Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

UNICORE Project Technical Overview

78 views

Published on

The H2020 UNICORE project (EC GA no. 825377) is developing tools to enable lightweight VM development to be as easy as compiling an app for an existing OS, thus unleashing the use of next generation of cloud computing services and technologies. With UNICORE toolchains for unikernels, software developers will be able to easily build and quickly deploy lightweight virtual machines starting from existing applications.
Know more about the UNICORE project in this short presentation.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

UNICORE Project Technical Overview

  1. 1. © 2019 UNICORE UNICORE A Common Code Base and Toolkit for Deployment of Applications to Secure and Reliable Execution Environments Technical Overview March 2019
  2. 2. © 2019 UNICORE The problem • We are in DevOps era • quickly developing, upgrading and deploying applications is at the core of the new IT industry • Software is more and more massively running on shared hardware • efficiency but also need for isolation, lightweight sw image footprints, fast boot, etc. • Standard VMs can be heavy load (image size, excessive memory and disk space, long boot time) • Containers are faster, but offer poor isolation UNIKERNELS (lightweight VM) can be the solution
  3. 3. © 2019 UNICORE Unikernels‘ Potential ▌Fast instantiation, destruction and migration time 10s of milliseconds or less (and as little as 2.3ms) (LigthVM [Manco SOSP 2017], Jitsu [Madhvapeddy, NSDI 2015]) ▌Low memory footprint Few MBs of RAM or less (ClickOS [Martins NSDI 2014]) ▌High density 8k guests on a singlex86 server (LigthVM [Manco SOSP 2017]) ▌High Performance 10-40Gbit/s throughput with a single guest CPU (ClickOS [Martins NSDI 2014], Elastic CDNs [Kuenzer VEE 2017]) ▌Reduced attack surface Small trusted compute base Strong isolation by hypervisor
  4. 4. © 2019 UNICORE The (Big) Downside with Unikernels • Today, each optimized unikernel is manually built • Image build takes several months or longer  • Wash, rinse, repeat for each target application • Need for significant expert resources on OS, computer systems, kernel, etc.
  5. 5. © 2019 UNICORE UNICORE is developing tools to enable lightweight VM development to be as easy as  compiling an app for an existing OS UNICORE will release an open‐source toolchain to enable secure and portable unikernel  development •Developing unikernel based applications will be reduced to slight changes in the app Makefile, choosing from a menu of available implementations for the required system functionality, and compiling the app UNICORE can unleash the use of next generation of cloud computing services and  technologies UNICORE in a nutshell
  6. 6. © 2019 UNICORE Unicore Tool Ecosystem
  7. 7. © 2019 UNICORE The Unicore Toolkit • Decomposition tool to assist developers in breaking existing monolithic software into smaller components. • Dependency analysis tool to analyze existing, unmodified applications to determine which set of libraries and OS primitives are absolutely necessary for correct execution. • Automatic build tool to match the requirements derived by the dependency analysis tools to the available libraries constructed by the OS decomposition tools. • Verification tool to ensure that the functionality of the resulting, specialized OS+application matches that of the application running on a standard OS. The tools will also take care of ensuring software quality. • Performance optimization tool to analyze the running specialized OS+application and to use this information as input to the automatic build tools so that they can generate even more optimized images.
  8. 8. © 2019 UNICORE Project Objectives Unikernel  toolchain •Objective 1: Fine‐Grained OS Decomposition and Code Re‐use  •Objective 2: Automated, Multi‐platform Unikernel Construction  •Objective 3: Automated Unikernel Verification, Security and Safety  •Objective 4: Automated Unikernel Performance Optimization  Use  Cases •Objective 5: Efficient Serverless Computing in Clouds  •Objective 6: Efficient and Secure NFV Deployment  •Objective 7: Privacy‐aware, Cheap IoT Platform Cloud Offloading  •Objective 8: Secure, Deterministic Smart Contracts  Impact  achievement •Objective 9: Foster Market Adoption for Unikernels  •Objective 10: Time‐to‐Market Reduction for Secure  Software Development and Deployment 
  9. 9. © 2019 UNICORE Work breakdown WP1: Project Management WP6: Exploitation and Dissemination H2020  projects Open  source WP2: Platform  Design and  Evaluation WP3: Core  Implementation WP4: Toolstack  Implementation WP5: Unikernels in Practice Serverless computing  – lambda services Home  automation/IoT NFV/MEC/RAN  virtualization Smart contracts Industrial  exploitation dissemination
  10. 10. © 2019 UNICORE UNICORE Use Case Serverless Computing for novel cloud platforms • Rationale: Current implementations of serverless computing platforms either use containers (being thus insecure) or rely on full blown VMs which makes them highly inefficient (e.g. Amazon EC2’s lambda services) • Goal: Use UNICORE technology and APIs to enable novel serverless computing • Develop a lambda services offering based on UNICORE and execute trial in Barcelona, providing services (web crawling and video transcoding functions) to citizens and especially to the university and research community • Integrate unikernels in PacketCloud, an edge serverless computing platform developed by Correct Networks, and use UNICORE tools to develop a unikernel to run lambda functions written in Node.js • Target TRL: 7‐8
  11. 11. © 2019 UNICORE UNICORE Use Case Efficient, Secure Network Function Virtualization • Rationale: The holy grail of a Network Function Virtualization (NFV) implementation is the ability to dynamically provision network components, services and applications in a matter of minutes rather than the weeks or months it takes to do so now • Goal: With boot‐times in the order of milliseconds, unikernels will provide disrupting NFV solutions • Universal CPE. Use UNICORE tools to develop a footprint optimized virtual router (vCPE) and micro‐services (such as DHCP servers, NAT or probes) running on lightweight virtual machines that offer good performance, while offering strong isolation and tangible security guarantees • Broadband Network Gateway for wired Internet access. Upgrade from a monolithic approach using Linux on the Broadband Network Gateway (BNG) to one with unikernel VMs with each Point‐to‐Point Protocol over Ethernet (PPPoE) session running in a separate unikernel VM (disaggregated BNG) • Wireless 5G vRAN NFV Clusters. Ports 4G and 5G control plane (Layer 3) vRAN VNFs to Unikernels to target real world 5G testbeds. Additionally, MEC apps and user plane VNFs will be experimented evaluated for similar commercial deployments • Target TRL: 8
  12. 12. © 2019 UNICORE UNICORE Use Case Internet of Things • Rationale: Offloading IoT platform controllers to the cloud is not a new area, yet valid privacy concerns raised by clouds run in different jurisdictions hamper offloading, forcing IoT systems to install hardware in the home to control IoT devices, and reducing economic efficiency • Goal: Migrate to unikernels a selected set of application services from commercial “digital living” platforms currently deployed in VMs and containers • Symphony IoT platform by Nextworks. Use UNICORE tools to develop unikernels for home and building automation, data storage and analytics, media services and voice/video communications. • Use PacketCloud serverless computing functions to develop a proof‐of‐concept IoT controller • Target TRL: 7
  13. 13. © 2019 UNICORE UNICORE Use Case Smart Contracts • Rationale: The main challenges for smart contracts in a blockchain environment are ensuring deterministic execution support because all participants need to be able to verify the result of a smart contract; safe running of untrusted code, to avoid security issues on the nodes involved in the system; and handling the interaction between smart contracts • Goal: Migrate to unikernels a selected set of application services from commercial “digital living” platforms currently deployed in VMs and containers • Create a permissioned blockchain called skipchain that includes precompiled smart contracts, but that lacks so far the possibility to run smart contracts provided by the users. • Target TRL: 7
  14. 14. © 2019 UNICORE Consortium Symbolic execution,  deterministic execution,  NFV use case Project Coordinator Host infrastructure in  support of unikernels  (containers, VMs) WP4 leader Microlibraries, build system, performance tools Technical Coordinator &  WP3 leader Deterministic execution support, smart contracts use case Testbeds/infrastructure,  tools integration,  serverless use case WP2 leader Microlibraries, APIs,  security primitives,  performance tool System reqs, NFV  use case (5G vRAN) Systems security and  safety primitives Home automation/IoT use case WP6 leader NFV use cases,  industrial exploitation NFV use case Serverless /  IoT use cases
  15. 15. © 2019 UNICORE Comments? Questions? www.linkedin.com/groups/8752067 info@unicore-project.eu @unicore_project This project has received funding from the European  Union's Horizon 2020 research and innovation  programme under grant agreement No 825377

×