Click through for more on unikernels and how they may change the cloud as we know it, as identified by the Xen Project.
The New Needs of the Cloud
At its inception, cloud computing was focused on services and
orchestration. Now that this goal has been accomplished, the needs of
cloud computing have shifted to create workloads that are better suited
to the cloud: workloads that are lightweight and agile, yet just as
powerful and more secure than their predecessors. This has given rise to
technologies like containers and unikernels, whose purpose is to make
the packaging and distribution of applications lighter, faster and more
efficient. But where do they fall short in this goal and what types of
environments might work best for one over the other?
What Is a Unikernel?
A unikernel is an entire application stack — from operating
environment to the application — rolled into a single executable. There
is no actual operating system, no general-purpose utilities, no
assortment of device drivers; just a single program that sits bare and
alone in a virtual machine. The result is a tiny, agile, and secure
package, which is ideal for the cloud. The unikernel concept has long
been used in the embedded systems area, where a standalone program is
embedded into chips in an intelligent device. But, the concept of
creating cloud-ready unikernels to populate workloads in the data center
is entirely new. From web servers to network function virtualization
(NFV) to databases, the unikernel concept can revolutionize the cloud as
we know it.
Unikernels: A Perfect Fit for Cloud
Elasticity and agility are both key concepts in the cloud.
Traditional data center workloads are large and slow, requiring lots of
resources and taking time to start and stop as needed. Unikernels take
those same workloads and make them much smaller and much quicker. By
stripping away the unneeded parts of the application stack, many tasks
can be reduced to a fraction of their traditional size into tiny VMs,
which can be created in less than a second. This has given rise to transient microservices
or services that are born when a need appears and then die as soon as
it disappears. This becomes a theoretical backplane to concepts like the
Internet of Things (IoT), in which millions, billions, or even
trillions of devices will need to register every button pushed and every
switch flipped. We don't need millions of VMs sitting idle taking up
valuable resources waiting for something to happen; we need transient
microservices that appear the instant the button is pushed and disappear
the moment the job is done. IoT is just one of new ideas that will
benefit from unikernel technology.
Unikernels Compared to Containers
Unikernels facilitate the very same desirable attributes described by
container proponents, with the addition of impressive security, which
few other solutions can match. They deliver impressive flexibility,
speed and versatility for cross-platform environments. And, like
container-based solutions, unikernels are easy to deploy. They also
retain the rich hypervisor ecosystem and enable isolation, live
migration and robust SLA. Additionally, unikernels provide
container-like properties such as sub-second boot time, density and
simplicity. They also offer an extremely tiny, specialized runtime
footprint much less vulnerable to attack.
The Best Environment for Unikernels
Unikernels are poised to become the core of a new form of cloud
computing, where a single hypervisor instance can support hundreds or
even thousands of VMs. Network protection services, network routing, or
software-defined networking are great places for unikernels. Early
adopters are also using them to run websites, critical systems
infrastructure, and cutting-edge research. One example is HaLVM, which
provides a reliable, secure VPN solution for laptops or to implement a
variety of network services, including encryption nodes, random number
generators, and network sensors. Anyone needing a lightweight,
single-service component that can be brought up and down quickly or
massive scalability should consider this new technology.
The Best Environment for Containers
Again containers are lightweight and there are some instances where
they might be a good strategy, but it would have to be an environment
where security is not a top concern, e.g., inside an organization where
you don't have a big internal security risk factor.
Using Unikernels and Containers Together
These two technologies can coexist nicely in the same environment. If
you are using applications that are deployed in a low security
situation, like internally at an organization or within a local lab
where the users are considered trustworthy, one can leverage container
technology. It is very easy to create and deploy. If you have an
application that needs to withstand the less secure Internet world, then
unikernels would be a good choice. Most organizations have a variety of
each of these applications, so the two technologies pair nicely
together. As cloud orchestration software is expanded to handle both
Docker-based containers and unikernels, it will become even easier to
have both technologies coexisting in a single data center.