Why build for clouds as we do for desktops?

• More layers –> tricky config
• Duplication –> inefficiency
• Large sizes –> long boot times
• More stuff –> larger attack surface

• Disentangle applications from the OS
• Break up OS functionality into modular libraries
• Link only the system functionality your app needs
• Target alternative platforms from a single codebase

Unikernels

• Unikernels are specialized virtual machine images built from a modular stack adding system libraries and configurations to application code
• Every application is compiled into its own specialized OS that runs on the cloud or embedded devices

Traditional Library OS

• Most OS functionalities implemented in the user space as libraries
• The kernel-space OS part only ensures protection and multiplexing
• Applications get to access hardware resources directly (faster)
• But isolation is hard and a lot of software (esp. device drivers) need to be rewritten

Comparison

Unikernel Designs

• Integrating configurations into the compilation process
• Single-purpose libOS VMs perform only what the application needs and rely on hypervisor for isolation and resource multiplexing
• Within a unikernel VM, there’s no priviledge difference between application and libOS (single address space)

Unikernel Benefits

• Lightweight: only what the application uses is compiled and deployed
• Better security: isolated libOS on hypervisor, small attack surface, single type-safe language, …
• Fits many new cloud environment well: serverless, microservices, NFV

…