satis egitimisatis

Clear Thoughts on Cloudy Subjects

Musings about the Xen Project, Clouds, virtualization, Open Source, and everything else that piques my technical interest.

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that has been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Login
Posted by on in Open Source
  • Font size: Larger Smaller
  • Hits: 8003
  • Print
  • Report this post

The Next Generation Cloud: Behold the Rise of the Unikernel!

The First Generation Cloud Dealt with Orchestration; The Next Generation Will Deal with Applications

During the past decade, the world of the cloud has been consumed with orchestration: How can we make an infrastructure which can adapt to the needs of the enterprise?  Words like automation, flexibility, and control have ruled the world of the cloud to date.

But now that a number of cloud orchestration projects have begun to mature, it's time to take a look at the applications themselves.  Until now, the applications which dwell in clouds look suspiciously like the applications which inhabited the traditional datacenter.  And while they may function pretty well, they are not really designed with an agile infrastructure in mind.

Make It Small, Make It Fast

In the world of the cloud, it would make sense to have small applications which are lightweight and nimble.  They should be quick to start and stop.  They should do what they need to do and then get out of the way so that valuable compute resources can be focused on applications which require compute power -- like databases, for instance.

Docker has made inroads in this area by using container technology to share the operating system space between many applications.  Virtual machines contain a full operating system for each instance, which requires lots of disk space, lots of memory, and prolonged startup and shutdown times.  Docker-type solutions keep memory usage down, make startups and shutdowns lightning quick, and create application bundles which are easy to deploy.

But shared resources can mean that an exploit of the base operating system can cause the compromise of dozens or even hundreds of applications resident on that host.  It also means that multi-tenant situations are difficult to achieve, as shared resources could mean increased ability to see your neighbor's work. If you don't trust your neighbor, you want a wall between the two applications which makes them invisible to each other, just like the solutions already extant in the world of hypervisors.

A more efficient solution would be something even smaller which actually reduces the attack plane of malicious crackers.  It should provide the benefits of container technologies, while providing the isolation and security of hypervisors.

Behold the Unikernel

The solution to this situation could be the Unikernel.  Sometimes called, "library operating systems," these solutions generate applications which run on a traditional hypervisor, but omit the full, multi-user operating system for the VM. Instead, it replaces the guest OS with a bare-bones environment which contains just enough operating system functions to make the application run.  Unneeded functionality (like multi-user capabilities and an array of general utilities) are eliminated.

The result is a package which is incredibly lightweight -- many network devices come in at less than a megabyte in size -- and yet more secure than their traditional counterparts. With a very small attack surface and a lack of tools to exploit, these tiny applications are fit for use in that security-conscious world of the cloud.

Want to Know More?

There are several Unikernel talks coming up in the next 2 months, including conferences like O'Reilly Software Architecture (Boston, MA) and Linuxfest Northwest (Bellingham, WA).  There are also talks at the University of California Berkeley Swarm Lab and the East Bay Linux User's Group (San Francisco CA).

Can't make one of them? Watch the recorded session from SCALE 13x from February 2015 to hear about the world of unikernels:



Rate this blog entry:
Russ is the evangelist for the Xen Project. An Open Source advocate since 1995, he has been around the Open Source world as a columnist, Internet radio personality, book author, and blogger. He has spoken at over 75 Open Source events and continues to look for conferences to speak about Open Source in general, and Xen in particular (if you have an event in mind, contact him). He first began working with Cloud technologies in 2004. He also has over 20 years experience of software consulting.
  • No comments made yet. Be the first to submit a comment

Leave your comment

Guest Wednesday, 09 September 2015


Citrix supports the open source community via developer support and evangelism. We have a number of developers and evangelists that participate actively in the open source community in Apache Cloudstack, OpenStack, OpenDaylight, Xen Project and XenServer. We also conduct educational activities via the Build A Cloud events held all over the world.