Book description

The cloud has ushered in a new era of computing, but its tenants still use old-school methods to deploy poorly secured, resource-hogging applications. This 40-page report provides a high-level overview of unikernels: small, secure, and fast workloads that could usher in a new phase in cloud computing.

Author Russell Pavlicek examines several key problems that unikernels address. Virtual machines loaded with full operating systems and thousands of utilities don’t make sense in the cloud. They waste resources and provide a wide attack surface with a target-rich environment, as demonstrated by massive data breaches in the past few years.

Unikernels use only the OS resources necessary make their applications work. Because these single-address-space machine images introduce low-level OS operations at compile time, they typically measure just kilobytes in size, with tiny attack surfaces.

With this report, you’ll examine:

  • What a unikernel is and why it should matter to you
  • What their development, testing, and deployment stages look like
  • How unikernels derive from embedded programming
  • Why unikernels help reduce data-center resource overload
  • How unikernels could significantly increase cloud security
  • Key projects, including MirageOS, HaLVM, LING, and ClickOS
  • Ecosystem projects that support the development and use of unikernels
  • Limitations to consider when adopting unikernel-based solutions
  • Future developments, including integration with Docker and possible fusion with container technology

Table of contents

  1. Preface
    1. Acknowledgments
  2. 1. Unikernels: A New Technology to Combat Current Problems
    1. What Are Unikernels?
    2. The Problem: Our Fat, Insecure Clouds
      1. Security Is a Growing Problem
      2. The Cloud Is Not Insecure; It Reveals That Our Workloads Were Always Insecure
      3. Today’s Security is Tedious and Complicated, Leaving Many Points of Access
      4. And Then There’s the Problem of Obesity
      5. Slow, Fat, Insecure Workloads Need to Give Way to Fast, Small, Secure Workloads
    3. A Possible Solution Dawns: Dockerized Containers
      1. Containers are Smaller and Faster, but Security is Still an Issue
      2. It Isn’t Good Enough to Get Back to Yesterday’s Security Levels; We Need to Set a Higher Bar
    4. A Better Solution: Unikernels
      1. Smaller
      2. Faster
      3. And the 800-Pound Gorilla: More Secure
  3. 2. Understanding the Unikernel
    1. Theory Explained
      1. Bloat Is a Bigger Issue Than You Might Think
      2. But How Can You Develop and Debug Something Like This?
    2. Understanding the Security Picture
    3. Embedded Concepts in a Datacenter Environment
      1. Trade-offs Required
      2. Let’s Look at the Results
  4. 3. Existing Unikernel Projects
    1. MirageOS
    2. HaLVM
    3. LING
    4. ClickOS
    5. Rumprun
    6. OSv
    7. IncludeOS
    8. And Much More in Development
  5. 4. Ecosystem Elements
    1. Jitsu
    2. MiniOS
    3. Rump Kernels
    4. Xen Project Hypervisor
    5. Solo5
    6. UniK
    7. And Much More…
  6. 5. Limits of the Solution
    1. Unikernels Are Not a Panacea
    2. Practical Limitations Exist
      1. Single Process (but Multiple Threads)
      2. Single User
      3. Limited Debugging
      4. Impoverished Library Ecosystem
    3. What Makes for a Good Unikernel Application?
  7. 6. What’s Ahead?
    1. Transient Microservices in the Cloud
    2. A Possible Fusion Between Containers and Unikernels
    3. This Is Not the End of the Road; It’s Only the Beginning

Product information

  • Title: Unikernels
  • Author(s): Russell Pavlicek
  • Release date: October 2016
  • Publisher(s): O'Reilly Media, Inc.
  • ISBN: 9781491959244