2017 jan-19 meetup-unikernels

Report

Post on 07-Feb-2017

98 Views

Category:

Technology

0 Downloads

Preview:

Click to see full reader

TRANSCRIPT

Thenextbiglittlething?

DockerGrenobleMeetup,19Jan2017

MikeBright, @mjbright

@mjbright

ViktorFarcic,seniorconsultantatCloudBees

...Oneofthemostexcitingareasthatwillbecomeprominentin2017willbeunikernels.

Whilethemajorityoftheindustryisstilltryingtowraptheirheadsaroundcontainers,wewillstartseeingunikernelstakingoverthestage.

Theywill,inaway,unifyfunctionalitiesprovidedbyVMsandcontainers.

http://sdtimes.com/whats-horizon-2017/

http://sdtimes.com/whats-horizon-2017/

WhatareUnikernels?

Howdidwegethere?

Unikernelimplementations

CleanSlatePOSIXcompatibleTools

Future

Resources

Unikernels-Overview

@mjbright

WhatareUnikernels?"LibraryOS"UnikernelsareapplicationsimagesbuiltwithonlytheOperatingSystem

componentstheyactuallyrequire,e.g.TCPStack,Diskaccess.

Singleprocessapplications(nothreads,forkingormulti-user)withverysmallsize->highperformance,fastbootandsmallattacksurface(secure).

@mjbright

"LibraryOSes"

AUnikernelisbuiltbythecompilerlinkingonlytheOScomponentsneededbytheapplication.

TheOSbecomesa"LibraryOS"

Unlike"normal"applicationswhichsitatopagenericmonolithicLinuxkernel(orevenμ-kernel)whichhasmanyunneededfeatures,e.g.floppydriver.

WhatareUnikernels-howdidwegethere?

"LibraryOSes"Unneededfeaturesconsumeresourcesunnecessarily.

Unneededlegacyfeaturesrepresentasecurityrisk-especiallyinthecloud.

WhatareUnikernels-howdidwegethere?

"LibraryOSes"Unneededfeaturesconsumeresourcesunnecessarily.

Unneededlegacyfeaturesrepresentasecurityrisk-especiallyinthecloud.

AtOctober's"DockerDistributedSummit",DockereventalkedofminimizingtheHypervisoralso.

"UnikernelsTheriseofthelibraryhypervisorinMirageOS"

(ACM:Unikernels:RiseoftheVirtualLibraryOperatingSystem,Jan2014)

WhatareUnikernels-howdidwegethere?

https://blog.docker.com/2016/10/docker-distributed-system-summit-videos-podcast-episodes/
https://queue.acm.org/detail.cfm?id=2566628/

"LibraryOSes"Unneededfeaturesconsumeresourcesunnecessarily.

Unneededlegacyfeaturesrepresentasecurityrisk-especiallyinthecloud.

AtOctober's"DockerDistributedSummit",DockereventalkedofminimizingtheHypervisoralso.

"UnikernelsTheriseofthelibraryhypervisorinMirageOS"

(ACM:Unikernels:RiseoftheVirtualLibraryOperatingSystem,Jan2014)

Theseminimalsystemscantake~200msectoboot.

Thisopensupthepossibilityofservicesbeingspinupondemand(MirageOSjitsu).

WhatareUnikernels-howdidwegethere?

https://blog.docker.com/2016/10/docker-distributed-system-summit-videos-podcast-episodes/
https://queue.acm.org/detail.cfm?id=2566628/

"LibraryOSes"Applicationdomains

Cloud,e.g.serverless

IoT(Embedded)

HPC

NFV( UnikernelsmeetNFVEricssonResearch)

WherewillUnikernelsbeused?

https://www.youtube.com/watch?v=3jGClCBXuTg
https://www.ericsson.com/research-blog/sdn/unikernels-meet-nfv/

"LibraryOSes"Applicationdomains

Cloud,e.g.serverless

IoT(Embedded)

HPC

NFV( UnikernelsmeetNFVEricssonResearch)

FromtheNFVContainersWhitePaper(2.3.Unikernels):

Unikernelsareessentiallysingle-applicationvirtualmachinesbasedonminimalisticOSes.SuchminimalisticOSeshaveminimumoverheadandaretypicallysingle-addressspace(sonouser/kernelspacedivideandnoexpensivesystemcalls)andhaveaco-operativescheduler(soreducingcontextswitchcosts).

ExamplesofsuchminimalisticOSesareMiniOS[MINIOS]whichrunsonXenandOSv[OSV]whichrunsonKVM,XenandVMWare.

https://datatracker.ietf.org/doc/draft-natarajan-nfvrg-containers-for-nfv/?include_text=1

WherewillUnikernelsbeused?

@mjbright

https://www.youtube.com/watch?v=3jGClCBXuTg
https://www.ericsson.com/research-blog/sdn/unikernels-meet-nfv/
https://datatracker.ietf.org/doc/draft-natarajan-nfvrg-containers-for-nfv/?include_text=1

UnikernelFamilies ManyUnikernelimplementationsexist,therearetwo

mainclassesofUnikernels

Unikernelimplementations

UnikernelFamilies ManyUnikernelimplementationsexist,therearetwo

mainclassesofUnikernels

Sometakeaclean-slateapproachandemphasizesafetyandsecurity.ThesetendtousethesamelanguagefortheapplicationandtheLibraryOScomponents.

MirageOS(Ocaml)HalVM(Haskell)

Unikernelimplementations

UnikernelFamilies ManyUnikernelimplementationsexist,therearetwo

mainclassesofUnikernels

Sometakeaclean-slateapproachandemphasizesafetyandsecurity.ThesetendtousethesamelanguagefortheapplicationandtheLibraryOScomponents.

MirageOS(Ocaml)HalVM(Haskell)

OthersfavourbackwardcompatibilityofexistingapplicationsbasedonPOSIX-compatibility.

Manyapplicationshavebeenported

OSv(Tomcat,Jetty,Cassandra,OpenJDK,...)Rumprun(MySQL,PHP,Nginx)

Unikernelimplementations

UnikernelImplementationsTechnology Description

ClickOScnp.neclab.eu

Forembeddednetworkh/w.~5MBimages,boots<20ms,45μsdelay,100VMs=>10Gbps

Clivelsub.org

WritteninGo.Fordistributedandcloud.

DrawbridgeMS

Researchprototype.Picoprocess/containerwithminimalkernelAPIsurface,andWindowslibraryOS.

Graphenegraphene

Securing"multi-process"legacyapps-addsIPC.

HaLVMgalois.com

PortofGHC(GlasgowHaskellCompiler)suite.WriteappsinHaskelltorunonXen.

IncludeOSincludeos.org

ResearchprojectforC++codeonvirtualhardware.

LINGerlangonxen.org

Erlang/OTPrunsonXen.

MirageOSmirage.io

Clean-slatelibraryOSforsecure,high-perfnetworkapps.Morethan100MirageOSlibrariesplusOCamlecosystem.

OSvosv.ioCloudius

RunLinuxbinaries(w.limitations),supportsC/C++,JVM,Ruby,Node.js

Rumprunrumpkernel.org

FreeBSD-RunsPOSIXs/wonBMorVM(Xen).

http://cnp.neclab.eu/
http://lsub.org/ls/clive.html
https://www.microsoft.com/en-us/research/project/drawbridge/
http://graphene.cs.stonybrook.edu/
http://localhost:9002/2017-Jan-19_Meetup_Unikernels/galois.com
http://www.includeos.org/
http://erlangonxen.org/
https://mirage.io/
http://osv.io/
http://rumpkernel.org/

Clean-Slate

https://mirage.io/

OCaml-Based

MirageOS"LibraryOS"componentsarewritteninOcaml.

ML-derivedlanguagesarebestknownfortheirstatictypesystemsandtype-inferringcompilers.

OCamlunifiesfunctional,imperative,andobject-orientedprogrammingunderanML-liketypesystem.

OCamlhasextensivelibrariesavailable

(Unisonutility)

Unikernelimplementations-MirageOS/Ocaml

https://mirage.io/
https://en.wikipedia.org/wiki/OCaml

Clean-Slate

https://mirage.io/

OCaml-Based

MirageOSUnikernelsarebasedontheMirage-OSUnikernelbase(OSlibrary).

ThemiragetoolisusedtobuildUnikernelsforvariousbackends:

XenHypervisor(PV)Unix(LinuxorOS/Xbinaries)Browser(viaOcaml->JScompiler!!)EvenanexperimentalBMbackendforRaspberryPi

Unikernelimplementations-MirageOS-2

https://mirage.io/

Clean-Slate

https://mirage.io/

OCaml-Based

MirageOSUnikernelsarebasedontheMirage-OSUnikernelbase(OSlibrary).

ThemiragetoolisusedtobuildUnikernelsforvariousbackends:

XenHypervisor(PV)Unix(LinuxorOS/Xbinaries)Browser(viaOcaml->JScompiler!!)EvenanexperimentalBMbackendforRaspberryPi

Buildingapplicationsforunixorxen

mirageconfigure-tunixmake./mir-console

mirageconfigure-txenmake****xencreate./mir-console.xen

Unikernelimplementations-MirageOS-2

@mjbright

https://mirage.io/

Clean-Slate

https://mirage.io/

BNCPinata:http://ownme.ipredator.se/

Networkingapplications

e.g.CyberChaff"falsenetworkhosts"

PayGarden,SeanGrove

"Babystepstounikernelsinproduction"

Toopainfultocreate/configureAMIimagesonAWSSolo5allowstocreateKVMimagesdeployableonGCE

Unikernelimplementations-MirageOS-UseCases

@mjbright

https://mirage.io/
https://www.youtube.com/watch?v=i9eu9e7gN0Q

Clean-Slate

HalVM-TheHaskellLightweightVirtualMachine:GHCrunningonXen

https://github.com/GaloisInc/HaLVM

HalVM3isreconsideringit'sUnikernelbasehttp://uhsure.com/halvm3.html

Userumpkernel(NetBSDbase)ShifttoSolo5?

Unikernelimplementations-HalVM

@mjbright

https://github.com/GaloisInc/HaLVM
https://github.com/GaloisInc/HaLVM/tree/halvm3
http://uhsure.com/halvm3.html

POSIX-based

http://osv.iohttp://blog.osv.io

OSv-CapableofrunningPOSIXbinaries

canrunJVMCassandra:https://www.penninkhof.com/2015/05/minimalist-cassandra-vm-using-osv/

UsedinMikelangelo(EUProject)TheMIKELANGELOprojectaimstobringHighPerformanceComputing(HPC)tothecloud.HPCtraditionallyinvolvesbleedingedgetechnologies,includinglotsofCPUcores,Infinibandinterconnectsbetweennodes,MPIlibrariesformessagepassing,and,surprise—NFS,averyoldtimeroftheUNIXuniverse.

BuildingOSvImagesUsingDocker:http://blog.osv.io/blog/blog/2015/04/27/docker/

SDI:ODL+OSv:http://blog.osv.io/blog/blog/2015/03/31/sdi/

Unikernelimplementations-OSv

@mjbright

http://osv.io/
http://blog.osv.io/
https://www.penninkhof.com/2015/05/minimalist-cassandra-vm-using-osv/
http://blog.osv.io/blog/blog/2015/04/27/docker/
http://blog.osv.io/blog/blog/2015/03/31/sdi/

ToolsUnik:toolforcompilingappstounikernels(varioustechnologies)

Solo5:Analternativeunikernel-baseforMirageOS

Providesqemu/KVMsupportforMirageOS

ukvm:AnalternativeVMMonitor

a"libraryhypervisor"

capstan:OSvbuildtool

UnikernelTools

@mjbright

https://github.com/emc-advanced-dev/unik
https://developer.ibm.com/open/openprojects/solo5-unikernel/
http://osv.io/capstan/

Clean-SlateMirageOSjitsu:"Just-In-TimeSummoningofUnikernels"

ADNSserverthatstartsunikernelsondemand.

TestedwithMirageOSandRumprununikernels.

https://github.com/mirage/jitsu

UnikernelTools

@mjbright

https://github.com/mirage/jitsu
https://github.com/mirage/jitsu

UnikernelsorContainers? SowhathasthisgottodowithContainers?

WhydidDockerbuyUnikernelSystems(Jan2016)?

Info.Q/Amir,Aug2016

UnikernelsandContainers

https://www.infoq.com/interviews/chaudhry-unikernels-docker

UnikernelsorContainers? SowhathasthisgottodowithContainers?

WhydidDockerbuyUnikernelSystems(Jan2016)?

Info.Q/Amir,Aug2016

UnikernelSystemsareinvolvedinMirageOS/XenUseofUnikernelsinDockerforMac

VPNKit,DataKitToprovidebuild/run/shiptoolsforUnikernels?TosecureContainerdeployments

RunningUnikernelsincontainers????Securefront-endsinhybridsolutionsmadeofunikernelsandcontainers

e.g.forOCamlMediaWiki(http2https,tls,...)

UnikernelsandContainers

@mjbright

https://www.infoq.com/interviews/chaudhry-unikernels-docker

Demo

ResourcesScoop.it

Unikernelswww.scoop.it/t/unikernels

Wikipedia en.wikipedia.org/wiki/Unikernel

unikernels.org unikernels.org

mirageos.iomirageos.io

mirage.io/docs/papers

OReilly"Unikernels"

Freedownload

@unikernel @unikernel

github.com/ocamllabs ocamllabs

github.com/mirage MirageOS

@mjbright

http://www.scoop.it/t/unikernels
https://en.wikipedia.org/wiki/Unikernel
https://unikernels.org/
https://mirageos.io/
https://mirage.io/docs/papers
http://unikernel.org/blog/2016/unikernel-ebook
https://twitter.com/unikernel
https://github.com/ocamllabs
https://github.com/mirage

ThankyouQ&A

top related

introduction to dart (gdg ny jan 2014 meetup)
Technology
2017 feb-10 snowcamp.io-unikernels
Engineering
understanding yarn - pune apex meetup jan 06 2016
Engineering
unikernels and docker from revolution to evolution —...
Technology
2017 jan-18 meetup-functional_python
Technology
thebot: golang meetup jan 11 talk
Technology
introduction to ansible - jan 28 - austin meetup
Technology
apache spark - san diego big data meetup jan 14th 2015
Software
attention backed assets - princeton ethereum meetup - 19 jan...
Technology
sligo online business meetup jan 20th with adam finan -...
Small Business & Entrepreneurship
cto school meetup - jan 2013 becoming better technical...
Technology
mjba denver inaugural meetup jan 14, 2015
Business
tommy de kimpe at ux antwerp meetup - 31 jan 2017
Design
lightning talk unikernels
Technology
brisbane drupal meetup - 2016 jan - drupal hostings
Software
live updating in unikernels
Documents
south shore meetup agile marketing jan 2012
Business
scalaz by example (an io taster) -- pdxscala meetup jan 2014
Technology
microservices in unikernels
Technology
mumbai meetup on pivotal cf jan 15
Technology