Unikernels

See also packaging

Talks

• Rainbows and unikernels; Oct 2015. Video
• Unikernels and hyper-elastic clouds by Amir Chaudhry; Nov 2015. Good background info and links on that page too.

Blogs

• northox.github.io

Articles

• KeyDB and the Tao of the Unikernel; Dec 2019. By the CEO of NanoVMs.

• Single stepping into kernel code
• Discussion around “unikernels on docker”. Bunch of new names — Joyent’s Triton, IBM Sawmill.
• The docker run unikernel demo at DockerCon EU (nov 2015)
• Using Rump kernels to run unmodified NetBSD drivers on seL4 - Trustworthy Systems Blog
• Unikernel security - why are unikernels secure? (youtube video) by Per Buer
• Unikernels are secure. Here is why. | Unikernels
• Unicore unikernel project announcement on Xen

Projects

HermitCore

• HermitCore
• A Rust-based Unikernel - HermitCore

LightVM

LightVM - Systems and Machine Learning

We achieve lightweight VMs by using unikernels for specialized applications and with Tinyx, a tool that enables creating tailor-made, trimmed-down Linux virtual machines. LightVM can boot a VM in 2.3ms which comparable to fork/exec on Linux (1ms), and two orders of magnitude faster than Docker. On a somewhat slower server with 64 cores, LightVM can pack thousands of VMs with memory and CPU usage comparable to that of processes

Hermitux

HermiTux | A binary-compatible unikernel; Apr 2019.

HermiTux is binary-compatible with Linux: it can run native Linux executables.

Although being a proof-of-concept, HermiTux supports multiple compiled (C, C++, Fortran) and interpreted (Python, LUA) languages. It provides binary analysis and rewriting techniques to optimize system call latency and modularize a kernel in the presence of unmodified binaries. It supports statically and dynamically linked programs, different compilers and optimization levels. HermiTux also provides basic support for multithreading, debugging and profiling.

Unik

solo-io/unik: The Unikernel Compilation and Deployment Platform

UniK (pronounced you-neek) is a tool for compiling application sources into unikernels (lightweight bootable disk images) rather than binaries. UniK runs and manages instances of compiled images across a variety of cloud providers as well as locally on Virtualbox. UniK utilizes a simple docker-like command line interface, making building unikernels as easy as building containers.

Unik supports the following unikernel types:

• Rumpkernels
• OSv
• IncludeOS
• MirageOS

And supports the following providers:

• Virtualbox
• AWS
• Google Cloud
• vSphere
• Xen etc.,

More info on Unik:

• unik/architecture.md at master · solo-io/unik
• UniK: Build and Run Unikernels with Ease · solo-io/unik Wiki
• Unik Slides

Unikraft

• Unikraft by NEC laboratories Europe ” toolchain and library Operating System which construct unikernels which are highly specialized software bundles that consist of a target application along with just the operating system and libraries features it needs to run.”

  • Unikraft’s Documentation — Unikraft 0.3.1 Iapetus documentation
  • github project

Related

• Clive OS: Go applications that can run without an operating system (2016) | Hacker News

Links

• IncludeOS – A minimal, resource efficient unikernel for cloud services | Hacker News
• What I could not undiscover about Unikernels.; Aug 2018

… the symmetric multiprocessing story - Unikernels don’t have such a story. They are inherently single core. … I just couldn’t ignore was that Linux let you configure it into very small and secure configurations with full SMP support AND you could run ANY existing Linux languages or applications on those tiny systems. Unikernels generally seemed to need special builds and toolchains and configuration systems and recompilations to get them to run applications. AUTHORS’s takeaway — “I had come to see that it was possible to build very very small Linux systems, compatible with all Linux software, with all the security advantages of Unikernels, but with the benefit of symmetric multiprocessing and all the Linux driver support and community support.”

• Linux compatibility in IncludeOS | Hacker News including a note about rumpkernel maintainer being no longer actrively involved in the project.

• Running Forth Unikernels on nanovms.com

Papers

• Assessing Unikernel Security [PDF].

News

• IBM betting unikernels replace containers in 2020 | Hacker News

Tutorials

dysinger/restack: Full Stack ReasonML Tutorials

This is a tutorial series on using the ReasonML language to build MirageOS unikernels and user-facing applications with tools like Reason-React. Using the same language for the entire stack is appealing. You’ll likely be able to stay in one editor, become very familiar with the syntax, and share common code between the layers of your application.