The document summarizes a Cloud Innovators Forum event focused on unikernels. It provides an agenda for the day-long event, which includes several presentations on past, present and future applications of unikernels from various organizations. Unikernels are described as providing a thin, fast alternative to virtual machines by including only the minimal components needed to perform a task, improving security, performance and efficiency. The document discusses how unikernels have evolved from proof-of-concepts to more mainstream applications and languages, with potential to enable transient microservices and high density cloud deployments.
Dev Dives: Streamline document processing with UiPath Studio Web
CIF16: Unikernels: The Past, the Present, the Future ( Russell Pavlicek, Xen Project Evangelist)
1. Cloud Innovators Forum (#CIF16)
• 10:00 CIF16 Opening
• 10:05 Unikernels: The Past, the Present, the Future, Russell Pavlicek, Xen Project Evangelist
• 10:30 Knock, Knock: Unikernels Calling!, Richard Mortier, Cambridge University
• 11:00 Running Go on Rumprun, Ian Eyberg, DeferPanic Founder
• 11:30 Solo5: Building a Unikernel Base From Scratch, Dan Williams, IBM
• 12:00 Lunch
• 13:00 Tor in Haskell, or How To Write Programs For Unikernels, Adam Wick, Galois Inc
• 13:45 Rethinking Foundations for Zero-devops Clouds, Maxim Kharchenko, Cloudozer CTO
• 14:30 Break
• 14:45 Unikernels, Meet Docker! Containing Unikernels, Richard Mortier & Anil Madhavapeddy, MirageOS
• 15:15 Building the Superfluid Cloud with Unikernels, Simon Kuenzer, NEC Europe
• 15:45 Unikernels Meet NFVs: Architecture, Performance and Challenges, Wassim Haddad, Heikki Mahkonen, & Ravi
Manghirmalani, Ericsson
• 16:15 Break
• 16:30 Unikernel.org, Amir Chaudhry, Unikernel Systems
• 17:00 The Latest From Xen Project, Lars Kurth, Chairman of Xen Project Advisory Board
• 17:30 CIF16 Closing
2. CIF16 at SCALE 14X
Unikernels:
Past, Present, and Future
An Introduction to a Day of Unikernels
Russell Pavlicek
Xen Project Evangelist
rcpavlicek@yahoo.com
3. About the Old, Fat Geek Up Front
• Linux user since 1995; became a Linux advocate immediately
• Delivered many early talks on Open Source Advocacy
• Former Open Source columnist for Infoworld, Processor magazines
• Former weekly panelist on “The Linux Show”
• Wrote one of the first books on Open Source: Embracing Insanity:
Open Source Software Development
• 30 years in the industry; 20+ years in software services consulting
• Evangelist for the Xen Project (until the close of SCALE; looking for a
new opportunity)
• Over 100 FOSS talks delivered; over 200 FOSS pieces published
4. Problem: The Fat, Slow, Cloud
• Field of innovation is in the orchestration
– The Cloud Engine is paramount (OpenStack, CloudStack, etc.)
– Workloads adapted to the cloud strongly resemble their non-
cloud predecessors
• Some basic adaptations to facilitate life in the cloud, but basically the
same stuff that was used before the cloud
• Applications with full stacks (operating system, utilities, languages, and
apps) which could basically run on hardware, but are run on VMs
instead.
• VMs are beefy; large memory footprint, slow to start up
• It all works, but its not overly efficient
• 10s of VMs per physical host
5. Solution: A Thin, Fast Cloud
• Turning the scrutiny to the workloads
– Should be easier to deploy and manage
– Smaller footprint, removing unnecessary
duplication
– Faster startup
– Transient microservices
– Higher levels of security
– 1000s of VMs per host
6. Aren't Docker and Containers the Answer?
We've already got Docker and Containers,
so why do we need Unikernels?
7. What Docker Brings to the Table
• Cool tech
• Makes deployment easier
• Smaller footprint by leveraging kernel of host
• Less memory needed to replicate shared kernel
space
• Less disk needed to replicate shared executables
• Really fast startup times
• Higher number of VMs per host
8. Docker Downsides
• Improvements, yes; but not without issues
– Can't run any payload that can't use host kernel
– Potential limits to scaleability
• Linux not really optimized for 1000s of processes
– Security
• Security is a HUGE issue in clouds
• Docker folks working hard to increase Container security
– But will end-users use the additions? For example, so many people disable
SELINUX because they don't want to spend the time to configure it
• But we need to raise the bar higher in the cloud; the old status quo
is not good enough
9. The Unikernel: A Real Cloud Concept
• Very small
• Very efficient
• Very quick to boot
• And very, VERY secure!
• It's a Green (energy) technology which saves you
green (cash); extremely important to foster adoption
• Many unikernels already exist, including MiniOS and
MirageOS, a Xen Project Incubator Project
14. Unikernel Concepts
• Use just enough to do the job
– No need for multiple users; one VM per user
– No need for a general purpose operating system
– No need for utilities
– No need for a full set of operating system functions
• Lean and mean
– Minimal waste
– Tiny size
15. Unikernel Concepts
• Similar to an embedded application
development environment
– Limited debugging available for deployed
production system
• You have exactly the tools you built into the stack
– Instead, system failures are reproduced and
analyzed on a full operating system stack and then
encapsulated into a new image to deploy
– Tradeoff is required for ultralight images
16. What Do the Results Look Like?
• Mirage OS examples:
– DNS Server: 449 KB
– Web Server: 674 KB
– OpenFlow Learning Switch: 393 KB
• LING metrics:
– Boot time to shell in under 100ms
– Erlangonxen.org memory usage: 8.7 MB
• ClickOS:
– Network devices processing >5 million pkt/sec
– 6 MB memory with 30 ms boot time
17. What About Security?
• Type-Safe Solution Stack
– Can be Certified
– Certification is crucial for certain highly critical
tasks, like airplane fly-by-wire control systems
• Image footprints are unique to the image
– Intruders cannot rely on always finding certain
libraries
– No utilities to exploit, no shell to manipulate
19. Unikernels: The Past
Once upon a time, in a far off land of Codertown, there
were little coder elves with names like Anil, Amir, and
Adam who worked with esoteric languages like Ocaml,
Haskell, and Erlang doing strange and wonderful
things. They built things called Unikernels – but, sadly,
few people cared. The townspeople of Codertown
cried, “Edge technology! No one works in these
languages! And the use cases look small and
unimportant to us. We dismiss this technology as
mere lab experiments – nothing more!”
20. Unikernels: The Past
• Unikernels were focused on type-safe languages,
which though very practical for software certification,
are not very popular
• Unikernels were mostly proof-of-concept exercises
with some production potential, but with little
adoption
• The Unikernel concept was not well understood
• As a result, people felt free to overlook and dismiss
Unikernels
21. Unikernels: The Present
• Unikernels have expanded into a wide variety of popular
languages, including C, C++, Java, Python, and many more
• Unikernels have the potential be applied to most POSIXy
applications
• Various Unikernels like ClickOS and HaLVM have been used for
network function virtualization (NVM; learn more at 3:45 today)
• Events like CIF16, the Unikernel User Mini-Summit at TXLF14, and
other meetings have spread the word; the concept is catching on
• The creation of the RAMP stack last year (Rumprun, NGINX,
MySQL, and PHP) shows that the potential use cases are very
mainstream
22. Unikernels: The Future
• This is the fun part!
• The fusion between Docker and Unikernels:
the ease of use of Docker with the security of
Unikernels (learn more at 2:45 today)
• Unikernel-enabled clouds (1:45 & 3:15 today)
• More languages (like Go) and applications
(11:00 & 1:00 today)
23. What's Out There Right Now?
• MirageOS, from the Xen Project Incubator
• HaLVM, from Galois
• LING, from Erlang-on-Xen
• ClickOS, from NEC Europe Labs
• OSv, from Cloudius Systems
• Rumprun, from the Rump Kernel Project
• IncludeOS
• And that's just the beginning...
24. Are Unikernels a Panacea?
• Nope!
– But it doesn't have to be a panacea to return value
– There will always be really large databases and beefy apps
which won't fit in this mold
– The truth is that different problems are likely to require different
optimal solutions for the foreseeable future
– It is likely that the solution spectrum of the next few years will
include a blend of unikernels, containers, and standard
virtualization
– But the arrival of unikernels means that the bar to efficiency has
been raised to new heights
25. What Does This Mean for Architecture?
• We like to talk about Microservices; we are
witnessing the birth of Transient MicroservicesTransient Microservices
– Lifetimes possibly measured in fractions of second
– Populations in the thousands per host
– Now these aren't small just from an external
standpoint, but internally as well
– It's much easier manipulating smaller items than
bigger ones, so what was once difficult to change
becomes easier to change
26. Xen Project as Ecosystem Enabler
• Work proceeds on support for 1000s of VMs per host
– Recent redesign of Event Channels removes obstacles to
uncap VM growth (theoretically, into millions of VMs)
– Currently, performance is strong up to around 600 VMs per
host
– Other areas identified and targeted to enable 2000-3000
VMs per host
• Paravirtualization makes creation of a unikernel much
simpler
– Simpler PV interfaces remove need for complex H/W drivers
27. Open Source Leading the Way
• This is an example of how Open Source is
working to expand horizons of the cloud
– The closed source cloud just isn't the way to go
– The real innovation in cloud is in Open Source
– Xen Project is at the forefront of new cloud thinking,
incubating and facilitating new technologies,
including unikernels
– Friends don't let friends go closed source in the
cloud!