Tweet
Tweet

Slide 1

Slide 1 text

UNIKERNELS
 AMIR CHAUDHRY WHERE ARE THEY NOW? Open Source Summit NA
 13 Sep 2017 @amirmc

Slide 2

Slide 2 text

STATE OF THE UNIKERNEL OVERVIEW ▸ Unikernel refresher ▸ Status updates: ▸ MirageOS, IncludeOS, HaLVM, Solo5 ▸ Summary ▸ Questions?

Slide 3

Slide 3 text

REFRESHER

Slide 4

Slide 4 text

▸ Library OS ▸ Reusable components ▸ No separation between 'system' and app code ▸ Single-purpose appliances ▸ Minimalism all the way! STATE OF THE UNIKERNEL UNIKERNEL PHILOSOPHY

Slide 5

Slide 5 text

STATE OF THE UNIKERNEL UNIKERNEL PHILOSOPHY ▸ Library OS ▸ Reusable components ▸ No separation between 'system' and app code ▸ Single-purpose appliances ▸ Minimalism all the way!

Slide 6

Slide 6 text

▸ Small, lean, appliances ▸ Immutable by default ▸ Reduced TCB ▸ Much rejoicing! ▸ Multiple deployment options STATE OF THE UNIKERNEL BENEFITS ? unikernel

Slide 7

Slide 7 text

MIRAGEOS STATUS UPDATE:

Slide 8

Slide 8 text

STATE OF THE UNIKERNEL MIRAGEOS ▸ Type-safety and correctness
 (in a pragmatic way) ▸ Multiple deployment targets
 (Unix, Xen, *BSD, ARM) ▸ Libs used in Docker products ▸ ISC Licensed

Slide 9

Slide 9 text

STATE OF THE UNIKERNEL MIRAGEOS ▸ Type-safety and correctness
 (in a pragmatic way) ▸ Multiple deployment targets
 (Unix, Xen, *BSD, ARM) ▸ Libs used in Docker products ▸ ISC Licensed

Slide 10

Slide 10 text

▸ Improved cloud deployments
 Deploy onto GCP in ~70s! ▸ New targets:
 virtio — QEMU (and GCP)
 uvkm — KVM, FreeBSD, OpenBSD
 qubes — QubesOS (on Xen)
 ▸ Much improved dev workflow
 Better versioning, logs system, error reporting, debugging
 STATE OF THE UNIKERNEL MIRAGEOS 3.0!

Slide 11

Slide 11 text

▸ Improved cloud deployments
 Deploy onto GCP in ~70s! ▸ New targets:
 virtio — QEMU (and GCP)
 uvkm — KVM, FreeBSD, OpenBSD
 qubes — QubesOS (on Xen)
 hypervisor.framework ▸ Much improved dev workflow
 Better versioning, logs system, error reporting, debugging
 gdb support STATE OF THE UNIKERNEL MIRAGEOS 3.0!

Slide 12

Slide 12 text

INCLUDEOS STATUS UPDATE:

Slide 13

Slide 13 text

STATE OF THE UNIKERNEL INCLUDEOS ▸ Focus on performance
 C++ principle of "zero overhead" ▸ Pragmatic approach to POSIX
 expanding support as required ▸ Multiple targets (QEMU, ESXi, etc) ▸ Apache Public License 2.0 #include int main() { printf("Hello world! No Linux here!"); }

Slide 14

Slide 14 text

▸ Very active project and growing quickly
 2k+ stars, ~200 forks, 35+ contributors ▸ Commercial company
 Based out of Oslo, Norway ▸ Broad support via libs
 Multicore virtual machines (SMP)
 Multiple network adapters ▸ LiveUpdate is a major feature
 In-place update of unikernels with zero downtime STATE OF THE UNIKERNEL INCLUDEOS — CURRENT WORK

Slide 15

Slide 15 text

STATE OF THE UNIKERNEL INCLUDEOS — LIVE UPDATE Current application Memory

Slide 16

Slide 16 text

STATE OF THE UNIKERNEL INCLUDEOS — LIVE UPDATE Current application Upgraded application Memory

Slide 17

Slide 17 text

STATE OF THE UNIKERNEL INCLUDEOS — LIVE UPDATE Current application Upgraded application State Memory

Slide 18

Slide 18 text

STATE OF THE UNIKERNEL INCLUDEOS — LIVE UPDATE Current application Upgraded application State Memory

Slide 19

Slide 19 text

STATE OF THE UNIKERNEL INCLUDEOS — LIVE UPDATE Upgraded application State Memory

Slide 20

Slide 20 text

▸ Working on load balancers and firewall apps
 Immutable VMs doing Network Function Virtualisation (NFV) ▸ Expanding language support
 NodeJS and Go are strongest contenders
 STATE OF THE UNIKERNEL INCLUDEOS — ROADMAP

Slide 21

Slide 21 text

HALVM STATUS UPDATE:

Slide 22

Slide 22 text

STATE OF THE UNIKERNEL HALVM ▸ Haskell — type-safety and purity ▸ Evolved from internal uses
 e.g. prototyping OS design ▸ Targets Xen Hypervisor ▸ BSD-3 Licensed

Slide 23

Slide 23 text

▸ Commercial product — CyberChaff
 All HaLVM work is in support of CyberChaff STATE OF THE UNIKERNEL HALVM / CYBERCHAFF

Slide 24

Slide 24 text

▸ Commercial product — CyberChaff
 All HaLVM work is in support of CyberChaff ▸ First project to generate revenue!
 NUC connected to network
 Can also run on EC2
 Looking into pure software option
 㱺T ▸ HaLVM 3 challenges
 How to write a minimal libc
 New targets STATE OF THE UNIKERNEL HALVM / CYBERCHAFF

Slide 25

Slide 25 text

▸ Commercial product — CyberChaff
 All HaLVM work is in support of CyberChaff ▸ First project to generate revenue!
 NUC connected to network
 Can also run on EC2
 Looking into pure software option
 Team distracted by money!! 㱺 㱺 㱺 ▸ HaLVM 3 challenges
 How to write a minimal libc
 New targets STATE OF THE UNIKERNEL HALVM / CYBERCHAFF

Slide 26

Slide 26 text

SOLO5 STATUS UPDATE:

Slide 27

Slide 27 text

SOLO5 ? STATUS UPDATE:

Slide 28

Slide 28 text

STATE OF THE UNIKERNEL BENEFITS (A REMINDER) ? unikernel ▸ Small, lean, appliances ▸ Immutable by default ▸ Reduced TCB ▸ Much rejoicing! ▸ Multiple deployment options

Slide 29

Slide 29 text

STATE OF THE UNIKERNEL ? unikernel ▸ Small, lean, appliances ▸ Immutable by default ▸ Reduced TCB ▸ Much rejoicing! ▸ Multiple deployment options BENEFITS (A REMINDER)

Slide 30

Slide 30 text

STATE OF THE UNIKERNEL LINUX / KVM QEMU libs/runtime monitor base App code BASE AND MONITOR

Slide 31

Slide 31 text

▸ Base defines:
 - where unikernel can run,
 - how fast it boots,
 - what higher layers do. ▸ Monitor provides:
 - generic h/w abstractions
 - e.g. Mini-OS (Xen) or QEMU (KVM) STATE OF THE UNIKERNEL LINUX / KVM QEMU libs/runtime monitor base App code BASE AND MONITOR

Slide 32

Slide 32 text

▸ Typically on a hypervisor ▸ Adds to the TCB! ▸ ‘General purpose’, 
 so not very minimal! ▸ … what do we really need? STATE OF THE UNIKERNEL BASE AND MONITOR LINUX / KVM QEMU libs/runtime monitor base App code

Slide 33

Slide 33 text

▸ Solo5: a unikernel base
 Ukvm: a specialised monitor ▸ From folks at IBM Research ▸ Extends unikernel philosophy
 to the base and monitor ▸ Minimal interfaces (~5% code) ▸ Fast boot times (~10ms) STATE OF THE UNIKERNEL INTRODUCING SOLO5/UKVM LINUX / KVM unikernel
 +
 solo5 lib ukvm

Slide 34

Slide 34 text

▸ Major part of the MirageOS 3.0 release ▸ Project is now multi-OS
 Ported to run on FreeBSD and OpenBSD ▸ Project is now multi-arch
 Solo5 base ported to run on ARM64
 ukvm monitor ported to run Linux/KVM on ARM64 ▸ IncludeOS support
 Mostly complete STATE OF THE UNIKERNEL SOLO5/UKVM — MILESTONES

Slide 35

Slide 35 text

▸ ukvm is now a misnomer
 It’s grown way beyond just ‘kvm’ ▸ More comms about Solo5/ukvm
 Less well known than the unikernel projects
 Work on Solo5 benefits all supported projects ▸ Refresh the Solo5 APIs ▸ Support for Muen SK as a monitor
 A formally verified microkernel STATE OF THE UNIKERNEL SOLO5/UKVM — UPCOMING WORK

Slide 36

Slide 36 text

SUMMARY

Slide 37

Slide 37 text

STATE OF THE UNIKERNEL SUMMARY ▸ Steady growth across projects
 Each growing in their own way ▸ Early signs of convergence
 Excellent time to get involved ▸ Revenue! ▸ Docker images to get started
 Tool chains still different though ▸ Find out more at unikernel.org

Slide 38

Slide 38 text

THANK YOU!
 unikernel.org @amirmc

Slide 39

Slide 39 text

THANK YOU!
 QUESTIONS? unikernel.org @amirmc