Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cigna Innovation Summit

541 views

Published on

My talk at Cigna Innovation Summit at Sep 17.
Unik & Squash.

Published in: Software
  • Be the first to comment

  • Be the first to like this

Cigna Innovation Summit

  1. 1. Linux, Unikernel, LinuxKit: towards redefining the cloud stack. IDIT LEVINE
  2. 2. Problem
  3. 3. Cloud Stack Application Configuration Application Language Runtime Shared Libraries Docker Runtime OS User Processes OS Kernel Virtual HW Drivers Hypervisor Hardware Drivers Hardware The aim is to run single Application with a single user on a single server
  4. 4. Linux Kernel
  5. 5. Linux Kernel Memory Management Protection Rings Device Management
  6. 6. Linux Kernel
  7. 7. Driver management
  8. 8. Memory management
  9. 9. Security https://github.com/cf-unik/unik/wiki/Worried-about-IoT-DDoS%3F-Think-Unikernels
  10. 10. Linux kernel languages C Assembly C++ XML Make Perl Shell Script Python HTML TeX/LaTeX AWK Scheme Objective-C Autoconf XSL Tranformation Vim Script Automake
  11. 11. SOURCE lines of code Small Applications: 10Ks Medium to large applications: 100Ks Really huge applications: 1Ms
  12. 12. 2.4 5.2 11 12.6 13.5 15.9 22 0 5 10 15 20 25 Linux kernel 2.4.2 Linux kernel 2.6.0 Linux kernel 2.6.29 Linux kernel 2.6.32 Linux kernel 2.6.35 Linux kernel 3.6 Linux kernel pre-4.2 2001 2003 2009 2009 2010 2012 2015 Linux Kernel SLOC
  13. 13. 59 104 215 283 324 419 0 50 100 150 200 250 300 350 400 450 Debian 2.2 Debian 3.0 Debian 3.1 Debian 4.0 Debian 5.0 Debian 7.0 2000 2002 2005 2007 2009 2012 Debian SLOC
  14. 14. How did we get here ? Evolution ! Unix was supported us the entire way!
  15. 15. Decades of backwards compatibility What can linux run on ? What can run on linux ? Anything ! Anything !
  16. 16. Trade Off VS Compatibility Efficiency
  17. 17. Solution LINUXKIT
  18. 18. LinuxKit announcement DockerCon
  19. 19. Solution UNIKERNELS
  20. 20. Traditional approach Application Kernel libc libz iconv openGL gtk libgmp libtlc Libstd++ libgcc
  21. 21. Traditional approach Application Kernel libc libz iconv openGL gtk libgmp libtlc Libstd++ libgcc
  22. 22. Unikernels Design decision: support only single process & single user The aim is to run single Application with a single user on a single server Protection RingsMemory Management
  23. 23. Unikernels Creation App Binary App Config App Deps Virt, HW Drivers Langue runtime ApplicationRuntime Packaging Tool Unikernel!
  24. 24. How can unikernels help address our problems? Application Config Application Language Runtime Shared Libraries Docker Runtime OS User Processes OS Kernel Virtual HW Drivers Hypervisor Hardware Drivers Hardware Minimal layers of isolation and abstraction Includes only what is really needed Less code, fewer bugs, easy to reason about
  25. 25. Application Binary + Library OS Hypervisor Hardware Drivers Hardware Application Config Application Language Runtime Shared Libraries Docker Runtime OS User Processes OS Kernel Virtual HW Drivers Hypervisor Hardware Drivers Hardware
  26. 26. Application Binary + Library OS Hypervisor Hardware Drivers Hardware Application Config Application Language Runtime Shared Libraries Docker Runtime OS User Processes OS Kernel Hardware Drivers Hardware Hardware isolation provide by the hypervisor
  27. 27. Unikernel advantages • No permission checks – you can utilize 100% of your hardware • Isolation at the virtual hardware – only ! share only hardware • Minimal virtual machine ~1 gb in size, minimal unikernel is tiny, kb in size • Very short boot time • A tiny custom surface of attack, less likely to be effected by a public exploit • Real immutable infrastructure – perfect fit to micro services architecture
  28. 28. Benchmark
  29. 29. unik build --path example-app/ --base unikernel-type --language language --provider provider-name --name image-name unik run --instanceName instance-name –imageName image-name UniK UniK is an open-source tool written in Go for compiling applications into unikernels and deploying those unikernels across a variety of cloud providers, embedded devices (IoT), as well as a developer laptop or workstation.
  30. 30. Build anything run everywhere Unikernel types Cloud providers Processor architectures
  31. 31. Demo UniK
  32. 32. Unik integration with kubernetes Unikernels support was added to Kubernetes by the UniK team by adding UniK as a container runtime to K8s - in the same way that Docker and rkt are container runtimes, UniK is now also available as a "container" runtime for k8s.
  33. 33. Unik kubernetes architecture unikernels Now one can deploy a unikernel apps alongside regular kubernetes containerized apps. Next integration refactor: Container Runtime Interface (CRI) will be used.
  34. 34. Demo Kubernetes
  35. 35. Unik integration with Cloud Foundry To provide the user with a seamless PaaS experience, UniK is integrated as a backend to Cloud Foundry runtime. Next integration integration via Garden.
  36. 36. Unik tooling: unik hub
  37. 37. Unik tooling: Debug
  38. 38. Microservices tooling: Debug • The most primitive form of debugging, we all do it! • However, extremely difficult to capture all state, and thus can be used only for small bugs Won’t it be a good idea to seamlessly integrate existence debugger to leading platforms and leverage them to debug microservices applications ?
  39. 39. squash: distributed debugger squash platforms debuggers IDEs
  40. 40. Demo squash
  41. 41. Benefits of Unikernels TO the internet of things LITE ON ENERGYSECURITY EFFICIENCY USECASESWORRIED ABOUT IOT DDOS? THINK UNIKERNELS
  42. 42. Demo IoT Security
  43. 43. Unik in the open source community
  44. 44. Follow me: @Idit_Levine Follow solo.io: @GetSoloIO

×