Unikernel on:
[Wikipedia]
[Google]
[Amazon]
A unikernel is a type of computer program that is statically linked with the
History and business model; coverage of IncludeOS
(LWN.net) {{Operating system Operating system kernels
A unikernel is a type of computer program that is statically linked with the operating system
An operating system (OS) is system software that manages computer hardware and software resources, and provides common daemon (computing), services for computer programs.
Time-sharing operating systems scheduler (computing), schedule tasks for ...
code on which it depends. Unikernels are built with a specialized compiler
In computing, a compiler is a computer program that Translator (computing), translates computer code written in one programming language (the ''source'' language) into another language (the ''target'' language). The name "compiler" is primaril ...
that identifies the operating system services that a program uses and links it with one or more library operating systems that provide them. Such a program requires no separate operating system and can run instead as the guest of a hypervisor
A hypervisor, also known as a virtual machine monitor (VMM) or virtualizer, is a type of computer software, firmware or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is called ...
.
The unikernel architecture builds on concepts developed by Exokernel
Exokernel is an operating system kernel developed by the MIT Parallel and Distributed Operating Systems group, and also a class of similar operating systems.
Operating systems generally present hardware resources to applications through high-le ...
and Nemesis
In ancient Greek religion and myth, Nemesis (; ) also called Rhamnousia (or Rhamnusia; ), was the goddess who personified retribution for the sin of hubris: arrogance before the gods.
Etymology
The name ''Nemesis'' is derived from the Greek ...
in the late 1990s.
Design
In a library operating system, protection boundaries are pushed to the lowest hardware layers, resulting in: # a set of libraries that implement mechanisms such as those needed to drive hardware or talk network protocols; # a set of policies that enforce access control and isolation in the application layer. The library OS architecture has several advantages and disadvantages compared with conventional OS designs. One of the advantages is that since there is only a single address space, there is no need for repeated privilege transitions to move data between user space and kernel space. Therefore, a library OS can provide improved performance by allowing direct access to hardware without having to transition between user mode and kernel mode (on a traditional kernel this transition consists of a single TRAP instruction and is not the same as a context switch). Performance gains may be realised by elimination of the need to copy data between user space and kernel space, although this is also possible withZero-copy
In computer science, zero-copy refers to techniques that enable data transfer between memory spaces without requiring the CPU to copy the data. By avoiding redundant copying, zero-copy methods minimize CPU usage and memory bandwidth, leading ...
device drivers in traditional operating systems.
A disadvantage is that because there is no separation, trying to run multiple applications side by side in a library OS, but with strong resource isolation, can become complex. In addition, device drivers are required for the specific hardware the library OS runs on. Since hardware is rapidly changing this creates the burden of regularly rewriting drivers to remain up to date.
OS virtualization
In computing, virtualization (abbreviated v12n) is a series of technologies that allows dividing of physical computing resources into a series of virtual machines, operating systems, processes or containers.
Virtualization began in the 1960s wit ...
can overcome some of these drawbacks on commodity hardware. A modern hypervisor
A hypervisor, also known as a virtual machine monitor (VMM) or virtualizer, is a type of computer software, firmware or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is called ...
provides virtual machines with CPU time and strongly isolated virtual devices. A library OS running as a virtual machine only needs to implement drivers for these stable virtual hardware devices and can depend on the hypervisor to drive the real physical hardware. However, protocol libraries are still needed to replace the services of a traditional operating system. Creating these protocol libraries is where the bulk of the work lies when implementing a modern library OS. Additionally, reliance on a hypervisor may reintroduce performance overheads when switching between the unikernel and hypervisor, and when passing data to and from hypervisor virtual devices.
By reducing the amount of code deployed, unikernels necessarily reduce the likely attack surface
The attack surface of a software environment is the sum of the different points (for " attack vectors") where an unauthorized user (the "attacker") can try to enter data to, extract data, control a device or critical software in an environment. Ke ...
and therefore have improved security properties.
An example unikernel-based messaging client has around 4% the size of the equivalent code bases using Linux.
Due to the nature of their construction, it is possible to perform whole-system optimisation across device drivers and application logic, thus improving on the specialisation. For example, off-the-shelf applications such as nginx, SQLite, and Redis running over a unikernel have shown a 1.7x-2.7x performance improvement.
Unikernels have been regularly shown to boot extremely quickly, in time to respond to incoming requests before the requests time-out.
Unikernels lend themselves to creating systems that follow the service-oriented or microservices
In software engineering, a microservice architecture is an architectural pattern that organizes an application into a collection of loosely coupled, fine-grained services that communicate through lightweight protocols. This pattern is characterize ...
software architectures.
Unikernels are unsuitable for the kind of general purpose, multi-user computing that traditional operating systems are used for, due to Unikernels' high degree of specialization. Adding additional functionality or altering a compiled unikernel is generally not possible and instead the approach is to compile and deploy a new unikernel with the desired changes.
See also
*Microkernel
In computer science, a microkernel (often abbreviated as μ-kernel) is the near-minimum amount of software that can provide the mechanisms needed to implement an operating system (OS). These mechanisms include low-level address space management, ...
* Container (virtualization)
In software engineering, containerization is operating-system-level virtualization or application-level virtualization over multiple network resources so that software applications can run in isolated user spaces called ''containers'' in any cloud ...
* Rump kernel
The NetBSD rump kernel is the first implementation of the "anykernel" concept where drivers either can be compiled into or run in the monolithic kernel or in user space on top of a light-weight kernel.
The NetBSD drivers can be used on top of the ...
* IncludeOS
References
External links
History and business model; coverage of IncludeOS
(LWN.net) {{Operating system Operating system kernels