SlideShare a Scribd company logo

XPDDS19 Keynote: Unikraft Weather Report

The Linux Foundation
The Linux Foundation

In​ ​recent​ ​years unikernels have​ ​shown​ ​immense​ ​performance potential​ (e.g., boot times of only a few ms, image sizes of only hundreds of KBs).The​ ​fundamental​ ​drawback​ ​of​ ​unikernels​ ​is​ ​that​ ​they​ ​require​ ​that applications​ ​be​ ​manually​ ​ported​ ​to​ ​the​ ​underlying​ ​minimalistic​ ​OS, needing​ ​both​ ​expert​ ​work​ ​and​ ​often​ ​considerable​ ​amount of​ ​time.​ The Unikraft project provides a unikernel code base and build system that significantly simplifies the building of unikernels. In addition to support for a number CPU architectures, languages and frameworks, Unikraft provides debugging and tracing features that are generally sorely missing from unikernel projects. In this talk we will talk about these features, show a set of preliminary performance numbers, and provide a roadmap for the project's future.

Software
1 of 58
Download to read offline
Simon Kuenzer <simon.kuenzer@neclab.eu> Senior Researcher, NEC Laboratories Europe GmbH Xen Summit 2019, Chicago Weather Report This work has received funding from the European Union’s Horizon 2020 research and innovation program under grant agreements no. 675806 (“5G CITY”) and no. 825377 (“UNICORE”). This work reflects only the author’s views and the European Commission is not responsible for any use that may be made of the information it contains.
An SDK for highly specialized Unikernels
4 © NEC Corporation 2019 Unikernels as VMs Unikernels Kernel Hardware Kernel App B Libs B Traditional VMs Hypervisor App A Libs A Hardware Hypervisor
5 © NEC Corporation 2019 Unikernels as VMs App A Libs A App B Libs B Unikernels Kernel Hardware Kernel App B Libs B Traditional VMs Hypervisor App A Libs A Hardware Hypervisor
6 © NEC Corporation 2019 Unikernels as VMs ▌Unikernels are purpose-built  Thin kernel layer, only what application needs  Single monolithic binary that contains OS and application App A Libs A App B Libs B Unikernels Kernel Hardware Kernel App B Libs B Traditional VMs Hypervisor App A Libs A Hardware Hypervisor
7 © NEC Corporation 2019 Unikernels as VMs ▌Unikernels are purpose-built  Thin kernel layer, only what application needs  Single monolithic binary that contains OS and application ▌No isolation within Unikernel, done with hypervisor  One application  Flat and single address space App A Libs A App B Libs B Unikernels Kernel Hardware Kernel App B Libs B Traditional VMs Hypervisor App A Libs A Hardware Hypervisor
8 © NEC Corporation 2019 Unikernels as VMs ▌Unikernels are purpose-built  Thin kernel layer, only what application needs  Single monolithic binary that contains OS and application ▌No isolation within Unikernel, done with hypervisor  One application  Flat and single address space ▌Further advantages from specialization  Performance and efficiency; reduced attack vector; small memory footprint App A Libs A App B Libs B Unikernels Kernel Hardware Kernel App B Libs B Traditional VMs Hypervisor App A Libs A Hardware Hypervisor
9 © NEC Corporation 2019 Unikernel Framework Motivation ▌Support wide range of use cases ▌Simplify building and optimizing ▌Simplify porting of existing applications ▌Common and shared code base for Unikernel creators ▌Support different hypervisors and CPU architectures
10 © NEC Corporation 2019 Unikernel Framework Motivation ▌Support wide range of use cases ▌Simplify building and optimizing ▌Simplify porting of existing applications ▌Common and shared code base for Unikernel creators ▌Support different hypervisors and CPU architectures ▌Concept: “Everything is a library” Decomposed OS functionality ▌Two components: 1. Library Pool 2. Build Tool
11 © NEC Corporation 2019 architecture libs main libs platform libs libarm32arch.olibx86_64arch.o libxenplat.o drivers libconsole.o libixgbe.o libvirtio.o network stack liblwip.o libtcpip.o libhttp.o memory allocators libbuddy.o libheap.o libmempool.o filesystems libvfs.o libfat.o libext3.o runtimes libocaml.o libpython.o liberlang.o schedulers libcoop.o libpreempt.o librt.o and more… standard libs musl.o libnewlibc.o libopenssl.o 1) Library Pool libkvmplat.o liblinuxuplat.o libmipsarch.o libxenplat.o
12 © NEC Corporation 2019 architecture libs main libs platform libs libarm32arch.olibx86_64arch.o libxenplat.o drivers libconsole.o libixgbe.o libvirtio.o network stack liblwip.o libtcpip.o libhttp.o memory allocators libbuddy.o libheap.o libmempool.o filesystems libvfs.o libfat.o libext3.o runtimes libocaml.o libpython.o liberlang.o schedulers libcoop.o libpreempt.o librt.o MyApplication and more… standard libs musl.o libnewlibc.o libopenssl.o 1) Library Pool libkvmplat.o liblinuxuplat.o libmipsarch.o libxenplat.o Select/create application 1 MyLib_A
13 © NEC Corporation 2019 architecture libs main libs platform libs libarm32arch.olibx86_64arch.o libxenplat.o drivers libconsole.o libixgbe.o libvirtio.o network stack liblwip.o libtcpip.o libhttp.o memory allocators libbuddy.o libheap.o libmempool.o filesystems libvfs.o libfat.o libext3.o runtimes libocaml.o libpython.o liberlang.o schedulers libcoop.o libpreempt.o librt.o MyApplication and more… standard libs musl.o libnewlibc.o libopenssl.o 1) Library Pool libkvmplat.o liblinuxuplat.o libmipsarch.o libxenplat.o Select/create application 1 Selectand configurelibraries 2 MyLib_A
14 © NEC Corporation 2019 Unikernels architecture libs main libs platform libs libarm32arch.olibx86_64arch.o libxenplat.o drivers libconsole.o libixgbe.o libvirtio.o network stack liblwip.o libtcpip.o libhttp.o memory allocators libbuddy.o libheap.o libmempool.o filesystems libvfs.o libfat.o libext3.o runtimes libocaml.o libpython.o liberlang.o schedulers libcoop.o libpreempt.o librt.o MyApplication and more… standard libs musl.o libnewlibc.o libopenssl.o 1) Library Pool libkvmplat.o liblinuxuplat.o libmipsarch.o libxenplat.o Select/create application 1 Selectand configurelibraries 2 Build3Run4 myapp_xen_x86-64 myapp_kvm_x86-64 myapp_bare_arm64 etc. MyLib_A
15 © NEC Corporation 2019 2) Build Tool
16 © NEC Corporation 2019 2) Build Tool ▌KConfig based and Makefile “Magic”
17 © NEC Corporation 2019 2) Build Tool ▌KConfig based and Makefile “Magic” ▌Type “make menuconfig” Choose options in the menu that you want for your application Choose your target platform(s), e.g., Xen, KVM, bare-metal, Linux
18 © NEC Corporation 2019 2) Build Tool ▌KConfig based and Makefile “Magic” ▌Type “make menuconfig” Choose options in the menu that you want for your application Choose your target platform(s), e.g., Xen, KVM, bare-metal, Linux ▌Save your config and type “make”
Community Status and Achievements
20 © NEC Corporation 2019 Timeline ▌Early 2017: NEC-Internal project launch; 0.1 Build system Initial port from Mini-OS and Solo5/KVM
21 © NEC Corporation 2019 Timeline ▌Early 2017: NEC-Internal project launch; 0.1 Build system Initial port from Mini-OS and Solo5/KVM ▌Dec/2017: Public Launch; RELEASE-0.2 Titan As Xen Incubator project Arm32 Xen, x86 Xen, x86 KVM, x86 Linux Binary buddy allocator (heap) Cooperative scheduling
22 © NEC Corporation 2019 Timeline ▌Early 2017: NEC-Internal project launch; 0.1 Build system Initial port from Mini-OS and Solo5/KVM ▌Dec/2017: Public Launch; RELEASE-0.2 Titan As Xen Incubator project Arm32 Xen, x86 Xen, x86 KVM, x86 Linux Binary buddy allocator (heap) Cooperative scheduling ▌Feb/2019: RELEASE-0.3 Iapetus Arm64 support for KVM Networking (uknetdev, lwip, virtio-net) Initial VFS with in-RAM filesystem newlib
23 © NEC Corporation 2019 Timeline ▌Early 2017: NEC-Internal project launch; 0.1 Build system Initial port from Mini-OS and Solo5/KVM ▌Dec/2017: Public Launch; RELEASE-0.2 Titan As Xen Incubator project Arm32 Xen, x86 Xen, x86 KVM, x86 Linux Binary buddy allocator (heap) Cooperative scheduling ▌Feb/2019: RELEASE-0.3 Iapetus Arm64 support for KVM Networking (uknetdev, lwip, virtio-net) Initial VFS with in-RAM filesystem newlib ▌Upcoming release: RELEASE-0.4 Rhea Language support: C++, Python, etc. Block & console devices 9pfs filesystem (Xen, KVM) Libraries: intel-intrinsics, libunwind, libuuid, pthread-embedded, compiler-rt, eigen, fp16, fxdiv, pthreadpool
24 © NEC Corporation 2019 Changed lines of code by affiliation ▌3 contributors ▌Project Launch 86020 14903 27720 11736 32149 86020 31369 60401 2017 2018 2019 NEC Politehnica University of Bucharest Arm Other ▌~15 contributors ▌*Many patches still under review ▌~20 contributors ▌Start of student projects
Used Tools
26 © NEC Corporation 2019 Documentation ▌http://unikraft.org ▌Generated by Sphinx ▌Part of base repository: /doc/
27 © NEC Corporation 2019 Patch Reviews ▌Patchwork: http://patchwork.unikraft.org ▌Coordination of reviewers ▌Review status and reviewer/maintainer in charge visible
28 © NEC Corporation 2019 Automated Testing (coming soon) ▌Today: Two-branch model: master & staging Staging: Latest accepted patches Master: Manual follow-up: Releases and tested code
29 © NEC Corporation 2019 Automated Testing (coming soon) ▌Today: Two-branch model: master & staging Staging: Latest accepted patches Master: Manual follow-up: Releases and tested code ▌Jenkins for automate testing Common combinations of configurations and libraries Execution test on common hypervisors and architectures (Xen, KVM, Linux, x86, Arm)
30 © NEC Corporation 2019 Automated Testing (coming soon) ▌Today: Two-branch model: master & staging Staging: Latest accepted patches Master: Manual follow-up: Releases and tested code ▌Jenkins for automate testing Common combinations of configurations and libraries Execution test on common hypervisors and architectures (Xen, KVM, Linux, x86, Arm) ▌Goal Integrate test results into review processes
Ongoing and upcoming Projects
32 © NEC Corporation 2019 Binary Compatible Unikernels ▌Even with complete library pool, manual porting is non-trivial Existing build system need to be ported or instrumented (e.g., cross-compilation) Pre-compiled binaries cannot be executed (e.g., proprietary executables)
33 © NEC Corporation 2019 Binary Compatible Unikernels ▌Even with complete library pool, manual porting is non-trivial Existing build system need to be ported or instrumented (e.g., cross-compilation) Pre-compiled binaries cannot be executed (e.g., proprietary executables) ▌ELF binary compatibility, Linux ABI Same executable for Linux should run on Unikraft without recompilation ELF loader System call emulation [1] Pierre et. al, A Binary-Compatible Unikernel, VEE’19 [2] Kiviti et. al, OSv—Optimizing the Operating System for Virtual Machines, USENIX ATC ’14 Image: https://en.wikipedia.org/wiki/Executable_and_Linkable_Format
34 © NEC Corporation 2019 Language Runtimes
35 © NEC Corporation 2019 Language Runtimes ▌Support applications written in higher-level language as Unikernel Primarily Serverless and IoT use cases
36 © NEC Corporation 2019 Language Runtimes ▌Support applications written in higher-level language as Unikernel Primarily Serverless and IoT use cases ▌Upcoming: C++ Rust Go Ruby Javascript (v8) Python
37 © NEC Corporation 2019 Language Runtimes ▌Support applications written in higher-level language as Unikernel Primarily Serverless and IoT use cases ▌Upcoming: C++ Rust Go Ruby Javascript (v8) Python Unikernel Image sizes (uncompressed, Xen) Micropython 828 KB Python 2 3,9 MB Go runtime 552 KB
38 © NEC Corporation 2019 NFV ▌Virtualized Network Functions Package vNF directly as VM with Unikraft Remove maintenance effort of hosting OS Minimal OS overhead Minimal OS noise High networking performance & throughput
39 © NEC Corporation 2019 NFV ▌Virtualized Network Functions Package vNF directly as VM with Unikraft Remove maintenance effort of hosting OS Minimal OS overhead Minimal OS noise High networking performance & throughput ▌Click Programmable vNF
40 © NEC Corporation 2019 NFV ▌Virtualized Network Functions Package vNF directly as VM with Unikraft Remove maintenance effort of hosting OS Minimal OS overhead Minimal OS noise High networking performance & throughput ▌Click Programmable vNF ▌Intel DPDK Dataplane development Kit SDK for building high-performance VNFs Directly build Unikernel instead of kernel-bypassing application
41 © NEC Corporation 2019 Application Porting ▌Initial set of ported application Typical for cloud deployments Learn about missing components in Unikraft
42 © NEC Corporation 2019 Application Porting ▌Initial set of ported application Typical for cloud deployments Learn about missing components in Unikraft ▌Webservers Nginx, lighttpd
43 © NEC Corporation 2019 Application Porting ▌Initial set of ported application Typical for cloud deployments Learn about missing components in Unikraft ▌Webservers Nginx, lighttpd ▌Databases Memcached, Redis, sqlite
44 © NEC Corporation 2019 Application Porting ▌Initial set of ported application Typical for cloud deployments Learn about missing components in Unikraft ▌Webservers Nginx, lighttpd ▌Databases Memcached, Redis, sqlite ▌Machine Learning Pytorch
45 © NEC Corporation 2019 Application Porting ▌Initial set of ported application Typical for cloud deployments Learn about missing components in Unikraft ▌Webservers Nginx, lighttpd ▌Databases Memcached, Redis, sqlite ▌Machine Learning Pytorch ▌Goal: Only minimal effort to integrate to build system Makefile.uk Config.uk
46 © NEC Corporation 2019 Application Porting ▌Initial set of ported application Typical for cloud deployments Learn about missing components in Unikraft ▌Webservers Nginx, lighttpd ▌Databases Memcached, Redis, sqlite ▌Machine Learning Pytorch ▌Goal: Only minimal effort to integrate to build system Makefile.uk Config.uk SQLite Unikernel Image size (uncompressed, Xen) 844 KB
47 © NEC Corporation 2019 Xenstore Xen Dom0-Disaggregation ▌Disaggregate functionality from Dom0 Xen Linux Dom0 xl toolstack
48 © NEC Corporation 2019 Xenstore Xen Dom0-Disaggregation ▌Disaggregate functionality from Dom0 XenStore stub domain (e.g., cxenstore) Xen Linux Dom0 xl toolstack
49 © NEC Corporation 2019 Xenstore Xen Dom0-Disaggregation ▌Disaggregate functionality from Dom0 XenStore stub domain (e.g., cxenstore) Xen Linux Qemu HVM DomUDom0 xl toolstack
50 © NEC Corporation 2019 Xenstore Xen Dom0-Disaggregation ▌Disaggregate functionality from Dom0 XenStore stub domain (e.g., cxenstore) QEMU stub domain Xen Linux Qemu HVM DomUDom0 xl toolstack
51 © NEC Corporation 2019 Hardening ▌Already small attack vector due to specialization
52 © NEC Corporation 2019 Hardening ▌Already small attack vector due to specialization ▌Common attack prevention features need to be implemented1, for instance: ASLR (via boot loader or toolstack) Stack canaries Page protection bits Heap integrity checks [1] NCC Group, Assessing Unikernel Security, https://www.nccgroup.trust/us/our-research/assessing-unikernel-security/
53 © NEC Corporation 2019 Hardening ▌Already small attack vector due to specialization ▌Common attack prevention features need to be implemented1, for instance: ASLR (via boot loader or toolstack) Stack canaries Page protection bits Heap integrity checks ▌Potential to enable enhanced preventions with little performance costs due to direct access to privileged functionality e.g., malloc() maps pages, free() unmaps pages [1] NCC Group, Assessing Unikernel Security, https://www.nccgroup.trust/us/our-research/assessing-unikernel-security/
More talks at XenSummit 2019
55 © NEC Corporation 2019 Talks
56 © NEC Corporation 2019 Talks ▌Check-out related talks: Wednesday, 11:55am Secure Unikraft Applications with Solo5 Haibo Xu, Arm Wednesday, 1:50pm When Unikraft Meets Arm64 Jia He, Arm Wednesday, 3:45pm A Journey to Mirage OS as Xen PVH Marek Marczykowski-Górecki, Invisible Things Lab
57 © NEC Corporation 2019 Talks ▌Check-out related talks: Wednesday, 11:55am Secure Unikraft Applications with Solo5 Haibo Xu, Arm Wednesday, 1:50pm When Unikraft Meets Arm64 Jia He, Arm Wednesday, 3:45pm A Journey to Mirage OS as Xen PVH Marek Marczykowski-Górecki, Invisible Things Lab ▌Design Sessions Tuesday, 2:40pm Building Stub Domains with Unikraft Wednesday, 4:35pm A Journey through Unikraft's Build System
XPDDS19 Keynote: Unikraft Weather Report

Recommended

OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
The Linux Foundation
 
Scale17x: Thinking outside of the conceived tech comfort zone
Scale17x: Thinking outside of the conceived tech comfort zoneScale17x: Thinking outside of the conceived tech comfort zone
Scale17x: Thinking outside of the conceived tech comfort zone
The Linux Foundation
 
Unikraft Landing Page Master Slides
Unikraft Landing Page Master SlidesUnikraft Landing Page Master Slides
Unikraft Landing Page Master Slides
The Linux Foundation
 
Fosdem 18: Securing embedded Systems using Virtualization
Fosdem 18: Securing embedded Systems using VirtualizationFosdem 18: Securing embedded Systems using Virtualization
Fosdem 18: Securing embedded Systems using Virtualization
The Linux Foundation
 
OSSEU18: From Handcraft to Unikraft: Simpler Unikernelization of Your Applica...
OSSEU18: From Handcraft to Unikraft: Simpler Unikernelization of Your Applica...OSSEU18: From Handcraft to Unikraft: Simpler Unikernelization of Your Applica...
OSSEU18: From Handcraft to Unikraft: Simpler Unikernelization of Your Applica...
The Linux Foundation
 
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making... OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
The Linux Foundation
 
OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)
OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)
OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)
The Linux Foundation
 
XDF18: Heterogeneous Real-Time SoC Software Architecture - Stefano Stabellini...
XDF18: Heterogeneous Real-Time SoC Software Architecture - Stefano Stabellini...XDF18: Heterogeneous Real-Time SoC Software Architecture - Stefano Stabellini...
XDF18: Heterogeneous Real-Time SoC Software Architecture - Stefano Stabellini...
The Linux Foundation
 

Recommended

OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
The Linux Foundation
 
Scale17x: Thinking outside of the conceived tech comfort zone
Scale17x: Thinking outside of the conceived tech comfort zoneScale17x: Thinking outside of the conceived tech comfort zone
Scale17x: Thinking outside of the conceived tech comfort zone
The Linux Foundation
 
Unikraft Landing Page Master Slides
Unikraft Landing Page Master SlidesUnikraft Landing Page Master Slides
Unikraft Landing Page Master Slides
The Linux Foundation
 
Fosdem 18: Securing embedded Systems using Virtualization
Fosdem 18: Securing embedded Systems using VirtualizationFosdem 18: Securing embedded Systems using Virtualization
Fosdem 18: Securing embedded Systems using Virtualization
The Linux Foundation
 
OSSEU18: From Handcraft to Unikraft: Simpler Unikernelization of Your Applica...
OSSEU18: From Handcraft to Unikraft: Simpler Unikernelization of Your Applica...OSSEU18: From Handcraft to Unikraft: Simpler Unikernelization of Your Applica...
OSSEU18: From Handcraft to Unikraft: Simpler Unikernelization of Your Applica...
The Linux Foundation
 
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making... OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
The Linux Foundation
 
OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)
OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)
OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)
The Linux Foundation
 
XDF18: Heterogeneous Real-Time SoC Software Architecture - Stefano Stabellini...
XDF18: Heterogeneous Real-Time SoC Software Architecture - Stefano Stabellini...XDF18: Heterogeneous Real-Time SoC Software Architecture - Stefano Stabellini...
XDF18: Heterogeneous Real-Time SoC Software Architecture - Stefano Stabellini...
The Linux Foundation
 
2018 Genivi Xen Overview Nov Update
2018 Genivi Xen Overview Nov Update2018 Genivi Xen Overview Nov Update
2018 Genivi Xen Overview Nov Update
The Linux Foundation
 
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
The Linux Foundation
 
OSSNA18: Xen Beginners Training
OSSNA18: Xen Beginners Training OSSNA18: Xen Beginners Training
OSSNA18: Xen Beginners Training
The Linux Foundation
 
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
The Linux Foundation
 
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixXPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
The Linux Foundation
 
XPDDS19: Using Xen to Enable an Open Source Safety Certifiable Automotive Gra...
XPDDS19: Using Xen to Enable an Open Source Safety Certifiable Automotive Gra...XPDDS19: Using Xen to Enable an Open Source Safety Certifiable Automotive Gra...
XPDDS19: Using Xen to Enable an Open Source Safety Certifiable Automotive Gra...
The Linux Foundation
 
XPDDS19: Unikraft Dom0 Disaggregation
XPDDS19: Unikraft Dom0 DisaggregationXPDDS19: Unikraft Dom0 Disaggregation
XPDDS19: Unikraft Dom0 Disaggregation
The Linux Foundation
 
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
The Linux Foundation
 
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
The Linux Foundation
 
Platform Security Summit 18: Xen Security Weather Report 2018
Platform Security Summit 18: Xen Security Weather Report 2018Platform Security Summit 18: Xen Security Weather Report 2018
Platform Security Summit 18: Xen Security Weather Report 2018
The Linux Foundation
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
The Linux Foundation
 
Dom0less - Xen Developer Summit 2019
Dom0less - Xen Developer Summit 2019Dom0less - Xen Developer Summit 2019
Dom0less - Xen Developer Summit 2019
Stefano Stabellini
 
XPDDS19: Xen API Archaeology: Creating a Full-Featured VMI Debugger for the...
XPDDS19: Xen API Archaeology: Creating a Full-Featured VMI Debugger for the...XPDDS19: Xen API Archaeology: Creating a Full-Featured VMI Debugger for the...
XPDDS19: Xen API Archaeology: Creating a Full-Featured VMI Debugger for the...
The Linux Foundation
 
OSSEU17: How Open Source Project Xen Puts Security Software Vendors Ahead of ...
OSSEU17: How Open Source Project Xen Puts Security Software Vendors Ahead of ...OSSEU17: How Open Source Project Xen Puts Security Software Vendors Ahead of ...
OSSEU17: How Open Source Project Xen Puts Security Software Vendors Ahead of ...
The Linux Foundation
 
XPDDS17: Hypervisor-Based Security: Bringing Virtualized Exceptions Into the ...
XPDDS17: Hypervisor-Based Security: Bringing Virtualized Exceptions Into the ...XPDDS17: Hypervisor-Based Security: Bringing Virtualized Exceptions Into the ...
XPDDS17: Hypervisor-Based Security: Bringing Virtualized Exceptions Into the ...
The Linux Foundation
 
ELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made Simple
The Linux Foundation
 
XPDDS18: Xen Project Weather Report 2018
XPDDS18: Xen Project Weather Report 2018XPDDS18: Xen Project Weather Report 2018
XPDDS18: Xen Project Weather Report 2018
The Linux Foundation
 
XPDDS18: Unikraft: An easy way of crafting Unikernels on Arm - Kaly Xin, ARM
XPDDS18: Unikraft: An easy way of crafting Unikernels on Arm - Kaly Xin, ARMXPDDS18: Unikraft: An easy way of crafting Unikernels on Arm - Kaly Xin, ARM
XPDDS18: Unikraft: An easy way of crafting Unikernels on Arm - Kaly Xin, ARM
The Linux Foundation
 
OSSA17 - Mixed License FOSS Projects
OSSA17 - Mixed License FOSS ProjectsOSSA17 - Mixed License FOSS Projects
OSSA17 - Mixed License FOSS Projects
The Linux Foundation
 
XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...
XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...
XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...
The Linux Foundation
 
The UNICORE Project: Unikraft and OpenNebula
The UNICORE Project: Unikraft and OpenNebulaThe UNICORE Project: Unikraft and OpenNebula
The UNICORE Project: Unikraft and OpenNebula
OpenNebula Project
 
CSUC - UNICORE Project: UNIKernel Power
CSUC - UNICORE Project: UNIKernel PowerCSUC - UNICORE Project: UNIKernel Power
CSUC - UNICORE Project: UNIKernel Power
UNICORE_project
 

More Related Content

What's hot

XPDDS19: Using Xen to Enable an Open Source Safety Certifiable Automotive Gra...
XPDDS19: Using Xen to Enable an Open Source Safety Certifiable Automotive Gra...XPDDS19: Using Xen to Enable an Open Source Safety Certifiable Automotive Gra...
XPDDS19: Using Xen to Enable an Open Source Safety Certifiable Automotive Gra...
The Linux Foundation
 
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
The Linux Foundation
 
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
The Linux Foundation
 
Platform Security Summit 18: Xen Security Weather Report 2018
Platform Security Summit 18: Xen Security Weather Report 2018Platform Security Summit 18: Xen Security Weather Report 2018
Platform Security Summit 18: Xen Security Weather Report 2018
The Linux Foundation
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
The Linux Foundation
 
XPDDS19: Xen API Archaeology: Creating a Full-Featured VMI Debugger for the...
XPDDS19: Xen API Archaeology: Creating a Full-Featured VMI Debugger for the...XPDDS19: Xen API Archaeology: Creating a Full-Featured VMI Debugger for the...
XPDDS19: Xen API Archaeology: Creating a Full-Featured VMI Debugger for the...
The Linux Foundation
 
OSSEU17: How Open Source Project Xen Puts Security Software Vendors Ahead of ...
OSSEU17: How Open Source Project Xen Puts Security Software Vendors Ahead of ...OSSEU17: How Open Source Project Xen Puts Security Software Vendors Ahead of ...
OSSEU17: How Open Source Project Xen Puts Security Software Vendors Ahead of ...
The Linux Foundation
 
XPDDS17: Hypervisor-Based Security: Bringing Virtualized Exceptions Into the ...
XPDDS17: Hypervisor-Based Security: Bringing Virtualized Exceptions Into the ...XPDDS17: Hypervisor-Based Security: Bringing Virtualized Exceptions Into the ...
XPDDS17: Hypervisor-Based Security: Bringing Virtualized Exceptions Into the ...
The Linux Foundation
 
ELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made Simple
The Linux Foundation
 
XPDDS18: Unikraft: An easy way of crafting Unikernels on Arm - Kaly Xin, ARM
XPDDS18: Unikraft: An easy way of crafting Unikernels on Arm - Kaly Xin, ARMXPDDS18: Unikraft: An easy way of crafting Unikernels on Arm - Kaly Xin, ARM
XPDDS18: Unikraft: An easy way of crafting Unikernels on Arm - Kaly Xin, ARM
The Linux Foundation
 
OSSA17 - Mixed License FOSS Projects
OSSA17 - Mixed License FOSS ProjectsOSSA17 - Mixed License FOSS Projects
OSSA17 - Mixed License FOSS Projects
The Linux Foundation
 
XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...
XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...
XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...
The Linux Foundation
 

What's hot (20)

2018 Genivi Xen Overview Nov Update
2018 Genivi Xen Overview Nov Update2018 Genivi Xen Overview Nov Update
2018 Genivi Xen Overview Nov Update
 
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
 
OSSNA18: Xen Beginners Training
OSSNA18: Xen Beginners Training OSSNA18: Xen Beginners Training
OSSNA18: Xen Beginners Training
 
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
 
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixXPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
 
XPDDS19: Using Xen to Enable an Open Source Safety Certifiable Automotive Gra...
XPDDS19: Using Xen to Enable an Open Source Safety Certifiable Automotive Gra...XPDDS19: Using Xen to Enable an Open Source Safety Certifiable Automotive Gra...
XPDDS19: Using Xen to Enable an Open Source Safety Certifiable Automotive Gra...
 
XPDDS19: Unikraft Dom0 Disaggregation
XPDDS19: Unikraft Dom0 DisaggregationXPDDS19: Unikraft Dom0 Disaggregation
XPDDS19: Unikraft Dom0 Disaggregation
 
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
 
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
 
Platform Security Summit 18: Xen Security Weather Report 2018
Platform Security Summit 18: Xen Security Weather Report 2018Platform Security Summit 18: Xen Security Weather Report 2018
Platform Security Summit 18: Xen Security Weather Report 2018
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
 
Dom0less - Xen Developer Summit 2019
Dom0less - Xen Developer Summit 2019Dom0less - Xen Developer Summit 2019
Dom0less - Xen Developer Summit 2019
 
XPDDS19: Xen API Archaeology: Creating a Full-Featured VMI Debugger for the...
XPDDS19: Xen API Archaeology: Creating a Full-Featured VMI Debugger for the...XPDDS19: Xen API Archaeology: Creating a Full-Featured VMI Debugger for the...
XPDDS19: Xen API Archaeology: Creating a Full-Featured VMI Debugger for the...
 
OSSEU17: How Open Source Project Xen Puts Security Software Vendors Ahead of ...
OSSEU17: How Open Source Project Xen Puts Security Software Vendors Ahead of ...OSSEU17: How Open Source Project Xen Puts Security Software Vendors Ahead of ...
OSSEU17: How Open Source Project Xen Puts Security Software Vendors Ahead of ...
 
XPDDS17: Hypervisor-Based Security: Bringing Virtualized Exceptions Into the ...
XPDDS17: Hypervisor-Based Security: Bringing Virtualized Exceptions Into the ...XPDDS17: Hypervisor-Based Security: Bringing Virtualized Exceptions Into the ...
XPDDS17: Hypervisor-Based Security: Bringing Virtualized Exceptions Into the ...
 
ELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made Simple
 
XPDDS18: Xen Project Weather Report 2018
XPDDS18: Xen Project Weather Report 2018XPDDS18: Xen Project Weather Report 2018
XPDDS18: Xen Project Weather Report 2018
 
XPDDS18: Unikraft: An easy way of crafting Unikernels on Arm - Kaly Xin, ARM
XPDDS18: Unikraft: An easy way of crafting Unikernels on Arm - Kaly Xin, ARMXPDDS18: Unikraft: An easy way of crafting Unikernels on Arm - Kaly Xin, ARM
XPDDS18: Unikraft: An easy way of crafting Unikernels on Arm - Kaly Xin, ARM
 
OSSA17 - Mixed License FOSS Projects
OSSA17 - Mixed License FOSS ProjectsOSSA17 - Mixed License FOSS Projects
OSSA17 - Mixed License FOSS Projects
 
XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...
XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...
XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...
 

Similar to XPDDS19 Keynote: Unikraft Weather Report

“OpenVX 1.3: An Open Standard for Computer Vision Software Acceleration,” a P...
“OpenVX 1.3: An Open Standard for Computer Vision Software Acceleration,” a P...“OpenVX 1.3: An Open Standard for Computer Vision Software Acceleration,” a P...
“OpenVX 1.3: An Open Standard for Computer Vision Software Acceleration,” a P...
Edge AI and Vision Alliance
 
"Current and Planned Standards for Computer Vision and Machine Learning," a P...
"Current and Planned Standards for Computer Vision and Machine Learning," a P..."Current and Planned Standards for Computer Vision and Machine Learning," a P...
"Current and Planned Standards for Computer Vision and Machine Learning," a P...
Edge AI and Vision Alliance
 
XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...
XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...
XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...
The Linux Foundation
 
"Building Complete Embedded Vision Systems on Linux—From Camera to Display," ...
"Building Complete Embedded Vision Systems on Linux—From Camera to Display," ..."Building Complete Embedded Vision Systems on Linux—From Camera to Display," ...
"Building Complete Embedded Vision Systems on Linux—From Camera to Display," ...
Edge AI and Vision Alliance
 
Unik: Unikernel Backend to Cloud Foundry
Unik: Unikernel Backend to Cloud FoundryUnik: Unikernel Backend to Cloud Foundry
Unik: Unikernel Backend to Cloud Foundry
VMware Tanzu
 
"Portable Performance via the OpenVX Computer Vision Library: Case Studies," ...
"Portable Performance via the OpenVX Computer Vision Library: Case Studies," ..."Portable Performance via the OpenVX Computer Vision Library: Case Studies," ...
"Portable Performance via the OpenVX Computer Vision Library: Case Studies," ...
Edge AI and Vision Alliance
 
"APIs for Accelerating Vision and Inferencing: Options and Trade-offs," a Pre...
"APIs for Accelerating Vision and Inferencing: Options and Trade-offs," a Pre..."APIs for Accelerating Vision and Inferencing: Options and Trade-offs," a Pre...
"APIs for Accelerating Vision and Inferencing: Options and Trade-offs," a Pre...
Edge AI and Vision Alliance
 
OSDC 2012 | OpenNebula Tutorial by Constantino Vazquez Blanco
OSDC 2012 | OpenNebula Tutorial by Constantino Vazquez BlancoOSDC 2012 | OpenNebula Tutorial by Constantino Vazquez Blanco
OSDC 2012 | OpenNebula Tutorial by Constantino Vazquez Blanco
NETWAYS
 
stackconf 2022: It’s Time to Debloat the Cloud with Unikraft
stackconf 2022: It’s Time to Debloat the Cloud with Unikraftstackconf 2022: It’s Time to Debloat the Cloud with Unikraft
stackconf 2022: It’s Time to Debloat the Cloud with Unikraft
NETWAYS
 

Similar to XPDDS19 Keynote: Unikraft Weather Report (20)

The UNICORE Project: Unikraft and OpenNebula
The UNICORE Project: Unikraft and OpenNebulaThe UNICORE Project: Unikraft and OpenNebula
The UNICORE Project: Unikraft and OpenNebula
 
CSUC - UNICORE Project: UNIKernel Power
CSUC - UNICORE Project: UNIKernel PowerCSUC - UNICORE Project: UNIKernel Power
CSUC - UNICORE Project: UNIKernel Power
 
UNICORE Project: Unikernel Power
UNICORE Project: Unikernel PowerUNICORE Project: Unikernel Power
UNICORE Project: Unikernel Power
 
“OpenVX 1.3: An Open Standard for Computer Vision Software Acceleration,” a P...
“OpenVX 1.3: An Open Standard for Computer Vision Software Acceleration,” a P...“OpenVX 1.3: An Open Standard for Computer Vision Software Acceleration,” a P...
“OpenVX 1.3: An Open Standard for Computer Vision Software Acceleration,” a P...
 
"Current and Planned Standards for Computer Vision and Machine Learning," a P...
"Current and Planned Standards for Computer Vision and Machine Learning," a P..."Current and Planned Standards for Computer Vision and Machine Learning," a P...
"Current and Planned Standards for Computer Vision and Machine Learning," a P...
 
XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...
XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...
XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...
 
Academy PRO: .NET Core intro
Academy PRO: .NET Core introAcademy PRO: .NET Core intro
Academy PRO: .NET Core intro
 
"Building Complete Embedded Vision Systems on Linux—From Camera to Display," ...
"Building Complete Embedded Vision Systems on Linux—From Camera to Display," ..."Building Complete Embedded Vision Systems on Linux—From Camera to Display," ...
"Building Complete Embedded Vision Systems on Linux—From Camera to Display," ...
 
Unik: Unikernel Backend to Cloud Foundry
Unik: Unikernel Backend to Cloud FoundryUnik: Unikernel Backend to Cloud Foundry
Unik: Unikernel Backend to Cloud Foundry
 
Cigna Innovation Summit
Cigna Innovation SummitCigna Innovation Summit
Cigna Innovation Summit
 
Linux, Unikernel, LinuxKit: towards redefining the cloud stack.
Linux, Unikernel, LinuxKit: towards redefining the cloud stack.Linux, Unikernel, LinuxKit: towards redefining the cloud stack.
Linux, Unikernel, LinuxKit: towards redefining the cloud stack.
 
"Portable Performance via the OpenVX Computer Vision Library: Case Studies," ...
"Portable Performance via the OpenVX Computer Vision Library: Case Studies," ..."Portable Performance via the OpenVX Computer Vision Library: Case Studies," ...
"Portable Performance via the OpenVX Computer Vision Library: Case Studies," ...
 
Modern IoT and Embedded Linux Deployment - Berlin
Modern IoT and Embedded Linux Deployment - BerlinModern IoT and Embedded Linux Deployment - Berlin
Modern IoT and Embedded Linux Deployment - Berlin
 
"APIs for Accelerating Vision and Inferencing: Options and Trade-offs," a Pre...
"APIs for Accelerating Vision and Inferencing: Options and Trade-offs," a Pre..."APIs for Accelerating Vision and Inferencing: Options and Trade-offs," a Pre...
"APIs for Accelerating Vision and Inferencing: Options and Trade-offs," a Pre...
 
OSDC 2012 | OpenNebula Tutorial by Constantino Vazquez Blanco
OSDC 2012 | OpenNebula Tutorial by Constantino Vazquez BlancoOSDC 2012 | OpenNebula Tutorial by Constantino Vazquez Blanco
OSDC 2012 | OpenNebula Tutorial by Constantino Vazquez Blanco
 
Continuous Everything in a Multi-cloud and Multi-platform Environment
Continuous Everything in a Multi-cloud and Multi-platform EnvironmentContinuous Everything in a Multi-cloud and Multi-platform Environment
Continuous Everything in a Multi-cloud and Multi-platform Environment
 
stackconf 2022: It’s Time to Debloat the Cloud with Unikraft
stackconf 2022: It’s Time to Debloat the Cloud with Unikraftstackconf 2022: It’s Time to Debloat the Cloud with Unikraft
stackconf 2022: It’s Time to Debloat the Cloud with Unikraft
 
Crash Course in Open Source Cloud Computing
Crash Course in Open Source Cloud ComputingCrash Course in Open Source Cloud Computing
Crash Course in Open Source Cloud Computing
 
LKNOG3 - Telco Cloud Common – VIM/ CIM
LKNOG3 - Telco Cloud Common – VIM/ CIMLKNOG3 - Telco Cloud Common – VIM/ CIM
LKNOG3 - Telco Cloud Common – VIM/ CIM
 
Infrastructure design for Kubernetes
Infrastructure design for KubernetesInfrastructure design for Kubernetes
Infrastructure design for Kubernetes
 

More from The Linux Foundation

XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxXPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
The Linux Foundation
 
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
The Linux Foundation
 
XPDDS19: Implementing AMD MxGPU - Jonathan Farrell, Assured Information Security
XPDDS19: Implementing AMD MxGPU - Jonathan Farrell, Assured Information SecurityXPDDS19: Implementing AMD MxGPU - Jonathan Farrell, Assured Information Security
XPDDS19: Implementing AMD MxGPU - Jonathan Farrell, Assured Information Security
The Linux Foundation
 
XPDDS19: Application Agnostic High Availability Solution On Hypervisor Level ...
XPDDS19: Application Agnostic High Availability Solution On Hypervisor Level ...XPDDS19: Application Agnostic High Availability Solution On Hypervisor Level ...
XPDDS19: Application Agnostic High Availability Solution On Hypervisor Level ...
The Linux Foundation
 
XPDDS19: The Xen-Blanket for 2019 - Christopher Clark and Kelli Little, Star ...
XPDDS19: The Xen-Blanket for 2019 - Christopher Clark and Kelli Little, Star ...XPDDS19: The Xen-Blanket for 2019 - Christopher Clark and Kelli Little, Star ...
XPDDS19: The Xen-Blanket for 2019 - Christopher Clark and Kelli Little, Star ...
The Linux Foundation
 
XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...
XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...
XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...
The Linux Foundation
 

More from The Linux Foundation (19)

XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
 
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxXPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
 
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
 
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderXPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
 
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdXPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
 
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
 
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DXPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
 
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsXPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
 
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
 
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEXPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
 
XPDDS19: Implementing AMD MxGPU - Jonathan Farrell, Assured Information Security
XPDDS19: Implementing AMD MxGPU - Jonathan Farrell, Assured Information SecurityXPDDS19: Implementing AMD MxGPU - Jonathan Farrell, Assured Information Security
XPDDS19: Implementing AMD MxGPU - Jonathan Farrell, Assured Information Security
 
XPDDS19: Support of PV Devices in Nested Xen - Jürgen Groß, SUSE
XPDDS19: Support of PV Devices in Nested Xen - Jürgen Groß, SUSEXPDDS19: Support of PV Devices in Nested Xen - Jürgen Groß, SUSE
XPDDS19: Support of PV Devices in Nested Xen - Jürgen Groß, SUSE
 
XPDDS19: Application Agnostic High Availability Solution On Hypervisor Level ...
XPDDS19: Application Agnostic High Availability Solution On Hypervisor Level ...XPDDS19: Application Agnostic High Availability Solution On Hypervisor Level ...
XPDDS19: Application Agnostic High Availability Solution On Hypervisor Level ...
 
XPDSS19: Live-Updating Xen - Amit Shah & David Woodhouse, Amazon
XPDSS19: Live-Updating Xen - Amit Shah & David Woodhouse, AmazonXPDSS19: Live-Updating Xen - Amit Shah & David Woodhouse, Amazon
XPDSS19: Live-Updating Xen - Amit Shah & David Woodhouse, Amazon
 
XPDDS19: Secure Unikraft Applications with Solo5 - Haibo Xu, ARM
XPDDS19: Secure Unikraft Applications with Solo5 - Haibo Xu, ARMXPDDS19: Secure Unikraft Applications with Solo5 - Haibo Xu, ARM
XPDDS19: Secure Unikraft Applications with Solo5 - Haibo Xu, ARM
 
XPDDS19: The Xen-Blanket for 2019 - Christopher Clark and Kelli Little, Star ...
XPDDS19: The Xen-Blanket for 2019 - Christopher Clark and Kelli Little, Star ...XPDDS19: The Xen-Blanket for 2019 - Christopher Clark and Kelli Little, Star ...
XPDDS19: The Xen-Blanket for 2019 - Christopher Clark and Kelli Little, Star ...
 
XPDSS19: Improve the Reliability and Efficiency of Late Microcode Update - Ch...
XPDSS19: Improve the Reliability and Efficiency of Late Microcode Update - Ch...XPDSS19: Improve the Reliability and Efficiency of Late Microcode Update - Ch...
XPDSS19: Improve the Reliability and Efficiency of Late Microcode Update - Ch...
 
XPDDS19: When Unikraft Meets Arm64 - Jia He, Arm
XPDDS19: When Unikraft Meets Arm64 - Jia He, ArmXPDDS19: When Unikraft Meets Arm64 - Jia He, Arm
XPDDS19: When Unikraft Meets Arm64 - Jia He, Arm
 
XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...
XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...
XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...
 

Recently uploaded

Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Nitya salvi
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
mohitmore19
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
OnePlan Solutions
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
shinachiaurasa2
 

Recently uploaded (20)

ManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide DeckManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide Deck
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
Pharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodologyPharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodology
 
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 

XPDDS19 Keynote: Unikraft Weather Report

  • 1. Simon Kuenzer <simon.kuenzer@neclab.eu> Senior Researcher, NEC Laboratories Europe GmbH Xen Summit 2019, Chicago Weather Report This work has received funding from the European Union’s Horizon 2020 research and innovation program under grant agreements no. 675806 (“5G CITY”) and no. 825377 (“UNICORE”). This work reflects only the author’s views and the European Commission is not responsible for any use that may be made of the information it contains.
  • 2.
  • 3. An SDK for highly specialized Unikernels
  • 4. 4 © NEC Corporation 2019 Unikernels as VMs Unikernels Kernel Hardware Kernel App B Libs B Traditional VMs Hypervisor App A Libs A Hardware Hypervisor
  • 5. 5 © NEC Corporation 2019 Unikernels as VMs App A Libs A App B Libs B Unikernels Kernel Hardware Kernel App B Libs B Traditional VMs Hypervisor App A Libs A Hardware Hypervisor
  • 6. 6 © NEC Corporation 2019 Unikernels as VMs ▌Unikernels are purpose-built  Thin kernel layer, only what application needs  Single monolithic binary that contains OS and application App A Libs A App B Libs B Unikernels Kernel Hardware Kernel App B Libs B Traditional VMs Hypervisor App A Libs A Hardware Hypervisor
  • 7. 7 © NEC Corporation 2019 Unikernels as VMs ▌Unikernels are purpose-built  Thin kernel layer, only what application needs  Single monolithic binary that contains OS and application ▌No isolation within Unikernel, done with hypervisor  One application  Flat and single address space App A Libs A App B Libs B Unikernels Kernel Hardware Kernel App B Libs B Traditional VMs Hypervisor App A Libs A Hardware Hypervisor
  • 8. 8 © NEC Corporation 2019 Unikernels as VMs ▌Unikernels are purpose-built  Thin kernel layer, only what application needs  Single monolithic binary that contains OS and application ▌No isolation within Unikernel, done with hypervisor  One application  Flat and single address space ▌Further advantages from specialization  Performance and efficiency; reduced attack vector; small memory footprint App A Libs A App B Libs B Unikernels Kernel Hardware Kernel App B Libs B Traditional VMs Hypervisor App A Libs A Hardware Hypervisor
  • 9. 9 © NEC Corporation 2019 Unikernel Framework Motivation ▌Support wide range of use cases ▌Simplify building and optimizing ▌Simplify porting of existing applications ▌Common and shared code base for Unikernel creators ▌Support different hypervisors and CPU architectures
  • 10. 10 © NEC Corporation 2019 Unikernel Framework Motivation ▌Support wide range of use cases ▌Simplify building and optimizing ▌Simplify porting of existing applications ▌Common and shared code base for Unikernel creators ▌Support different hypervisors and CPU architectures ▌Concept: “Everything is a library” Decomposed OS functionality ▌Two components: 1. Library Pool 2. Build Tool
  • 11. 11 © NEC Corporation 2019 architecture libs main libs platform libs libarm32arch.olibx86_64arch.o libxenplat.o drivers libconsole.o libixgbe.o libvirtio.o network stack liblwip.o libtcpip.o libhttp.o memory allocators libbuddy.o libheap.o libmempool.o filesystems libvfs.o libfat.o libext3.o runtimes libocaml.o libpython.o liberlang.o schedulers libcoop.o libpreempt.o librt.o and more… standard libs musl.o libnewlibc.o libopenssl.o 1) Library Pool libkvmplat.o liblinuxuplat.o libmipsarch.o libxenplat.o
  • 12. 12 © NEC Corporation 2019 architecture libs main libs platform libs libarm32arch.olibx86_64arch.o libxenplat.o drivers libconsole.o libixgbe.o libvirtio.o network stack liblwip.o libtcpip.o libhttp.o memory allocators libbuddy.o libheap.o libmempool.o filesystems libvfs.o libfat.o libext3.o runtimes libocaml.o libpython.o liberlang.o schedulers libcoop.o libpreempt.o librt.o MyApplication and more… standard libs musl.o libnewlibc.o libopenssl.o 1) Library Pool libkvmplat.o liblinuxuplat.o libmipsarch.o libxenplat.o Select/create application 1 MyLib_A
  • 13. 13 © NEC Corporation 2019 architecture libs main libs platform libs libarm32arch.olibx86_64arch.o libxenplat.o drivers libconsole.o libixgbe.o libvirtio.o network stack liblwip.o libtcpip.o libhttp.o memory allocators libbuddy.o libheap.o libmempool.o filesystems libvfs.o libfat.o libext3.o runtimes libocaml.o libpython.o liberlang.o schedulers libcoop.o libpreempt.o librt.o MyApplication and more… standard libs musl.o libnewlibc.o libopenssl.o 1) Library Pool libkvmplat.o liblinuxuplat.o libmipsarch.o libxenplat.o Select/create application 1 Selectand configurelibraries 2 MyLib_A
  • 14. 14 © NEC Corporation 2019 Unikernels architecture libs main libs platform libs libarm32arch.olibx86_64arch.o libxenplat.o drivers libconsole.o libixgbe.o libvirtio.o network stack liblwip.o libtcpip.o libhttp.o memory allocators libbuddy.o libheap.o libmempool.o filesystems libvfs.o libfat.o libext3.o runtimes libocaml.o libpython.o liberlang.o schedulers libcoop.o libpreempt.o librt.o MyApplication and more… standard libs musl.o libnewlibc.o libopenssl.o 1) Library Pool libkvmplat.o liblinuxuplat.o libmipsarch.o libxenplat.o Select/create application 1 Selectand configurelibraries 2 Build3Run4 myapp_xen_x86-64 myapp_kvm_x86-64 myapp_bare_arm64 etc. MyLib_A
  • 15. 15 © NEC Corporation 2019 2) Build Tool
  • 16. 16 © NEC Corporation 2019 2) Build Tool ▌KConfig based and Makefile “Magic”
  • 17. 17 © NEC Corporation 2019 2) Build Tool ▌KConfig based and Makefile “Magic” ▌Type “make menuconfig” Choose options in the menu that you want for your application Choose your target platform(s), e.g., Xen, KVM, bare-metal, Linux
  • 18. 18 © NEC Corporation 2019 2) Build Tool ▌KConfig based and Makefile “Magic” ▌Type “make menuconfig” Choose options in the menu that you want for your application Choose your target platform(s), e.g., Xen, KVM, bare-metal, Linux ▌Save your config and type “make”
  • 19. Community Status and Achievements
  • 20. 20 © NEC Corporation 2019 Timeline ▌Early 2017: NEC-Internal project launch; 0.1 Build system Initial port from Mini-OS and Solo5/KVM
  • 21. 21 © NEC Corporation 2019 Timeline ▌Early 2017: NEC-Internal project launch; 0.1 Build system Initial port from Mini-OS and Solo5/KVM ▌Dec/2017: Public Launch; RELEASE-0.2 Titan As Xen Incubator project Arm32 Xen, x86 Xen, x86 KVM, x86 Linux Binary buddy allocator (heap) Cooperative scheduling
  • 22. 22 © NEC Corporation 2019 Timeline ▌Early 2017: NEC-Internal project launch; 0.1 Build system Initial port from Mini-OS and Solo5/KVM ▌Dec/2017: Public Launch; RELEASE-0.2 Titan As Xen Incubator project Arm32 Xen, x86 Xen, x86 KVM, x86 Linux Binary buddy allocator (heap) Cooperative scheduling ▌Feb/2019: RELEASE-0.3 Iapetus Arm64 support for KVM Networking (uknetdev, lwip, virtio-net) Initial VFS with in-RAM filesystem newlib
  • 23. 23 © NEC Corporation 2019 Timeline ▌Early 2017: NEC-Internal project launch; 0.1 Build system Initial port from Mini-OS and Solo5/KVM ▌Dec/2017: Public Launch; RELEASE-0.2 Titan As Xen Incubator project Arm32 Xen, x86 Xen, x86 KVM, x86 Linux Binary buddy allocator (heap) Cooperative scheduling ▌Feb/2019: RELEASE-0.3 Iapetus Arm64 support for KVM Networking (uknetdev, lwip, virtio-net) Initial VFS with in-RAM filesystem newlib ▌Upcoming release: RELEASE-0.4 Rhea Language support: C++, Python, etc. Block & console devices 9pfs filesystem (Xen, KVM) Libraries: intel-intrinsics, libunwind, libuuid, pthread-embedded, compiler-rt, eigen, fp16, fxdiv, pthreadpool
  • 24. 24 © NEC Corporation 2019 Changed lines of code by affiliation ▌3 contributors ▌Project Launch 86020 14903 27720 11736 32149 86020 31369 60401 2017 2018 2019 NEC Politehnica University of Bucharest Arm Other ▌~15 contributors ▌*Many patches still under review ▌~20 contributors ▌Start of student projects
  • 26. 26 © NEC Corporation 2019 Documentation ▌http://unikraft.org ▌Generated by Sphinx ▌Part of base repository: /doc/
  • 27. 27 © NEC Corporation 2019 Patch Reviews ▌Patchwork: http://patchwork.unikraft.org ▌Coordination of reviewers ▌Review status and reviewer/maintainer in charge visible
  • 28. 28 © NEC Corporation 2019 Automated Testing (coming soon) ▌Today: Two-branch model: master & staging Staging: Latest accepted patches Master: Manual follow-up: Releases and tested code
  • 29. 29 © NEC Corporation 2019 Automated Testing (coming soon) ▌Today: Two-branch model: master & staging Staging: Latest accepted patches Master: Manual follow-up: Releases and tested code ▌Jenkins for automate testing Common combinations of configurations and libraries Execution test on common hypervisors and architectures (Xen, KVM, Linux, x86, Arm)
  • 30. 30 © NEC Corporation 2019 Automated Testing (coming soon) ▌Today: Two-branch model: master & staging Staging: Latest accepted patches Master: Manual follow-up: Releases and tested code ▌Jenkins for automate testing Common combinations of configurations and libraries Execution test on common hypervisors and architectures (Xen, KVM, Linux, x86, Arm) ▌Goal Integrate test results into review processes
  • 32. 32 © NEC Corporation 2019 Binary Compatible Unikernels ▌Even with complete library pool, manual porting is non-trivial Existing build system need to be ported or instrumented (e.g., cross-compilation) Pre-compiled binaries cannot be executed (e.g., proprietary executables)
  • 33. 33 © NEC Corporation 2019 Binary Compatible Unikernels ▌Even with complete library pool, manual porting is non-trivial Existing build system need to be ported or instrumented (e.g., cross-compilation) Pre-compiled binaries cannot be executed (e.g., proprietary executables) ▌ELF binary compatibility, Linux ABI Same executable for Linux should run on Unikraft without recompilation ELF loader System call emulation [1] Pierre et. al, A Binary-Compatible Unikernel, VEE’19 [2] Kiviti et. al, OSv—Optimizing the Operating System for Virtual Machines, USENIX ATC ’14 Image: https://en.wikipedia.org/wiki/Executable_and_Linkable_Format
  • 34. 34 © NEC Corporation 2019 Language Runtimes
  • 35. 35 © NEC Corporation 2019 Language Runtimes ▌Support applications written in higher-level language as Unikernel Primarily Serverless and IoT use cases
  • 36. 36 © NEC Corporation 2019 Language Runtimes ▌Support applications written in higher-level language as Unikernel Primarily Serverless and IoT use cases ▌Upcoming: C++ Rust Go Ruby Javascript (v8) Python
  • 37. 37 © NEC Corporation 2019 Language Runtimes ▌Support applications written in higher-level language as Unikernel Primarily Serverless and IoT use cases ▌Upcoming: C++ Rust Go Ruby Javascript (v8) Python Unikernel Image sizes (uncompressed, Xen) Micropython 828 KB Python 2 3,9 MB Go runtime 552 KB
  • 38. 38 © NEC Corporation 2019 NFV ▌Virtualized Network Functions Package vNF directly as VM with Unikraft Remove maintenance effort of hosting OS Minimal OS overhead Minimal OS noise High networking performance & throughput
  • 39. 39 © NEC Corporation 2019 NFV ▌Virtualized Network Functions Package vNF directly as VM with Unikraft Remove maintenance effort of hosting OS Minimal OS overhead Minimal OS noise High networking performance & throughput ▌Click Programmable vNF
  • 40. 40 © NEC Corporation 2019 NFV ▌Virtualized Network Functions Package vNF directly as VM with Unikraft Remove maintenance effort of hosting OS Minimal OS overhead Minimal OS noise High networking performance & throughput ▌Click Programmable vNF ▌Intel DPDK Dataplane development Kit SDK for building high-performance VNFs Directly build Unikernel instead of kernel-bypassing application
  • 41. 41 © NEC Corporation 2019 Application Porting ▌Initial set of ported application Typical for cloud deployments Learn about missing components in Unikraft
  • 42. 42 © NEC Corporation 2019 Application Porting ▌Initial set of ported application Typical for cloud deployments Learn about missing components in Unikraft ▌Webservers Nginx, lighttpd
  • 43. 43 © NEC Corporation 2019 Application Porting ▌Initial set of ported application Typical for cloud deployments Learn about missing components in Unikraft ▌Webservers Nginx, lighttpd ▌Databases Memcached, Redis, sqlite
  • 44. 44 © NEC Corporation 2019 Application Porting ▌Initial set of ported application Typical for cloud deployments Learn about missing components in Unikraft ▌Webservers Nginx, lighttpd ▌Databases Memcached, Redis, sqlite ▌Machine Learning Pytorch
  • 45. 45 © NEC Corporation 2019 Application Porting ▌Initial set of ported application Typical for cloud deployments Learn about missing components in Unikraft ▌Webservers Nginx, lighttpd ▌Databases Memcached, Redis, sqlite ▌Machine Learning Pytorch ▌Goal: Only minimal effort to integrate to build system Makefile.uk Config.uk
  • 46. 46 © NEC Corporation 2019 Application Porting ▌Initial set of ported application Typical for cloud deployments Learn about missing components in Unikraft ▌Webservers Nginx, lighttpd ▌Databases Memcached, Redis, sqlite ▌Machine Learning Pytorch ▌Goal: Only minimal effort to integrate to build system Makefile.uk Config.uk SQLite Unikernel Image size (uncompressed, Xen) 844 KB
  • 47. 47 © NEC Corporation 2019 Xenstore Xen Dom0-Disaggregation ▌Disaggregate functionality from Dom0 Xen Linux Dom0 xl toolstack
  • 48. 48 © NEC Corporation 2019 Xenstore Xen Dom0-Disaggregation ▌Disaggregate functionality from Dom0 XenStore stub domain (e.g., cxenstore) Xen Linux Dom0 xl toolstack
  • 49. 49 © NEC Corporation 2019 Xenstore Xen Dom0-Disaggregation ▌Disaggregate functionality from Dom0 XenStore stub domain (e.g., cxenstore) Xen Linux Qemu HVM DomUDom0 xl toolstack
  • 50. 50 © NEC Corporation 2019 Xenstore Xen Dom0-Disaggregation ▌Disaggregate functionality from Dom0 XenStore stub domain (e.g., cxenstore) QEMU stub domain Xen Linux Qemu HVM DomUDom0 xl toolstack
  • 51. 51 © NEC Corporation 2019 Hardening ▌Already small attack vector due to specialization
  • 52. 52 © NEC Corporation 2019 Hardening ▌Already small attack vector due to specialization ▌Common attack prevention features need to be implemented1, for instance: ASLR (via boot loader or toolstack) Stack canaries Page protection bits Heap integrity checks [1] NCC Group, Assessing Unikernel Security, https://www.nccgroup.trust/us/our-research/assessing-unikernel-security/
  • 53. 53 © NEC Corporation 2019 Hardening ▌Already small attack vector due to specialization ▌Common attack prevention features need to be implemented1, for instance: ASLR (via boot loader or toolstack) Stack canaries Page protection bits Heap integrity checks ▌Potential to enable enhanced preventions with little performance costs due to direct access to privileged functionality e.g., malloc() maps pages, free() unmaps pages [1] NCC Group, Assessing Unikernel Security, https://www.nccgroup.trust/us/our-research/assessing-unikernel-security/
  • 54. More talks at XenSummit 2019
  • 55. 55 © NEC Corporation 2019 Talks
  • 56. 56 © NEC Corporation 2019 Talks ▌Check-out related talks: Wednesday, 11:55am Secure Unikraft Applications with Solo5 Haibo Xu, Arm Wednesday, 1:50pm When Unikraft Meets Arm64 Jia He, Arm Wednesday, 3:45pm A Journey to Mirage OS as Xen PVH Marek Marczykowski-Górecki, Invisible Things Lab
  • 57. 57 © NEC Corporation 2019 Talks ▌Check-out related talks: Wednesday, 11:55am Secure Unikraft Applications with Solo5 Haibo Xu, Arm Wednesday, 1:50pm When Unikraft Meets Arm64 Jia He, Arm Wednesday, 3:45pm A Journey to Mirage OS as Xen PVH Marek Marczykowski-Górecki, Invisible Things Lab ▌Design Sessions Tuesday, 2:40pm Building Stub Domains with Unikraft Wednesday, 4:35pm A Journey through Unikraft's Build System