SlideShare a Scribd company logo

Mirage: Extreme Specialization Of Cloud Appliances

The Linux Foundation
The Linux Foundation

Public compute clouds provide a flexible platform to host applications as a set of appliances, e.g., web servers or databases. Each appliance usually contains an OS kernel and userspace processes, within which applications access resources via APIs such as POSIX. The flexible architecture of the cloud comes at a cost: the addition of another layer in the already complex software stack. This reduces performance and increases the size of the trusted computing base. Our new Mirage operating system proposes a radically different way of building these appliances. Mirage supports the progressive specialisation of functional language (OCaml) application source code, and gradually replaces traditional OS components with type-safe libraries. This ultimately results in “unikernels”: sealed, fixed-purpose images that run directly on the hypervisor without an intervening guest OS such as Lin ux. Developers no longer need to become sysadmins, expert in the configuration of all manner of system components, to use cloud resources. At the same time, they can develop their code using their usual tools, only making the final push to the cloud once they are satisfied their code works. As they explicitly link in components that would normally be provided by the host OS, the resulting unikernels are also highly compact: facilities that are not used are simply not included in the resulting unikernel. For example, the self-hosting Mirage web server image is less than a megabyte in size! We will describe the architecture of Mirage in the talk, show some code examples, and interesting benchmark results that compare the performance of our unikernels to traditional applications such as Apache, BIND and OpenSSH.

Technology
1 of 36
Download to read offline
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 1/36 Anil Madhavapeddy University of Cambridge Richard Mortier University of Nottingham Dave Scott Citrix Systems R&D MIRAGE: EXTREME SPECIALISATION OF CLOUD APPLIANCES @avsm @mort___ @mugofsoup http://openmirage.org http://decks.openmirage.org/oscon13/ http://www.youtube.com/watch?v=2Mx8Bd5JYyo
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 2/36 THE CLOUD THREAT MODEL Internet SAN/NAS Tenants SDN
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 3/36 THE CLOUD THREAT MODEL Type-safety in the application layer defeats several external threats. Type-safety in the kernel will make all external I/O safe, but at what cost?
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 4/36 THE CLOUD THREAT MODEL Most attacks never come from within a guest, only from external traffic. So why all these privilege checks?
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 5/36 KEY DESIGN INSIGHTS The hypervisor gifts us a stable hardware interface. Cures the curse of library operating systems! Protocol-level compatibility between special-purpose cloud appliances, e.g. a webserver, a database VM.
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 6/36 UNIKERNELS! Virtual machines are UNIX processes “done right” on the cloud.
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 7/36 CONTRIBUTIONS The unikernel approach to building single-purpose appliances Library OS + high level programming interface Single-address space layout Evaluation of these techniques using a functional programming language (OCaml) Benefits of type-safety need not damage performance Static typing + modules = high level manipulation Language extensions for systems programming in OCaml
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 8/36 CURRENT VIRTUAL APPLIANCES Compiler has to stop at userspace. Every level has a different API, calling convention, and privilege requirements.
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 9/36 SPECIALISED VIRTUAL APPLIANCES
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 10/36 SPECIALISED VIRTUAL APPLIANCES
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 11/36 SPECIALISED VIRTUAL APPLIANCES
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 12/36 PROGRESSIVE SPECIALISATION
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 13/36 MICROBENCHMARKS! Unikernel appliances are: Smaller, both in kLoC & image size Boot faster, at packet round-trip time timescales High performance Type-safe
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 14/36 APPLIANCE IMAGE SIZE Appliance Standard Build Dead Code Elimination DNS 0.449 MB 0.184 MB Web Server 0.674 MB 0.172 MB Openflow learning switch 0.393 MB 0.164 MB Openflow controller 0.392 MB 0.168 MB All configuration and data compiled into the image by the toolchain. Live migration is easy and fun :-)
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 15/36 BOOT TIME Unikernels are compact enough to boot and respond to network traffic in real-time.
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 16/36 HOW LARGE IS LARGE?
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 17/36 EVENT DRIVEN CO-THREADS Garbage collected heap management is more efficient in a single address-space environment. Thread latency can be reduced by eliminating multiple levels of scheduling.
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 18/36 THREAD SCALING SINGLE INSTANCE Threads are heap allocated values, so benefit from the faster garbage collection cycle in the Mirage Xen version, and the scheduler can be overridden by application-specific needs.
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 19/36 BLOCK STORAGE Additionally, reading from a Mirage NAS-like storage VM achieves 942MiB/s buffered, and 1.8GiB/s unbuffered.
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 20/36 TECHNIQUES Several implementation techniques give rise to these benefits: Simplified memory management Zero-copy IO buffer management Hypervisor security extension for VM sealing (W^X)
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 21/36 MEMORY MANAGEMENT SPECIALISED! Compiled native source code and runtime statically linked with random start offset. IO memory is mapped into a reserved area and can be distinguished. OCaml heap is contiguous, with simpler write barriers as a result.
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 22/36 BUFFER MANAGEMENT ZERO-COPY IO
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 23/36 OPTIONAL VM SEALING Single address-space and no dynamic loading W^X address space Address offsets are randomized at compile-time Dropping page table privileges: Added freeze hypercall called just before app starts Subsequent page table updates are rejected by Xen Exception for I/O mappings if they are non-exec and do not modify any existing mappings Very easy in unikernels due to focus on compile-time specialisation instead of run-time complexity
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 24/36 MACROBENCHMARKS We have implemented several larger appliances. We discuss deens, our DNS server in detail here. We also have: a simple webserver, an OpenFlow Switch, and an OpenFlow Controller.
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 25/36 DNS SERVER CODE let main () = lwt zones = read key "zones" "zone.db" in Net.Manager.bind (fun mgr dev -> let src = `any_addr, 53 in Dns.Server.listen dev src zones ) Cooperative threads as functions Statically evaluated configuration Functional callbacks Libraries directly link to network stack
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 26/36 DNS SERVER PERFORMANCE BASELINE Baseline figures, running Bind (standard) and NSD (high performance). NSD achieves around 70 kreqs/s.
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 27/36 DNS SERVER PERFORMANCE MIRAGE Comparing against Mirage appliance, with and without simple memoisation. This algorithmic optimisation added just 6 lines of code.
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 28/36 DNS SERVER PERFORMANCE C/MINIOS A rudimentary C-based appliance linking NSD directly against MiniOS. Poor user-space library performance vastly outweighs language effects.
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 29/36 SCALING VIA PARALLEL INSTANCES Request throughput for serving a simple static page using Apache on Linux vs. a Mirage appliance. Rather than pay the cost of interlocking for thread-level parallelism, we scale by running many instances of the Mirage appliance.
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 30/36 OPENFLOW CONTROLLER OpenFlow controller is competitive with NOX (C++), but much higher level. Applications can link directly against the switch to route their data.
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 31/36 SUMMARY OCaml is the baseline language for all new code Our C runtime is small, and getting smaller Is fully event-driven and non-preemptive Rewriting protocols wasn’t that hard Not necessarily the best research strategy though But an extremely useful learning experience Tech transfer is vital Unikernels fit perfectly on the cloud Internet protocol building blocks Seamless interop with legacy code through VMs
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 32/36 PURE OCAML CODE Device drivers netfront, blkfront xenstore Networking/Communication IP/TCP/UDP/DHCP/DNS(SEC) (v4) HTTP, SSH, OpenFlow (controller/switch) vchan IPC Storage NFS, FAT32 distributed k/v store 9P :-) GITHUB.COM/MIRAGE http://arakoon.org
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 33/36 MIRAGE ONLINE Website, Code, O'Reilly OCaml book, OPAM package manager Allows constraints to be applied to package installation Very useful for managing assembly of the many small OCaml modules that construct a Mirage appliance http://www.openmirage.org http://github.com/mirage http://realworldocaml.org http://opam.ocamlpro.com
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 34/36 KEY RESEARCH DIRECTIONS Interoperability — with billions of VMs out there A unikernel per-language? Interconnect strategies? Heap sharing? Formal method integration easier or harder? Coordination — planetary scale computers Resources are highly elastic now. How to coordinate a million microkernels? “Warehouse Scale Computing” Library Applications — where are they? Irminsule, a git-like functional distributed database Beanstalk, a self-scaling web server
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 35/36 WE'RE HIRING! MUST ENJOY OPEN SOURCE! OCamlLabs, Cambridge, UK Real world functional programming with OCaml Need compiler hackers, protocol heads, PL/type theory systems Networks-as-a-Service, University of Nottingham, UK (2 posts, 3 years, deadline Friday August 2nd) Joint with University of Cambridge & Imperial College Network virtualisation for millions of microkernel apps Need Mirage hackers, network protocol experts, graph theorists http://www.cl.cam.ac.uk/projects/ocamllabs http://bit.ly/13sBjjC
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 36/36 Thanks! Questions? (...and please rate the talk!) HTTP://TWITTER.COM/MORT___

Recommended

OSCON14: Mirage 2.0
OSCON14: Mirage 2.0 OSCON14: Mirage 2.0
OSCON14: Mirage 2.0 The Linux Foundation
 
LF Collaboration Summit: Xen Project 4 4 Features and Futures
LF Collaboration Summit: Xen Project 4 4 Features and FuturesLF Collaboration Summit: Xen Project 4 4 Features and Futures
LF Collaboration Summit: Xen Project 4 4 Features and FuturesThe Linux Foundation
 
OWF: Xen - Open Source Hypervisor Designed for Clouds
OWF: Xen - Open Source Hypervisor Designed for CloudsOWF: Xen - Open Source Hypervisor Designed for Clouds
OWF: Xen - Open Source Hypervisor Designed for CloudsThe Linux Foundation
 
The HaLVM: A Simple Platform for Simple Platforms
The HaLVM: A Simple Platform for Simple PlatformsThe HaLVM: A Simple Platform for Simple Platforms
The HaLVM: A Simple Platform for Simple PlatformsThe Linux Foundation
 
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...The Linux Foundation
 
LCEU13: Securing your cloud with Xen's advanced security features - George Du...
LCEU13: Securing your cloud with Xen's advanced security features - George Du...LCEU13: Securing your cloud with Xen's advanced security features - George Du...
LCEU13: Securing your cloud with Xen's advanced security features - George Du...The Linux Foundation
 
LinuxCon Japan 13 : 10 years of Xen and Beyond
LinuxCon Japan 13 : 10 years of Xen and BeyondLinuxCon Japan 13 : 10 years of Xen and Beyond
LinuxCon Japan 13 : 10 years of Xen and BeyondThe Linux Foundation
 
Xen time machine
Xen time machineXen time machine
Xen time machineThe Linux Foundation
 

Recommended

OSCON14: Mirage 2.0
OSCON14: Mirage 2.0 OSCON14: Mirage 2.0
OSCON14: Mirage 2.0 The Linux Foundation
 
LF Collaboration Summit: Xen Project 4 4 Features and Futures
LF Collaboration Summit: Xen Project 4 4 Features and FuturesLF Collaboration Summit: Xen Project 4 4 Features and Futures
LF Collaboration Summit: Xen Project 4 4 Features and FuturesThe Linux Foundation
 
OWF: Xen - Open Source Hypervisor Designed for Clouds
OWF: Xen - Open Source Hypervisor Designed for CloudsOWF: Xen - Open Source Hypervisor Designed for Clouds
OWF: Xen - Open Source Hypervisor Designed for CloudsThe Linux Foundation
 
The HaLVM: A Simple Platform for Simple Platforms
The HaLVM: A Simple Platform for Simple PlatformsThe HaLVM: A Simple Platform for Simple Platforms
The HaLVM: A Simple Platform for Simple PlatformsThe Linux Foundation
 
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...The Linux Foundation
 
LCEU13: Securing your cloud with Xen's advanced security features - George Du...
LCEU13: Securing your cloud with Xen's advanced security features - George Du...LCEU13: Securing your cloud with Xen's advanced security features - George Du...
LCEU13: Securing your cloud with Xen's advanced security features - George Du...The Linux Foundation
 
LinuxCon Japan 13 : 10 years of Xen and Beyond
LinuxCon Japan 13 : 10 years of Xen and BeyondLinuxCon Japan 13 : 10 years of Xen and Beyond
LinuxCon Japan 13 : 10 years of Xen and BeyondThe Linux Foundation
 
Xen time machine
Xen time machineXen time machine
Xen time machineThe Linux Foundation
 
XPDS16: Xen Development Update
XPDS16: Xen Development UpdateXPDS16: Xen Development Update
XPDS16: Xen Development UpdateThe Linux Foundation
 
Erlang on Xen: Redefining the cloud software stack
Erlang on Xen: Redefining the cloud software stackErlang on Xen: Redefining the cloud software stack
Erlang on Xen: Redefining the cloud software stackViktor Sovietov
 
XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...
XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...
XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...The Linux Foundation
 
ELC21: VM-to-VM Communication Mechanisms for Embedded
ELC21: VM-to-VM Communication Mechanisms for EmbeddedELC21: VM-to-VM Communication Mechanisms for Embedded
ELC21: VM-to-VM Communication Mechanisms for EmbeddedStefano Stabellini
 
XPDDS18: The Art of Virtualizing Cache Maintenance - Julien Grall, Arm
XPDDS18: The Art of Virtualizing Cache Maintenance - Julien Grall, ArmXPDDS18: The Art of Virtualizing Cache Maintenance - Julien Grall, Arm
XPDDS18: The Art of Virtualizing Cache Maintenance - Julien Grall, ArmThe Linux Foundation
 
XPDS13: Xen on ARM Update - Stefano Stabellini, Citrix
XPDS13: Xen on ARM Update - Stefano Stabellini, CitrixXPDS13: Xen on ARM Update - Stefano Stabellini, Citrix
XPDS13: Xen on ARM Update - Stefano Stabellini, CitrixThe Linux Foundation
 
XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...
XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...
XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...The Linux Foundation
 
Xen Project for ARM Servers
Xen Project for ARM ServersXen Project for ARM Servers
Xen Project for ARM ServersStefano Stabellini
 
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, Citrix
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, CitrixXPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, Citrix
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, CitrixThe Linux Foundation
 
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)The Linux Foundation
 
RunX: deploy real-time OSes as containers at the edge
RunX: deploy real-time OSes as containers at the edgeRunX: deploy real-time OSes as containers at the edge
RunX: deploy real-time OSes as containers at the edgeStefano Stabellini
 
Metrics towards enterprise readiness of unikernels
Metrics towards enterprise readiness of unikernelsMetrics towards enterprise readiness of unikernels
Metrics towards enterprise readiness of unikernelsMadhuri Yechuri
 
RunX ELCE 2020
RunX ELCE 2020RunX ELCE 2020
RunX ELCE 2020Stefano Stabellini
 
Aplura virtualization slides
Aplura virtualization slidesAplura virtualization slides
Aplura virtualization slidesThe Linux Foundation
 
XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...
XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...
XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...The Linux Foundation
 
Xen on ARM for embedded and IoT: from secure containers to dom0less systems
Xen on ARM for embedded and IoT: from secure containers to dom0less systemsXen on ARM for embedded and IoT: from secure containers to dom0less systems
Xen on ARM for embedded and IoT: from secure containers to dom0less systemsStefano Stabellini
 
kdump: usage and_internals
kdump: usage and_internalskdump: usage and_internals
kdump: usage and_internalsLinuxCon ContainerCon CloudOpen China
 
PVH : PV Guest in HVM container
PVH : PV Guest in HVM containerPVH : PV Guest in HVM container
PVH : PV Guest in HVM containerThe Linux Foundation
 
Advanced Docker Developer Workflows on MacOS X and Windows
Advanced Docker Developer Workflows on MacOS X and WindowsAdvanced Docker Developer Workflows on MacOS X and Windows
Advanced Docker Developer Workflows on MacOS X and WindowsAnil Madhavapeddy
 
XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...
XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...
XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...The Linux Foundation
 
Highlights and Challenges from Running Spark on Mesos in Production by Morri ...
Highlights and Challenges from Running Spark on Mesos in Production by Morri ...Highlights and Challenges from Running Spark on Mesos in Production by Morri ...
Highlights and Challenges from Running Spark on Mesos in Production by Morri ...Spark Summit
 
Securing the Socks Shop
Securing the Socks ShopSecuring the Socks Shop
Securing the Socks ShopJason Smith
 

More Related Content

What's hot

Erlang on Xen: Redefining the cloud software stack
Erlang on Xen: Redefining the cloud software stackErlang on Xen: Redefining the cloud software stack
Erlang on Xen: Redefining the cloud software stackViktor Sovietov
 
XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...
XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...
XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...The Linux Foundation
 
ELC21: VM-to-VM Communication Mechanisms for Embedded
ELC21: VM-to-VM Communication Mechanisms for EmbeddedELC21: VM-to-VM Communication Mechanisms for Embedded
ELC21: VM-to-VM Communication Mechanisms for EmbeddedStefano Stabellini
 
XPDDS18: The Art of Virtualizing Cache Maintenance - Julien Grall, Arm
XPDDS18: The Art of Virtualizing Cache Maintenance - Julien Grall, ArmXPDDS18: The Art of Virtualizing Cache Maintenance - Julien Grall, Arm
XPDDS18: The Art of Virtualizing Cache Maintenance - Julien Grall, ArmThe Linux Foundation
 
XPDS13: Xen on ARM Update - Stefano Stabellini, Citrix
XPDS13: Xen on ARM Update - Stefano Stabellini, CitrixXPDS13: Xen on ARM Update - Stefano Stabellini, Citrix
XPDS13: Xen on ARM Update - Stefano Stabellini, CitrixThe Linux Foundation
 
XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...
XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...
XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...The Linux Foundation
 
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, Citrix
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, CitrixXPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, Citrix
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, CitrixThe Linux Foundation
 
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)The Linux Foundation
 
RunX: deploy real-time OSes as containers at the edge
RunX: deploy real-time OSes as containers at the edgeRunX: deploy real-time OSes as containers at the edge
RunX: deploy real-time OSes as containers at the edgeStefano Stabellini
 
Metrics towards enterprise readiness of unikernels
Metrics towards enterprise readiness of unikernelsMetrics towards enterprise readiness of unikernels
Metrics towards enterprise readiness of unikernelsMadhuri Yechuri
 
XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...
XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...
XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...The Linux Foundation
 
Xen on ARM for embedded and IoT: from secure containers to dom0less systems
Xen on ARM for embedded and IoT: from secure containers to dom0less systemsXen on ARM for embedded and IoT: from secure containers to dom0less systems
Xen on ARM for embedded and IoT: from secure containers to dom0less systemsStefano Stabellini
 
Advanced Docker Developer Workflows on MacOS X and Windows
Advanced Docker Developer Workflows on MacOS X and WindowsAdvanced Docker Developer Workflows on MacOS X and Windows
Advanced Docker Developer Workflows on MacOS X and WindowsAnil Madhavapeddy
 
XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...
XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...
XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...The Linux Foundation
 

What's hot (20)

XPDS16: Xen Development Update
XPDS16: Xen Development UpdateXPDS16: Xen Development Update
XPDS16: Xen Development Update
 
Erlang on Xen: Redefining the cloud software stack
Erlang on Xen: Redefining the cloud software stackErlang on Xen: Redefining the cloud software stack
Erlang on Xen: Redefining the cloud software stack
 
XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...
XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...
XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...
 
ELC21: VM-to-VM Communication Mechanisms for Embedded
ELC21: VM-to-VM Communication Mechanisms for EmbeddedELC21: VM-to-VM Communication Mechanisms for Embedded
ELC21: VM-to-VM Communication Mechanisms for Embedded
 
XPDDS18: The Art of Virtualizing Cache Maintenance - Julien Grall, Arm
XPDDS18: The Art of Virtualizing Cache Maintenance - Julien Grall, ArmXPDDS18: The Art of Virtualizing Cache Maintenance - Julien Grall, Arm
XPDDS18: The Art of Virtualizing Cache Maintenance - Julien Grall, Arm
 
XPDS13: Xen on ARM Update - Stefano Stabellini, Citrix
XPDS13: Xen on ARM Update - Stefano Stabellini, CitrixXPDS13: Xen on ARM Update - Stefano Stabellini, Citrix
XPDS13: Xen on ARM Update - Stefano Stabellini, Citrix
 
XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...
XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...
XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...
 
Xen Project for ARM Servers
Xen Project for ARM ServersXen Project for ARM Servers
Xen Project for ARM Servers
 
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, Citrix
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, CitrixXPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, Citrix
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, Citrix
 
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)
 
RunX: deploy real-time OSes as containers at the edge
RunX: deploy real-time OSes as containers at the edgeRunX: deploy real-time OSes as containers at the edge
RunX: deploy real-time OSes as containers at the edge
 
Metrics towards enterprise readiness of unikernels
Metrics towards enterprise readiness of unikernelsMetrics towards enterprise readiness of unikernels
Metrics towards enterprise readiness of unikernels
 
RunX ELCE 2020
RunX ELCE 2020RunX ELCE 2020
RunX ELCE 2020
 
Aplura virtualization slides
Aplura virtualization slidesAplura virtualization slides
Aplura virtualization slides
 
XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...
XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...
XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...
 
Xen on ARM for embedded and IoT: from secure containers to dom0less systems
Xen on ARM for embedded and IoT: from secure containers to dom0less systemsXen on ARM for embedded and IoT: from secure containers to dom0less systems
Xen on ARM for embedded and IoT: from secure containers to dom0less systems
 
kdump: usage and_internals
kdump: usage and_internalskdump: usage and_internals
kdump: usage and_internals
 
PVH : PV Guest in HVM container
PVH : PV Guest in HVM containerPVH : PV Guest in HVM container
PVH : PV Guest in HVM container
 
Advanced Docker Developer Workflows on MacOS X and Windows
Advanced Docker Developer Workflows on MacOS X and WindowsAdvanced Docker Developer Workflows on MacOS X and Windows
Advanced Docker Developer Workflows on MacOS X and Windows
 
XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...
XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...
XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...
 

Similar to Mirage: Extreme Specialization Of Cloud Appliances

Highlights and Challenges from Running Spark on Mesos in Production by Morri ...
Highlights and Challenges from Running Spark on Mesos in Production by Morri ...Highlights and Challenges from Running Spark on Mesos in Production by Morri ...
Highlights and Challenges from Running Spark on Mesos in Production by Morri ...Spark Summit
 
Securing the Socks Shop
Securing the Socks ShopSecuring the Socks Shop
Securing the Socks ShopJason Smith
 
Alaeddine El Fawal DR Plan for Private-Cloud Based Data Center
Alaeddine El Fawal DR Plan for Private-Cloud Based Data Center Alaeddine El Fawal DR Plan for Private-Cloud Based Data Center
Alaeddine El Fawal DR Plan for Private-Cloud Based Data Center Alaeddine El Fawal
 
DevOpSec_DockerNPodMan-20230220.pdf
DevOpSec_DockerNPodMan-20230220.pdfDevOpSec_DockerNPodMan-20230220.pdf
DevOpSec_DockerNPodMan-20230220.pdfkanedafromparis
 
Sector Sphere 2009
Sector Sphere 2009Sector Sphere 2009
Sector Sphere 2009lilyco
 
sector-sphere
sector-spheresector-sphere
sector-spherexlight
 
Chicago Docker Meetup Presentation - Mediafly
Chicago Docker Meetup Presentation - MediaflyChicago Docker Meetup Presentation - Mediafly
Chicago Docker Meetup Presentation - MediaflyMediafly
 
cncf overview and building edge computing using kubernetes
cncf overview and building edge computing using kubernetescncf overview and building edge computing using kubernetes
cncf overview and building edge computing using kubernetesKrishna-Kumar
 
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)Ron Munitz
 
From data centers to fog computing: the evaporating cloud
From data centers to fog computing: the evaporating cloudFrom data centers to fog computing: the evaporating cloud
From data centers to fog computing: the evaporating cloudFogGuru MSCA Project
 
Ryan Jarvinen Open Shift Talk @ Postgres Open 2013
Ryan Jarvinen Open Shift Talk @ Postgres Open 2013Ryan Jarvinen Open Shift Talk @ Postgres Open 2013
Ryan Jarvinen Open Shift Talk @ Postgres Open 2013PostgresOpen
 
Cloud, Distributed, Embedded: Erlang in the Heterogeneous Computing World
Cloud, Distributed, Embedded: Erlang in the Heterogeneous Computing WorldCloud, Distributed, Embedded: Erlang in the Heterogeneous Computing World
Cloud, Distributed, Embedded: Erlang in the Heterogeneous Computing WorldOmer Kilic
 
Unikernels - Bristech June 2016
Unikernels - Bristech June 2016 Unikernels - Bristech June 2016
Unikernels - Bristech June 2016 Daniel Drozdzewski
 
mago3D workshop(English) in Thailand , 2018.07
mago3D workshop(English) in Thailand , 2018.07mago3D workshop(English) in Thailand , 2018.07
mago3D workshop(English) in Thailand , 2018.07Gaia3D,Inc.
 
Real World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionReal World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionBen Hall
 
HUGFR : Une infrastructure Kafka & Storm pour lutter contre les attaques DDoS...
HUGFR : Une infrastructure Kafka & Storm pour lutter contre les attaques DDoS...HUGFR : Une infrastructure Kafka & Storm pour lutter contre les attaques DDoS...
HUGFR : Une infrastructure Kafka & Storm pour lutter contre les attaques DDoS...Modern Data Stack France
 
Slides: Introducing the new ClusterControl 1.2.10 for MySQL, MongoDB and Post...
Slides: Introducing the new ClusterControl 1.2.10 for MySQL, MongoDB and Post...Slides: Introducing the new ClusterControl 1.2.10 for MySQL, MongoDB and Post...
Slides: Introducing the new ClusterControl 1.2.10 for MySQL, MongoDB and Post...Severalnines
 
Habits of-efficient-developers
Habits of-efficient-developersHabits of-efficient-developers
Habits of-efficient-developersDaniel Lebrero
 

Similar to Mirage: Extreme Specialization Of Cloud Appliances (20)

Highlights and Challenges from Running Spark on Mesos in Production by Morri ...
Highlights and Challenges from Running Spark on Mesos in Production by Morri ...Highlights and Challenges from Running Spark on Mesos in Production by Morri ...
Highlights and Challenges from Running Spark on Mesos in Production by Morri ...
 
Securing the Socks Shop
Securing the Socks ShopSecuring the Socks Shop
Securing the Socks Shop
 
Alaeddine El Fawal DR Plan for Private-Cloud Based Data Center
Alaeddine El Fawal DR Plan for Private-Cloud Based Data Center Alaeddine El Fawal DR Plan for Private-Cloud Based Data Center
Alaeddine El Fawal DR Plan for Private-Cloud Based Data Center
 
DevOpSec_DockerNPodMan-20230220.pdf
DevOpSec_DockerNPodMan-20230220.pdfDevOpSec_DockerNPodMan-20230220.pdf
DevOpSec_DockerNPodMan-20230220.pdf
 
Sector Sphere 2009
Sector Sphere 2009Sector Sphere 2009
Sector Sphere 2009
 
sector-sphere
sector-spheresector-sphere
sector-sphere
 
Chicago Docker Meetup Presentation - Mediafly
Chicago Docker Meetup Presentation - MediaflyChicago Docker Meetup Presentation - Mediafly
Chicago Docker Meetup Presentation - Mediafly
 
cncf overview and building edge computing using kubernetes
cncf overview and building edge computing using kubernetescncf overview and building edge computing using kubernetes
cncf overview and building edge computing using kubernetes
 
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
 
From data centers to fog computing: the evaporating cloud
From data centers to fog computing: the evaporating cloudFrom data centers to fog computing: the evaporating cloud
From data centers to fog computing: the evaporating cloud
 
Ryan Jarvinen Open Shift Talk @ Postgres Open 2013
Ryan Jarvinen Open Shift Talk @ Postgres Open 2013Ryan Jarvinen Open Shift Talk @ Postgres Open 2013
Ryan Jarvinen Open Shift Talk @ Postgres Open 2013
 
Scaling hadoopapplications
Scaling hadoopapplicationsScaling hadoopapplications
Scaling hadoopapplications
 
Cloud RPI4 tomcat ARM64
Cloud RPI4 tomcat ARM64Cloud RPI4 tomcat ARM64
Cloud RPI4 tomcat ARM64
 
Cloud, Distributed, Embedded: Erlang in the Heterogeneous Computing World
Cloud, Distributed, Embedded: Erlang in the Heterogeneous Computing WorldCloud, Distributed, Embedded: Erlang in the Heterogeneous Computing World
Cloud, Distributed, Embedded: Erlang in the Heterogeneous Computing World
 
Unikernels - Bristech June 2016
Unikernels - Bristech June 2016 Unikernels - Bristech June 2016
Unikernels - Bristech June 2016
 
mago3D workshop(English) in Thailand , 2018.07
mago3D workshop(English) in Thailand , 2018.07mago3D workshop(English) in Thailand , 2018.07
mago3D workshop(English) in Thailand , 2018.07
 
Real World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionReal World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and Production
 
HUGFR : Une infrastructure Kafka & Storm pour lutter contre les attaques DDoS...
HUGFR : Une infrastructure Kafka & Storm pour lutter contre les attaques DDoS...HUGFR : Une infrastructure Kafka & Storm pour lutter contre les attaques DDoS...
HUGFR : Une infrastructure Kafka & Storm pour lutter contre les attaques DDoS...
 
Slides: Introducing the new ClusterControl 1.2.10 for MySQL, MongoDB and Post...
Slides: Introducing the new ClusterControl 1.2.10 for MySQL, MongoDB and Post...Slides: Introducing the new ClusterControl 1.2.10 for MySQL, MongoDB and Post...
Slides: Introducing the new ClusterControl 1.2.10 for MySQL, MongoDB and Post...
 
Habits of-efficient-developers
Habits of-efficient-developersHabits of-efficient-developers
Habits of-efficient-developers
 

More from The Linux Foundation

ELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleThe Linux Foundation
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...The Linux Foundation
 
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...The Linux Foundation
 
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...The Linux Foundation
 
XPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather ReportXPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather ReportThe Linux Foundation
 
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...The Linux Foundation
 
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxXPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxThe Linux Foundation
 
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...The Linux Foundation
 
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderXPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderThe Linux Foundation
 
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...The Linux Foundation
 
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making... OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...The Linux Foundation
 
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixXPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixThe Linux Foundation
 
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdXPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdThe Linux Foundation
 
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...The Linux Foundation
 
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DXPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DThe Linux Foundation
 
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsXPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsThe Linux Foundation
 
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...The Linux Foundation
 
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...The Linux Foundation
 
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...The Linux Foundation
 
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEXPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEThe Linux Foundation
 

More from The Linux Foundation (20)

ELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made Simple
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
 
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
 
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
 
XPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather ReportXPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather Report
 
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
 
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxXPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
 
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
 
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderXPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
 
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
 
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making... OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
 
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixXPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
 
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdXPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
 
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
 
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DXPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
 
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsXPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
 
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
 
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
 
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
 
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEXPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
 

Recently uploaded

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 

Mirage: Extreme Specialization Of Cloud Appliances

  • 1. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 1/36 Anil Madhavapeddy University of Cambridge Richard Mortier University of Nottingham Dave Scott Citrix Systems R&D MIRAGE: EXTREME SPECIALISATION OF CLOUD APPLIANCES @avsm @mort___ @mugofsoup http://openmirage.org http://decks.openmirage.org/oscon13/ http://www.youtube.com/watch?v=2Mx8Bd5JYyo
  • 2. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 2/36 THE CLOUD THREAT MODEL Internet SAN/NAS Tenants SDN
  • 3. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 3/36 THE CLOUD THREAT MODEL Type-safety in the application layer defeats several external threats. Type-safety in the kernel will make all external I/O safe, but at what cost?
  • 4. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 4/36 THE CLOUD THREAT MODEL Most attacks never come from within a guest, only from external traffic. So why all these privilege checks?
  • 5. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 5/36 KEY DESIGN INSIGHTS The hypervisor gifts us a stable hardware interface. Cures the curse of library operating systems! Protocol-level compatibility between special-purpose cloud appliances, e.g. a webserver, a database VM.
  • 6. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 6/36 UNIKERNELS! Virtual machines are UNIX processes “done right” on the cloud.
  • 7. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 7/36 CONTRIBUTIONS The unikernel approach to building single-purpose appliances Library OS + high level programming interface Single-address space layout Evaluation of these techniques using a functional programming language (OCaml) Benefits of type-safety need not damage performance Static typing + modules = high level manipulation Language extensions for systems programming in OCaml
  • 8. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 8/36 CURRENT VIRTUAL APPLIANCES Compiler has to stop at userspace. Every level has a different API, calling convention, and privilege requirements.
  • 9. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 9/36 SPECIALISED VIRTUAL APPLIANCES
  • 10. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 10/36 SPECIALISED VIRTUAL APPLIANCES
  • 11. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 11/36 SPECIALISED VIRTUAL APPLIANCES
  • 12. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 12/36 PROGRESSIVE SPECIALISATION
  • 13. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 13/36 MICROBENCHMARKS! Unikernel appliances are: Smaller, both in kLoC & image size Boot faster, at packet round-trip time timescales High performance Type-safe
  • 14. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 14/36 APPLIANCE IMAGE SIZE Appliance Standard Build Dead Code Elimination DNS 0.449 MB 0.184 MB Web Server 0.674 MB 0.172 MB Openflow learning switch 0.393 MB 0.164 MB Openflow controller 0.392 MB 0.168 MB All configuration and data compiled into the image by the toolchain. Live migration is easy and fun :-)
  • 15. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 15/36 BOOT TIME Unikernels are compact enough to boot and respond to network traffic in real-time.
  • 16. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 16/36 HOW LARGE IS LARGE?
  • 17. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 17/36 EVENT DRIVEN CO-THREADS Garbage collected heap management is more efficient in a single address-space environment. Thread latency can be reduced by eliminating multiple levels of scheduling.
  • 18. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 18/36 THREAD SCALING SINGLE INSTANCE Threads are heap allocated values, so benefit from the faster garbage collection cycle in the Mirage Xen version, and the scheduler can be overridden by application-specific needs.
  • 19. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 19/36 BLOCK STORAGE Additionally, reading from a Mirage NAS-like storage VM achieves 942MiB/s buffered, and 1.8GiB/s unbuffered.
  • 20. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 20/36 TECHNIQUES Several implementation techniques give rise to these benefits: Simplified memory management Zero-copy IO buffer management Hypervisor security extension for VM sealing (W^X)
  • 21. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 21/36 MEMORY MANAGEMENT SPECIALISED! Compiled native source code and runtime statically linked with random start offset. IO memory is mapped into a reserved area and can be distinguished. OCaml heap is contiguous, with simpler write barriers as a result.
  • 22. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 22/36 BUFFER MANAGEMENT ZERO-COPY IO
  • 23. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 23/36 OPTIONAL VM SEALING Single address-space and no dynamic loading W^X address space Address offsets are randomized at compile-time Dropping page table privileges: Added freeze hypercall called just before app starts Subsequent page table updates are rejected by Xen Exception for I/O mappings if they are non-exec and do not modify any existing mappings Very easy in unikernels due to focus on compile-time specialisation instead of run-time complexity
  • 24. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 24/36 MACROBENCHMARKS We have implemented several larger appliances. We discuss deens, our DNS server in detail here. We also have: a simple webserver, an OpenFlow Switch, and an OpenFlow Controller.
  • 25. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 25/36 DNS SERVER CODE let main () = lwt zones = read key "zones" "zone.db" in Net.Manager.bind (fun mgr dev -> let src = `any_addr, 53 in Dns.Server.listen dev src zones ) Cooperative threads as functions Statically evaluated configuration Functional callbacks Libraries directly link to network stack
  • 26. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 26/36 DNS SERVER PERFORMANCE BASELINE Baseline figures, running Bind (standard) and NSD (high performance). NSD achieves around 70 kreqs/s.
  • 27. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 27/36 DNS SERVER PERFORMANCE MIRAGE Comparing against Mirage appliance, with and without simple memoisation. This algorithmic optimisation added just 6 lines of code.
  • 28. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 28/36 DNS SERVER PERFORMANCE C/MINIOS A rudimentary C-based appliance linking NSD directly against MiniOS. Poor user-space library performance vastly outweighs language effects.
  • 29. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 29/36 SCALING VIA PARALLEL INSTANCES Request throughput for serving a simple static page using Apache on Linux vs. a Mirage appliance. Rather than pay the cost of interlocking for thread-level parallelism, we scale by running many instances of the Mirage appliance.
  • 30. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 30/36 OPENFLOW CONTROLLER OpenFlow controller is competitive with NOX (C++), but much higher level. Applications can link directly against the switch to route their data.
  • 31. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 31/36 SUMMARY OCaml is the baseline language for all new code Our C runtime is small, and getting smaller Is fully event-driven and non-preemptive Rewriting protocols wasn’t that hard Not necessarily the best research strategy though But an extremely useful learning experience Tech transfer is vital Unikernels fit perfectly on the cloud Internet protocol building blocks Seamless interop with legacy code through VMs
  • 32. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 32/36 PURE OCAML CODE Device drivers netfront, blkfront xenstore Networking/Communication IP/TCP/UDP/DHCP/DNS(SEC) (v4) HTTP, SSH, OpenFlow (controller/switch) vchan IPC Storage NFS, FAT32 distributed k/v store 9P :-) GITHUB.COM/MIRAGE http://arakoon.org
  • 33. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 33/36 MIRAGE ONLINE Website, Code, O'Reilly OCaml book, OPAM package manager Allows constraints to be applied to package installation Very useful for managing assembly of the many small OCaml modules that construct a Mirage appliance http://www.openmirage.org http://github.com/mirage http://realworldocaml.org http://opam.ocamlpro.com
  • 34. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 34/36 KEY RESEARCH DIRECTIONS Interoperability — with billions of VMs out there A unikernel per-language? Interconnect strategies? Heap sharing? Formal method integration easier or harder? Coordination — planetary scale computers Resources are highly elastic now. How to coordinate a million microkernels? “Warehouse Scale Computing” Library Applications — where are they? Irminsule, a git-like functional distributed database Beanstalk, a self-scaling web server
  • 35. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 35/36 WE'RE HIRING! MUST ENJOY OPEN SOURCE! OCamlLabs, Cambridge, UK Real world functional programming with OCaml Need compiler hackers, protocol heads, PL/type theory systems Networks-as-a-Service, University of Nottingham, UK (2 posts, 3 years, deadline Friday August 2nd) Joint with University of Cambridge & Imperial College Network virtualisation for millions of microkernel apps Need Mirage hackers, network protocol experts, graph theorists http://www.cl.cam.ac.uk/projects/ocamllabs http://bit.ly/13sBjjC
  • 36. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 36/36 Thanks! Questions? (...and please rate the talk!) HTTP://TWITTER.COM/MORT___