The DevOps Roadmap: Unikernels

by | Feb 19, 2021 | Engineering

Containerization is one of the core building principles of clouds and DevOps, but traditional VMs and containers lack the security and agility that modern infrastructure craves. We are moving towards workloads that are smaller, faster, and more secure than the traditional counterparts.

Unikernels solve these problems that were architecturally tough to crack. Now, a massive wave of developers are moving to embrace this novel approach to make most of their hardware and cloud computing resources.

New to all of these? You’re not alone. Let’s dive and learn about:

What are Unikernels?

How are Unikernels built?

Why Unikernels are the future?

Unikernel OSes

What are Unikernels?

Unikernels, on the surface, are an improved version of the container because of the security and performance benefits they bring. The so-called ‘container 2.0 ‘is slightly different from traditional containers because the operating system they run is a single-purpose, unlike the counterparts that run on a general-purpose Linux system.

Moreover, you might remember the kernels being shared in a container, but this is not the case for unikernels. As the name suggests, they’re single kernel containers where each unikernel has its own kernel, and no sharing occurs.

How are Unikernels built?

Unikernels are constructed by compiling high-level languages (like java, c++) directly into specialist machine images that run directly on a hypervisor, such as Xen or bare metal. Because hypervisors operate most public cloud computing infrastructures such as Amazon EC2, this allows the services to operate more cheaply, safely, and with better control than with a full software stack without much configuration.

container unikernels
Unikernels as single kernel containers.

The base image is created by selecting necessary libraries for the application and then compiling them to create sealed, fixed-purpose images (unikernels) with the application and configuration code that run directly on a hypervisor or hardware without an intervening OS such as Linux or Windows.

The compiled specialized image is a single address space for all processes in the machine.

Why Unikernels are the future?

Improved security

Unikernels re-structure the rules by reducing an application’s attack surface to a fraction of its normal size. Think about it: What are you doing next if you are smart enough to find and exploit a flaw in a unikernel application? Since there isn’t a shell or other tools you can’t mess around with it. You can’t call one of the thousands of utility systems, because they don’t exist in these single-use OSs to do something sinister.

Small footprints

Unikernel images are specific with only the required libraries and drivers without anything that is considered to be unnecessary. This helps in some compiled images to be below 500 kb and foster smaller footprints.

Now compare with it to the Gbs of installation space required for traditional general-purpose OSs.

Highly optimised

The compilation model from the libraries helps build a system optimized from drivers to processes at the application layer. This allows for efficient containerization, which is made specifically for the application.

unikernel
Multi-purpose OS vs Unikernels Image source: container-solutions

Fast Boot

Unikernels are also very easy to boot because of the drastic reduction in dependencies, making them feasible to use as on-demand services. In the construction process, the specialized picture often means that the configuration is baked, changing the emphasis from deploying and configuring systems to deploying and configuring software. In the sense of unikernels, the method is just a library.

This, in turn, reduces boot time from minutes to something that is measured In milliseconds.

Unikernel OSes

There are many unikernel building libraries accessible from various sources, leading the way with the open source community. Four of the more common unikernel systems include:

MirageOS

MirageOS has a working domain name server, one of the most developed unikernel projects, which compiles to just 449 KB. Yeah, that’s kilobytes, a memory size that many of us have not spoken of in the modern century. The project also has a web server weighing in at 674 KB and a learning transfer from OpenFlow that tips the scales at just 393 KB.

IncludeOS

IncludeOS is an operating system library written in C++ for the development of unikernels. It can take advantage of many CPUs and it is possible to use threads to spread workload on several Processor cores. Limited source-code compatibility with Linux is also retained.

MiniOS

MiniOS is a tiny Xen Hypervisor distributed OS kernel. It is used for the production of Unikernels as a base.

ClickOS

ClickOS, a high-performance, virtualised software middlebox platform is a unikernel specialised for Network Function Virtualisation. ClickOS virtual machines are small (5MB), boot quickly (about 30 milliseconds), add little delay (45 microseconds), and over 100 of them can be concurrently run while saturating a 10Gb pipe on a commodity server.

Final Thoughts⭐

Unikernels are awesome, but as they are small and specific, so no debugging tools exist, which’s a limitation. If looked this limitation is not so major as in production environment, you don’t mess around with containers. If we need to repair some bug, we first recreate the bug, then fix it and then deploy a new container, subsequently shutting down the old one.

Happy Learning!

Explore more

Serverless, FaaS and why do you need them?

In recent years, serverless adoption has started, with more and more individuals depending on serverless technology to meet organizations’ specific needs. A survey conducted by Serverless Inc showed in 2018 that half of the respondents used serverless in their job,...

read more

The DevOps Roadmap: Virtualization

The Full-Stack Developer's Roadmap Part 1: FrontendThe Full-Stack Developer's Roadmap Part 2: BackendThe Full-Stack Developer's Roadmap Part 3: DatabasesThe Full-Stack Developer's Roadmap Part 4: APIsThe DevOps Roadmap: Fundamentals with CI/CDThe DevOps Roadmap: 7...

read more

Cloud Computing models: SaaS vs IaaS vs PaaS

Companies embrace cloud computing worldwide, and the forecasted size of 1025.9 billion USD by 2026 says the same story. Owning and managing infrastructure comes with a considerable cost and improper utilization of human resources. Companies are meant to foster...

read more

What is Cloud Computing?

"Cloud Computing" describes a set of terms that you hear everywhere nowadays. It might be in your morning newspaper, or the cool kid you know talks about it with few jargon terms like scalability, elasticity, etc. and now you want to know about these terms. I might...

read more

Interested in what we do? Looking for help? Wanna talk about software strategy?