Last week Docker announced acquisition of Unikernel Systems. In DockerCon EU Barcelona, Unikernels was first time shown by MirageOS team and all had appreciated the approach and accepted that the best way to go ahead for developing mircoservices with its lean approach is Unikernel. At the end of the demo all could see that Docker managed the unikernels just like Linux containers but without needing to deploy a traditional operating system!
For a long time since the time we have started building computers we have started making the Kernel bloated, responsible for providing all the functionality which the user and application needs. In short we add all new functionality from Wifi, Bluetooth, USB etc into the kernel and then came the multi-(processer, user) philosophy which we wanted to give so its enterprise ready. In the 90’s when the virtualization came to common platform like Intel the Kernel began its journey to get leaner. Now most of the application on cloud are serving a specific scenario, niche and specialized. The application have to respond to unpredicted load e.g Web servers were expected to serve dynamic web pages at massive scale. For massive scale-out Infrastructure Architects wanted to keep this leaner so that if need be they can package more and packaging a standard kernel became a hindrance for scaling.
Unikernels take a different approach: application code is linked against only the OS components it specifically requires to produce a specialised, single address space machine image — thus eliminating unnecessary code. Built using ‘library operating system’ technology, unikernels provide many benefits compared to a traditional OS, including:
- Improved security properties — as unikernels contain no unnecessary code deployed, the application’s attack surface is dramatically reduced.
- Smaller footprints — unikernel code bases are typically several orders of magnitude smaller than their traditional equivalents and they can be managed much more easily.
- Fine-grained optimization — as unikernels are constructed through a coherent compiler tool-chain, whole-system optimisation can be carried out across device drivers and application logic, potentially improving specialisation further.
- Fast boot times — as unikernels can boot in less than a second, provisioning can become highly dynamic.
How Docker meets Unikernels ?
Linux containers have allowed developers to move much more quickly towards microservices by allowing a traditional OS to provide functionality to multiple ‘containerized’ applications sitting above it. Those containers remain distinct and thus can be independently replaced or modified, a core piece of the microservices architectural pattern.
Although containerization technology has been available for some time, there’s been a recent and rapid increase in the pace of adoption. The last few years have seen a proliferation of tools that make it easier to use containers at scale, compose including registries of ready-made images, tools for orchestration, and much more.This has produced a vibrant, open and growing ecosystem, which is helping improve everyone’s development workflows.
Containers and unikernels actually sit on a continuum. On the one hand, we have the traditional method of placing a full OS stack in a VM with a single application on top. A natural next step is to use containers which run on top of a single OS, giving better resource usage and allowing each application to be more self-contained. When viewed this way, unikernels are just another step on this path and can be thought of as extreme, self-contained applications. The challenge is to make unikernels as easy to use as containers have become today.
The obvious first step in addressing that challenge is to integrate unikernels with the existing container infrastructure, specifically the Docker tools and ecosystem. This helps us to get unikernels into the hands of developers everywhere, with a widely used and understood packaging model and runtime framework, effectively by making unikernels just another type of container.
It also unlocks the entire container ecosystem of tools for use with unikernels, including orchestration and whatever else may be around the corner. Adoption of existing toolchains will accelerate the progress of unikernels and also demonstrates the flexibility and breadth of the Docker ecosystem. By using Docker to abstract away the complexity of the underlying OS, a developer can chose how they ‘containerize’ their application, whether they target a traditional Linux container, or a new unikernel ‘container’.
There is skepticism in few minds. Read a note from Bryan Cantrill who created DTrace , he believes that Unikernels are unfit in production and he has a great post on it.
Unikernels are ideal for compiling the code designed to run on low-powered devices dealing with microcontrollers, sensors, and actuators. This combination will fuel the next wave of innovation in the IoT segment.
Unikernels are promising, and they are bound to play a crucial role in journey of cloud, IoT, and web-scale computing. They may not replace containers and VMs immediately, but they do have the potential to become the alternatives to both