Unikernels and hyper-elastic clouds

Transcript

1. Unikernels
 and hyper-elastic clouds … on behalf of a merry

   crew: Anil Madhavapeddy, Thomas Gazagnaire, David Scott, Thomas Leonard, Richard Mortier, Magnus Skjegstad, David Sheets, Balraj Singh, Jon Crowcroft, Mindy Preston, and many others! CodeMesh November 2015 @amirmc Amir Chaudhry

2. About me Work on MirageOS (herd cats) I like systems

   stuff! Previously Physicist, Neuroscientist,
 CompSci (ish), Startups, BigCo. @amirmc

3. Software today… …is an application … @amirmc

4. Software today… …is an application … … on top of

   an Operating System. @amirmc

5. Software today… … is built locally… @amirmc

6. Software today… … is built locally… … but deployed remotely.

   @amirmc

7. Software today… … needs more tools. @amirmc

8. Software today… …is complex! Even though most apps are single-purpose

   @amirmc

9. Complexity is the enemy… More layers -> tricky config Duplication

   -> inefficiency Large sizes -> long boot times More stuff -> larger attack surface @amirmc

10. We build for clouds as we do for desktops Why?

11. Can we do better? @amirmc Hardware Kernel Userland App A

    App B App C Full OS

12. Can we do better? @amirmc Hardware Hardware Kernel Userland App

    A App B App C Kernel Container A Container B Container C Full OS Minimal OS

13. Can we do better? @amirmc Hardware Hardware Hardware Kernel Userland

    App A App B App C Kernel Container A Container B Container C Full OS Minimal OS ? Specialisation

14. Can we do better? Disentangle applications from the OS Break

    up OS functionality into modular libraries Link only the system functionality your app needs Target alternative platforms from a single codebase @amirmc

15. Can we do better? @amirmc Hardware Hardware Hardware Kernel Userland

    App A App B App C Kernel Container A Container B Container C Full OS Minimal OS ? Specialisation

16. Can we do better? @amirmc Hardware Hardware Hardware Kernel Userland

    App A App B App C Kernel Container A Container B Container C A B C Full OS Minimal OS Unikernels Specialisation

17. The Rise of the Unikernel Unikernels are specialised machine images

    built from a modular stack adding system libraries and configuration to application code Every application is compiled into its own specialised OS that runs on the cloud or embedded devices @amirmc https://en.wikipedia.org/wiki/Unikernel

18. • ClickOS • Clive • Drawbridge • HaLVM • IncludeOS

    • LING • MirageOS • OSv • Rumprun The Rise of the Unikernel @amirmc

19. MirageOS @amirmc

20. MirageOS unikernel } @amirmc

21. MirageOS unikernel } @amirmc Familiar development cycle Broad deployment scenarios

22. MirageOS Unix Develop logic MirageOS System Libs @amirmc

23. MirageOS Specialise for deploy… … to multiple environments @amirmc Xen

24. So what?

25. Example: Static websites (though applicable to any application)

26. Examples • Secure services • Jekyll to Unikernel • Automated

    deployment • Summon on demand • Upcoming releases!
27. None

28. • Rewrote TLS • Functional core • Less code Bitcoin

    Piñata Secure services
29. None
30. None

31. 8.2MB 102 kloc 2560 kloc ~200MB No extra stuff! Small

    &
 Secure! Much better security

32. Easy deployment • Jekyll to Unikernel • Automated deployment

33. Develop Deploy Test Example …in ~100 lines of code @amirmc

34. Summon on demand • Boots on demand • Masks latency

    • Increased Efficiency Jitsu

35. Recap • Secure services • Easy deployment • Summon on

    demand • Upcoming releases!

36. General workflow …in ~100 lines of code Develop Deploy Test

37. Deployments @amirmc

38. Trade-off (for now)… @amirmc

39. … however :)

40. Why I care @amirmc Empower individuals Distributed personal clouds Resilient,

    scalable systems
41. None
42. None
43. None

44. Why I care MirageOS (OS/application) Irmin (Storage/Sync) Signpost (Identity/Connectivity) OCaml

    (Safety/Modularity) Mail Contacts Calendar @amirmc

45. Contribute! @amirmc https://mirage.io http://nymote.org http://ocaml.org