The cloud has ushered in a new era of computing, but its tenants still use old-school methods to deploy poorly secured, resource-hogging applications. This 40-page report provides a high-level overview of unikernels: small, secure, and fast workloads that could usher in a new phase in cloud computing.
Author Russell Pavlicek examines several key problems that unikernels address. Virtual machines loaded with full operating systems and thousands of utilities don’t make sense in the cloud. They waste resources and provide a wide attack surface with a target-rich environment, as demonstrated by massive data breaches in the past few years.
Unikernels use only the OS resources necessary make their applications work. Because these single-address-space machine images introduce low-level OS operations at compile time, they typically measure just kilobytes in size, with tiny attack surfaces.
With this report, you’ll examine:
- What a unikernel is and why it should matter to you
What their development, testing, and deployment stages look like
- How unikernels derive from embedded programming
- Why unikernels help reduce data-center resource overload
- How unikernels could significantly increase cloud security
- Key projects, including MirageOS, HaLVM, LING, and ClickOS
- Ecosystem projects that support the development and use of unikernels
- Limitations to consider when adopting unikernel-based solutions
- Future developments, including integration with Docker and possible fusion with container technology
Author(s): Russel C. Pavlicek
Publisher: O'Reilly
Year: 2016
Language: English
Pages: 53
Cover
WebOps
Copyright
Table of Contents
Preface
Acknowledgments
Chapter 1. Unikernels: A New Technology to Combat Current Problems
What Are Unikernels?
The Problem: Our Fat, Insecure Clouds
Security Is a Growing Problem
The Cloud Is Not Insecure; It Reveals That Our Workloads Were Always Insecure
Today’s Security is Tedious and Complicated, Leaving Many Points of Access
And Then There’s the Problem of Obesity
Slow, Fat, Insecure Workloads Need to Give Way to Fast, Small, Secure Workloads
A Possible Solution Dawns: Dockerized Containers
Containers are Smaller and Faster, but Security is Still an Issue
It Isn’t Good Enough to Get Back to Yesterday’s Security Levels; We Need to Set a Higher Bar
A Better Solution: Unikernels
Smaller
Faster
And the 800-Pound Gorilla: More Secure
Chapter 2. Understanding the Unikernel
Theory Explained
Bloat Is a Bigger Issue Than You Might Think
But How Can You Develop and Debug Something Like This?
Understanding the Security Picture
Embedded Concepts in a Datacenter Environment
Trade-offs Required
Let’s Look at the Results
Chapter 3. Existing Unikernel Projects
MirageOS
HaLVM
LING
ClickOS
Rumprun
OSv
IncludeOS
And Much More in Development
Chapter 4. Ecosystem Elements
Jitsu
MiniOS
Rump Kernels
Xen Project Hypervisor
Solo5
UniK
And Much More…
Chapter 5. Limits of the Solution
Unikernels Are Not a Panacea
Practical Limitations Exist
Single Process (but Multiple Threads)
Single User
Limited Debugging
Impoverished Library Ecosystem
What Makes for a Good Unikernel Application?
Chapter 6. What’s Ahead?
Transient Microservices in the Cloud
A Possible Fusion Between Containers and Unikernels
This Is Not the End of the Road; It’s Only the Beginning
About the Author