[Virtualization] Library OS

Why build for clouds as we do for desktops?

  • More layers –> tricky config
  • Duplication –> inefficiency
  • Large sizes –> long boot times
  • More stuff –> larger attack surface
  • Disentangle applications from the OS
  • Break up OS functionality into modular libraries
  • Link only the system functionality your app needs
  • Target alternative platforms from a single codebase


  • Unikernels are specialized virtual machine images built from a modular stack adding system libraries and configurations to application code
  • Every application is compiled into its own specialized OS that runs on the cloud or embedded devices

Traditional Library OS

  • Most OS functionalities implemented in the user space as libraries
  • The kernel-space OS part only ensures protection and multiplexing
  • Applications get to access hardware resources directly (faster)
  • But isolation is hard and a lot of software (esp. device drivers) need to be rewritten


Unikernel Designs

  • Integrating configurations into the compilation process
  • Single-purpose libOS VMs perform only what the application needs and rely on hypervisor for isolation and resource multiplexing
  • Within a unikernel VM, there’s no priviledge difference between application and libOS (single address space)

Unikernel Benefits

  • Lightweight: only what the application uses is compiled and deployed
  • Better security: isolated libOS on hypervisor, small attack surface, single type-safe language, …
  • Fits many new cloud environment well: serverless, microservices, NFV

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.