Unikernels are sometimes called Cloud Operating Systems. These minimal, bespoke unikernel operating systems can be constructed in many different ways for many different applications on many different hardware platforms. They are lightweight mechanism for implementing single-service components.
Unikernels also seem to run in a single address space. Some advantages are certainly that you have real isolation between them (unlike containers), there is no specific kernel version and feature required for the shared OS under-the-hood.
They are ideal for designers of cloud, local network, or low-level security services. Unikernels are useful for securing or rapidly deploying lightweight or security-sensitive services.
One important feature of Unikernels is excellent performance. No waste of context switches between privileged and unprivileged address space, IO, compute cycles, interrupts for unnecessary OS functionality. Highly specialised OS images can be tuned exactly for one use case and they are much smaller.
“Unikernels normally generate a singular runtime environment meant to enable single applications built solely with that environment.”
Xen Project, https://wiki.xenproject.org/wiki/Unikernels
Unikernels have number of benefits when compared to traditional OS like Unix, Linux or Windows. These benefits lend themselves to creating systems that follow the service-oriented or microservices software architectures.
Improved security - mainly due to reduced amount of code deployed, also minimal attack surface. They also lack the variety of functions which could be normally used in the attack.
Small footprint - Unikernels have been shown to be around 4% the size of the traditional OS.
Low boot times - Unikernels have been regularly shown to boot extremely quickly, in time to respond to incoming requests before the requests time-out. Micro seconds boot time ans the same for availability. This is the heart of Unikernels and also what a lot of the container ecosystem has been hunting for.
Critics point out that there are some uncertainties and drawbacks with Unikernels, some even considering whole idea not suitable for production usage.
High degree of specialisation - Unikernels are unsuitable for general purpose, multi-user computing.
The idea that there is “no OS” serves to mislead; the application has taken on the hardware-interfacing responsibilities of the operating system - it is “all OS”.
There exists an argument, that they are secure mainly through the obscurity because they run different or newer software and they rely on hypervisor which can be vulnerable as well.
Early adopters are using unikernel technology to run websites, critical systems infrastructure, cutting-edge research or to operate as a network appliance.
The creator of MirageOS, Anil Madhavapeddy's group is working on a new tool stack called Jitsu (Just-in-Time Summoning of Unikernels), which can start a unikernel in ~20ms in response to a network request.
Traditional operating systems run multiple applications on a single machine, managing resources and isolating applications from one another. A unikernel runs a single application on a single virtual machine, relying instead on the hypervisor to isolate those virtual machines.
< back to glossary