Upload File

unikernels at polyconf!

38
Unikernels! … on behalf of a merry crew: Anil Madhavapeddy, Thomas Gazagnaire, David Scott, Thomas Leonard, Richard Mortier, Magnus Skjegstad, David Sheets, Balraj Singh, Jon Crowcroft, Mindy Preston, and many others! PolyConf July 2015 @amirmc Amir Chaudhry

Upload: amir-chaudhry

Post on 14-Aug-2015

6 views

Category:

Documents


0 download

Report

Tags:

TRANSCRIPT

Page 1: Unikernels at Polyconf!

Unikernels!

… on behalf of a merry crew: Anil Madhavapeddy, Thomas Gazagnaire, David Scott, Thomas Leonard, Richard Mortier, Magnus Skjegstad, David Sheets, Balraj Singh, Jon Crowcroft, Mindy Preston,

and many others!

PolyConfJuly 2015

@amirmc

Amir Chaudhry

Page 2: Unikernels at Polyconf!

Overview

Unikernels

Intro

Why I care

Deployments / Other work

• What they are

• Why they matter

• Example scenario (static websites)

Unikernels

@amirmc

Page 3: Unikernels at Polyconf!

Overview

PM in OCaml Labs (I herd cats)

Community for MirageOS (moar cats)

I like systems stuff!

Background: Physicist, Neuroscientist, CompSci (ish), Startups, BigCo.

@amirmc

Page 4: Unikernels at Polyconf!

Software today…

…is an application …

@amirmc

Page 5: Unikernels at Polyconf!

Software today…

…is an application …

… on top of an Operating System.

@amirmc

Page 6: Unikernels at Polyconf!

Software today…

… is built locally…

@amirmc

Page 7: Unikernels at Polyconf!

Software today…

… is built locally… … but deployed remotely.

@amirmc

Page 8: Unikernels at Polyconf!

Software today…… needing more tools.

@amirmc

Page 9: Unikernels at Polyconf!

Software today…

…is complex!

Even though most apps are single-purpose

@amirmc

Page 10: Unikernels at Polyconf!

Complexity is the enemy…

More layers -> tricky configDuplication -> inefficiencyLarge sizes -> long boot timesMore stuff -> larger attack surface

@amirmc

Page 11: Unikernels at Polyconf!

Why build for clouds as we do for desktops?

Can we do better?

Page 12: Unikernels at Polyconf!

Can we do better?

Disentangle applications from the OS

Break up OS functionality into modular libraries

Link only the system functionality your app needs

Target alternative platforms from a single codebase

@amirmc

Page 13: Unikernels at Polyconf!

The Rise of the Unikernel

Unikernels are specialised virtual machine images built from a modular stack adding system libraries and configuration to application code

Every application is compiled into its own specialised OS that runs on the cloud or embedded devices

MirageOS

@amirmc

Page 14: Unikernels at Polyconf!

MirageOS@amirmc

Page 15: Unikernels at Polyconf!

MirageOS

unikernel}

@amirmc

Page 16: Unikernels at Polyconf!

MirageOS

unikernel}

Familiar development cycle

Broad deployment scenarios

@amirmc

Page 17: Unikernels at Polyconf!

MirageOSUnix

Develop logic MirageOS System Libs

@amirmc

Page 18: Unikernels at Polyconf!

MirageOSXen

Specialise for deploy… … to multiple environments

@amirmc

Page 19: Unikernels at Polyconf!

So what?

Page 20: Unikernels at Polyconf!

Example: Static websites(though applicable to any application)

Page 21: Unikernels at Polyconf!
Page 22: Unikernels at Polyconf!

@amirmc

Page 23: Unikernels at Polyconf!

SMALL!@amirmc

8.2MB102 kloc 2560 kloc

~200MB

No extra stuff!

Page 24: Unikernels at Polyconf!

@amirmc

Page 25: Unikernels at Polyconf!

@amirmc

Pluto

just considering areas of the circles :)

Page 26: Unikernels at Polyconf!

Easy deployment

Page 27: Unikernels at Polyconf!

Develop DeployTest

Heroku for Unikernels

Walkthrough

@amirmc

…in ~100 lines of code

Page 28: Unikernels at Polyconf!

Walkthrough

Page 29: Unikernels at Polyconf!

Heroku for Unikernels

General workflow

@amirmc

…in ~100 lines of code

Develop DeployTest

Page 30: Unikernels at Polyconf!

Deployments@amirmc

Page 31: Unikernels at Polyconf!

Trade-off (for now)@amirmc

Page 32: Unikernels at Polyconf!

Why I care@amirmc

Empower individualsDistributed personal cloudsResilient, scalable systems

Page 33: Unikernels at Polyconf!
Page 34: Unikernels at Polyconf!

Cloud Feudal Computing

Page 35: Unikernels at Polyconf!

@amirmc

MirageOS (OS/application)

Irmin (Storage/Sync)

Signpost (Identity/Connectivity)

OCaml (Safety/Modularity)

Mail

Contacts

Calendar

http://nymote.org
Page 36: Unikernels at Polyconf!
Page 37: Unikernels at Polyconf!
Page 38: Unikernels at Polyconf!

Contribute!@amirmc

https://mirage.iohttp://nymote.orghttp://ocaml.org

https://mirage.io
http://nymote.org
http://ocaml.org

Intra-Unikernel Isolation with Intel Memory Protection KeysBinoy Ravindran Virginia Tech, USA [email protected] Abstract Unikernels are minimal, single-purpose virtual machines. This new

Tuning VIM performance for unikernels

Microservices in Unikernels

A Survey on Security Isolation of Virtualization ...ARL-TR-8029 MAY 2017 . US Army Research Laboratory . A Survey on Security Isolation of Virtualization, Containers, and Unikernels

Programmable edge-to-cloud virtualization fabric for the ... · Although the benefits vs disadvantages of unikernels are still being debated in the art 4, in the context of NFV, smaller

Docker Online Meetup #31: Unikernels

XPDS14: Unikernels: Who, What, Where, When, Why - Adam Wick, Galois

CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)

SwarmKit: Docker’s Simple Model for · Orchestrating Linux Containers while Tolerating Failures - Drew Erny Unikernels: When you Should and When you Shouldn’t - Amir Chaudhry

Jitsu: Just-In-Time Summoning of Unikernels

Unikernels: Library Operating Systems for the Cloudanil.recoil.org/papers/2013-asplos-mirage.pdf · Unikernels: Library Operating Systems for the Cloud ... whole-system optimisation

OSCON: Unikernels and Docker: From revolution to evolution

Appendix - Beyond Hypervisors: Containers and Unikernels

Unikernels: The new kids on the block

Unikernels - cseweb.ucsd.edu · The Rise of the Unikernel Unikernels are specialised virtual machine images built from a modular stack adding system libraries and configuration to

CIF16: Unikernels: The Past, the Present, the Future ( Russell Pavlicek, Xen Project Evangelist)

Unikernels Made Easy - USENIX · This work has received funding from the European Union’sHorizon 2020 research and innovation program under grant agreements no. 675806 (“5G CITY”)and

Unikernels and docker from revolution to evolution — unikernels and docker from revolution to evolution

Virtual machines, Containers, Microservices, Unikernels

Unikernels - Keep It Simple to the Bare Metal

2017 feb-10 snowcamp.io-unikernels

Unikernels: in search of a killer app and a killer ecosystem

Virtual Machines vs. Containers vs. Unikernels: The … ID: #RSAC Samir Saklikar Virtual Machines vs. Containers vs. Unikernels: The Security Face-Offs CCS-T08 Technical Lead, Office

Unikernels and another way of secure cloud computing

UNICORE: A toolkit to automatically build unikernels · UNICORE Code Repo µlib µlib Verify Build Reconfig Test Generate optimized images Help to break down existing libraries and

Super Containers: Unikernels and Virtual Machinesprincetonacm.acm.org/tcfpro/Brad_Whitehead__SuperContainers.pdf · Linux image had floppy disk and audio card drivers compiled into

CIF16: Unikernels, Meet Docker! Containing Unikernels (Richard Mortier, Anil Madhavapeddy - Docker Inc)

Live Updating in Unikernels

Unikernels Everywhere: The Case for Elastic CDNscnp.neclab.eu/projects/minicache/minicache.pdfsuch infrastructure be leveraged to improve the performance of video delivery, and if

CIF16: Tor in Haskell, or How To Write Programs For Unikernels (Adam Wick, Galois Inc.)

Unikernels, Multikernels, Virtual Machine-based Kernels

 · Unikernels aim to reduce the layers and dependencies mod-ern operating systems force onto applications. The concept is similar to library operating systems from the 90s but is

Deploying real-world software today as unikernels on Xen ... · Packaged so far: hiawatha, leveldb, libxml2, mathopd, mpg123, mysql, nginx, ngircd, pcre, php, python, redis, roundcube

Deploying real-world software today as unikernels on Xen with

A Survey on Security Isolation of Virtualization ... · ARL-TR-8029 MAY 2017 . US Army Research Laboratory . A Survey on Security Isolation of Virtualization, Containers, and Unikernels