to boot ● And very, VERY secure! ● It's a Green (energy) technology which saves you green (cash); extremely important to foster adoption ● Many unikernels already exist, and the number is growing steadily
What is a Unikernel? From MirageOS
Unikernel Approach: MirageOS
Unikernel Approach: MirageOS
Unikernel Approach: MirageOS
Unikernel Concepts ● Use just enough to do the job – No need for multiple users; one VM per user – No need for a general purpose operating system – No need for utilities – No need for a full set of operating system functions ● Lean and mean – Minimal waste – Tiny size
Unikernel Concepts ● Similar to an embedded application development environment – Limited debugging available for deployed production system ● You have exactly the tools you built into the stack – Instead, system failures are reproduced and analyzed on a full operating system stack and then encapsulated into a new image to deploy – Tradeoff is required for ultralight images
What Do the Results Look Like? ● Mirage OS examples: – DNS Server: 449 KB – Web Server: 674 KB – OpenFlow Learning Switch: 393 KB ● LING metrics: – Boot time to shell in under 100ms – Erlangonxen.org memory usage: 8.7 MB ● ClickOS: – Network devices processing >5 million pkt/sec – 6 MB memory with 30 ms boot time
What About Security? ● Type-Safe Solution Stack – Can be certified – Certification is crucial for certain highly critical tasks, like airplane fly-by-wire control systems ● Image footprints are unique to the image – Intruders cannot rely on always finding certain libraries – No utilities to exploit, no shell to manipulate – Make the attack surface much smaller and much less consistent
Do Unikernels Really Exist? Some of the current leading unikernels
What's Out There Right Now? ● MirageOS, from the Xen Project Incubator ● HaLVM, from Galois ● LING, from Erlang-on-Xen ● ClickOS, from NEC Europe Labs ● OSv, from Cloudius Systems ● Rumprun, from the Rump Kernel Project ● And that's just the beginning...
MirageOS ● From the Xen Project Incubator ● Language support: Ocaml ● Hypervisor support: Xen Project ● V2.0 released in 2014 ● General purpose devices ● Can be run on Amazon EC2 ● http://www.openmirage.org/
HaLVM ● Galois, Inc. ● Language support: Haskell ● Hypervisor support: Xen Project ● Originally designed to prototype operating system components ● Now suitable for creating network devices ● https://galois.com/project/halvm/
LING ● Erlang-on-Xen project ● Language support: Erlang ● Hypervisor support: Xen Project ● Use cases include Zero-Footprint Cloud ● http://erlangonxen.org/
ErlangOnXen.org Website
ErlangOnXen Zerg Demo
ClickOS ● NEC Europe Labs ● Language support: C, C++, Python ● Hypervisor support: Xen Project ● V0.2 released in 2014 ● Suited for Network Function Virtualization (NFV) devices ● http://cnp.neclab.eu/clickos/
ClickOS Throughput
OSv ● Cloudius Systems (now ScyllaDB) – Company may have moved on, but their Open Source project survives – Language support: C, C++, Java, Python, Javascript, Node.js, Ruby ● Hypervisor support: Xen Project, KVM, VMware ● Slightly different from “standard” unikernels – Kind of “fat” – Full Java JVM stack, minus multi-processes (threads yes, forks no) – Can run almost any JAR file ● NFV optimized ● http://osv.io/
Rumprun ● A working product of the rump kernel ecosystem (which we'll discuss shortly) ● Under active development, rumprun does allow a growing number of programs to run as-is – Its goal is to a universal base for most unikernel- appropriate workloads for currently existing real-world POSIX-based applications – It has the potential to open the door to a hugehuge number of functional unikernels ● http://repo.rumpkernel.org/rumprun
What About the Unikernel Ecosystem? ● If this is more than just a few isolated experiments in unikernel concepts, we'd expect to see some advances in the general ecosystem ● The unikernel ecosystem is forming: – Jitsu (https://github.com/MagnusS/jitsu) – MiniOS (http://wiki.xenproject.org/wiki/Mini-OS) – Rump Kernels (http://rumpkernel.org/) – Xen Project itself
Jitsu The Jitsu Website says: Just-In-Time Summoning of Unikernels ● Jitsu is a forwarding DNS server that automatically starts virtual machines (VMs) on demand. When a DNS query is received, jitsu first checks for a local VM that is mapped to the requested domain. If a VM is found, the VM is started and its IP is returned to the client. Otherwise, the request is forwarded to the next DNS server. If no DNS requests are received for the VM within a given timeout period it is automatically stopped. ● Although Jitsu can be used with any VM that can be controlled with libvirt, it is mainly intended for use with unikernels that can be started quickly and be able to respond to the client request within the time it takes to send the DNS response.
MiniOS ● Small basic unikernel ● Distributed with Xen Project source ● Originally designed for driver disaggregation ● Base for others to build their unikernel projects – ClickOS, for example – Also the base for the earliest version of rumprun, which has advanced considerably since
Rump Kernels ● Derived from the work of the NetBSD community ● Employs the notion of a kernel containing just enough code to get real work done – Concept is not limited to NetBSD, but existing work leverages NetBSD ● An open-ended framework containing production-quality drivers, currently manifesting itself in the rumprun unikernel ● Supports Xen Project, bare metal, userspace environments
platform hypercall interface rump kernel hypercall implementation libc syscall trapsrump kernel calls application(s) userspace libraries TCP/IP filesystems devicedrvs unmodified NetBSD code (~106 lines) unmodified POSIX userspace code (10n lines) platform-specific code (~103 lines) same thread throughout entire stack e.g. Genode OS, Xen, userspace, bare-metal, ... syscalls ... platform-independent glue code (~104 lines) glue code Rump Kernel Architecture
THIS JUST IN... News Flash: The Fat Boy up front was wrong! You CAN do databases as Unikernels!
The “RAMP” Stack! ● Major announcement 1 year ago: Nginx, MySQL, and PHP built on Rump Kernels! ● No rearchitecting the application; the work is in getting things to cross compile correctly (Nginx & MySQL) ● Working out usability and configuration kinks still ● Unikernel-compatible unmodified POSIX C and C++ applications “just work” on top of Rump Kernels, provided that they can be cross- compiled – Stacks on Rump Kernels are always cross-compiled, since the compiler never runs directly on the Rump Kernel ● Still in skunkworks stage; watch Twitter @rumpkernel for announcement when it is done
More Rump Kernel & RAMP Info ● Rump Kernels contain the work of many BSD contributors, all the way back to the 1980s ● Antti Kantee leading the Rump Kernel project ● Martin Lucina leading the RAMP work ● Current Temporary Github repositories (will probably be replaced with a permanent Wiki page): – https://github.com/mato/rump-php – https://github.com/mato/rump-mysql ● Rump Kernel Mailing List: – http://www.freelists.org/list/rumpkernel-users ● Rump Kernel Twitter: – @rumpkernel
Xen Project as Ecosystem Enabler ● Work proceeds on support for 1000s of VMs per host – Recent redesign of Event Channels removes obstacles to uncap VM growth (theoretically, into millions of VMs) – Currently, performance is strong up to around 600 VMs per host – Other areas identified and targeted to enable 2000-3000 VMs per host ● Paravirtualization makes creation of a unikernel much simpler – Simpler PV interfaces remove need for complex H/W drivers
And Still More To Come... ● Arrakis (http://arrakis.cs.washington.edu/) – Derived from the Barrelfish operating system ● Clive (http://lsub.org/ls/clive.html) – Using the go language ● Solo5 (https://developer.ibm.com/open/solo5-unikernel/) – A new unikernel base from IBM ● IncludeOS – C++ on KVM
Are Unikernels a Panacea? ● Nope! – But it doesn't have to be a panacea to return value – There will always be really large databases and beefy apps which won't fit in this mold – The truth is that different problems are likely to require different optimal solutions for the foreseeable future – It is likely that the solution spectrum of the next few years will include a blend of unikernels, containers, and standard virtualization – But the arrival of unikernels means that the bar to efficiency has been raised to new heights
What Does This Mean for Architecture? ● We like to talk about (Persistent) Microservices; we are witnessing the birth of Transient MicroservicesTransient Microservices – Lifetimes possibly measured in fractions of second – Populations in the thousands concurrently per host – Now these aren't small just from an external standpoint, but internally as well – It's much easier manipulating smaller items than bigger ones, so what was once difficult to change becomes easier to change
How Do You Control a Transient Microservice? ● Excellent question! ● How can we tell if a service was born, executed correctly, and died appropriately? ● Do you know the answer? – This is where Open Source shines – and why all this is coming from Open Source efforts – “Given enough eyeballs, all bugs are shallow” – ESR, CatB – Get enough people looking at the problem and the solution will be obvious to someone
Open Source Leading the Way ● This is an example of how Open Source is working to expand horizons of the cloud – Closed source in the next-gen cloud just isn't the way to go – The real innovation continues to come from Open Source – Friends don't let friends go closed source in the cloud!
Questions? rcpavlicek@yahoo.com Twitter: @RCPavlicek Thanks to the Mirage OS team and Antti Kantee of the Rump Kernel project for the use of their images. Thanks to NEC Europe Ltd (ClickOS) and ErlangOnXen (LING) for the use of images from their respective websites. Rights to same belong to the copyright holders. Look for my upcoming article in BSD Magazine and an upcoming eBook from your favorite publisher! And don't forget my session at 4:35pm here today! If anyone is looking for a community guy / evangelist, drop me a line!

Recommandé

Unikernel User Summit 2015: The Next Generation Cloud: Unleashing the Power o...
Unikernel User Summit 2015: The Next Generation Cloud: Unleashing the Power o...Unikernel User Summit 2015: The Next Generation Cloud: Unleashing the Power o...
Unikernel User Summit 2015: The Next Generation Cloud: Unleashing the Power o...
The Linux Foundation
 
CIF16: Unikernels: The Past, the Present, the Future ( Russell Pavlicek, Xen ...
CIF16: Unikernels: The Past, the Present, the Future ( Russell Pavlicek, Xen ...CIF16: Unikernels: The Past, the Present, the Future ( Russell Pavlicek, Xen ...
CIF16: Unikernels: The Past, the Present, the Future ( Russell Pavlicek, Xen ...
The Linux Foundation
 
Next Generation Cloud: Rise of the Unikernel V3 (UPDATED)
Next Generation Cloud: Rise of the Unikernel V3 (UPDATED)Next Generation Cloud: Rise of the Unikernel V3 (UPDATED)
Next Generation Cloud: Rise of the Unikernel V3 (UPDATED)
The Linux Foundation
 
XPDS14: Unikernels: Who, What, Where, When, Why - Adam Wick, Galois
XPDS14: Unikernels: Who, What, Where, When, Why - Adam Wick, GaloisXPDS14: Unikernels: Who, What, Where, When, Why - Adam Wick, Galois
XPDS14: Unikernels: Who, What, Where, When, Why - Adam Wick, Galois
The Linux Foundation
 
CIF16: Unikernels, Meet Docker! Containing Unikernels (Richard Mortier, Anil ...
CIF16: Unikernels, Meet Docker! Containing Unikernels (Richard Mortier, Anil ...CIF16: Unikernels, Meet Docker! Containing Unikernels (Richard Mortier, Anil ...
CIF16: Unikernels, Meet Docker! Containing Unikernels (Richard Mortier, Anil ...
The Linux Foundation
 
CPOSC2014: Next Generation Cloud -- Rise of the Unikernel
CPOSC2014: Next Generation Cloud -- Rise of the UnikernelCPOSC2014: Next Generation Cloud -- Rise of the Unikernel
CPOSC2014: Next Generation Cloud -- Rise of the Unikernel
The Linux Foundation
 
SCALE13x: Next Generation of the Cloud - Rise of the Unikernel
SCALE13x: Next Generation of the Cloud - Rise of the UnikernelSCALE13x: Next Generation of the Cloud - Rise of the Unikernel
SCALE13x: Next Generation of the Cloud - Rise of the Unikernel
The Linux Foundation
 
Docker Online Meetup #31: Unikernels
Docker Online Meetup #31: UnikernelsDocker Online Meetup #31: Unikernels
Docker Online Meetup #31: Unikernels
Docker, Inc.
 

Recommandé

Unikernel User Summit 2015: The Next Generation Cloud: Unleashing the Power o...
Unikernel User Summit 2015: The Next Generation Cloud: Unleashing the Power o...Unikernel User Summit 2015: The Next Generation Cloud: Unleashing the Power o...
Unikernel User Summit 2015: The Next Generation Cloud: Unleashing the Power o...
The Linux Foundation
 
CIF16: Unikernels: The Past, the Present, the Future ( Russell Pavlicek, Xen ...
CIF16: Unikernels: The Past, the Present, the Future ( Russell Pavlicek, Xen ...CIF16: Unikernels: The Past, the Present, the Future ( Russell Pavlicek, Xen ...
CIF16: Unikernels: The Past, the Present, the Future ( Russell Pavlicek, Xen ...
The Linux Foundation
 
Next Generation Cloud: Rise of the Unikernel V3 (UPDATED)
Next Generation Cloud: Rise of the Unikernel V3 (UPDATED)Next Generation Cloud: Rise of the Unikernel V3 (UPDATED)
Next Generation Cloud: Rise of the Unikernel V3 (UPDATED)
The Linux Foundation
 
XPDS14: Unikernels: Who, What, Where, When, Why - Adam Wick, Galois
XPDS14: Unikernels: Who, What, Where, When, Why - Adam Wick, GaloisXPDS14: Unikernels: Who, What, Where, When, Why - Adam Wick, Galois
XPDS14: Unikernels: Who, What, Where, When, Why - Adam Wick, Galois
The Linux Foundation
 
CIF16: Unikernels, Meet Docker! Containing Unikernels (Richard Mortier, Anil ...
CIF16: Unikernels, Meet Docker! Containing Unikernels (Richard Mortier, Anil ...CIF16: Unikernels, Meet Docker! Containing Unikernels (Richard Mortier, Anil ...
CIF16: Unikernels, Meet Docker! Containing Unikernels (Richard Mortier, Anil ...
The Linux Foundation
 
CPOSC2014: Next Generation Cloud -- Rise of the Unikernel
CPOSC2014: Next Generation Cloud -- Rise of the UnikernelCPOSC2014: Next Generation Cloud -- Rise of the Unikernel
CPOSC2014: Next Generation Cloud -- Rise of the Unikernel
The Linux Foundation
 
SCALE13x: Next Generation of the Cloud - Rise of the Unikernel
SCALE13x: Next Generation of the Cloud - Rise of the UnikernelSCALE13x: Next Generation of the Cloud - Rise of the Unikernel
SCALE13x: Next Generation of the Cloud - Rise of the Unikernel
The Linux Foundation
 
Docker Online Meetup #31: Unikernels
Docker Online Meetup #31: UnikernelsDocker Online Meetup #31: Unikernels
Docker Online Meetup #31: Unikernels
Docker, Inc.
 
CIF16: Rethinking Foundations for Zero-devops Clouds (Maxim Kharchenko, Cloud...
CIF16: Rethinking Foundations for Zero-devops Clouds (Maxim Kharchenko, Cloud...CIF16: Rethinking Foundations for Zero-devops Clouds (Maxim Kharchenko, Cloud...
CIF16: Rethinking Foundations for Zero-devops Clouds (Maxim Kharchenko, Cloud...
The Linux Foundation
 
Microservices in Unikernels
Microservices in UnikernelsMicroservices in Unikernels
Microservices in Unikernels
Madhuri Yechuri
 
Unikernels and Cloud Computing
Unikernels and Cloud ComputingUnikernels and Cloud Computing
Unikernels and Cloud Computing
SKORDEMIR
 
Unikernels
UnikernelsUnikernels
Unikernels
sally.de
 
Lightning talk unikernels
Lightning talk unikernelsLightning talk unikernels
Lightning talk unikernels
Michael Bright
 
Présentation d'Unikernel
Présentation d'UnikernelPrésentation d'Unikernel
Présentation d'Unikernel
Proto204
 
Openstack Xen and XCP
Openstack Xen and XCPOpenstack Xen and XCP
Openstack Xen and XCP
The Linux Foundation
 
Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCP
Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCPOscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCP
Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCP
The Linux Foundation
 
Unikernels Introduction
Unikernels IntroductionUnikernels Introduction
Unikernels Introduction
Pradipta Banerjee
 
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
The Linux Foundation
 
Erlang on Xen: Redefining the cloud software stack
Erlang on Xen: Redefining the cloud software stackErlang on Xen: Redefining the cloud software stack
Erlang on Xen: Redefining the cloud software stack
Viktor Sovietov
 
Scale11x : Virtualization with Xen and XCP
Scale11x : Virtualization with Xen and XCP Scale11x : Virtualization with Xen and XCP
Scale11x : Virtualization with Xen and XCP
The Linux Foundation
 
Magnum Networking Update
Magnum Networking UpdateMagnum Networking Update
Magnum Networking Update
Daneyon Hansen
 
The DIY Punk Rock DevOps Playbook
The DIY Punk Rock DevOps PlaybookThe DIY Punk Rock DevOps Playbook
The DIY Punk Rock DevOps Playbook
bcantrill
 
Introduction to Containers and Docker
Introduction to Containers and DockerIntroduction to Containers and Docker
Introduction to Containers and Docker
Rob Loach
 
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Cynthia Thomas
 
Manta: a new internet-facing object storage facility that features compute by...
Manta: a new internet-facing object storage facility that features compute by...Manta: a new internet-facing object storage facility that features compute by...
Manta: a new internet-facing object storage facility that features compute by...
Hakka Labs
 
Ceph, Xen, and CloudStack: Semper Melior-XPUS13 McGarry
Ceph, Xen, and CloudStack: Semper Melior-XPUS13 McGarryCeph, Xen, and CloudStack: Semper Melior-XPUS13 McGarry
Ceph, Xen, and CloudStack: Semper Melior-XPUS13 McGarry
The Linux Foundation
 
Moving Legacy Applications to Docker by Josh Ellithorpe, Apcera
Moving Legacy Applications to Docker by Josh Ellithorpe, Apcera Moving Legacy Applications to Docker by Josh Ellithorpe, Apcera
Moving Legacy Applications to Docker by Josh Ellithorpe, Apcera
Docker, Inc.
 
2017 jan-19 meetup-unikernels
2017 jan-19 meetup-unikernels2017 jan-19 meetup-unikernels
2017 jan-19 meetup-unikernels
Michael Bright
 
The Next Generation Cloud: Unleashing the Power of the Unikernal
The Next Generation Cloud: Unleashing the Power of the UnikernalThe Next Generation Cloud: Unleashing the Power of the Unikernal
The Next Generation Cloud: Unleashing the Power of the Unikernal
All Things Open
 
Cairo Kubernetes Meetup - October event Talk #1
Cairo Kubernetes Meetup - October event Talk #1Cairo Kubernetes Meetup - October event Talk #1
Cairo Kubernetes Meetup - October event Talk #1
omehelba
 

Contenu connexe

Tendances

Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCP
Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCPOscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCP
Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCP
The Linux Foundation
 
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
The Linux Foundation
 
Scale11x : Virtualization with Xen and XCP
Scale11x : Virtualization with Xen and XCP Scale11x : Virtualization with Xen and XCP
Scale11x : Virtualization with Xen and XCP
The Linux Foundation
 
Manta: a new internet-facing object storage facility that features compute by...
Manta: a new internet-facing object storage facility that features compute by...Manta: a new internet-facing object storage facility that features compute by...
Manta: a new internet-facing object storage facility that features compute by...
Hakka Labs
 

Tendances (20)

CIF16: Rethinking Foundations for Zero-devops Clouds (Maxim Kharchenko, Cloud...
CIF16: Rethinking Foundations for Zero-devops Clouds (Maxim Kharchenko, Cloud...CIF16: Rethinking Foundations for Zero-devops Clouds (Maxim Kharchenko, Cloud...
CIF16: Rethinking Foundations for Zero-devops Clouds (Maxim Kharchenko, Cloud...
 
Microservices in Unikernels
Microservices in UnikernelsMicroservices in Unikernels
Microservices in Unikernels
 
Unikernels and Cloud Computing
Unikernels and Cloud ComputingUnikernels and Cloud Computing
Unikernels and Cloud Computing
 
Unikernels
UnikernelsUnikernels
Unikernels
 
Lightning talk unikernels
Lightning talk unikernelsLightning talk unikernels
Lightning talk unikernels
 
Présentation d'Unikernel
Présentation d'UnikernelPrésentation d'Unikernel
Présentation d'Unikernel
 
Openstack Xen and XCP
Openstack Xen and XCPOpenstack Xen and XCP
Openstack Xen and XCP
 
Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCP
Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCPOscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCP
Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCP
 
Unikernels Introduction
Unikernels IntroductionUnikernels Introduction
Unikernels Introduction
 
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
 
Erlang on Xen: Redefining the cloud software stack
Erlang on Xen: Redefining the cloud software stackErlang on Xen: Redefining the cloud software stack
Erlang on Xen: Redefining the cloud software stack
 
Scale11x : Virtualization with Xen and XCP
Scale11x : Virtualization with Xen and XCP Scale11x : Virtualization with Xen and XCP
Scale11x : Virtualization with Xen and XCP
 
Magnum Networking Update
Magnum Networking UpdateMagnum Networking Update
Magnum Networking Update
 
The DIY Punk Rock DevOps Playbook
The DIY Punk Rock DevOps PlaybookThe DIY Punk Rock DevOps Playbook
The DIY Punk Rock DevOps Playbook
 
Introduction to Containers and Docker
Introduction to Containers and DockerIntroduction to Containers and Docker
Introduction to Containers and Docker
 
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
 
Manta: a new internet-facing object storage facility that features compute by...
Manta: a new internet-facing object storage facility that features compute by...Manta: a new internet-facing object storage facility that features compute by...
Manta: a new internet-facing object storage facility that features compute by...
 
Ceph, Xen, and CloudStack: Semper Melior-XPUS13 McGarry
Ceph, Xen, and CloudStack: Semper Melior-XPUS13 McGarryCeph, Xen, and CloudStack: Semper Melior-XPUS13 McGarry
Ceph, Xen, and CloudStack: Semper Melior-XPUS13 McGarry
 
Moving Legacy Applications to Docker by Josh Ellithorpe, Apcera
Moving Legacy Applications to Docker by Josh Ellithorpe, Apcera Moving Legacy Applications to Docker by Josh Ellithorpe, Apcera
Moving Legacy Applications to Docker by Josh Ellithorpe, Apcera
 
2017 jan-19 meetup-unikernels
2017 jan-19 meetup-unikernels2017 jan-19 meetup-unikernels
2017 jan-19 meetup-unikernels
 

Similaire à OSAC16: Unikernel-powered Transient Microservices: Changing the Face of Software Architecture

Unikernelized Linux
Unikernelized LinuxUnikernelized Linux
Unikernelized Linux
LinuxCon ContainerCon CloudOpen China
 
Webinar: OpenEBS - Still Free and now FASTEST Kubernetes storage
Webinar: OpenEBS - Still Free and now FASTEST Kubernetes storageWebinar: OpenEBS - Still Free and now FASTEST Kubernetes storage
Webinar: OpenEBS - Still Free and now FASTEST Kubernetes storage
MayaData Inc
 

Similaire à OSAC16: Unikernel-powered Transient Microservices: Changing the Face of Software Architecture (20)

The Next Generation Cloud: Unleashing the Power of the Unikernal
The Next Generation Cloud: Unleashing the Power of the UnikernalThe Next Generation Cloud: Unleashing the Power of the Unikernal
The Next Generation Cloud: Unleashing the Power of the Unikernal
 
Cairo Kubernetes Meetup - October event Talk #1
Cairo Kubernetes Meetup - October event Talk #1Cairo Kubernetes Meetup - October event Talk #1
Cairo Kubernetes Meetup - October event Talk #1
 
Using Open Source technologies to create Enterprise Level Cloud System
Using Open Source technologies to create Enterprise Level Cloud SystemUsing Open Source technologies to create Enterprise Level Cloud System
Using Open Source technologies to create Enterprise Level Cloud System
 
The Future of System Administration
The Future of System AdministrationThe Future of System Administration
The Future of System Administration
 
Future of Sysadmin 2014
Future of Sysadmin 2014Future of Sysadmin 2014
Future of Sysadmin 2014
 
Elatt Presentation
Elatt PresentationElatt Presentation
Elatt Presentation
 
OpenStack Toronto Q2 MeetUp - June 1st 2017
OpenStack Toronto Q2 MeetUp - June 1st 2017OpenStack Toronto Q2 MeetUp - June 1st 2017
OpenStack Toronto Q2 MeetUp - June 1st 2017
 
DevOpsDays Tel Aviv DEC 2022 | Building A Cloud-Native Platform Brick by Bric...
DevOpsDays Tel Aviv DEC 2022 | Building A Cloud-Native Platform Brick by Bric...DevOpsDays Tel Aviv DEC 2022 | Building A Cloud-Native Platform Brick by Bric...
DevOpsDays Tel Aviv DEC 2022 | Building A Cloud-Native Platform Brick by Bric...
 
The Effectiveness, Efficiency and Legitimacy of Outsourcing Your Data
The Effectiveness, Efficiency and Legitimacy of Outsourcing Your Data The Effectiveness, Efficiency and Legitimacy of Outsourcing Your Data
The Effectiveness, Efficiency and Legitimacy of Outsourcing Your Data
 
The Cloud Convergence: OpenStack and Kubernetes
The Cloud Convergence: OpenStack and KubernetesThe Cloud Convergence: OpenStack and Kubernetes
The Cloud Convergence: OpenStack and Kubernetes
 
Unikernelized Linux
Unikernelized LinuxUnikernelized Linux
Unikernelized Linux
 
Open Source Investments in Mainframe Through the Next Generation - Showcasing...
Open Source Investments in Mainframe Through the Next Generation - Showcasing...Open Source Investments in Mainframe Through the Next Generation - Showcasing...
Open Source Investments in Mainframe Through the Next Generation - Showcasing...
 
Webinar: OpenEBS - Still Free and now FASTEST Kubernetes storage
Webinar: OpenEBS - Still Free and now FASTEST Kubernetes storageWebinar: OpenEBS - Still Free and now FASTEST Kubernetes storage
Webinar: OpenEBS - Still Free and now FASTEST Kubernetes storage
 
Introduction to OpenStack Storage
Introduction to OpenStack StorageIntroduction to OpenStack Storage
Introduction to OpenStack Storage
 
OpenStack Ottawa Q2 MeetUp - May 31st 2017
OpenStack Ottawa Q2 MeetUp - May 31st 2017OpenStack Ottawa Q2 MeetUp - May 31st 2017
OpenStack Ottawa Q2 MeetUp - May 31st 2017
 
A Summary about Hykes' Keynote on Dockercon 2015
A Summary about Hykes' Keynote on Dockercon 2015A Summary about Hykes' Keynote on Dockercon 2015
A Summary about Hykes' Keynote on Dockercon 2015
 
Triangle Devops Meetup 10/2015
Triangle Devops Meetup 10/2015Triangle Devops Meetup 10/2015
Triangle Devops Meetup 10/2015
 
Why Cloud Computing has to go the FOSS way
Why Cloud Computing has to go the FOSS wayWhy Cloud Computing has to go the FOSS way
Why Cloud Computing has to go the FOSS way
 
Intro to OpenShift, MongoDB Atlas & Live Demo
Intro to OpenShift, MongoDB Atlas & Live DemoIntro to OpenShift, MongoDB Atlas & Live Demo
Intro to OpenShift, MongoDB Atlas & Live Demo
 
OSDC 2018 | Migrating to the cloud by Devdas Bhagat
OSDC 2018 | Migrating to the cloud by Devdas BhagatOSDC 2018 | Migrating to the cloud by Devdas Bhagat
OSDC 2018 | Migrating to the cloud by Devdas Bhagat
 

Plus de Russell Pavlicek

Plus de Russell Pavlicek (8)

Geek Empowerment - The Real Heart of Open Source
Geek Empowerment - The Real Heart of Open SourceGeek Empowerment - The Real Heart of Open Source
Geek Empowerment - The Real Heart of Open Source
 
FOSS Project Perception Management Checklist
FOSS Project Perception Management ChecklistFOSS Project Perception Management Checklist
FOSS Project Perception Management Checklist
 
openSUSE Summit-15 Years of Open Source: It's About the People
openSUSE Summit-15 Years of Open Source: It's About the PeopleopenSUSE Summit-15 Years of Open Source: It's About the People
openSUSE Summit-15 Years of Open Source: It's About the People
 
CPOSC 2013: 15 Years of Open Source - It's About the People
CPOSC 2013: 15 Years of Open Source - It's About the PeopleCPOSC 2013: 15 Years of Open Source - It's About the People
CPOSC 2013: 15 Years of Open Source - It's About the People
 
Securing Your Cloud with Xen (CloudOpen NA 2013)
Securing Your Cloud with Xen (CloudOpen NA 2013)Securing Your Cloud with Xen (CloudOpen NA 2013)
Securing Your Cloud with Xen (CloudOpen NA 2013)
 
Xen 10th anniversary Status Report (at SELF 2013)
Xen 10th anniversary Status Report (at SELF 2013)Xen 10th anniversary Status Report (at SELF 2013)
Xen 10th anniversary Status Report (at SELF 2013)
 
Lessons Learned from Xen (Texas Linux Fest 2013)
Lessons Learned from Xen (Texas Linux Fest 2013)Lessons Learned from Xen (Texas Linux Fest 2013)
Lessons Learned from Xen (Texas Linux Fest 2013)
 
Lessons Learned from Xen [LFNW 2013]
Lessons Learned from Xen [LFNW 2013]Lessons Learned from Xen [LFNW 2013]
Lessons Learned from Xen [LFNW 2013]
 

Dernier

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Dernier (20)

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 

OSAC16: Unikernel-powered Transient Microservices: Changing the Face of Software Architecture

  • 1. O'Reilly Software Architecture 2016 Unikernel-powered transient microservices: Changing the face of software architecture Russell Pavlicek rcpavlicek@yahoo.com
  • 2. About the Old, Fat Geek Up Front ● Linux user since 1995; became a Linux advocate immediately ● Delivered many early talks on Open Source Advocacy ● Former Open Source columnist for Infoworld, Processor magazines ● Former weekly panelist on “The Linux Show” ● Wrote one of the first books on Open Source: Embracing Insanity: Open Source Software Development ● 30 years in the industry; 20+ years in software services consulting ● Formerly Evangelist for the Xen Project, now looking for new opportunities ● Over 100 FOSS talks delivered; over 200 FOSS pieces published
  • 3. Why Am I Talking About This? ● I am not a unikernel implementer ● I had been Evangelist for Xen Project, which is at the forefront of unikernel development ● There are a number of people implementing unikernels and discussing what they've done, but relatively few discussing the big picture, and almost no one talking about the changes to S/W architecture ● This talk will attempt to examine both the forest and the trees: – We will discuss the value of the unikernel movement – We will examine several prominent unikernels and their uses ● The existence of these unikernels will alter the architecture of the cloud. Microservices will become smaller, faster, and more transient than today.
  • 4. The Current Basis for Architecture ● Workloads are essentially Persistent, even in clouds – Clouds may move the the workload around, but the workload itself is virtually identical to workloads in the pre-cloud era ● Someone has to authorize their birth, check their health, and authorize their shutdown ● Services tend to be long-lived, because it takes so long to start one up or shut one down – Ever get stuck at a Point-Of-Sale terminal run off a modem? ● Services will often sit idle for long periods waiting for a client to make a request – Resources needed by the service are, therefore, underutilized
  • 5. A New Basis for Architecture ● Imagine workloads which are as nimble as the clouds which deploy them ● Instant startup and shutdown – Able to be deployed the instant the need appears ● Lasting only as long as the immediate need ● And much more secure than what we have now ● Key capability to implement the Internet Of Things (IoT) ● This is a Transient workload
  • 6. How Did We Get Here? ● The history of computing tells us why we have a love with Persistent machines ● Once upon a time, machines were really expensive – When I was in college, our student computer center consisted of one machine – a DEC PDP 11/34a – for the entire campus – 248kb addressable memory – 25 MB total disk storage (not including 8” floppies) – No virtualization available – One machine had to do everything for everyone, so we loaded it down with thousands of programs – This beast cost over US$100K fully configured – Startup and shutdown was slow – minutes. So Persistent service was a necessity
  • 7. How Does This Match Today's Reality? ● Hardware today is dirt cheap! ● A smart phone is several orders of magnitude more powerful than my college's old PDP-11; we frequently send PCs to a landfill which would have been supercomputers by comparison ● Memory and storage are cheap and plentiful ● Virtualization is stable and available ● Startup and shutdown is much quicker ● So why are we still focused on building Persistent machines with 1000s of programs like we used to when hardware was expensive?
  • 8. Let's Upgrade Our Architecture ● Much modern solution architecture is focused on leveraging physical components designed in 1980 ● Let's rethink software architecture to best use the current truths, and let go of the assumptions created in a bygone era ● Let's start with the Cloud and ask, “What should your machine images look like to be optimal today?”
  • 9. A View From the Clouds What does a Really Good Cloud look like?
  • 10. The Cloud So Far ● The major field of innovation is in the orchestration – The Cloud Engine is paramount (OpenStack, CloudStack, etc.) – But the workloads adapted to the cloud strongly resemble their Persistent non-cloud predecessors ● Some basic adaptations to facilitate life in the cloud, but basically the same stuff that was used before the cloud ● Applications with full stacks (operating system, utilities, languages, and apps) which could basically run on hardware, but are run on VMs instead. ● VMs are beefy; large memory footprint, slow to start up ● It all works, but its not overly efficient ● 10s of VMs per physical host
  • 11. The Next Generation Cloud ● Let's turn our scrutiny to the workloads – Should be easier to deploy and manage – Smaller footprint, removing unnecessary duplication – Faster startup – Mixture of Persistent and Transient microservices – Higher levels of security – 1000s of VMs per host
  • 12. The New Stuff: Docker & Containers ● Makes deployment easier ● Smaller footprint by leveraging kernel of host ● Less memory needed to replicate shared kernel space ● Less disk needed to replicate shared executables ● Really fast startup times ● Higher number of VMs per host
  • 13. Docker Downsides ● Improvements, yes; but not without issues – Can't run any payload that can't use host kernel – Potential limits to scalability ● Linux not really optimized for 1000s of processes – Security ● Security is a HUGE issue in clouds ● Still working on security which brings containers up to the level of current solutions – Cumbersome add-ons won't work; security needs to be baked in – We need to raise the bar higher in the cloud; status quo is not enough ● Containers are still often run within VMs when security is needed
  • 14. Security: 800 Ton Gorilla in the Room ● For too long, Security is the Red-Headed Step Child of Software Architecture – We've used bolt-on solutions – “The sysadmin will handle that!” ● Which quickly becomes “It's the sysadmin's fault that they DIDN'T handle that!” ● You only need to glance at the news to know the state of security in our industry today: IT SUCKS!
  • 15. Security By Design is a Requirement ● We MUST raise the defacto level of security in our cloud and web applications! ● “Good enough” is no longer good enough ● Some enhanced level of security needs to be baked in so that even a totally incompetent idiot can deploy applications which are more secure than today's status quo
  • 16. The Unikernel: A Real Cloud Concept ● Very small ● Very efficient ● Very quick to boot ● And very, VERY secure! ● It's a Green (energy) technology which saves you green (cash); extremely important to foster adoption ● Many unikernels already exist, and the number is growing steadily
  • 17. What is a Unikernel? From MirageOS
  • 21. Unikernel Concepts ● Use just enough to do the job – No need for multiple users; one VM per user – No need for a general purpose operating system – No need for utilities – No need for a full set of operating system functions ● Lean and mean – Minimal waste – Tiny size
  • 22. Unikernel Concepts ● Similar to an embedded application development environment – Limited debugging available for deployed production system ● You have exactly the tools you built into the stack – Instead, system failures are reproduced and analyzed on a full operating system stack and then encapsulated into a new image to deploy – Tradeoff is required for ultralight images
  • 23. What Do the Results Look Like? ● Mirage OS examples: – DNS Server: 449 KB – Web Server: 674 KB – OpenFlow Learning Switch: 393 KB ● LING metrics: – Boot time to shell in under 100ms – Erlangonxen.org memory usage: 8.7 MB ● ClickOS: – Network devices processing >5 million pkt/sec – 6 MB memory with 30 ms boot time
  • 24. What About Security? ● Type-Safe Solution Stack – Can be certified – Certification is crucial for certain highly critical tasks, like airplane fly-by-wire control systems ● Image footprints are unique to the image – Intruders cannot rely on always finding certain libraries – No utilities to exploit, no shell to manipulate – Make the attack surface much smaller and much less consistent
  • 25. Do Unikernels Really Exist? Some of the current leading unikernels
  • 26. What's Out There Right Now? ● MirageOS, from the Xen Project Incubator ● HaLVM, from Galois ● LING, from Erlang-on-Xen ● ClickOS, from NEC Europe Labs ● OSv, from Cloudius Systems ● Rumprun, from the Rump Kernel Project ● And that's just the beginning...
  • 27. MirageOS ● From the Xen Project Incubator ● Language support: Ocaml ● Hypervisor support: Xen Project ● V2.0 released in 2014 ● General purpose devices ● Can be run on Amazon EC2 ● http://www.openmirage.org/
  • 28. HaLVM ● Galois, Inc. ● Language support: Haskell ● Hypervisor support: Xen Project ● Originally designed to prototype operating system components ● Now suitable for creating network devices ● https://galois.com/project/halvm/
  • 29. LING ● Erlang-on-Xen project ● Language support: Erlang ● Hypervisor support: Xen Project ● Use cases include Zero-Footprint Cloud ● http://erlangonxen.org/
  • 32. ClickOS ● NEC Europe Labs ● Language support: C, C++, Python ● Hypervisor support: Xen Project ● V0.2 released in 2014 ● Suited for Network Function Virtualization (NFV) devices ● http://cnp.neclab.eu/clickos/
  • 34. OSv ● Cloudius Systems (now ScyllaDB) – Company may have moved on, but their Open Source project survives – Language support: C, C++, Java, Python, Javascript, Node.js, Ruby ● Hypervisor support: Xen Project, KVM, VMware ● Slightly different from “standard” unikernels – Kind of “fat” – Full Java JVM stack, minus multi-processes (threads yes, forks no) – Can run almost any JAR file ● NFV optimized ● http://osv.io/
  • 35. Rumprun ● A working product of the rump kernel ecosystem (which we'll discuss shortly) ● Under active development, rumprun does allow a growing number of programs to run as-is – Its goal is to a universal base for most unikernel- appropriate workloads for currently existing real-world POSIX-based applications – It has the potential to open the door to a hugehuge number of functional unikernels ● http://repo.rumpkernel.org/rumprun
  • 36. What About the Unikernel Ecosystem? ● If this is more than just a few isolated experiments in unikernel concepts, we'd expect to see some advances in the general ecosystem ● The unikernel ecosystem is forming: – Jitsu (https://github.com/MagnusS/jitsu) – MiniOS (http://wiki.xenproject.org/wiki/Mini-OS) – Rump Kernels (http://rumpkernel.org/) – Xen Project itself
  • 37. Jitsu The Jitsu Website says: Just-In-Time Summoning of Unikernels ● Jitsu is a forwarding DNS server that automatically starts virtual machines (VMs) on demand. When a DNS query is received, jitsu first checks for a local VM that is mapped to the requested domain. If a VM is found, the VM is started and its IP is returned to the client. Otherwise, the request is forwarded to the next DNS server. If no DNS requests are received for the VM within a given timeout period it is automatically stopped. ● Although Jitsu can be used with any VM that can be controlled with libvirt, it is mainly intended for use with unikernels that can be started quickly and be able to respond to the client request within the time it takes to send the DNS response.
  • 38. MiniOS ● Small basic unikernel ● Distributed with Xen Project source ● Originally designed for driver disaggregation ● Base for others to build their unikernel projects – ClickOS, for example – Also the base for the earliest version of rumprun, which has advanced considerably since
  • 39. Rump Kernels ● Derived from the work of the NetBSD community ● Employs the notion of a kernel containing just enough code to get real work done – Concept is not limited to NetBSD, but existing work leverages NetBSD ● An open-ended framework containing production-quality drivers, currently manifesting itself in the rumprun unikernel ● Supports Xen Project, bare metal, userspace environments
  • 40. platform hypercall interface rump kernel hypercall implementation libc syscall trapsrump kernel calls application(s) userspace libraries TCP/IP filesystems devicedrvs unmodified NetBSD code (~106 lines) unmodified POSIX userspace code (10n lines) platform-specific code (~103 lines) same thread throughout entire stack e.g. Genode OS, Xen, userspace, bare-metal, ... syscalls ... platform-independent glue code (~104 lines) glue code Rump Kernel Architecture
  • 41. THIS JUST IN... News Flash: The Fat Boy up front was wrong! You CAN do databases as Unikernels!
  • 42. The “RAMP” Stack! ● Major announcement 1 year ago: Nginx, MySQL, and PHP built on Rump Kernels! ● No rearchitecting the application; the work is in getting things to cross compile correctly (Nginx & MySQL) ● Working out usability and configuration kinks still ● Unikernel-compatible unmodified POSIX C and C++ applications “just work” on top of Rump Kernels, provided that they can be cross- compiled – Stacks on Rump Kernels are always cross-compiled, since the compiler never runs directly on the Rump Kernel ● Still in skunkworks stage; watch Twitter @rumpkernel for announcement when it is done
  • 43. More Rump Kernel & RAMP Info ● Rump Kernels contain the work of many BSD contributors, all the way back to the 1980s ● Antti Kantee leading the Rump Kernel project ● Martin Lucina leading the RAMP work ● Current Temporary Github repositories (will probably be replaced with a permanent Wiki page): – https://github.com/mato/rump-php – https://github.com/mato/rump-mysql ● Rump Kernel Mailing List: – http://www.freelists.org/list/rumpkernel-users ● Rump Kernel Twitter: – @rumpkernel
  • 44. Xen Project as Ecosystem Enabler ● Work proceeds on support for 1000s of VMs per host – Recent redesign of Event Channels removes obstacles to uncap VM growth (theoretically, into millions of VMs) – Currently, performance is strong up to around 600 VMs per host – Other areas identified and targeted to enable 2000-3000 VMs per host ● Paravirtualization makes creation of a unikernel much simpler – Simpler PV interfaces remove need for complex H/W drivers
  • 45. And Still More To Come... ● Arrakis (http://arrakis.cs.washington.edu/) – Derived from the Barrelfish operating system ● Clive (http://lsub.org/ls/clive.html) – Using the go language ● Solo5 (https://developer.ibm.com/open/solo5-unikernel/) – A new unikernel base from IBM ● IncludeOS – C++ on KVM
  • 46. Are Unikernels a Panacea? ● Nope! – But it doesn't have to be a panacea to return value – There will always be really large databases and beefy apps which won't fit in this mold – The truth is that different problems are likely to require different optimal solutions for the foreseeable future – It is likely that the solution spectrum of the next few years will include a blend of unikernels, containers, and standard virtualization – But the arrival of unikernels means that the bar to efficiency has been raised to new heights
  • 47. What Does This Mean for Architecture? ● We like to talk about (Persistent) Microservices; we are witnessing the birth of Transient MicroservicesTransient Microservices – Lifetimes possibly measured in fractions of second – Populations in the thousands concurrently per host – Now these aren't small just from an external standpoint, but internally as well – It's much easier manipulating smaller items than bigger ones, so what was once difficult to change becomes easier to change
  • 48. How Do You Control a Transient Microservice? ● Excellent question! ● How can we tell if a service was born, executed correctly, and died appropriately? ● Do you know the answer? – This is where Open Source shines – and why all this is coming from Open Source efforts – “Given enough eyeballs, all bugs are shallow” – ESR, CatB – Get enough people looking at the problem and the solution will be obvious to someone
  • 49. Open Source Leading the Way ● This is an example of how Open Source is working to expand horizons of the cloud – Closed source in the next-gen cloud just isn't the way to go – The real innovation continues to come from Open Source – Friends don't let friends go closed source in the cloud!
  • 50. Questions? rcpavlicek@yahoo.com Twitter: @RCPavlicek Thanks to the Mirage OS team and Antti Kantee of the Rump Kernel project for the use of their images. Thanks to NEC Europe Ltd (ClickOS) and ErlangOnXen (LING) for the use of images from their respective websites. Rights to same belong to the copyright holders. Look for my upcoming article in BSD Magazine and an upcoming eBook from your favorite publisher! And don't forget my session at 4:35pm here today! If anyone is looking for a community guy / evangelist, drop me a line!