Unikernels

Updated: Thu, 29 Dec 2016 by Rad

Unikernels are sometimes called Cloud Operating Systems. These minimal, bespoke unikernel operating systems can be constructed in many different ways for many different applications on many different hardware platforms. They are lightweight mechanism for implementing single-service components.

Unikernels differ from Virtual Machines as they are created for a particular application and hence only provide OS functionalities required for the particular application.

Unikernels also seem to run in a single address space. Some advantages are certainly that you have real isolation between them (unlike containers), there is no specific kernel version and feature required for the shared OS under-the-hood.

They are ideal for designers of cloud, local network, or low-level security services. Unikernels are useful for securing or rapidly deploying lightweight or security-sensitive services.

One important feature of Unikernels is excellent performance. No waste of context switches between privileged and unprivileged address space, IO, compute cycles, interrupts for unnecessary OS functionality. Highly specialized OS images can be tuned exactly for one use case and they are much smaller.

"Unikernels normally generate a singular runtime environment meant to enable single applications built solely with that environment."
Xen Project, https://wiki.xenproject.org/wiki/Unikernels

Benefits

Unikernels have number of benefits when compared to traditional OS like Unix, Linux or Windows. These benefits lend themselves to creating systems that follow the service-oriented or microservices software architectures.

Improved security - mainly due to reduced amount of code deployed, also minimal attack surface. They also lack the variety of functions which could be normally used in the attack.

Small footprint - Unikernels have been shown to be around 4% the size of the traditional OS.

Low boot times - Unikernels have been regularly shown to boot extremely quickly, in time to respond to incoming requests before the requests time-out. Micro seconds boot time ans the same for availability. This is the heart of Unikernels and also what a lot of the container ecosystem has been hunting for.

Highly specific multi-word phrases tend to be far easier to rank well for than the more generic single keyword or double keyword phrases.

Drawbacks

Critics point out that there are some uncertainties and drawbacks with Unikernels, some even considering whole idea not suitable for production usage.

High degree of specialisation - Unikernels are unsuitable for general purpose, multi-user computing.

The idea that there is "no OS" serves to mislead; the application has taken on the hardware-interfacing responsibilities of the operating system - it is "all OS".

There exists an argument, that they are secure mainly through the obscurity because they run different or newer software and they rely on hypervisor which can be vulnerable as well.

Credit: Picture by Marcello Rabozzi / under Creative Commons CC0 (Own work), via Pixbay Commons. Picture in public domain

Real life usage

Early adopters are using unikernel technology to run websites, critical systems infrastructure, cutting-edge research or to operate as a network appliance.

The creator of MirageOS, Anil Madhavapeddy's group is working on a new tool stack called Jitsu (Just-in-Time Summoning of Unikernels), which can start a unikernel in ~20ms in response to a network request.

Unikernel projects examples

ClickOS - a high-performance, virtualized software middle box platform based on open source virtualization
Clive â€”â€Šis an operating system designed to work in distributed and cloud computing environments.
HaLVM â€”â€ŠThe Haskell Lightweight Virtual Machine (HaLVM)
MirageOSâ€Šâ€” Incubated by Xen Project, MirageOS is a clean-slate library operating system

Traditional operating systems run multiple applications on a single machine, managing resources and isolating applications from one another. A unikernel runs a single application on a single virtual machine, relying instead on the hypervisor to isolate those virtual machines.

< back to glossary

Unikernels - resources from around the web

Unikernels: Library Operating Systems for the Cloud
Unikernels - a wiki page on Unikernel topic from Xenproject
Defining a Unikernel and How it Works - a blog post on thenewstack, Aug 2015
Unikernel - definition on wikipedia
What are Unikernels and how do they Differ from Containers - [VIDEO] Richard Mortier of Docker explains what unikernels are and how they fit into Docker's strategy
Unikernels are unfit for production - an article by Joyent, published on https://www.joyent.com
Unikernels Offer a Striped Down Version of Linux an article by Nick Hardiman from Tech Republic