Category Archives: Commentary

A community member shares a viewpoint

7 Unikernel Projects to Take On Docker in 2015

This is a reprint of a 3-part unikernel series published on Linux.com. In part one, Xen Project Advisory Board Chairman Lars Kurth takes a closer look at the rise of unikernels and several up-and-coming projects to keep close tabs on in the coming months.

Docker and Linux container technologies dominate headlines today as a powerful, easy way to package applications, especially as cloud computing becomes more mainstream. While still a work-in-progress, they offer a simple, clean and lean way to distribute application workloads.

With enthusiasm continuing to grow for container innovations, a related technology called unikernels is also beginning to attract attention. Known also for their ability to cleanly separate functionality at the component level, unikernels are developing a variety of new approaches to deploy cloud services.

Traditional operating systems run multiple applications on a single machine, managing resources and isolating applications from one another.  A unikernel runs a single application on a single virtual machine, relying instead on the hypervisor to isolate those virtual machines. Unikernels are constructed by using “library operating systems,” from which the developer selects only the minimal set of services required for an application to run. These sealed, fixed-purpose images run directly on a hypervisor without an intervening guest OS such as Linux.

unikernel illustration
Image credit: Xen Project.

 

As well as improving upon container technologies, unikernels are also able to deliver impressive flexibility, speed and versatility for cross-platform environments, big data analytics and scale-out cloud computing. Like container-based solutions, this technology fulfills the promise of easy deployment, but unikernels also offer an extremely tiny, specialized runtime footprint that is much less vulnerable to attack.

There are several up-and-coming open source projects to watch this year, including ClickOS, Clive,HaLVM, LING, MirageOS, Rump Kernels and OSv among others, with each of them placing emphasis on a different aspect of the unikernel approach.  For example, MirageOS and HaLVM take a clean-slate approach and focus on safety and security, ClickOS emphasizes speed, while OSv and Rump kernels aim for compatibility with legacy software. Such flexible approaches are not possible with existing monolithic operating systems, which have decades of assumptions and trade-offs baked into them.

How are unikernels able to deliver better security? How do the various unikernel implementations differ in their approach? Who is using the technology today? What are the key benefits to cloud and data center operators? Will unikernels on hypervisors replace containers, or will enterprises use a mix of all three? If so, how and why?  Answers to these questions and insights from the key developers behind these exciting new projects will be covered in parts two and three of this series.

For those interested in learning more about unikernels, the entire series is available as a white paper titled “The Next Generation Cloud: The Rise of the Unikernel.”

XSA-108: Not the vulnerability you’re looking for

There has an unusual amount of media attention to XSA-108 during the embargo period (which ended Wednesday) — far more than any of the previous security issues the Xen Project has reported. It began when a blogger complained that Amazon was telling customers it would be rebooting VMs in certain regions before a specific date. Other media outlets picked it up and noticed that the date happened to coincide with the release of XSA-108, and conjectured that the reboots had something to do with that. Soon others were conjecturing that, because of the major impact to customers of rebooting, that it must be something very big and important, similar to the recent Heartbleed and Shell Shock vulnerabilities. Amazon confirmed that the reboots had to do with XSA-108, but could say nothing else because of the security embargo.

Unfortunately, because of the nature of embargoes, nobody with any actual knowledge of the vulnerability was allowed to say anything about it, and so the media was entirely free to speculate without any additional information to ground the discussion in reality.

Now that the embargo has lifted, we can talk in detail about the vulnerability; and I’m afraid that people looking for another Shell Shock or Heartbleed are going to be disappointed. No catchy name for this one.

Continue reading

Open Source Exposed

In an effort to further promote the Xen.org community and our amazing open source technologies, I have taken it upon myself to become an open source blogger on Network World. Of course, the benefit of exposure to me is something I will have to deal with. My hope is to educate people on the basics of open source while at the same time reaching out to open source enthusiasts with ideas that should be far outside the mainstream.

My first blog post is available at http://www.networkworld.com/community/blog/microsoft-open-source-company and should cause heartache as I point out how successful Windows is as an open source platform. If you have any ideas on future topics, please feel free to contact me.

New Blogroll Links for Xen Content

I have added a few new Blogroll links to other people who have active blogs on the Xen hypervisor. Please take some time to visit their blogs for interesting information:

Xen Hypervisor Case Studies

I am starting a new community initiative to collect and write Xen hypervisor case studies to demonstrate the variety of ways that the Xen hypervisor is leveraged in the IT world. The initial case study is from a Swedish company, ATG: ATG Case Study Feb 29, 2008

I have created a new section in the Wiki to store all the case studies that the community or I create. You can get to the Wiki case study section here.  Please feel free to create your own case study and upload into the Wiki site or contact me at stephen.spector@citrix.com if you would like my assistance. Having an updated collection of case studies is a great way for the community to show the power and capabilities of the Xen hypervisor.