Wednesday, November 25, 2015

Unikernels: The Next Generation of Cloud Technology


Unikernels vs. Containers

Click through for more on unikernels and how they may change the cloud as we know it, as identified by the Xen Project.

The New Needs of the Cloud

At its inception, cloud computing was focused on services and orchestration. Now that this goal has been accomplished, the needs of cloud computing have shifted to create workloads that are better suited to the cloud: workloads that are lightweight and agile, yet just as powerful and more secure than their predecessors. This has given rise to technologies like containers and unikernels, whose purpose is to make the packaging and distribution of applications lighter, faster and more efficient. But where do they fall short in this goal and what types of environments might work best for one over the other?


What Is a Unikernel?

A unikernel is an entire application stack — from operating environment to the application — rolled into a single executable. There is no actual operating system, no general-purpose utilities, no assortment of device drivers; just a single program that sits bare and alone in a virtual machine. The result is a tiny, agile, and secure package, which is ideal for the cloud. The unikernel concept has long been used in the embedded systems area, where a standalone program is embedded into chips in an intelligent device. But, the concept of creating cloud-ready unikernels to populate workloads in the data center is entirely new. From web servers to network function virtualization (NFV) to databases, the unikernel concept can revolutionize the cloud as we know it.


Unikernels: A Perfect Fit for Cloud

Elasticity and agility are both key concepts in the cloud. Traditional data center workloads are large and slow, requiring lots of resources and taking time to start and stop as needed. Unikernels take those same workloads and make them much smaller and much quicker. By stripping away the unneeded parts of the application stack, many tasks can be reduced to a fraction of their traditional size into tiny VMs, which can be created in less than a second. This has given rise to transient microservices or services that are born when a need appears and then die as soon as it disappears. This becomes a theoretical backplane to concepts like the Internet of Things (IoT), in which millions, billions, or even trillions of devices will need to register every button pushed and every switch flipped. We don't need millions of VMs sitting idle taking up valuable resources waiting for something to happen; we need transient microservices that appear the instant the button is pushed and disappear the moment the job is done. IoT is just one of new ideas that will benefit from unikernel technology.


Unikernels Compared to Containers

Unikernels facilitate the very same desirable attributes described by container proponents, with the addition of impressive security, which few other solutions can match. They deliver impressive flexibility, speed and versatility for cross-platform environments. And, like container-based solutions, unikernels are easy to deploy. They also retain the rich hypervisor ecosystem and enable isolation, live migration and robust SLA. Additionally, unikernels provide container-like properties such as sub-second boot time, density and simplicity. They also offer an extremely tiny, specialized runtime footprint much less vulnerable to attack.

  • Next

    The Best Environment for Unikernels

    Unikernels are poised to become the core of a new form of cloud computing, where a single hypervisor instance can support hundreds or even thousands of VMs. Network protection services, network routing, or software-defined networking are great places for unikernels. Early adopters are also using them to run websites, critical systems infrastructure, and cutting-edge research. One example is HaLVM, which provides a reliable, secure VPN solution for laptops or to implement a variety of network services, including encryption nodes, random number generators, and network sensors. Anyone needing a lightweight, single-service component that can be brought up and down quickly or massive scalability should consider this new technology.

    The Best Environment for Containers

    Again containers are lightweight and there are some instances where they might be a good strategy, but it would have to be an environment where security is not a top concern, e.g., inside an organization where you don't have a big internal security risk factor.

    Using Unikernels and Containers Together

    These two technologies can coexist nicely in the same environment. If you are using applications that are deployed in a low security situation, like internally at an organization or within a local lab where the users are considered trustworthy, one can leverage container technology. It is very easy to create and deploy. If you have an application that needs to withstand the less secure Internet world, then unikernels would be a good choice. Most organizations have a variety of each of these applications, so the two technologies pair nicely together. As cloud orchestration software is expanded to handle both Docker-based containers and unikernels, it will become even easier to have both technologies coexisting in a single data center.

    1 comment:

    1. Thank you for so informative article!
      As I can see cloud is developing and the changes seem to be good. From secured data repositories like Ideals data room it goes forward to highly intellectual systems and tools.