Unikernels - A quick look
Gone was a year of cloud-native adaption and we saw business benefited from microservice architectures, serverless computing, service mesh and container technologies like Dockers and Kubernetes.
Dockerization and management of services in the cloud infrastructure is super easy with orchestration tools like Kubernetes. Microservices, serverless computing, and containerization are no longer a buzz word, and they enable us to build software environments which are a magnitude more flexible and scalable than those prevailed a decade earlier. So the question to ask is what comes next..?
There are a lot of next-generation technologies and tools coming up, like AWS Fargate, which will further simplify container management. But one such thing Unikernels is gaining attention, which promises even further portability and efficiency than containers.
Unikernel?
Unikernel is a compact and portable package which contain everything required to run the application, including the operating system. In a nutshell, they contain only the application code and the code exactly required to run the application. This makes them ultra light and highly secure than the current Docker containers.
Unikernels are specialized, single-address-space machine images constructed using library operating systems.
Rise of Library operating System
The modern hypervisor architecture powering the most cloud computing infrastructures like AWS EC2 provides a high degree of scalability both vertically and horizontally.
By adding more Memory and Cores, infrastructure can spawn vertically.
By adding more VMs infrastructure can spawn horizontally.
Most of the applications and Operating systems cannot utilize these features of hypervisor since they are created before the modern hypervisors. That’s why the usage of application-level load balancers are used to cope the increase in load by elastically spawn VMs.However, since the traditional operating systems are not optimized to cope the elasticity and the boot time will be a huge factor which kept the load balancers compensating with idle VMs. Of course, wasting resource and money.
Even though the individual components in the traditional operating systems are highly optimized, the system as a whole suffers a lot from several performance issues like
Protection: Since traditional operating systems using two different domains ( user and kernel ) for the execution of an application, the switch between these domains itself weaken the operating systems and vulnerable to attach and associated overheads.
Modularity: Due to the complex behavior, numerous levels of abstraction is required in the operating system design. Crossing these abstractions will be expensive and impose the overheads associated with encapsulation and data copies.
Generality: Modern operating systems are intended to remain generic to solve issues for a wider audience. For example, Linux and windows run on a wast diverse set of platforms from low power mobile devices to high powered data centers.
These limitations raised to the proposal of library operating systems called as libOS(example: Exokernel, Nemesis, Arrakis).LibOS cut through the abstraction layers for implementing application-specific core features without compromising the security and performance. In libOS, the protection boundaries are pushed to the lowest hardware layers and resulted in a collection of libraries which implement mechanisms that are required for hardware operations and a collection of policies that are required for access control and isolation.
The libOS has major drawbacks, firstly multiple applications are required to run side by side with strong resource isolation. Secondly, device drivers are required to rewrite to fit the new model because the commodity hardware is not ready to accommodate the libOS model. Luckily the introduction of virtual machines overcomes these limitations and libOS running as a VM only need to focus on the virtual hardware devices and can depend on the hypervisor for the actual hardware.
So what about UniKernels?
Well, the adoption of cloud-native infrastructure opens up large possibilities for hypervised VMs and industry changed focus to containers. Containers can be viewed as a lite virtualization which greatly reduces overhead by encapsulating just the application and its dependencies on top of the shared operating system.
Containers actually drove the adoption of microservices based application architecture and provide better flexibility and performance especially for cloud-native applications.
- A container is a standard unit of software, that packages up the code and all its dependencies so the application runs quickly and reliably from one computing environment to another. A Docker container image is a lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, system libraries and settings.
The drawback with containers is each container consumes more resources than it needs. Each container is a complete Operating system and the application running on it does not require all the features. But each service consumes memory and CPU Cycles, and many are unnecessary.
Unikernels are a lighter alternative which is well suited to microservices based architecture, since Unikernels contain only the low-level features required for the service to function, including the kernel features. The resulting bundle from Unikernels will be much lighter and are naturally secure than containers or VMs because of the library operating system design underneath it.
Unikernels are well suited to lightweight architectures and devices, where it is not optimal to run a full operating system. IoT is a typical example. Unikernels can make IoT devices more secure against attacks as the minimalized design of Unikernels will make it harder to exploit.
Unikernels are lightweight by design, include only a small subset of OS logic, and best suited for applications that require strong isolation of Virtual Machines, but with radically faster deployment and a tiny OS memory footprint. In a cloud world, there may be a lot of choices to enterprises, however, the advantages of Unikernels such as low boot time, security, and lightweight packaging will be in focus when enhancing containerized solutions and virtualizations in future.
