Presentació a càrrec de Jordi Guijarro (CSUC) duta a terme a l'OpenNebula TechDay celebrat al CSUC el 8 de maig de 2019.

1. © 2019 UNICORE
@jordiguijarro - UNICORE DESIGN WP LEADER
May 2019 – Barcelona OpenNebula Tech Day
Unikernels POWER

2. © 2019 UNICORE
• We are in DevOps era
• quickly developing, upgrading and deploying applications is at the
core of the new IT industry
• Software is more and more massively running on shared
hardware
• efficiency but also need for isolation, lightweight sw image footprints,
• fast boot, etc.
• Standard VMs can be heavy load (image size, excessive
memory and disk space, long boot time)
• Containers are faster, but offer poor isolation
The problem...
UNIKERNELS (lightweight VM) can be the
solution

3. © 2019 UNICORE
Symbolic execution,
deterministic
execution,
NFV use case
Project Coordinator
Host infrastructure in
support
of unikernels (containers,
VMs)
WP4 leader
Microlibraries, build system,
performance tools
Technical Coordinator & WP3
leader
Deterministic
execution support,
smart contracts use
case
Microlibraries,
APIs, security
primitives,
performance
tool
System reqs,
NFV use case
(5G vRAN)
Systems security
and safety
primitives
NFV use cases,
industrial
exploitation
NFV use
case
Home automation / IoT
use case
WP6 leader
Testbeds/infrastructure,
tools integration,
serverless use case
WP2 leader
Serverless
/ IoT use
cases
Consortium

4. © 2019 UNICORE
Unikernels‘ Potential
▌Fast instantiation, destruction and migration time
▌10s of milliseconds or less (and as little as 2.3ms)
(LigthVM [Manco SOSP 2017], Jitsu [Madhvapeddy, NSDI 2015])
▌Low memory footprint
Few MBs of RAM or less (ClickOS [Martins NSDI 2014])
▌High density
8k guests on a singlex86 server (LigthVM [Manco SOSP 2017])
▌High Performance
▌10-40Gbit/s throughput with a single guest CPU
(ClickOS [Martins NSDI 2014], Elastic CDNs [Kuenzer VEE 2017])
▌Reduced attack surface
Small trusted compute base
Strong isolation by hypervisor

5. • Today, each optimized unikernel is manually built
• Image build takes several months or longer
• Wash, rinse, repeat for each target application
• Need for significant expert resources on OS, computer systems,
kernel, etc.
The (Big) Downside with Unikernels

6. © 2019 UNICORE
UNICORE is developing tools to enable lightweight VM development to be
as easy as compiling an app for an existing OS
UNICORE will release an open-source toolchain to enable secure and
portable unikernel development
Developing unikernel based applications will be reduced to slight changes in the app
Makefile, choosing from a menu of available implementations for the required system
functionality, and compiling the app
UNICORE can unleash the use of next generation of cloud computing
services and technologies
UNICORE in a nutshell

7. © 2019 UNICORE
Unicore Tool Ecosystem

8. © 2019 UNICORE
Project Objectives
Unikerne
l
toolchain Objective 1: Fine-Grained OS Decomposition and Code Re-use
 Objective 2: Automated, Multi-platform Unikernel Construction
 Objective 3: Automated Unikernel Verification, Security and
Safety
 Objective 4: Automated Unikernel Performance Optimization
Use
Cases
 Objective 5: Efficient Serverless Computing in Clouds
 Objective 6: Efficient and Secure NFV Deployment
 Objective 7: Privacy-aware, Cheap IoT Platform Cloud
Offloading
 Objective 8: Secure, Deterministic Smart Contracts
Impact
achieve
ment
 Objective 9: Foster Market Adoption for Unikernels
 Objective 10: Time-to-Market Reduction for Secure
Software Development and Deployment

9. © 2019 UNICORE
Work breakdown
WP1: Project Management
WP6:ExploitationandDissemination
H2020
projects
Open
source
WP2:
Platform
Design and
Evaluation
WP3: Core
Implementati
on
WP4:
Toolstack
Implementati
on
WP5: Unikernels in Practice
Serverless
computing –
lambda services
Home
automation/Io
T
NFV/MEC/RA
N
virtualization
Smart
contracts
Industrial
exploitati
on
dissemina
tion

10. • Rationale: Current implementations of serverless computing
platforms either use containers (being thus insecure) or rely on full
blown VMs which makes them highly inefficient (e.g. Amazon EC2’s
lambda services)
• Goal: Use UNICORE technology and APIs to enable novel
serverless computing
• Develop a lambda services offering based on UNICORE and
execute trial in Barcelona, providing services (web crawling and
video transcoding functions) to citizens and especially to the
university and research community
• Integrate unikernels in PacketCloud, an edge serverless computing
platform developed by Correct Networks, and use UNICORE tools
to develop a unikernel to run lambda functions written in Node.js
• Target TRL: 7-8
UNICORE Use Case
Serverless Computing for novel cloud platforms

11. © 2019 UNICORE
Unikraft & OpenNebula
First steps...

12. © 2019 UNICORE
Demo Scenario
Unikraft & OpenNebula
Intel(R) Xeon(R) CPU E5540 @ 2.53GHz
36 GB RAM

13. © 2019 UNICORE
Build First Unikernel for KVM
https://github.com/sysml/ucc-unikraft/wiki
Use docker to build the image:
https://hub.docker.com/_/gcc/
Unikraft & OpenNebula
docker run --rm -v "$(pwd)"/myapp:/usr/src -w /usr/src/apps/helloworld gcc:latest
bash -c make

14. © 2019 UNICORE
Upload the image to Files & Kernels Datastore
Unikraft & OpenNebula

15. © 2019 UNICORE
Update VM Template with the kernel image
Unikraft & OpenNebula

16. © 2019 UNICORE
Instantiate a VM Template
Unikraft & OpenNebula

17. © 2019 UNICORE
Automating deployments with Terraform:
Running 1, 5, 10, 25 and 50 unikernels...
Unikraft & OpenNebula

18. © 2019 UNICORE
The default scheduler takes 54’’ to deploy 50
unikernels.
It’s the time to execute the terraform plan using the XML-
RPC API
#1
terraform apply unikraft 0,18s user 0,07s system 2% cpu 10,275 total
#5
terraform apply unikraft 0,24s user 0,06s system 2% cpu 10,429 total
#10
terraform apply unikraft 0,42s user 0,16s system 4% cpu 13,458 total
#25
terraform apply unikraft 1,07s user 0,30s system 4% cpu 30,894 total
#50
terraform apply unikraft 2,12s user 0,55s system 4% cpu 54,445 total
Unikraft & OpenNebula
10.28 10.43 13.46 30.89 54.45
0
10
20
30
40
50
60
unikernels

19. © 2019 UNICORE
www.linkedin.com/groups/8752067
info@unicore-project.eu
@unicore_project
This project has received funding from the European Union's Horizon
2020 research and innovation programme under grant agreement No