Public compute clouds provide a flexible platform to host applications as a set of appliances, e.g., web servers or databases. Each appliance usually contains an OS kernel and userspace processes, within which applications access resources via APIs such as POSIX. The flexible architecture of the cloud comes at a cost: the addition of another layer in the already complex software stack. This reduces performance and increases the size of the trusted computing base.
Our new Mirage operating system proposes a radically different way of building these appliances. Mirage supports the progressive specialisation of functional language (OCaml) application source code, and gradually replaces traditional OS components with type-safe libraries. This ultimately results in “unikernels”: sealed, fixed-purpose images that run directly on the hypervisor without an intervening guest OS such as Lin ux.
Developers no longer need to become sysadmins, expert in the configuration of all manner of system components, to use cloud resources. At the same time, they can develop their code using their usual tools, only making the final push to the cloud once they are satisfied their code works. As they explicitly link in components that would normally be provided by the host OS, the resulting unikernels are also highly compact: facilities that are not used are simply not included in the resulting unikernel. For example, the self-hosting Mirage web server image is less than a megabyte in size!
We will describe the architecture of Mirage in the talk, show some code examples, and interesting benchmark results that compare the performance of our unikernels to traditional applications such as Apache, BIND and OpenSSH.