UPDATED OCTOBER 2015: Unikernels are small, fast, easily deployable, and very secure application stacks. Lacking a traditional operating system layer, they provide a new way of looking at the cloud which goes beyond the methodologies used by Docker and other container technologies.
This is an update of the deck as delivered by Russell Pavlicek. This includes some ground-breaking work done in the Rump Kernel project to bring web servers, database, and scripting language into the world of Unikernels.
Deck result of the Ohio Linuxfest 2015 in Columbus, OH.
Unikernel User Summit 2015: The Next Generation Cloud: Unleashing the Power o...The Linux Foundation
Xen Project Evangelist Russell Pavlicek's presentation at the Unikernel User Summit at Texas Linux Fest 2015. An overview of the world of unikernels and their importance for the future. Beyond Docker and containers, unikernels are smaller, lighter, and more secure than any workload currently in the cloud.
Unikernels are constructed by combining application code with only the operating system components necessary for that code to run. The result is a highly specialized, single-purpose application which can be deployed directly to the cloud or onto IoT-like devices. Unikernels reduce software complexity by only including code that is required, resulting in portable applications with much smaller footprints and fast boot times.
By combining the familiar tooling and portability of Docker with the efficiency and specialization of next-generation unikernel technology, organizations have a flexible platform to build, ship and run distributed applications without being restricted to a particular infrastructure. Because workloads that reach the data center today are on a spectrum from physical machine to container to hypervisor, only the Docker platform can further widen the scope and provide more flexibility for orchestrating hybrid applications.
Watch the video from Docker Online Meetup #31: https://blog.docker.com/2016/01/docker-online-meetup-unikernels/
CIF16: Unikernels, Meet Docker! Containing Unikernels (Richard Mortier, Anil ...The Linux Foundation
Unikernels are a burgeoning technology, ripe for deployment in a range of situations, from cloud-hosted microservices to Internet-of-Things platforms. By compiling and linking only the required code, they offer a range of benefits over traditional OS-hosted deployments, notably efficiency and, through smaller attack surfaces, security. While increasing in maturity, to date they have remained something of a technologists' choice: technically compelling but requiring considerable effort to build, deploy and use.
To address this, some in the community have spent time trying to integrate unikernel management with the popular Docker container management stack. By enabling unikernels to be managed using the standard Docker command line tools, we bring all the ease-of-use and common understandings of that toolchain to bear on this exciting technology.
After giving some context to the challenges faced, we will demonstrate building and running a simple LAMP-like stack using Docker to build and manage Rumprun and MirageOS Unikernels.
Thanks to Amir Chaudhry, Justin Cormack, Martin Lucina, Mindy Preston and Jeremy Yallop for assistance in building this demo!
Unikernel User Summit 2015: Getting started in unikernels using the rump kernelThe Linux Foundation
Justin Cormack's presentation at the Unikernel User Summit at Texas Linux Fest 2015. He discusses the basic principles and techniques for using Rump Kernels to power POSIXy workloads in a small, fast, and secure package.
XPDS14: Unikernels: Who, What, Where, When, Why - Adam Wick, GaloisThe Linux Foundation
Over the last several years, I and others have talked about the promise of unikernels — single-purpose, lightweight virtual machines — in the cloud. However, all of these talks have simply presented our architectures and speculated about their usefulness. Over the last several years, Galois has actually been using unikernels to implement interesting components in critical systems: non-bypassable encryption components, network monitors and alarms, platform obfuscation capabilities, Tor nodes, network re-routers, and so on. In this talk, I will speak briefly on each of them and ask the question: Was a unikernel a good platform for this project? If so, why? If not, why not? What are the general rules we can infer about when unikernels are useful, and what part of the cloud ecosystem they are best suited to serve?
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)The Linux Foundation
The confluence of a number of relatively recent trends including the development of virtualization technologies, the deployment of micro datacenters at PoPs, and the availability of microservers, opens up the possibility of evolving the cloud, and the network it is connected to, towards a superfluid cloud: a model where parties other than infrastructure owners can quickly deploy and migrate virtualized services throughout the network (in the core, at aggregation points and at the edge), enabling a number of novel use cases including virtualized CPEs and on-the-fly services, among others. Towards this goal, we identify a number of required mechanisms and present early evaluation results of their implementation.
On an inexpensive commodity server, we are able to concurrently run up to 10,000 specialized virtual machines (based on unikernels), instantiate a VM in as little as 10 milliseconds, and migrate it in under 100 milliseconds.
Unikernel User Summit 2015: The Next Generation Cloud: Unleashing the Power o...The Linux Foundation
Xen Project Evangelist Russell Pavlicek's presentation at the Unikernel User Summit at Texas Linux Fest 2015. An overview of the world of unikernels and their importance for the future. Beyond Docker and containers, unikernels are smaller, lighter, and more secure than any workload currently in the cloud.
Unikernels are constructed by combining application code with only the operating system components necessary for that code to run. The result is a highly specialized, single-purpose application which can be deployed directly to the cloud or onto IoT-like devices. Unikernels reduce software complexity by only including code that is required, resulting in portable applications with much smaller footprints and fast boot times.
By combining the familiar tooling and portability of Docker with the efficiency and specialization of next-generation unikernel technology, organizations have a flexible platform to build, ship and run distributed applications without being restricted to a particular infrastructure. Because workloads that reach the data center today are on a spectrum from physical machine to container to hypervisor, only the Docker platform can further widen the scope and provide more flexibility for orchestrating hybrid applications.
Watch the video from Docker Online Meetup #31: https://blog.docker.com/2016/01/docker-online-meetup-unikernels/
CIF16: Unikernels, Meet Docker! Containing Unikernels (Richard Mortier, Anil ...The Linux Foundation
Unikernels are a burgeoning technology, ripe for deployment in a range of situations, from cloud-hosted microservices to Internet-of-Things platforms. By compiling and linking only the required code, they offer a range of benefits over traditional OS-hosted deployments, notably efficiency and, through smaller attack surfaces, security. While increasing in maturity, to date they have remained something of a technologists' choice: technically compelling but requiring considerable effort to build, deploy and use.
To address this, some in the community have spent time trying to integrate unikernel management with the popular Docker container management stack. By enabling unikernels to be managed using the standard Docker command line tools, we bring all the ease-of-use and common understandings of that toolchain to bear on this exciting technology.
After giving some context to the challenges faced, we will demonstrate building and running a simple LAMP-like stack using Docker to build and manage Rumprun and MirageOS Unikernels.
Thanks to Amir Chaudhry, Justin Cormack, Martin Lucina, Mindy Preston and Jeremy Yallop for assistance in building this demo!
Unikernel User Summit 2015: Getting started in unikernels using the rump kernelThe Linux Foundation
Justin Cormack's presentation at the Unikernel User Summit at Texas Linux Fest 2015. He discusses the basic principles and techniques for using Rump Kernels to power POSIXy workloads in a small, fast, and secure package.
XPDS14: Unikernels: Who, What, Where, When, Why - Adam Wick, GaloisThe Linux Foundation
Over the last several years, I and others have talked about the promise of unikernels — single-purpose, lightweight virtual machines — in the cloud. However, all of these talks have simply presented our architectures and speculated about their usefulness. Over the last several years, Galois has actually been using unikernels to implement interesting components in critical systems: non-bypassable encryption components, network monitors and alarms, platform obfuscation capabilities, Tor nodes, network re-routers, and so on. In this talk, I will speak briefly on each of them and ask the question: Was a unikernel a good platform for this project? If so, why? If not, why not? What are the general rules we can infer about when unikernels are useful, and what part of the cloud ecosystem they are best suited to serve?
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)The Linux Foundation
The confluence of a number of relatively recent trends including the development of virtualization technologies, the deployment of micro datacenters at PoPs, and the availability of microservers, opens up the possibility of evolving the cloud, and the network it is connected to, towards a superfluid cloud: a model where parties other than infrastructure owners can quickly deploy and migrate virtualized services throughout the network (in the core, at aggregation points and at the edge), enabling a number of novel use cases including virtualized CPEs and on-the-fly services, among others. Towards this goal, we identify a number of required mechanisms and present early evaluation results of their implementation.
On an inexpensive commodity server, we are able to concurrently run up to 10,000 specialized virtual machines (based on unikernels), instantiate a VM in as little as 10 milliseconds, and migrate it in under 100 milliseconds.
CIF16: Unikernels: The Past, the Present, the Future ( Russell Pavlicek, Xen ...The Linux Foundation
This talk will give an overview of Unikernel technology: what they are, why they are important, and what challenges and innovations are likely to appear in the future. We will discuss the nature of the Unikernel, what capabilities it brings to the table, and how it changes the nature of the cloud as we know it.
CIF16: Rethinking Foundations for Zero-devops Clouds (Maxim Kharchenko, Cloud...The Linux Foundation
The unikernel approach should not be limited to cloud workloads. The cloud infrastructure itself must be built around the same principles. Our goal is to be able to unroll a private cloud on a hundred of servers within an hour. The resultant cloud infrastructure should not require any maintenance afterwards. The talk discusses the current progress of Cloudozer in making this vision a reality.
CIF16: Knock, Knock: Unikernels Calling! (Richard Mortier, Cambridge University)The Linux Foundation
The lightweight and secure nature of Unikernels means that a prime use-case is to customise network behaviour. At the same time, the high-level languages that many are written in means that this sort of low-level coding is opened up to those who might not traditionally consider themselves "systems developers".
MirageOS is a particular unikernel platform built in the OCaml functional programming language. Able to seamlessly target a range of environments, from a local (POSIX) development environment to Xen virtual machines running on the cloud, it is a prime example of the ways that unikernels open up low-level development.
I will briefly introduce MirageOS before walking through an example developing and then running on Xen a simple network proxy using MirageOS. This proxy will implement a basic form of port-knocking, requiring a sequence of TCP connections (SYNs) to be made to the proxy to indicate a target, before permitting an outgoing connection to that target to be made.
Thanks to Thomas Gazagnaire for the material used in the walkthrough!
Unikernel – an executable image that can run natively on a hypervisor without the need for a separate operating system – are rapidly gaining momentum. To integrate unikernels into the echo-system, cloud-computing platforms as a service are required to provide unikernels with the same services they provide for constrainers. Here we present Unik, a open source (goo.gl/iEesqK) orchestration system for unikernels. Unik handles the compilation of libraries and applications for running on verity of cloud providers, manages their scheduling, and ensures their health. To provide the user with a seamless PaaS experience, Unik is integrated as a backend to Docker, Kubernetes & Cloud Foundry runtime.
CIF16: Solo5: Building a Unikernel Base From Scratch (Dan Williams, IBM)The Linux Foundation
Unikernels offer a exciting opportunity to rethink kernel design choices and experiment with new low-level features that may affect the performance and security of applications in the cloud and ultimately change the way they are used. This talk is about my experience building Solo5, an open-source kernel library that runs directly on virtual hardware, at the lowest layer of a unikernel. The goal of Solo5 is to better understand the effect of the lowest layer of a unikernel on its behavior (e.g., performance), bring MirageOS to more hypervisors, and also provide a platform for further experimentation with unikernel architectures.
Many of the most popular Unikernels (including MirageOS and ClickOS) rely on Xen Project's Mini-OS as a thin kernel library between the (para)virtual hardware and the rest of the unikernel. These unikernels are reported to have impressive performance, especially boot time (~20ms), which challenges traditional notions of the cost of virtualization. With Solo5, we first ask the question: what role does Mini-OS (or paravirtualization) play in achieving this performance?
Like Mini-OS, Solo5 is a thin kernel library. Unlike Mini-OS, Solo5 runs on fully virtualized hardware rather than paravirtualized hardware. In particular, Solo5 runs on KVM/QEMU (or other x86_64 virtualization environments that expose virtio devices). It currently supports MirageOS unikernels and therefore can can be thought of as an alternative to Xen Project's Mini-OS that runs underneath OCaml in a typical MirageOS stack.
Solo5 is very much a work in progress. I will describe some of the interesting directions going forward, show a demo of a MirageOS/Solo5 unikernel running on KVM/QEMU, and detail the steps for others to get involved and try it out!
OSv: probably the best OS for cloud workloads you've never hear ofrhatr
OSv is the revolutionary new open source technology that combines the power of virtualization and micro-services architecture. This combination allows unmodified applications deployed in a virtualized environment to outperform bare-metal deployments. Yes. You've heard it right: for the first time ever we can stop asking the question of how much performance would I lose if I virtualize. OSv lets you ask a different question: how much would my application gain in performance if I virtualize it. This talk will start by looking into the architecture of OSv and the kind of optimizations it makes possible for native, unmodified applications. We will then focus on JVM-specific optimizations and specifically on speedups available to big data management distributed applications. Finally, we will look into the relationship between OSv and Docker and how that layering can help make OSv a secret sauce for turbo-charging Cloud Foundry application deployments.
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...The Linux Foundation
An important facilitator of Unikernel development, Xen Project continues to develop new and interesting technologies to support the needs of the next generation datacenter. Potentially game-changing technologies like Unikernels will never reach their full potential unless the hypervisor they rely on can handle a large number of potentially tiny VMs effectively and efficiently.
In this talk, Xen Project Advisory Board Chairman Lars Kurth will discuss some of the major advances in the hypervisor produced in last year's releases (4.5 and 4.6). He will also discuss some of the work in development which could appear in upcoming releases.
In this talk, we will give an overview of the state of the Xen Project, trends that impact the project, see whether challenges that surfaced last year have been addressed and how we did it, and highlight new challenges and solutions for the coming year.
Docker Online Meetup #30: Docker Trusted Registry 1.4.1Docker, Inc.
In this Docker Online Meetup, Docker Software Engineer Tony Holdstock-Brown discusses the latest features in Docker Trusted Registry 1.4.1 including:
- Image deletion and garbage collection
- Set up, and manage user accounts, teams, organizations, and repositories from either APIs or through the Trusted Registry user interface
- Search, browse, and discover images created by other users through either APIs or through the Trusted Registry UI
- New APIs for accessing repositories, account management, indexing, searching, and reindexing
- New experimental feature: Docker Trusted Registry now integrates with Docker Content Trust using Notary
Presentation given at the 2017 LinuxCon China
Unikernel is a novel software technology that links an application with OS in the form of a library and packages them into a specialized image that facilitates direct deployment on a hypervisor. Comparing to the traditional VM or the recent containers, Unikernels are smaller, more secure and efficient, making them ideal for cloud environments. There are already lots of open source projects like OSv, Rumprun and so on. But why these existing unikernels have yet to gain large popularity broadly? We think Unikernels are facing three major challenges: 1. Compatibility with existing applications; 2. Lack of production support (e.g. monitoring, debugging, logging); 3. Lack of compelling use case. In this presentation, we will review our investigations and exploration of if-how we can convert Linux as Unikernel to eliminate these significant shortcomings, plus some explorations of coordinating and cooperating with hypervisor.
Metrics towards enterprise readiness of unikernelsMadhuri Yechuri
Evaluation of 3 platforms (VM, container, unikernel) using subset of metrics important to 3 sets of enterprise stakeholders: developers/DevOps, CIO, and customers.
In this talk, Tim Bird will discuss the recent status of the Linux with regard to embedded systems. This will include a review of the last year's worth of mainline kernel releases, as well as topic areas specifically related to embedded, such as boot-up time, security, system size, etc. Tim will also present recent and planned work by the Core Embedded Linux Project of the Linux Foundation, and discuss the current status of Linux in various markets and fields. Tim will go over current areas of work, and discuss remaining challenges faced by Linux in embedded projects.
OSAC16: Unikernel-powered Transient Microservices: Changing the Face of Softw...Russell Pavlicek
In most current microservice-based architectures, the machine images powering the microservice are quite traditional: a full software stack from operating system to application, which takes significant resources to host and plenty of time to start and stop. As a result, most current microservice workloads are persistent, having to start before they are needed and sitting idle when there’s no work to do. This wastes precious resources and slows the application’s ability to scale out as workloads require.
The arrival of lightweight technologies like Docker and containers have opened the door to lighter workloads in the microservice arena, but the advent of unikernels might be a game changer. These ultralight, highly secure workloads combine the entire software stack—from operating system functions to application—into a single, tiny package that runs directly on a hypervisor. Start times for many unikernel-based VMs can be measured in milliseconds, raising the question: why waste time and resources with persistent microservices? Why not consider transient microservices, which appear when there is something to do and disappear immediately thereafter?
While the use of transient microservices could free up much computing power, it will also change the architecture and orchestration of software solutions. The concept of services that may have a lifetime measured in seconds—or less—does not currently exist in popular cloud-based systems.
This ppt discusses the history of both the operating systems & compares both of them in terms of Kernel, memory management, GUI and application support.
CIF16: Unikernels: The Past, the Present, the Future ( Russell Pavlicek, Xen ...The Linux Foundation
This talk will give an overview of Unikernel technology: what they are, why they are important, and what challenges and innovations are likely to appear in the future. We will discuss the nature of the Unikernel, what capabilities it brings to the table, and how it changes the nature of the cloud as we know it.
CIF16: Rethinking Foundations for Zero-devops Clouds (Maxim Kharchenko, Cloud...The Linux Foundation
The unikernel approach should not be limited to cloud workloads. The cloud infrastructure itself must be built around the same principles. Our goal is to be able to unroll a private cloud on a hundred of servers within an hour. The resultant cloud infrastructure should not require any maintenance afterwards. The talk discusses the current progress of Cloudozer in making this vision a reality.
CIF16: Knock, Knock: Unikernels Calling! (Richard Mortier, Cambridge University)The Linux Foundation
The lightweight and secure nature of Unikernels means that a prime use-case is to customise network behaviour. At the same time, the high-level languages that many are written in means that this sort of low-level coding is opened up to those who might not traditionally consider themselves "systems developers".
MirageOS is a particular unikernel platform built in the OCaml functional programming language. Able to seamlessly target a range of environments, from a local (POSIX) development environment to Xen virtual machines running on the cloud, it is a prime example of the ways that unikernels open up low-level development.
I will briefly introduce MirageOS before walking through an example developing and then running on Xen a simple network proxy using MirageOS. This proxy will implement a basic form of port-knocking, requiring a sequence of TCP connections (SYNs) to be made to the proxy to indicate a target, before permitting an outgoing connection to that target to be made.
Thanks to Thomas Gazagnaire for the material used in the walkthrough!
Unikernel – an executable image that can run natively on a hypervisor without the need for a separate operating system – are rapidly gaining momentum. To integrate unikernels into the echo-system, cloud-computing platforms as a service are required to provide unikernels with the same services they provide for constrainers. Here we present Unik, a open source (goo.gl/iEesqK) orchestration system for unikernels. Unik handles the compilation of libraries and applications for running on verity of cloud providers, manages their scheduling, and ensures their health. To provide the user with a seamless PaaS experience, Unik is integrated as a backend to Docker, Kubernetes & Cloud Foundry runtime.
CIF16: Solo5: Building a Unikernel Base From Scratch (Dan Williams, IBM)The Linux Foundation
Unikernels offer a exciting opportunity to rethink kernel design choices and experiment with new low-level features that may affect the performance and security of applications in the cloud and ultimately change the way they are used. This talk is about my experience building Solo5, an open-source kernel library that runs directly on virtual hardware, at the lowest layer of a unikernel. The goal of Solo5 is to better understand the effect of the lowest layer of a unikernel on its behavior (e.g., performance), bring MirageOS to more hypervisors, and also provide a platform for further experimentation with unikernel architectures.
Many of the most popular Unikernels (including MirageOS and ClickOS) rely on Xen Project's Mini-OS as a thin kernel library between the (para)virtual hardware and the rest of the unikernel. These unikernels are reported to have impressive performance, especially boot time (~20ms), which challenges traditional notions of the cost of virtualization. With Solo5, we first ask the question: what role does Mini-OS (or paravirtualization) play in achieving this performance?
Like Mini-OS, Solo5 is a thin kernel library. Unlike Mini-OS, Solo5 runs on fully virtualized hardware rather than paravirtualized hardware. In particular, Solo5 runs on KVM/QEMU (or other x86_64 virtualization environments that expose virtio devices). It currently supports MirageOS unikernels and therefore can can be thought of as an alternative to Xen Project's Mini-OS that runs underneath OCaml in a typical MirageOS stack.
Solo5 is very much a work in progress. I will describe some of the interesting directions going forward, show a demo of a MirageOS/Solo5 unikernel running on KVM/QEMU, and detail the steps for others to get involved and try it out!
OSv: probably the best OS for cloud workloads you've never hear ofrhatr
OSv is the revolutionary new open source technology that combines the power of virtualization and micro-services architecture. This combination allows unmodified applications deployed in a virtualized environment to outperform bare-metal deployments. Yes. You've heard it right: for the first time ever we can stop asking the question of how much performance would I lose if I virtualize. OSv lets you ask a different question: how much would my application gain in performance if I virtualize it. This talk will start by looking into the architecture of OSv and the kind of optimizations it makes possible for native, unmodified applications. We will then focus on JVM-specific optimizations and specifically on speedups available to big data management distributed applications. Finally, we will look into the relationship between OSv and Docker and how that layering can help make OSv a secret sauce for turbo-charging Cloud Foundry application deployments.
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...The Linux Foundation
An important facilitator of Unikernel development, Xen Project continues to develop new and interesting technologies to support the needs of the next generation datacenter. Potentially game-changing technologies like Unikernels will never reach their full potential unless the hypervisor they rely on can handle a large number of potentially tiny VMs effectively and efficiently.
In this talk, Xen Project Advisory Board Chairman Lars Kurth will discuss some of the major advances in the hypervisor produced in last year's releases (4.5 and 4.6). He will also discuss some of the work in development which could appear in upcoming releases.
In this talk, we will give an overview of the state of the Xen Project, trends that impact the project, see whether challenges that surfaced last year have been addressed and how we did it, and highlight new challenges and solutions for the coming year.
Docker Online Meetup #30: Docker Trusted Registry 1.4.1Docker, Inc.
In this Docker Online Meetup, Docker Software Engineer Tony Holdstock-Brown discusses the latest features in Docker Trusted Registry 1.4.1 including:
- Image deletion and garbage collection
- Set up, and manage user accounts, teams, organizations, and repositories from either APIs or through the Trusted Registry user interface
- Search, browse, and discover images created by other users through either APIs or through the Trusted Registry UI
- New APIs for accessing repositories, account management, indexing, searching, and reindexing
- New experimental feature: Docker Trusted Registry now integrates with Docker Content Trust using Notary
Presentation given at the 2017 LinuxCon China
Unikernel is a novel software technology that links an application with OS in the form of a library and packages them into a specialized image that facilitates direct deployment on a hypervisor. Comparing to the traditional VM or the recent containers, Unikernels are smaller, more secure and efficient, making them ideal for cloud environments. There are already lots of open source projects like OSv, Rumprun and so on. But why these existing unikernels have yet to gain large popularity broadly? We think Unikernels are facing three major challenges: 1. Compatibility with existing applications; 2. Lack of production support (e.g. monitoring, debugging, logging); 3. Lack of compelling use case. In this presentation, we will review our investigations and exploration of if-how we can convert Linux as Unikernel to eliminate these significant shortcomings, plus some explorations of coordinating and cooperating with hypervisor.
Metrics towards enterprise readiness of unikernelsMadhuri Yechuri
Evaluation of 3 platforms (VM, container, unikernel) using subset of metrics important to 3 sets of enterprise stakeholders: developers/DevOps, CIO, and customers.
In this talk, Tim Bird will discuss the recent status of the Linux with regard to embedded systems. This will include a review of the last year's worth of mainline kernel releases, as well as topic areas specifically related to embedded, such as boot-up time, security, system size, etc. Tim will also present recent and planned work by the Core Embedded Linux Project of the Linux Foundation, and discuss the current status of Linux in various markets and fields. Tim will go over current areas of work, and discuss remaining challenges faced by Linux in embedded projects.
OSAC16: Unikernel-powered Transient Microservices: Changing the Face of Softw...Russell Pavlicek
In most current microservice-based architectures, the machine images powering the microservice are quite traditional: a full software stack from operating system to application, which takes significant resources to host and plenty of time to start and stop. As a result, most current microservice workloads are persistent, having to start before they are needed and sitting idle when there’s no work to do. This wastes precious resources and slows the application’s ability to scale out as workloads require.
The arrival of lightweight technologies like Docker and containers have opened the door to lighter workloads in the microservice arena, but the advent of unikernels might be a game changer. These ultralight, highly secure workloads combine the entire software stack—from operating system functions to application—into a single, tiny package that runs directly on a hypervisor. Start times for many unikernel-based VMs can be measured in milliseconds, raising the question: why waste time and resources with persistent microservices? Why not consider transient microservices, which appear when there is something to do and disappear immediately thereafter?
While the use of transient microservices could free up much computing power, it will also change the architecture and orchestration of software solutions. The concept of services that may have a lifetime measured in seconds—or less—does not currently exist in popular cloud-based systems.
This ppt discusses the history of both the operating systems & compares both of them in terms of Kernel, memory management, GUI and application support.
OSCON: Unikernels and Docker: From revolution to evolutionDocker, Inc.
with Richard Mortier and Anil Madhavapeddy
Unikernels are a growing technology that augment existing virtual machine and container deployments with compact, single-purpose appliances. Two main flavors exist: clean-slate unikernels, which are often language specific, such as MirageOS (OCaml) and HaLVM (Haskell), and more evolutionary unikernels that leverage existing OS technology recreated in library form, notably Rump Kernel used to build Rumprun unikernels.
Linux, Unikernel, LinuxKit: towards redefining the cloud stack.Idit Levine
One of the major announcement last week at DockerCon 2017 was LinuxKit, a tool to create minimal and safer operating system for running your containers.
This announcement marks a new phase in the quest to redefine the the stack in the cloud, which had started with the introduction of Unikernels.
In this session we will provide a deep dive on LinuxKit, Unikernels and what they mean for the future of the cloud.
We will discuss how these approaches are Integrated with clusters management tools like kubernetes, and show a few demos.
Crash Course in Open Source Cloud Computing Mark Hinkle
Introduction on open source technologies that can be used to deploy and manage cloud computing environments. Especially geared toward Infrastructure-as-a-service environments. Updated for presentation at Indiana Linuxfest (3/26/2011).
Updates:
- Open source cloud storage (CEPH, Swift, Gluster)
- Orchestration - MCollective
- Cloud Infrastructure Diagrams
Unikernels and docker from revolution to evolution — unikernels and docker ...Docker, Inc.
Unikernels are a growing technology that augment existing virtual machine and container deployments with compact, single-purpose appliances. Two main flavors exist: clean-slate unikernels, which are often language specific, such as MirageOS (OCaml) and HaLVM (Haskell), and more evolutionary unikernels that leverage existing OS technology recreated in library form, notably Rump Kernel used to build Rumprun unikernels.
To date, these have been something of a specialist’s game: promising technology that requires considerable effort and expertise to actually deploy. After a brief introduction for newcomers to unikernels, Mindy will demonstrate the great strides that have been taken recently to integrate unikernels with existing deployments. Specifically, we will show various ways in which Rumprun and MirageOS unikernels can be used to deploy a LAMP stack, all managed using the popular Docker toolchain (Docker build, Docker run, and the Docker Hub). The result is unikernels that can be used to augment and evolve existing Linux container- and VM-based deployments, one microservice at a time. We no longer need a revolution—welcome to the microservice evolution!
Extending ETSI VNF descriptors and OpenVIM to support UnikernelsStefano Salsano
After a short introduction to the goals and approach of the Superfluidity EU research project, we discuss the Unikernels and their orchestration aspects. Unikernel technology allows to build tiny VMs with memory footprint in the order of hundreds of KBs and boot time in the order of milliseconds. We focus on ClickOS Unikernels.
We have adapted 3 VIMs (OpenStack, Nomad, OpenVIM) to support ClickOS Unikernels and report a performance evaluation of the VM instantiation time.
We have implemented a scenario that can combines Unikernels and regular VMs in the same Network Service or VNF extending OpenVIM.We describe how we have extended the ETSI NFV models and OpenVIM. In particular, we provide the details of the OpenVIM descriptor extensions to support Unikernels.
Using Open Source technologies to create Enterprise Level Cloud SystemOpenFest team
Using Open Source technologies to create Enterprise Level Cloud System, optimize your costs and offset your carbon footprint on the environment - Венелин Горнишки, Илиян Стоянов
This lecture goes into basic info about Linux and the GNU Project.
Check the other Lectures and courses in
http://Linux4EnbeddedSystems.com
or Follow our Facebook Group at
- Facebook: @LinuxforEmbeddedSystems
Lecturer Profile:
Ahmed ElArabawy
- https://www.linkedin.com/in/ahmedelarabawy
Static partitioning is used to split an embedded system into multiple domains, each of them having access only to a portion of the hardware on the SoC. It is key to enable mixed-criticality scenarios, where a critical application, often based on a small RTOS, runs alongside a larger non-critical app, typically based on Linux. The two domains cannot interfere with each other.
This talk will explain how to use Xen for static partitioning. It will introduce dom0-less, a new Xen feature written for the purpose. Dom0-less allows multiple VMs to start at boot time directly from the Xen hypervisor, decreasing boot times drastically. It makes it very easy to partition the system without virtualization overhead. Dom0 becomes unnecessary.
This presentation will go into details on how to setup a Xen dom0-less system. It will show configuration examples and explain device assignment. The talk will discuss its implications for latency-sensitive and safety-critical environments.
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...The Linux Foundation
TrenchBoot is a cross-community OSS integration project for hardware-rooted, late launch integrity of open and proprietary systems. It provides a general purpose, open-source DRTM kernel for measured system launch and attestation of device integrity to trust-centric access infrastructure. TrenchBoot closes the UEFI Measurement Gap and reduces the need to trust system firmware. This talk will introduce TrenchBoot architecture and a recent collaboration with Oracle to launch the Linux kernel directly with Intel TXT or AMD SVM Secure Launch. It will propose mechanisms for integrating the Xen hypervisor into a TrenchBoot system launch. DRTM-enabled capabilities for client, server and embedded platforms will be presented for consideration by the Xen community.
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...The Linux Foundation
Artem will briefly cover what has been done since the first talk on Xen in Automotive domain back in 2013, what is going on now and what is still missing for broad adaptation of Xen in vehicles. The following topics will be covered:
Embedded/automotive features of Xen
Collaboration with AGL and GENIVI organizations for standardization
Efforts on Functional Safety compliance
Artem will also go over typical automotive use scenarios for Xen which may not be the same as generic computing use of hypervisor.
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...The Linux Foundation
In this keynote talk, we will give an overview of the state of the Xen Project, trends that impact the project, see whether challenges that surfaced last year have been addressed and how we did it, and highlight new challenges and solutions for the coming year.
In recent years unikernels have shown immense performance potential (e.g., boot times of only a few ms, image sizes of only hundreds of KBs).The fundamental drawback of unikernels is that they require that applications be manually ported to the underlying minimalistic OS, needing both expert work and often considerable amount of time.
The Unikraft project provides a unikernel code base and build system that significantly simplifies the building of unikernels. In addition to support for a number CPU architectures, languages and frameworks, Unikraft provides debugging and tracing features that are generally sorely missing from unikernel projects. In this talk we will talk about these features, show a set of preliminary performance numbers, and provide a roadmap for the project's future.
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...The Linux Foundation
The idea of making Xen secret-free has been floating since Spectre and Meltdown came into light. In this talk we will discuss what is being done and what needs to be done next.
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxThe Linux Foundation
This talk will introduce Dom0-less: a new way of using Xen to build mixed-criticality solutions. Dom0-less is a Xen feature that adds a novel approach to static partitioning based on virtualization. It allows multiple domains to start at boot time directly from the Xen hypervisor, decreasing boot times dramatically. Xen userspace tools, such as xl and libvirt, become optional.
Dom0-less extends the existing device tree based Xen boot protocol to cover information required by additional domains. Binaries, such as kernels and ramdisks, are loaded by the bootloader (u-boot) and advertised to Xen via new device tree bindings.
The audience will learn how to use Dom0-less to partition the system. Uboot and device tree configuration details will be explained to enable the audience to get the most out of this feature. The talk will include a status update and details on future plans.
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...The Linux Foundation
As the number of contributions grow, reviewer bandwidth becomes a bottleneck; and maintainers are always asking for more help. However, ultimately maintainers must at least Ack every patch that goes in; so if you're not a maintainer, how can you contribute? Why should anyone care about your opinion?
This talk will try to lay out some advice and guidelines for non-maintainers, for how they can do code review in a way which will effectively reduce the load on maintainers when they do come to review a patch.
This talk is a follow-up to our Summit 2017 presentation in which we covered our plans for Intel VMFUNC and #VE, as well as related use-cases. This year, we will provide a report on what we have accomplished in Xen 4.12, and what remains to be addressed. We will also give a brief status update of VMI on AMD hardware. The session will end with some real-world numbers of the Hypervisor Introspection solution running on Citrix Hypervisor 8.0 with #VE enabled.
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...The Linux Foundation
Safety certification is one of the essential requirements for software to be used in highly regulated industries. Besides technical and compliance issues (such as ISO 26262 vs IEC 611508) transitioning an existing project to become more easily safety certifiable requires significant changes to development practices within an open source project.
In this session, we will lay out some challenges of making safety certification achievable in open source and the Xen Project. We will outline the process the Xen Project has followed thus far and highlight lessons learned along the way. The talk will primarily focus on necessary process, tooling changes and community challenges that can prevent progress. We will be offering an in-depth review of how Xen Project is approaching this challenging goal and try to derive lessons for other projects and contributors.
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...The Linux Foundation
Safety certification is one of the essential requirements for software to be used in highly regulated industries. The Xen Project, a secure and stable hypervisor that is used in many different markets, has been exploring the feasibility of building safety certified products on top of Xen for a year, looking at key aspects of its code base and development practices.
In this session, we will lay out the motivation and challenges of making safety certification achievable in open source and the Xen Project. We will outline the process the project has followed thus far and highlight lessons learned along the way. The talk will cover technical enablers, necessary process and tooling changes and community challenges offering an in-depth review of how Xen Project is approaching this exciting and and challenging goal.
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixThe Linux Foundation
2018 saw fundamental shifts in security boundaries which were previously taken for granted. A lot of work has been done in the past 2 years, and largely in secret under embargo, but there is plenty more work to be done to strengthen the existing mitigations and to try to recover some performance without reopening security holes.
This talk will look at speculative execution sidechannels, the work which has already been done to mitigate the security holes, and future work which hopes to bring some improvements.
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdThe Linux Foundation
The Arm architecture provides a set of guidelines that any software should abide by when accessing the memory with MMU off and update page-tables. Failing to do so may result in getting TLB conflicts or breaking coherency.
In a previous talk ("Keeping coherency on Arm"), we focused on updating safely the stage-2 (aka P2M) page-tables. This talk will focus on the boot code and Xen memory management.
During this session, we will introduce some of the guidelines and when they should be used. We will also discuss how Xen boot sequence needs to be reworked to avoid breaking the guidelines.
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...The Linux Foundation
For many years the QEMU codebase has contained PV backends for Xen guests, giving them paravirtual access to storage, network, keyboard, mouse, etc. however these backends have not been configurable as QEMU devices as their implementation did not fully adhere to the QEMU Object Model (QOM).
Particularly the PV storage backend not using proper QOM devices, or qdevs, meant that the QEMU block layer needed to maintain legacy code that was cluttering up the source. This was causing push-back from the maintainers who did not want to accept any patches relating to that Xen backend until it was 'qdevified'.
In this talk, I'll explain the modifications I made to QEMU to achieve 'qdevification' of the PV storage backend, how compatibility with the libxl toolstack was maintained, and what the next steps in both QEMU and libxl development should be.
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DThe Linux Foundation
PCI is a local computer bus for attaching hardware devices in a computer, and is the main peripheral bus on modern x86 systems. As such, having a proper way to emulate it is crucial for Xen to be able to expose both fully emulated devices or passthrough devices to guests.
This talk will focus on the current status of PCI emulation in Xen, how and where it is used, what are its main limitations and future plans to improve it in order to be more robust and modular.
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsThe Linux Foundation
Volodymyr will speak about TEE mediators. This is a new feature in Xen which allows multiple virtual machines to interact with Trusted Execution Environment available on platform. He developed mediator for one of TEEs, namely OP-TEE.
He will give background information on why TEE is needed at all and share some implementation details.
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...The Linux Foundation
Xen is a very powerful hypervisor with a talented and diverse developers community. Despite the fact it's almost everywhere (from the Cloud to the embedded world), it can be difficult to set up and manage as a system administrator. General purpose distros have Xen packages, but that's just a start in your Xen journey: you need some tooling and knowledge to have a working and scalable platform.
XCP-ng was built to overcome those issues: by bringing Xen to the masses with a fully turnkey distro with Xen as its core. It's the logical sequel to the XCP project, with a community focus from the start. We'll see how it happened, what we did, and what's next. Finally, we'll see the impact of XCP-ng on the Xen Project.
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...The Linux Foundation
Doug has long advocated for more CI/CD (Continuous Integration / Continuous Delivery) processes to be adopted by the Xen Project from the use of Travis CI and now GitLab CI. This talk aims to propose ideas for building upon the existing process and transforming the development process to provide users a higher quality with each release by the Xen Project.
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...The Linux Foundation
High level toolstacks for server and cloud virtualization are very mature with large communities using and supporting them. Client virtualization is a much more niche community with unique requirements when compared to those found in the server space. In this talk, we’ll introduce a client virtualization toolstack for Xen (redctl) that we are using in Redfield, a new open-source client virtualization distribution that builds upon the work done by the greater virtualization and Linux communities. We will present a case for maturing libxl’s Go bindings and discuss what advantages Go has to offer for high level toolstacks, including in the server space.
Today Xen is scheduling guest virtual cpus on all available physical cpus independently from each other. Recent security issues on modern processors (e.g. L1TF) require to turn off hyperthreading for best security in order to avoid leaking information from one hyperthread to the other. One way to avoid having to turn off hyperthreading is to only ever schedule virtual cpus of the same guest on one physical core at the same time. This is called core scheduling.
This presentation shows results from the effort to implement core scheduling in the Xen hypervisor. The basic modifications in Xen are presented and performance numbers with core scheduling active are shown.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Next Generation Cloud: Rise of the Unikernel V3 (UPDATED)
1. OHIO LINUXFEST 2015
The Next Generation Cloud:
Unleashing the Power of the Unikernel
Russell Pavlicek
Xen Project Evangelist
Russell.Pavlicek@XenProject.org
2. About the Old, Fat Geek Up Front
• Linux user since 1995; became a Linux advocate immediately
• Delivered many early talks on Open Source Advocacy
• Former Open Source columnist for Infoworld, Processor magazines
• Former weekly panelist on “The Linux Show”
• Wrote one of the first books on Open Source: Embracing Insanity:
Open Source Software Development
• 30 years in the industry; 20+ years in software services consulting
• Currently Evangelist for the Xen Project (employed by Citrix)
• Over 75 FOSS talks delivered; over 150 FOSS pieces published
3. Why Am I Talking About This?
• I am not a unikernel implementer
• I am Evangelist for Xen Project, which is at the forefront of unikernel
development
• There are a number of people implementing unikernels and discussing
what they've done, but relatively few discussing the big picture
• This talk will attempt to examine both the forest and the trees:
– We will discuss the value of the unikernel movement
– We will examine several prominent unikernels and their uses
• The existence of these unikernels will alter the architecture of the
cloud. Microservices will become smaller, faster, and more transient
than today.
5. The Cloud We Know
• Field of innovation is in the orchestration
– The Cloud Engine is paramount (OpenStack, CloudStack, etc.)
– Workloads adapted to the cloud strongly resemble their non-
cloud predecessors
• Some basic adaptations to facilitate life in the cloud, but basically the
same stuff that was used before the cloud
• Applications with full stacks (operating system, utilities, languages, and
apps) which could basically run on hardware, but are run on VMs
instead.
• VMs are beefy; large memory footprint, slow to start up
• It all works, but its not overly efficient
• 10s of VMs per physical host
6. The Next Generation Cloud
• Turning the scrutiny to the workloads
– Should be easier to deploy and manage
– Smaller footprint, removing unnecessary
duplication
– Faster startup
– Transient microservices
– Higher levels of security
– 1000s of VMs per host
7. The New Stuff: Docker & Containers
• Makes deployment easier
• Smaller footprint by leveraging kernel of host
• Less memory needed to replicate shared kernel
space
• Less disk needed to replicate shared
executables
• Really fast startup times
• Higher number of VMs per host
8. Docker Downsides
• Improvements, yes; but not without issues
– Can't run any payload that can't use host kernel
– Potential limits to scaleability
• Linux not really optimized for 1000s of processes
– Security
• Security is a HUGE issue in clouds
• Still working on security which brings containers up to the level
of current solutions
– We need to raise the bar higher in the cloud; status quo is not enough
• Google & others run Containers in VMs when they need security
9. The Unikernel: A Real Cloud Concept
• Very small
• Very efficient
• Very quick to boot
• And very, VERY secure!
• It's a Green (energy) technology which saves you
green (cash); extremely important to foster adoption
• Many unikernels already exist, including MiniOS and
MirageOS, a Xen Project Incubator Project
14. Unikernel Concepts
• Use just enough to do the job
– No need for multiple users; one VM per user
– No need for a general purpose operating system
– No need for utilities
– No need for a full set of operating system functions
• Lean and mean
– Minimal waste
– Tiny size
15. Unikernel Concepts
• Similar to an embedded application
development environment
– Limited debugging available for deployed
production system
• You have exactly the tools you built into the stack
– Instead, system failures are reproduced and
analyzed on a full operating system stack and then
encapsulated into a new image to deploy
– Tradeoff is required for ultralight images
16. What Do the Results Look Like?
• Mirage OS examples:
– DNS Server: 449 KB
– Web Server: 674 KB
– OpenFlow Learning Switch: 393 KB
• LING metrics:
– Boot time to shell in under 100ms
– Erlangonxen.org memory usage: 8.7 MB
• ClickOS:
– Network devices processing >5 million pkt/sec
– 6 MB memory with 30 ms boot time
17. What About Security?
• Type-Safe Solution Stack
– Can be certified
– Certification is crucial for certain highly critical
tasks, like airplane fly-by-wire control systems
• Image footprints are unique to the image
– Intruders cannot rely on always finding certain
libraries
– No utilities to exploit, no shell to manipulate
18. Topic 2: The Trees
Some of the current leading unikernels
19. What's Out There Right Now?
• MirageOS, from the Xen Project Incubator
• HaLVM, from Galois
• LING, from Erlang-on-Xen
• ClickOS, from NEC Europe Labs
• OSv, from Cloudius Systems
• Rumprun, from the Rump Kernel Project
• And that's just the beginning...
20. MirageOS
• From the Xen Project Incubator
• Language support: Ocaml
• Hypervisor support: Xen Project
• V2.0 released in 2014
• General purpose devices
• Can be run on Amazon EC2
• http://www.openmirage.org/
21. HaLVM
• Galois, Inc.
• Language support: Haskell
• Hypervisor support: Xen Project
• Originally designed to prototype operating
system components
• Now suitable for creating network devices
• https://galois.com/project/halvm/
22. LING
• Erlang-on-Xen project
• Language support: Erlang
• Hypervisor support: Xen Project
• Use cases include Zero-Footprint Cloud
• http://erlangonxen.org/
25. ClickOS
• NEC Europe Labs
• Language support: C, C++, Python
• Hypervisor support: Xen Project
• V0.2 released in 2014
• Suited for Network Function Virtualization
(NFV) devices
• http://cnp.neclab.eu/clickos/
27. OSv
• Cloudius Systems (now ScyllaDB)
– Company may have moved on, but their Open Source project survives
– Language support: C, C++, Java, Python, Javascript, Node.js, Ruby
• Hypervisor support: Xen Project, KVM, VMware
• Slightly different from “standard” unikernels
– Kind of “fat”
– Full Java JVM stack, minus multi-processes (threads yes, forks no)
– Can run almost any JAR file
• NFV optimized
• http://osv.io/
28. Rumprun
• A working product of the rump kernel ecosystem
(which we'll discuss shortly)
• Under active development, rumprun does allow a
growing number of programs to run as-is
– Its goal is to a universal base for most unikernel-appropriate
workloads for currently existing real-world POSIX-based
applications
– It has the potential to open the door to a hugehuge number of
functional unikernels
• http://repo.rumpkernel.org/rumprun
29. What About the Unikernel Ecosystem?
• If this is more than just a few isolated
experiments in unikernel concepts, we'd expect
to see some advances in the general ecosystem
• The unikernel ecosystem is forming:
– Jitsu (https://github.com/MagnusS/jitsu)
– MiniOS (http://wiki.xenproject.org/wiki/Mini-OS)
– Rump Kernels (http://rumpkernel.org/)
– Xen Project itself
30. Jitsu
The Jitsu Website says:
Just-In-Time Summoning of Unikernels
• Jitsu is a forwarding DNS server that automatically starts virtual machines
(VMs) on demand. When a DNS query is received, jitsu first checks for a
local VM that is mapped to the requested domain. If a VM is found, the
VM is started and its IP is returned to the client. Otherwise, the request is
forwarded to the next DNS server. If no DNS requests are received for
the VM within a given timeout period it is automatically stopped.
• Although Jitsu can be used with any VM that can be controlled with libvirt,
it is mainly intended for use with unikernels that can be started quickly
and be able to respond to the client request within the time it takes to
send the DNS response.
31. MiniOS
• Small basic unikernel
• Distributed with Xen Project source
• Originally designed for driver disaggregation
• Base for others to build their unikernel
projects
– ClickOS, for example
– Also the base for the earliest version of rumprun,
which has advanced considerably since
32. Rump Kernels
• Derived from the work of the NetBSD community
• Employs the notion of a kernel containing just enough
code to get real work done
– Concept is not limited to NetBSD, but existing work leverages
NetBSD
• An open-ended framework containing production-quality
drivers, currently manifesting itself in the rumprun
unikernel
• Supports Xen Project, bare metal, userspace
environments
34. THIS JUST IN...
News Flash: The Fat Boy up front was
wrong!
You CAN do databases as Unikernels!
35. BRAND NEW: The “RAMP” Stack!
• Just revealed in March: Nginx, MySQL, and PHP built on Rump
Kernels!
• No rearchitecting the application; the work is in getting things to cross
compile correctly (Nginx & MySQL)
• Working out usability and config kinks still
• Unikernel-compatible unmodified POSIX C and C++ applications “just
work” on top of Rump Kernels, provided that they can be cross-
compiled
– Stacks on Rump Kernels are always cross-compiled, since the compiler
never runs directly on the Rump Kernel
• Still in skunkworks stage; watch Twitter @rumpkernel for
announcement when it is done
36. More Rump Kernel & RAMP Info
• Rump Kernels contain the work of many BSD contributors, all the way
back to the 1980s
• Antti Kantee leading the Rump Kernel project
• Martin Lucina leading the RAMP work
• Current Temporary Github repositories (will probably be replaced with a
permanent Wiki page):
– https://github.com/mato/rump-php
– https://github.com/mato/rump-mysql
• Rump Kernel Mailing List:
– http://www.freelists.org/list/rumpkernel-users
• Rump Kernel Twitter:
– @rumpkernel
37. Xen Project as Ecosystem Enabler
• Work proceeds on support for 1000s of VMs per host
– Recent redesign of Event Channels removes obstacles to
uncap VM growth (theoretically, into millions of VMs)
– Currently, performance is strong up to around 600 VMs per
host
– Other areas identified and targeted to enable 2000-3000
VMs per host
• Paravirtualization makes creation of a unikernel much
simpler
– Simpler PV interfaces remove need for complex H/W drivers
38. And Still More To Come...
• Arrakis (http://arrakis.cs.washington.edu/)
– Derived from the Barrelfish operating system
• Clive (http://lsub.org/ls/clive.html)
– Using the go language
39. Are Unikernels a Panacea?
• Nope!
– But it doesn't have to be a panacea to return value
– There will always be really large databases and beefy apps
which won't fit in this mold
– The truth is that different problems are likely to require different
optimal solutions for the foreseeable future
– It is likely that the solution spectrum of the next few years will
include a blend of unikernels, containers, and standard
virtualization
– But the arrival of unikernels means that the bar to efficiency has
been raised to new heights
40. What Does This Mean for Architecture?
• We like to talk about Microservices; we are
witnessing the birth of Transient MicroservicesTransient Microservices
– Lifetimes possibly measured in fractions of second
– Populations in the thousands per host
– Now these aren't small just from an external
standpoint, but internally as well
– It's much easier manipulating smaller items than
bigger ones, so what was once difficult to change
becomes easier to change
41. Open Source Leading the Way
• This is an example of how Open Source is
working to expand horizons of the cloud
– The closed source cloud just isn't the way to go
– The real innovation in cloud is in Open Source
– Xen Project is at the forefront of new cloud thinking,
incubating and facilitating new technologies,
including unikernels
– Friends don't let friends go closed source in the
cloud!
42. The Xen Project Difference
• The Cloud is too critical to leave to hypervisors
which are not working to create the future
– If your hypervisor is just focused on yesterday's
payloads, it won't help you get to the next
generation cloud
– Select a hypervisor which is innovating – and Open
Source
– Xen Project is busy moving the cloud forward
44. Stay Informed!
• Sign up for the Xen Project newsletter
– One 4-minute read per month to learn what's
happened and what's coming
• Announcements
• Blog posts
• Upcoming events
– Subscribe to the monthly newsletter here:
http://xenproject.org/subscribe.html