Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
Linux, Unikernel, LinuxKit: towards
redefining the cloud stack.
IDIT LEVINE
Problem
Cloud Stack Application Configuration
Application
Language Runtime
Shared Libraries
Docker Runtime
OS User Processes
OS Ke...
Linux Kernel
Linux Kernel
Memory Management Protection Rings
Device Management
Linux Kernel
Driver management
Memory management
Security
https://github.com/cf-unik/unik/wiki/Worried-about-IoT-DDoS%3F-Think-Unikernels
Linux kernel languages
C
Assembly
C++
XML
Make
Perl
Shell Script
Python
HTML
TeX/LaTeX
AWK
Scheme
Objective-C
Autoconf
XSL...
SOURCE lines of code
Small Applications: 10Ks
Medium to large applications: 100Ks
Really huge applications: 1Ms
2.4
5.2
11
12.6
13.5
15.9
22
0
5
10
15
20
25
Linux kernel 2.4.2 Linux kernel 2.6.0 Linux kernel 2.6.29 Linux kernel 2.6.32...
59
104
215
283
324
419
0
50
100
150
200
250
300
350
400
450
Debian 2.2 Debian 3.0 Debian 3.1 Debian 4.0 Debian 5.0 Debian ...
How did we get here ? Evolution !
Unix was supported us the entire way!
Decades of backwards compatibility
What can linux run on ?
What can run on linux ?
Anything !
Anything !
Trade Off
VS
Compatibility Efficiency
Solution LINUXKIT
LinuxKit announcement DockerCon
Solution UNIKERNELS
Traditional approach
Application
Kernel
libc
libz
iconv
openGL
gtk
libgmp libtlc
Libstd++ libgcc
Traditional approach
Application
Kernel
libc
libz
iconv
openGL
gtk
libgmp libtlc
Libstd++ libgcc
Unikernels
Design decision: support only single process & single user
The aim is to run single Application with a single u...
Unikernels Creation
App Binary
App Config
App Deps
Virt, HW Drivers
Langue runtime
ApplicationRuntime
Packaging Tool Unike...
How can unikernels help
address our problems?
Application Config
Application
Language Runtime
Shared Libraries
Docker Runt...
Application Binary
+ Library OS
Hypervisor
Hardware Drivers
Hardware
Application Config
Application
Language Runtime
Share...
Application Binary
+ Library OS
Hypervisor
Hardware Drivers
Hardware
Application Config
Application
Language Runtime
Share...
Unikernel advantages
• No permission checks – you can utilize 100% of your hardware
• Isolation at the virtual hardware – ...
Benchmark
unik build --path example-app/ --base unikernel-type --language language --provider provider-name --name image-name
unik r...
Build anything run everywhere
Unikernel types Cloud providers
Processor architectures
Demo
UniK
Unik integration with kubernetes
Unikernels support was added to Kubernetes by the UniK team by adding UniK as a container...
Unik kubernetes architecture
unikernels
Now one can deploy a unikernel apps
alongside regular kubernetes
containerized app...
Demo
Kubernetes
Unik integration with Cloud Foundry
To provide the user with a seamless PaaS
experience, UniK is integrated as a backend
t...
Unik tooling: unik hub
Unik tooling: Debug
Microservices tooling: Debug
• The most primitive form of debugging, we all do it!
• However, extremely difficult to captu...
squash: distributed debugger
squash
platforms
debuggers IDEs
Demo
squash
Benefits of Unikernels TO the internet of things
LITE ON ENERGYSECURITY EFFICIENCY
USECASESWORRIED ABOUT IOT DDOS?
THINK U...
Demo
IoT Security
Unik in the open source community
Follow me: @Idit_Levine
Follow solo.io: @GetSoloIO
Prochain SlideShare
Chargement dans…5
×

Cigna Innovation Summit

539 vues

Publié le

My talk at Cigna Innovation Summit at Sep 17.
Unik & Squash.

Publié dans : Logiciels
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

Cigna Innovation Summit

  1. 1. Linux, Unikernel, LinuxKit: towards redefining the cloud stack. IDIT LEVINE
  2. 2. Problem
  3. 3. Cloud Stack Application Configuration Application Language Runtime Shared Libraries Docker Runtime OS User Processes OS Kernel Virtual HW Drivers Hypervisor Hardware Drivers Hardware The aim is to run single Application with a single user on a single server
  4. 4. Linux Kernel
  5. 5. Linux Kernel Memory Management Protection Rings Device Management
  6. 6. Linux Kernel
  7. 7. Driver management
  8. 8. Memory management
  9. 9. Security https://github.com/cf-unik/unik/wiki/Worried-about-IoT-DDoS%3F-Think-Unikernels
  10. 10. Linux kernel languages C Assembly C++ XML Make Perl Shell Script Python HTML TeX/LaTeX AWK Scheme Objective-C Autoconf XSL Tranformation Vim Script Automake
  11. 11. SOURCE lines of code Small Applications: 10Ks Medium to large applications: 100Ks Really huge applications: 1Ms
  12. 12. 2.4 5.2 11 12.6 13.5 15.9 22 0 5 10 15 20 25 Linux kernel 2.4.2 Linux kernel 2.6.0 Linux kernel 2.6.29 Linux kernel 2.6.32 Linux kernel 2.6.35 Linux kernel 3.6 Linux kernel pre-4.2 2001 2003 2009 2009 2010 2012 2015 Linux Kernel SLOC
  13. 13. 59 104 215 283 324 419 0 50 100 150 200 250 300 350 400 450 Debian 2.2 Debian 3.0 Debian 3.1 Debian 4.0 Debian 5.0 Debian 7.0 2000 2002 2005 2007 2009 2012 Debian SLOC
  14. 14. How did we get here ? Evolution ! Unix was supported us the entire way!
  15. 15. Decades of backwards compatibility What can linux run on ? What can run on linux ? Anything ! Anything !
  16. 16. Trade Off VS Compatibility Efficiency
  17. 17. Solution LINUXKIT
  18. 18. LinuxKit announcement DockerCon
  19. 19. Solution UNIKERNELS
  20. 20. Traditional approach Application Kernel libc libz iconv openGL gtk libgmp libtlc Libstd++ libgcc
  21. 21. Traditional approach Application Kernel libc libz iconv openGL gtk libgmp libtlc Libstd++ libgcc
  22. 22. Unikernels Design decision: support only single process & single user The aim is to run single Application with a single user on a single server Protection RingsMemory Management
  23. 23. Unikernels Creation App Binary App Config App Deps Virt, HW Drivers Langue runtime ApplicationRuntime Packaging Tool Unikernel!
  24. 24. How can unikernels help address our problems? Application Config Application Language Runtime Shared Libraries Docker Runtime OS User Processes OS Kernel Virtual HW Drivers Hypervisor Hardware Drivers Hardware Minimal layers of isolation and abstraction Includes only what is really needed Less code, fewer bugs, easy to reason about
  25. 25. Application Binary + Library OS Hypervisor Hardware Drivers Hardware Application Config Application Language Runtime Shared Libraries Docker Runtime OS User Processes OS Kernel Virtual HW Drivers Hypervisor Hardware Drivers Hardware
  26. 26. Application Binary + Library OS Hypervisor Hardware Drivers Hardware Application Config Application Language Runtime Shared Libraries Docker Runtime OS User Processes OS Kernel Hardware Drivers Hardware Hardware isolation provide by the hypervisor
  27. 27. Unikernel advantages • No permission checks – you can utilize 100% of your hardware • Isolation at the virtual hardware – only ! share only hardware • Minimal virtual machine ~1 gb in size, minimal unikernel is tiny, kb in size • Very short boot time • A tiny custom surface of attack, less likely to be effected by a public exploit • Real immutable infrastructure – perfect fit to micro services architecture
  28. 28. Benchmark
  29. 29. unik build --path example-app/ --base unikernel-type --language language --provider provider-name --name image-name unik run --instanceName instance-name –imageName image-name UniK UniK is an open-source tool written in Go for compiling applications into unikernels and deploying those unikernels across a variety of cloud providers, embedded devices (IoT), as well as a developer laptop or workstation.
  30. 30. Build anything run everywhere Unikernel types Cloud providers Processor architectures
  31. 31. Demo UniK
  32. 32. Unik integration with kubernetes Unikernels support was added to Kubernetes by the UniK team by adding UniK as a container runtime to K8s - in the same way that Docker and rkt are container runtimes, UniK is now also available as a "container" runtime for k8s.
  33. 33. Unik kubernetes architecture unikernels Now one can deploy a unikernel apps alongside regular kubernetes containerized apps. Next integration refactor: Container Runtime Interface (CRI) will be used.
  34. 34. Demo Kubernetes
  35. 35. Unik integration with Cloud Foundry To provide the user with a seamless PaaS experience, UniK is integrated as a backend to Cloud Foundry runtime. Next integration integration via Garden.
  36. 36. Unik tooling: unik hub
  37. 37. Unik tooling: Debug
  38. 38. Microservices tooling: Debug • The most primitive form of debugging, we all do it! • However, extremely difficult to capture all state, and thus can be used only for small bugs Won’t it be a good idea to seamlessly integrate existence debugger to leading platforms and leverage them to debug microservices applications ?
  39. 39. squash: distributed debugger squash platforms debuggers IDEs
  40. 40. Demo squash
  41. 41. Benefits of Unikernels TO the internet of things LITE ON ENERGYSECURITY EFFICIENCY USECASESWORRIED ABOUT IOT DDOS? THINK UNIKERNELS
  42. 42. Demo IoT Security
  43. 43. Unik in the open source community
  44. 44. Follow me: @Idit_Levine Follow solo.io: @GetSoloIO

×