Virtualization is a complicated topic – I’ll try to present the Unikernels as the potential future of virtualization by giving a simple outlook on the history and mechanics of the Virtual Machines and the technology behind it.
So let’s set some things straight…
What is a Virtual Machine (VM)?
VM is a piece of software that tricks an
1. operating system (System VMs) like your Windows 7 or Ubuntu that it’s is running on a physical machine alone.
2. applications(Process VMs) to be run in a controlled environment. It is running as a ordinary application within a host OS and supports a single process.
Who uses it?
They were started to be used with the boom of the internet and server farms / data centers because of they saved spaces and resources on 1 psychical machine you could easily run up 10 virtual ones
It’s easy to maintenance, to take a snapshot of (make a bit by bit image of the server – this includes every bit of data that is on the VMs drive).
Multiple OS can be run on it.
You can emulate(simulate) lots of hardware environments, you can make your OS “think” that it is running on AMD or Intel.
VMs are generaly less efficient then the host machine
Some VMs may require more resources this leads to bad performance.
Separate instances of software needed to protect from malicious software is needed (to protect the individual VMs) – imagine the licences costs…etc….
In order to keep a bunch of VMs in check you need to use a Hypervisor – it provides VMs with CPU time and strongly isolated virtual devices for,USB, networking ,PCI….
What is a hypervisor?
A hypervisor or virtual machine monitor (VMM) is a piece of computer software, firmware or hardware that creates and runs virtual machines. Hypervisor can run one or more virtual machines then it’s defined as a host machine (Take a look at #2 definition of VMs)
What is a container?
Container,does not require or include a separate OS unlike VMs.
Instead, it relies on the kernel’s functionality and uses resource isolation (CPU, network…) and cgroups to isolate the application’s view of the operating system.
This is the way popular Docker works.
Containers allow us to isolate resources and gain a private view of the OS with it’s own file system structure, network interfaces. They all run on the same kernel (this is it’s main issue)
who uses it?
It’s gaining it’s popularity really fast…the most popular of which is Docker
Need for existence of the whole OS is unnecessary as only a library is needed in order for the application to have an environment as it would in a traditional OS.
Mostly security – generally speaking if the kernel of the Host Os is infected all the machines are automatically infected – because they share the same resources.
What is a unikernel?
Similar to before seen container solutions, unikernel is promising easy deployment but also giving much more – a mayor improvement when it comes to security (remember that shared kernel in container?)
We are talking about one physical machine being to able to have thousands and thousands of small VMs. Saving a bunch of resources and reducing hacker attacks to a minimum.
The reason why I’m even mentioning Unikernel is the fact that Unikernels can boot and respond to network traffic in real-time because of the new tool stack called Jitsu (Just-in-Time Summoning of Unikernels), which can start a unikernel in ~20ms in response to a network request.
The Jitsu toolstack listens for DNS requests and boots the relevant unikernel and responds immediately.
and Synjitsu responds to requests and serialises connection state until VM is ready and network plugged in. By bufering TCP requests into XenStore and then replaying, Synjitsu parallelises connection setup and unikernel boot
Jitsu optimisations bring boot latency down to ~30—45 ms (x86) and ~350—400 ms (ARM). Docker time was 1.1s (Linux), 1.2s (Xen) from an SD card
Not touching disk while booting further improves latency
“This lets us run millions of sleeping unikernels that awaken in response to a network request and live for a few seconds at a time. We’re calling this sort of infrastructure ‘dust clouds’ and expect that it will dramatically change the economics of hosting on the cloud,”- Anil Madhavapeddy ( @avsm) creator of Mirage OS
This means users can provision services and applications only when there is demand, scaling out and back down automatically – no more huge VMs running 24/7/365 but running on demand.
This is really in tune with the “on demand” society we live in (just think of Netflix 😉 )
Madhavapeddy believes unikernels and Linux container technologies are highly complementary to one another.
Unikernels are really a hybrid that gives us superior isolation and in the same time give us Boot time that is also easily less than a second, making it feasible to boot a unikernel in response to incoming network packets and other properties that are similar to ones of a container type environment.
In Unikernel, rather than treating apache, mysql as independent applications that must be connected by configuration files, they are treated as libraries within a single application, allowing the application developer to configure them using either simple library calls for dynamic parameters
The result is a big reduction in the effort needed to configure complex multiservice application VMs.
The downside to a unikernel is the burden it places on the cloud orchestration layers because of the need to schedule many more VMs where every reconfiguration requires the VM to be redeployed.
Companies like Docker and Digital Ocean have proven again that deployment and fast setup speed play a crucial role in getting a big market share, and this seems the only thing that is keeping unikernel from complete acceptance by the market and the industry.