SlideShare a Scribd company logo

Deep Dive into Firecracker Using Lightweight Virtual Machines to Enhance the Container Security Boundary - AWS Summit Sydney

Amazon Web Services
Amazon Web Services

Firecracker is an open source virtualisation technology which enables secure and fast microVMs for serverless computing. Firecracker was developed at Amazon Web Services to improve efficiency and customer experience for services like AWS Lambda and AWS Fargate. In this session, hear more about why AWS built this virtualisation technology, how Firecracker differs from traditional virtualisation technology, and how you can contribute to the open source project.

1 of 43
S U M M I T SYDNEY
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Deep Dive in to Firecracker: Using lightweight virtual machines to enhance the container security boundary Mitch Beaumont Senior Solutions Architect Amazon Web Services
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Serverless compute at AWS
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Running containers and serverless at scale Different security boundaries than instances Inefficient resource utilisation
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Running containers and serverless at scale Different security boundaries than instances Inefficient resource utilisation
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. What would a virtual machine look like if it were designed for today’s world of containers and function based services?
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Virtualisation <_start>: e9 59 e1 17 00 jmpq ffff82d08037e15e 0f 1f 00 nopl (%rax) <multiboot1_header_start>: 02 b0 ad 1b 03 00 add 0x31bad(%rax),%dh 00 00 add %al,(%rax) fb sti 4f 52 rex.WRXB push %r10 e4 0f in $0xf,%al <multiboot1_header_end>: 0f 1f 40 00 nopl 0x0(%rax) <multiboot2_header_start>: d6 (bad) 50 push %rax 52 push %rdx e8 00 00 00 00 callq ffff82d080200020 88 00 mov %al,(%rax)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T <_start>: e9 59 e1 17 00 jmpq ffff82d08037e15e 0f 1f 00 nopl (%rax) <multiboot1_header_start>: 02 b0 ad 1b 03 00 add 0x31bad(%rax),%dh 00 00 add %al,(%rax) fb sti 4f 52 rex.WRXB push %r10 e4 0f in $0xf,%al <multiboot1_header_end>: 0f 1f 40 00 nopl 0x0(%rax) <multiboot2_header_start>: d6 (bad) 50 push %rax 52 push %rdx e8 00 00 00 00 callq ffff82d080200020 88 00 mov %al,(%rax) Virtualisation
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T <_start>: e9 59 e1 17 00 jmpq ffff82d08037e15e 0f 1f 00 nopl (%rax) <multiboot1_header_start>: 02 b0 ad 1b 03 00 add 0x31bad(%rax),%dh 00 00 add %al,(%rax) fb sti 4f 52 rex.WRXB push %r10 e4 0f in $0xf,%al <multiboot1_header_end>: 0f 1f 40 00 nopl 0x0(%rax) <multiboot2_header_start>: d6 (bad) 50 push %rax 52 push %rdx e8 00 00 00 00 callq ffff82d080200020 88 00 mov %al,(%rax) Virtualisation
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T <_start>: e9 59 e1 17 00 jmpq ffff82d08037e15e 0f 1f 00 nopl (%rax) <multiboot1_header_start>: 02 b0 ad 1b 03 00 add 0x31bad(%rax),%dh 00 00 add %al,(%rax) fb sti 4f 52 rex.WRXB push %r10 e4 0f in $0xf,%al <multiboot1_header_end>: 0f 1f 40 00 nopl 0x0(%rax) <multiboot2_header_start>: d6 (bad) 50 push %rax 52 push %rdx e8 00 00 00 00 callq ffff82d080200020 88 00 mov %al,(%rax) Virtualisation
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T <_start>: e9 59 e1 17 00 jmpq ffff82d08037e15e 0f 1f 00 nopl (%rax) <multiboot1_header_start>: 02 b0 ad 1b 03 00 add 0x31bad(%rax),%dh 00 00 add %al,(%rax) fb sti 4f 52 rex.WRXB push %r10 e4 0f in $0xf,%al <multiboot1_header_end>: 0f 1f 40 00 nopl 0x0(%rax) <multiboot2_header_start>: d6 (bad) 50 push %rax 52 push %rdx e8 00 00 00 00 callq ffff82d080200020 88 00 mov %al,(%rax) Virtualisation
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T What just happened? Ring 0 Ring 1 Ring 2 Ring 3
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Trap and emulate: virtual machine monitor <_start>: e9 59 e1 17 00 jmpq ffff82d08037e15e 0f 1f 00 nopl (%rax) <multiboot1_header_start>: 02 b0 ad 1b 03 00 add 0x31bad(%rax),%dh 00 00 add %al,(%rax) fb sti 4f 52 rex.WRXB push %r10 e4 0f in $0xf,%al <multiboot1_header_end>: 0f 1f 40 00 nopl 0x0(%rax) <multiboot2_header_start>: d6 (bad) 50 push %rax 52 push %rdx e8 00 00 00 00 callq ffff82d080200020 88 00 mov %al,(%rax)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Trap and emulate: virtual machine monitor <_start>: e9 59 e1 17 00 jmpq ffff82d08037e15e 0f 1f 00 nopl (%rax) <multiboot1_header_start>: 02 b0 ad 1b 03 00 add 0x31bad(%rax),%dh 00 00 add %al,(%rax) fb sti 4f 52 rex.WRXB push %r10 e4 0f in $0xf,%al <multiboot1_header_end>: 0f 1f 40 00 nopl 0x0(%rax) <multiboot2_header_start>: d6 (bad) 50 push %rax 52 push %rdx e8 00 00 00 00 callq ffff82d080200020 88 00 mov %al,(%rax)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Trap and emulate: virtual machine monitor <_start>: e9 59 e1 17 00 jmpq ffff82d08037e15e 0f 1f 00 nopl (%rax) <multiboot1_header_start>: 02 b0 ad 1b 03 00 add 0x31bad(%rax),%dh 00 00 add %al,(%rax) fb sti 4f 52 rex.WRXB push %r10 e4 0f in $0xf,%al <multiboot1_header_end>: 0f 1f 40 00 nopl 0x0(%rax) <multiboot2_header_start>: d6 (bad) 50 push %rax 52 push %rdx e8 00 00 00 00 callq ffff82d080200020 88 00 mov %al,(%rax)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Trap and emulate: virtual machine monitor <_start>: e9 59 e1 17 00 jmpq ffff82d08037e15e 0f 1f 00 nopl (%rax) <multiboot1_header_start>: 02 b0 ad 1b 03 00 add 0x31bad(%rax),%dh 00 00 add %al,(%rax) fb sti 4f 52 rex.WRXB push %r10 e4 0f in $0xf,%al <multiboot1_header_end>: 0f 1f 40 00 nopl 0x0(%rax) <multiboot2_header_start>: d6 (bad) 50 push %rax 52 push %rdx e8 00 00 00 00 callq ffff82d080200020 88 00 mov %al,(%rax)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Wait … what?
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Virtualisation and statistical majority?
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T What’s a statistical majority?
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T What just happened?
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Trap and emulate <_start>: e9 59 e1 17 00 jmpq ffff82d08037e15e 0f 1f 00 nopl (%rax) <multiboot1_header_start>: 02 b0 ad 1b 03 00 add 0x31bad(%rax),%dh 00 00 add %al,(%rax) fb sti 4f 52 rex.WRXB push %r10 e4 0f in $0xf,%al <multiboot1_header_end>: 0f 1f 40 00 nopl 0x0(%rax) <multiboot2_header_start>: d6 (bad) 50 push %rax 52 push %rdx e8 00 00 00 00 callq ffff82d080200020 88 00 mov %al,(%rax)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Hypervisor bloat …
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. What would a virtual machine look like if it were designed for today’s world of containers and function based services?
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Firecracker RESTful API Networks Storage Rate Limiting Metadata
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Secure
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Secure Fast
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Secure Fast Efficient
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Firecracker RESTful API Networks Storage Rate Limiting Metadata
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Firecracker RESTful API Networks Storage Rate Limiting Metadata
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Firecracker RESTful API Networks Storage Rate Limiting Metadata
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Firecracker RESTful API Networks Storage Rate Limiting Metadata
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Firecracker RESTful API Networks Storage Rate Limiting Metadata
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Firecracker RESTful API Networks Storage Rate Limiting Metadata
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Serverless compute at AWS
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T What’s new and what’s next? • [NEW] Firectl: Command-line tool for managing Firecracker MicroVMs • [NEW] Integration with container runtimes like Kata Containers • [NEXT] Integration to enable ContainerD to manage Firecracker MicroVMs
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Wrap up • Opensource, Apache, version 2.0 license • Contribute at https://github.com/firecracker-microvm/ • Join the conversation at firecracker-microvm.slack.com
Thank you! S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Mitch Beaumont beaumonm@amazon.com

Recommended

Apache Spark At Scale in the Cloud
Apache Spark At Scale in the CloudApache Spark At Scale in the Cloud
Apache Spark At Scale in the Cloud
Databricks
 
Spark sql
Spark sqlSpark sql
Spark sql
Freeman Zhang
 
Dive into PySpark
Dive into PySparkDive into PySpark
Dive into PySpark
Mateusz Buśkiewicz
 
Apache Hadoop and Spark: Introduction and Use Cases for Data Analysis
Apache Hadoop and Spark: Introduction and Use Cases for Data AnalysisApache Hadoop and Spark: Introduction and Use Cases for Data Analysis
Apache Hadoop and Spark: Introduction and Use Cases for Data Analysis
Trieu Nguyen
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
Thomas Graf
 
Spark SQL Deep Dive @ Melbourne Spark Meetup
Spark SQL Deep Dive @ Melbourne Spark MeetupSpark SQL Deep Dive @ Melbourne Spark Meetup
Spark SQL Deep Dive @ Melbourne Spark Meetup
Databricks
 
Bucketing 2.0: Improve Spark SQL Performance by Removing Shuffle
Bucketing 2.0: Improve Spark SQL Performance by Removing ShuffleBucketing 2.0: Improve Spark SQL Performance by Removing Shuffle
Bucketing 2.0: Improve Spark SQL Performance by Removing Shuffle
Databricks
 
Apache spark 소개 및 실습
Apache spark 소개 및 실습Apache spark 소개 및 실습
Apache spark 소개 및 실습
동현 강
 

Recommended

Apache Spark At Scale in the Cloud
Apache Spark At Scale in the CloudApache Spark At Scale in the Cloud
Apache Spark At Scale in the Cloud
Databricks
 
Spark sql
Spark sqlSpark sql
Spark sql
Freeman Zhang
 
Dive into PySpark
Dive into PySparkDive into PySpark
Dive into PySpark
Mateusz Buśkiewicz
 
Apache Hadoop and Spark: Introduction and Use Cases for Data Analysis
Apache Hadoop and Spark: Introduction and Use Cases for Data AnalysisApache Hadoop and Spark: Introduction and Use Cases for Data Analysis
Apache Hadoop and Spark: Introduction and Use Cases for Data Analysis
Trieu Nguyen
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
Thomas Graf
 
Spark SQL Deep Dive @ Melbourne Spark Meetup
Spark SQL Deep Dive @ Melbourne Spark MeetupSpark SQL Deep Dive @ Melbourne Spark Meetup
Spark SQL Deep Dive @ Melbourne Spark Meetup
Databricks
 
Bucketing 2.0: Improve Spark SQL Performance by Removing Shuffle
Bucketing 2.0: Improve Spark SQL Performance by Removing ShuffleBucketing 2.0: Improve Spark SQL Performance by Removing Shuffle
Bucketing 2.0: Improve Spark SQL Performance by Removing Shuffle
Databricks
 
Apache spark 소개 및 실습
Apache spark 소개 및 실습Apache spark 소개 및 실습
Apache spark 소개 및 실습
동현 강
 
A Hitchhiker's Guide to Apache Kafka Geo-Replication with Sanjana Kaundinya ...
A Hitchhiker's Guide to Apache Kafka Geo-Replication with Sanjana Kaundinya ... A Hitchhiker's Guide to Apache Kafka Geo-Replication with Sanjana Kaundinya ...
A Hitchhiker's Guide to Apache Kafka Geo-Replication with Sanjana Kaundinya ...
HostedbyConfluent
 
Survey of High Performance NoSQL Systems
Survey of High Performance NoSQL SystemsSurvey of High Performance NoSQL Systems
Survey of High Performance NoSQL Systems
ScyllaDB
 
How we got to 1 millisecond latency in 99% under repair, compaction, and flus...
How we got to 1 millisecond latency in 99% under repair, compaction, and flus...How we got to 1 millisecond latency in 99% under repair, compaction, and flus...
How we got to 1 millisecond latency in 99% under repair, compaction, and flus...
ScyllaDB
 
HBase Application Performance Improvement
HBase Application Performance ImprovementHBase Application Performance Improvement
HBase Application Performance Improvement
Biju Nair
 
Apache Spark overview
Apache Spark overviewApache Spark overview
Apache Spark overview
DataArt
 
Apache Spark on Kubernetes Anirudh Ramanathan and Tim Chen
Apache Spark on Kubernetes Anirudh Ramanathan and Tim ChenApache Spark on Kubernetes Anirudh Ramanathan and Tim Chen
Apache Spark on Kubernetes Anirudh Ramanathan and Tim Chen
Databricks
 
InfluxDB Roadmap: What’s New and What’s Coming
InfluxDB Roadmap: What’s New and What’s ComingInfluxDB Roadmap: What’s New and What’s Coming
InfluxDB Roadmap: What’s New and What’s Coming
InfluxData
 
introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack
monad bobo
 
New Approaches for Fraud Detection on Apache Kafka and KSQL
New Approaches for Fraud Detection on Apache Kafka and KSQLNew Approaches for Fraud Detection on Apache Kafka and KSQL
New Approaches for Fraud Detection on Apache Kafka and KSQL
confluent
 
Scaling for Performance
Scaling for PerformanceScaling for Performance
Scaling for Performance
ScyllaDB
 
BlueStore, A New Storage Backend for Ceph, One Year In
BlueStore, A New Storage Backend for Ceph, One Year InBlueStore, A New Storage Backend for Ceph, One Year In
BlueStore, A New Storage Backend for Ceph, One Year In
Sage Weil
 
PostgreSQL and CockroachDB SQL
PostgreSQL and CockroachDB SQLPostgreSQL and CockroachDB SQL
PostgreSQL and CockroachDB SQL
CockroachDB
 
LinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking WalkthroughLinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking Walkthrough
Thomas Graf
 
Spark Hadoop Tutorial | Spark Hadoop Example on NBA | Apache Spark Training |...
Spark Hadoop Tutorial | Spark Hadoop Example on NBA | Apache Spark Training |...Spark Hadoop Tutorial | Spark Hadoop Example on NBA | Apache Spark Training |...
Spark Hadoop Tutorial | Spark Hadoop Example on NBA | Apache Spark Training |...
Edureka!
 
Wars of MySQL Cluster ( InnoDB Cluster VS Galera )
Wars of MySQL Cluster ( InnoDB Cluster VS Galera ) Wars of MySQL Cluster ( InnoDB Cluster VS Galera )
Wars of MySQL Cluster ( InnoDB Cluster VS Galera )
Mydbops
 
Tame the small files problem and optimize data layout for streaming ingestion...
Tame the small files problem and optimize data layout for streaming ingestion...Tame the small files problem and optimize data layout for streaming ingestion...
Tame the small files problem and optimize data layout for streaming ingestion...
Flink Forward
 
Zeus: Uber’s Highly Scalable and Distributed Shuffle as a Service
Zeus: Uber’s Highly Scalable and Distributed Shuffle as a ServiceZeus: Uber’s Highly Scalable and Distributed Shuffle as a Service
Zeus: Uber’s Highly Scalable and Distributed Shuffle as a Service
Databricks
 
Distributed Databases Deconstructed: CockroachDB, TiDB and YugaByte DB
Distributed Databases Deconstructed: CockroachDB, TiDB and YugaByte DBDistributed Databases Deconstructed: CockroachDB, TiDB and YugaByte DB
Distributed Databases Deconstructed: CockroachDB, TiDB and YugaByte DB
YugabyteDB
 
Optimizing Apache Spark SQL Joins
Optimizing Apache Spark SQL JoinsOptimizing Apache Spark SQL Joins
Optimizing Apache Spark SQL Joins
Databricks
 
Spark architecture
Spark architectureSpark architecture
Spark architecture
GauravBiswas9
 
The Nitro Project: Next-Generation EC2 Infrastructure - AWS Online Tech Talks
The Nitro Project: Next-Generation EC2 Infrastructure - AWS Online Tech TalksThe Nitro Project: Next-Generation EC2 Infrastructure - AWS Online Tech Talks
The Nitro Project: Next-Generation EC2 Infrastructure - AWS Online Tech Talks
Amazon Web Services
 
C5 Instances and the Evolution of Amazon EC2 Virtualization - CMP332 - re:Inv...
C5 Instances and the Evolution of Amazon EC2 Virtualization - CMP332 - re:Inv...C5 Instances and the Evolution of Amazon EC2 Virtualization - CMP332 - re:Inv...
C5 Instances and the Evolution of Amazon EC2 Virtualization - CMP332 - re:Inv...
Amazon Web Services
 

More Related Content

What's hot

A Hitchhiker's Guide to Apache Kafka Geo-Replication with Sanjana Kaundinya ...
A Hitchhiker's Guide to Apache Kafka Geo-Replication with Sanjana Kaundinya ... A Hitchhiker's Guide to Apache Kafka Geo-Replication with Sanjana Kaundinya ...
A Hitchhiker's Guide to Apache Kafka Geo-Replication with Sanjana Kaundinya ...
HostedbyConfluent
 
How we got to 1 millisecond latency in 99% under repair, compaction, and flus...
How we got to 1 millisecond latency in 99% under repair, compaction, and flus...How we got to 1 millisecond latency in 99% under repair, compaction, and flus...
How we got to 1 millisecond latency in 99% under repair, compaction, and flus...
ScyllaDB
 
Apache Spark on Kubernetes Anirudh Ramanathan and Tim Chen
Apache Spark on Kubernetes Anirudh Ramanathan and Tim ChenApache Spark on Kubernetes Anirudh Ramanathan and Tim Chen
Apache Spark on Kubernetes Anirudh Ramanathan and Tim Chen
Databricks
 
New Approaches for Fraud Detection on Apache Kafka and KSQL
New Approaches for Fraud Detection on Apache Kafka and KSQLNew Approaches for Fraud Detection on Apache Kafka and KSQL
New Approaches for Fraud Detection on Apache Kafka and KSQL
confluent
 
BlueStore, A New Storage Backend for Ceph, One Year In
BlueStore, A New Storage Backend for Ceph, One Year InBlueStore, A New Storage Backend for Ceph, One Year In
BlueStore, A New Storage Backend for Ceph, One Year In
Sage Weil
 
Tame the small files problem and optimize data layout for streaming ingestion...
Tame the small files problem and optimize data layout for streaming ingestion...Tame the small files problem and optimize data layout for streaming ingestion...
Tame the small files problem and optimize data layout for streaming ingestion...
Flink Forward
 

What's hot (20)

A Hitchhiker's Guide to Apache Kafka Geo-Replication with Sanjana Kaundinya ...
A Hitchhiker's Guide to Apache Kafka Geo-Replication with Sanjana Kaundinya ... A Hitchhiker's Guide to Apache Kafka Geo-Replication with Sanjana Kaundinya ...
A Hitchhiker's Guide to Apache Kafka Geo-Replication with Sanjana Kaundinya ...
 
Survey of High Performance NoSQL Systems
Survey of High Performance NoSQL SystemsSurvey of High Performance NoSQL Systems
Survey of High Performance NoSQL Systems
 
How we got to 1 millisecond latency in 99% under repair, compaction, and flus...
How we got to 1 millisecond latency in 99% under repair, compaction, and flus...How we got to 1 millisecond latency in 99% under repair, compaction, and flus...
How we got to 1 millisecond latency in 99% under repair, compaction, and flus...
 
HBase Application Performance Improvement
HBase Application Performance ImprovementHBase Application Performance Improvement
HBase Application Performance Improvement
 
Apache Spark overview
Apache Spark overviewApache Spark overview
Apache Spark overview
 
Apache Spark on Kubernetes Anirudh Ramanathan and Tim Chen
Apache Spark on Kubernetes Anirudh Ramanathan and Tim ChenApache Spark on Kubernetes Anirudh Ramanathan and Tim Chen
Apache Spark on Kubernetes Anirudh Ramanathan and Tim Chen
 
InfluxDB Roadmap: What’s New and What’s Coming
InfluxDB Roadmap: What’s New and What’s ComingInfluxDB Roadmap: What’s New and What’s Coming
InfluxDB Roadmap: What’s New and What’s Coming
 
introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack
 
New Approaches for Fraud Detection on Apache Kafka and KSQL
New Approaches for Fraud Detection on Apache Kafka and KSQLNew Approaches for Fraud Detection on Apache Kafka and KSQL
New Approaches for Fraud Detection on Apache Kafka and KSQL
 
Scaling for Performance
Scaling for PerformanceScaling for Performance
Scaling for Performance
 
BlueStore, A New Storage Backend for Ceph, One Year In
BlueStore, A New Storage Backend for Ceph, One Year InBlueStore, A New Storage Backend for Ceph, One Year In
BlueStore, A New Storage Backend for Ceph, One Year In
 
PostgreSQL and CockroachDB SQL
PostgreSQL and CockroachDB SQLPostgreSQL and CockroachDB SQL
PostgreSQL and CockroachDB SQL
 
LinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking WalkthroughLinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking Walkthrough
 
Spark Hadoop Tutorial | Spark Hadoop Example on NBA | Apache Spark Training |...
Spark Hadoop Tutorial | Spark Hadoop Example on NBA | Apache Spark Training |...Spark Hadoop Tutorial | Spark Hadoop Example on NBA | Apache Spark Training |...
Spark Hadoop Tutorial | Spark Hadoop Example on NBA | Apache Spark Training |...
 
Wars of MySQL Cluster ( InnoDB Cluster VS Galera )
Wars of MySQL Cluster ( InnoDB Cluster VS Galera ) Wars of MySQL Cluster ( InnoDB Cluster VS Galera )
Wars of MySQL Cluster ( InnoDB Cluster VS Galera )
 
Tame the small files problem and optimize data layout for streaming ingestion...
Tame the small files problem and optimize data layout for streaming ingestion...Tame the small files problem and optimize data layout for streaming ingestion...
Tame the small files problem and optimize data layout for streaming ingestion...
 
Zeus: Uber’s Highly Scalable and Distributed Shuffle as a Service
Zeus: Uber’s Highly Scalable and Distributed Shuffle as a ServiceZeus: Uber’s Highly Scalable and Distributed Shuffle as a Service
Zeus: Uber’s Highly Scalable and Distributed Shuffle as a Service
 
Distributed Databases Deconstructed: CockroachDB, TiDB and YugaByte DB
Distributed Databases Deconstructed: CockroachDB, TiDB and YugaByte DBDistributed Databases Deconstructed: CockroachDB, TiDB and YugaByte DB
Distributed Databases Deconstructed: CockroachDB, TiDB and YugaByte DB
 
Optimizing Apache Spark SQL Joins
Optimizing Apache Spark SQL JoinsOptimizing Apache Spark SQL Joins
Optimizing Apache Spark SQL Joins
 
Spark architecture
Spark architectureSpark architecture
Spark architecture
 

Similar to Deep Dive into Firecracker Using Lightweight Virtual Machines to Enhance the Container Security Boundary - AWS Summit Sydney

Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019
Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019 Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019
Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019
Amazon Web Services
 
How to Avoid Common Mistakes at Scale: AWS Developer Workshop at Web Summit 2018
How to Avoid Common Mistakes at Scale: AWS Developer Workshop at Web Summit 2018How to Avoid Common Mistakes at Scale: AWS Developer Workshop at Web Summit 2018
How to Avoid Common Mistakes at Scale: AWS Developer Workshop at Web Summit 2018
Amazon Web Services
 
7 Habits of Highly Efficient Visualforce Pages
7 Habits of Highly Efficient Visualforce Pages7 Habits of Highly Efficient Visualforce Pages
7 Habits of Highly Efficient Visualforce Pages
Salesforce Developers
 
Virtual Flink Forward 2020: Lessons learned on Apache Flink application avail...
Virtual Flink Forward 2020: Lessons learned on Apache Flink application avail...Virtual Flink Forward 2020: Lessons learned on Apache Flink application avail...
Virtual Flink Forward 2020: Lessons learned on Apache Flink application avail...
Flink Forward
 
Keynote - Adrian Hornsby on Chaos Engineering
Keynote - Adrian Hornsby on Chaos EngineeringKeynote - Adrian Hornsby on Chaos Engineering
Keynote - Adrian Hornsby on Chaos Engineering
Amazon Web Services
 

Similar to Deep Dive into Firecracker Using Lightweight Virtual Machines to Enhance the Container Security Boundary - AWS Summit Sydney (20)

The Nitro Project: Next-Generation EC2 Infrastructure - AWS Online Tech Talks
The Nitro Project: Next-Generation EC2 Infrastructure - AWS Online Tech TalksThe Nitro Project: Next-Generation EC2 Infrastructure - AWS Online Tech Talks
The Nitro Project: Next-Generation EC2 Infrastructure - AWS Online Tech Talks
 
C5 Instances and the Evolution of Amazon EC2 Virtualization - CMP332 - re:Inv...
C5 Instances and the Evolution of Amazon EC2 Virtualization - CMP332 - re:Inv...C5 Instances and the Evolution of Amazon EC2 Virtualization - CMP332 - re:Inv...
C5 Instances and the Evolution of Amazon EC2 Virtualization - CMP332 - re:Inv...
 
Deep Dive on New Amazon EC2 Instances and Virtualization Technologies - AWS O...
Deep Dive on New Amazon EC2 Instances and Virtualization Technologies - AWS O...Deep Dive on New Amazon EC2 Instances and Virtualization Technologies - AWS O...
Deep Dive on New Amazon EC2 Instances and Virtualization Technologies - AWS O...
 
Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019
Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019 Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019
Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019
 
Serverless_Architecture를_응용한_실시간_DW플랫폼_구현
Serverless_Architecture를_응용한_실시간_DW플랫폼_구현 Serverless_Architecture를_응용한_실시간_DW플랫폼_구현
Serverless_Architecture를_응용한_실시간_DW플랫폼_구현
 
Practical Memory Tuning for PostgreSQL
Practical Memory Tuning for PostgreSQLPractical Memory Tuning for PostgreSQL
Practical Memory Tuning for PostgreSQL
 
Ec2 spot-intro-20190227
Ec2 spot-intro-20190227Ec2 spot-intro-20190227
Ec2 spot-intro-20190227
 
Reinforcement Learning with Sagemaker, DeepRacer and Robomaker
Reinforcement Learning with Sagemaker, DeepRacer and RobomakerReinforcement Learning with Sagemaker, DeepRacer and Robomaker
Reinforcement Learning with Sagemaker, DeepRacer and Robomaker
 
A few milliseconds in the life of an HTTP request
A few milliseconds in the life of an HTTP requestA few milliseconds in the life of an HTTP request
A few milliseconds in the life of an HTTP request
 
The evolution of automated reasoning technology at AWS - SEP201 - AWS re:Info...
The evolution of automated reasoning technology at AWS - SEP201 - AWS re:Info...The evolution of automated reasoning technology at AWS - SEP201 - AWS re:Info...
The evolution of automated reasoning technology at AWS - SEP201 - AWS re:Info...
 
How to Avoid Common Mistakes at Scale: AWS Developer Workshop at Web Summit 2018
How to Avoid Common Mistakes at Scale: AWS Developer Workshop at Web Summit 2018How to Avoid Common Mistakes at Scale: AWS Developer Workshop at Web Summit 2018
How to Avoid Common Mistakes at Scale: AWS Developer Workshop at Web Summit 2018
 
Best Practices for Scalable Monitoring (ENT310-S) - AWS re:Invent 2018
Best Practices for Scalable Monitoring (ENT310-S) - AWS re:Invent 2018Best Practices for Scalable Monitoring (ENT310-S) - AWS re:Invent 2018
Best Practices for Scalable Monitoring (ENT310-S) - AWS re:Invent 2018
 
7 Habits of Highly Efficient Visualforce Pages
7 Habits of Highly Efficient Visualforce Pages7 Habits of Highly Efficient Visualforce Pages
7 Habits of Highly Efficient Visualforce Pages
 
DeepRacer-Workshop-HongKong-Donnie-Prakoso
DeepRacer-Workshop-HongKong-Donnie-PrakosoDeepRacer-Workshop-HongKong-Donnie-Prakoso
DeepRacer-Workshop-HongKong-Donnie-Prakoso
 
AWS-DeepRacer-Workshop-HK-Donnie-Prakoso
AWS-DeepRacer-Workshop-HK-Donnie-PrakosoAWS-DeepRacer-Workshop-HK-Donnie-Prakoso
AWS-DeepRacer-Workshop-HK-Donnie-Prakoso
 
Virtual Flink Forward 2020: Lessons learned on Apache Flink application avail...
Virtual Flink Forward 2020: Lessons learned on Apache Flink application avail...Virtual Flink Forward 2020: Lessons learned on Apache Flink application avail...
Virtual Flink Forward 2020: Lessons learned on Apache Flink application avail...
 
Keynote - Adrian Hornsby on Chaos Engineering
Keynote - Adrian Hornsby on Chaos EngineeringKeynote - Adrian Hornsby on Chaos Engineering
Keynote - Adrian Hornsby on Chaos Engineering
 
The Steady State Reduce Spikiness from GPU Utilization with Apache MXNet (inc...
The Steady State Reduce Spikiness from GPU Utilization with Apache MXNet (inc...The Steady State Reduce Spikiness from GPU Utilization with Apache MXNet (inc...
The Steady State Reduce Spikiness from GPU Utilization with Apache MXNet (inc...
 
0x32 Shades of #7f7f7f: The Tension Between Absolutes and Ambiguity in Securi...
0x32 Shades of #7f7f7f: The Tension Between Absolutes and Ambiguity in Securi...0x32 Shades of #7f7f7f: The Tension Between Absolutes and Ambiguity in Securi...
0x32 Shades of #7f7f7f: The Tension Between Absolutes and Ambiguity in Securi...
 
AWS, I Choose You: Pokemon's Battle against the Bots (SEC402-R1) - AWS re:Inv...
AWS, I Choose You: Pokemon's Battle against the Bots (SEC402-R1) - AWS re:Inv...AWS, I Choose You: Pokemon's Battle against the Bots (SEC402-R1) - AWS re:Inv...
AWS, I Choose You: Pokemon's Battle against the Bots (SEC402-R1) - AWS re:Inv...
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Deep Dive into Firecracker Using Lightweight Virtual Machines to Enhance the Container Security Boundary - AWS Summit Sydney

  • 1. S U M M I T SYDNEY
  • 2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Deep Dive in to Firecracker: Using lightweight virtual machines to enhance the container security boundary Mitch Beaumont Senior Solutions Architect Amazon Web Services
  • 3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Serverless compute at AWS
  • 4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Running containers and serverless at scale Different security boundaries than instances Inefficient resource utilisation
  • 5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Running containers and serverless at scale Different security boundaries than instances Inefficient resource utilisation
  • 6. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. What would a virtual machine look like if it were designed for today’s world of containers and function based services?
  • 7. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Virtualisation <_start>: e9 59 e1 17 00 jmpq ffff82d08037e15e 0f 1f 00 nopl (%rax) <multiboot1_header_start>: 02 b0 ad 1b 03 00 add 0x31bad(%rax),%dh 00 00 add %al,(%rax) fb sti 4f 52 rex.WRXB push %r10 e4 0f in $0xf,%al <multiboot1_header_end>: 0f 1f 40 00 nopl 0x0(%rax) <multiboot2_header_start>: d6 (bad) 50 push %rax 52 push %rdx e8 00 00 00 00 callq ffff82d080200020 88 00 mov %al,(%rax)
  • 9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T <_start>: e9 59 e1 17 00 jmpq ffff82d08037e15e 0f 1f 00 nopl (%rax) <multiboot1_header_start>: 02 b0 ad 1b 03 00 add 0x31bad(%rax),%dh 00 00 add %al,(%rax) fb sti 4f 52 rex.WRXB push %r10 e4 0f in $0xf,%al <multiboot1_header_end>: 0f 1f 40 00 nopl 0x0(%rax) <multiboot2_header_start>: d6 (bad) 50 push %rax 52 push %rdx e8 00 00 00 00 callq ffff82d080200020 88 00 mov %al,(%rax) Virtualisation
  • 10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T <_start>: e9 59 e1 17 00 jmpq ffff82d08037e15e 0f 1f 00 nopl (%rax) <multiboot1_header_start>: 02 b0 ad 1b 03 00 add 0x31bad(%rax),%dh 00 00 add %al,(%rax) fb sti 4f 52 rex.WRXB push %r10 e4 0f in $0xf,%al <multiboot1_header_end>: 0f 1f 40 00 nopl 0x0(%rax) <multiboot2_header_start>: d6 (bad) 50 push %rax 52 push %rdx e8 00 00 00 00 callq ffff82d080200020 88 00 mov %al,(%rax) Virtualisation
  • 11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T <_start>: e9 59 e1 17 00 jmpq ffff82d08037e15e 0f 1f 00 nopl (%rax) <multiboot1_header_start>: 02 b0 ad 1b 03 00 add 0x31bad(%rax),%dh 00 00 add %al,(%rax) fb sti 4f 52 rex.WRXB push %r10 e4 0f in $0xf,%al <multiboot1_header_end>: 0f 1f 40 00 nopl 0x0(%rax) <multiboot2_header_start>: d6 (bad) 50 push %rax 52 push %rdx e8 00 00 00 00 callq ffff82d080200020 88 00 mov %al,(%rax) Virtualisation
  • 12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T <_start>: e9 59 e1 17 00 jmpq ffff82d08037e15e 0f 1f 00 nopl (%rax) <multiboot1_header_start>: 02 b0 ad 1b 03 00 add 0x31bad(%rax),%dh 00 00 add %al,(%rax) fb sti 4f 52 rex.WRXB push %r10 e4 0f in $0xf,%al <multiboot1_header_end>: 0f 1f 40 00 nopl 0x0(%rax) <multiboot2_header_start>: d6 (bad) 50 push %rax 52 push %rdx e8 00 00 00 00 callq ffff82d080200020 88 00 mov %al,(%rax) Virtualisation
  • 13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T What just happened? Ring 0 Ring 1 Ring 2 Ring 3
  • 14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Trap and emulate: virtual machine monitor <_start>: e9 59 e1 17 00 jmpq ffff82d08037e15e 0f 1f 00 nopl (%rax) <multiboot1_header_start>: 02 b0 ad 1b 03 00 add 0x31bad(%rax),%dh 00 00 add %al,(%rax) fb sti 4f 52 rex.WRXB push %r10 e4 0f in $0xf,%al <multiboot1_header_end>: 0f 1f 40 00 nopl 0x0(%rax) <multiboot2_header_start>: d6 (bad) 50 push %rax 52 push %rdx e8 00 00 00 00 callq ffff82d080200020 88 00 mov %al,(%rax)
  • 15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Trap and emulate: virtual machine monitor <_start>: e9 59 e1 17 00 jmpq ffff82d08037e15e 0f 1f 00 nopl (%rax) <multiboot1_header_start>: 02 b0 ad 1b 03 00 add 0x31bad(%rax),%dh 00 00 add %al,(%rax) fb sti 4f 52 rex.WRXB push %r10 e4 0f in $0xf,%al <multiboot1_header_end>: 0f 1f 40 00 nopl 0x0(%rax) <multiboot2_header_start>: d6 (bad) 50 push %rax 52 push %rdx e8 00 00 00 00 callq ffff82d080200020 88 00 mov %al,(%rax)
  • 16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Trap and emulate: virtual machine monitor <_start>: e9 59 e1 17 00 jmpq ffff82d08037e15e 0f 1f 00 nopl (%rax) <multiboot1_header_start>: 02 b0 ad 1b 03 00 add 0x31bad(%rax),%dh 00 00 add %al,(%rax) fb sti 4f 52 rex.WRXB push %r10 e4 0f in $0xf,%al <multiboot1_header_end>: 0f 1f 40 00 nopl 0x0(%rax) <multiboot2_header_start>: d6 (bad) 50 push %rax 52 push %rdx e8 00 00 00 00 callq ffff82d080200020 88 00 mov %al,(%rax)
  • 17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Trap and emulate: virtual machine monitor <_start>: e9 59 e1 17 00 jmpq ffff82d08037e15e 0f 1f 00 nopl (%rax) <multiboot1_header_start>: 02 b0 ad 1b 03 00 add 0x31bad(%rax),%dh 00 00 add %al,(%rax) fb sti 4f 52 rex.WRXB push %r10 e4 0f in $0xf,%al <multiboot1_header_end>: 0f 1f 40 00 nopl 0x0(%rax) <multiboot2_header_start>: d6 (bad) 50 push %rax 52 push %rdx e8 00 00 00 00 callq ffff82d080200020 88 00 mov %al,(%rax)
  • 18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Wait … what?
  • 19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Virtualisation and statistical majority?
  • 20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T What’s a statistical majority?
  • 21. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T What just happened?
  • 22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Trap and emulate <_start>: e9 59 e1 17 00 jmpq ffff82d08037e15e 0f 1f 00 nopl (%rax) <multiboot1_header_start>: 02 b0 ad 1b 03 00 add 0x31bad(%rax),%dh 00 00 add %al,(%rax) fb sti 4f 52 rex.WRXB push %r10 e4 0f in $0xf,%al <multiboot1_header_end>: 0f 1f 40 00 nopl 0x0(%rax) <multiboot2_header_start>: d6 (bad) 50 push %rax 52 push %rdx e8 00 00 00 00 callq ffff82d080200020 88 00 mov %al,(%rax)
  • 23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Hypervisor bloat …
  • 24. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. What would a virtual machine look like if it were designed for today’s world of containers and function based services?
  • 25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Firecracker RESTful API Networks Storage Rate Limiting Metadata
  • 26. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Secure
  • 27. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Secure Fast
  • 28. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Secure Fast Efficient
  • 29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Firecracker RESTful API Networks Storage Rate Limiting Metadata
  • 30. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Firecracker RESTful API Networks Storage Rate Limiting Metadata
  • 31.
  • 32. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Firecracker RESTful API Networks Storage Rate Limiting Metadata
  • 33. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Firecracker RESTful API Networks Storage Rate Limiting Metadata
  • 34. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Firecracker RESTful API Networks Storage Rate Limiting Metadata
  • 35. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Firecracker RESTful API Networks Storage Rate Limiting Metadata
  • 36. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 37. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Serverless compute at AWS
  • 38. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 39.
  • 40. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
  • 41. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T What’s new and what’s next? • [NEW] Firectl: Command-line tool for managing Firecracker MicroVMs • [NEW] Integration with container runtimes like Kata Containers • [NEXT] Integration to enable ContainerD to manage Firecracker MicroVMs
  • 42. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Wrap up • Opensource, Apache, version 2.0 license • Contribute at https://github.com/firecracker-microvm/ • Join the conversation at firecracker-microvm.slack.com
  • 43. Thank you! S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Mitch Beaumont beaumonm@amazon.com