Unikernels
Updated: Thu, 29 Dec 2016 by Rad
Unikernels also seem to run in a single address space. Some advantages are certainly that you have real isolation between them (unlike containers), there is no specific kernel version and feature required for the shared OS under-the-hood.
They are ideal for designers of cloud, local network, or low-level security services. Unikernels are useful for securing or rapidly deploying lightweight or security-sensitive services.
One important feature of Unikernels is excellent performance. No waste of context switches between privileged and unprivileged address space, IO, compute cycles, interrupts for unnecessary OS functionality. Highly specialized OS images can be tuned exactly for one use case and they are much smaller.
"Unikernels normally generate a singular runtime environment meant to enable single applications built solely with that environment."
Xen Project, https://wiki.xenproject.org/wiki/Unikernels
Benefits
Unikernels have number of benefits when compared to traditional OS like Unix, Linux or Windows. These benefits lend themselves to creating systems that follow the service-oriented or microservices software architectures.
Improved security - mainly due to reduced amount of code deployed, also minimal attack surface. They also lack the variety of functions which could be normally used in the attack.
Small footprint - Unikernels have been shown to be around 4% the size of the traditional OS.
Low boot times - Unikernels have been regularly shown to boot extremely quickly, in time to respond to incoming requests before the requests time-out. Micro seconds boot time ans the same for availability. This is the heart of Unikernels and also what a lot of the container ecosystem has been hunting for.
Drawbacks
Critics point out that there are some uncertainties and drawbacks with Unikernels, some even considering whole idea not suitable for production usage.
High degree of specialisation - Unikernels are unsuitable for general purpose, multi-user computing.
The idea that there is "no OS" serves to mislead; the application has taken on the hardware-interfacing responsibilities of the operating system - it is "all OS".
There exists an argument, that they are secure mainly through the obscurity because they run different or newer software and they rely on hypervisor which can be vulnerable as well.
Real life usage
Early adopters are using unikernel technology to run websites, critical systems infrastructure, cutting-edge research or to operate as a network appliance.
The creator of MirageOS, Anil Madhavapeddy's group is working on a new tool stack called Jitsu (Just-in-Time Summoning of Unikernels), which can start a unikernel in ~20ms in response to a network request.
Unikernel projects examples
- ClickOS - a high-performance, virtualized software middle box platform based on open source virtualization
- Clive — is an operating system designed to work in distributed and cloud computing environments.
- HaLVM — The Haskell Lightweight Virtual Machine (HaLVM)
- MirageOS — Incubated by Xen Project, MirageOS is a clean-slate library operating system
Traditional operating systems run multiple applications on a single machine, managing resources and isolating applications from one another. A unikernel runs a single application on a single virtual machine, relying instead on the hypervisor to isolate those virtual machines.
< back to glossary
Unikernels - resources from around the web
- Unikernels: Library Operating Systems for the Cloud
- Unikernels - a wiki page on Unikernel topic from Xenproject
- Defining a Unikernel and How it Works - a blog post on thenewstack, Aug 2015
- Unikernel - definition on wikipedia
- What are Unikernels and how do they Differ from Containers - [VIDEO] Richard Mortier of Docker explains what unikernels are and how they fit into Docker's strategy
- Unikernels are unfit for production - an article by Joyent, published on https://www.joyent.com
- Unikernels Offer a Striped Down Version of Linux an article by Nick Hardiman from Tech Republic