SEARCH FINANCIAL SERVICES INFRASTRUCTURE SECURITY SCIENCE INTERVIEWS

 

     

Xen Project Intros Unikraft Unikernel Project

December 5, 2017

Unikraft is an incubation project under the Xen Project focused on easing the creation of building unikernels, which compile source code into a lean operating system that only includes the functionality required by the application logic.

The current generation of cloud computing requires workloads that are efficient, fast and secure. Containers are encouraging new ways of looking at the operating system. These trends are driving innovations with unikernels that allow developers to include only the bare minimum of traditional OS components to create lean, efficient, and fast-to-boot applications with an extra degree of isolation for environments like microservices, embedded devices, IoT, and automotive, among many others.

A long-time advocate of unikernels, the Xen Project supports initiatives like MirageOS, a library operating system that constructs unikernels for secure, high-performance network applications. The Xen Project is compatible with HaLVM, a port of the Glasgow Haskell Compiler toolsuite that enables developers to write high-level, lightweight virtual machines that can run directly on the Xen Project hypervisor. Galois originally developed HaLVM to allow for quick and easy prototyping of operating system components; however, it can also operate as a network appliance.

While many projects focus on building out unikernel components, a single unified code base with a modular architecture, like Unikraft's, is needed to make the process of building unikernels quick, fast, and easily accessible to more developers.

"Unikernels provide a tremendous opportunity for those who are looking to ship workloads quickly and efficiently with isolation to eliminate security risk, but the complexity of building unikernels have stymied this technology's time-to-market," said Dr. Felipe Huici, Chief Researcher, Systems and Machine Learning Group, NEC Laboratories Europe. "Unikraft is on a mission to bring unikernels to market faster through an unified code that is customizable to meet the needs of a wide range of applications, and even runtime-specific unikernels, like MirageOS."

"We are seeing a growing trend and interest around unikernels from inside and outside the Xen Project community with commits growing daily from a range of vendors in the embedded, automotive, enterprise application space, and more," said Lars Kurth, Chairperson of the Xen Project. "We look forward to helping incubate this project and furthering collaboration within the unikernel community."

Customizable Architecture Provides Flexibility
The Unikraft architecture consists of two basic components to make the process of building unikernels more fluidly: library pools and a build tool.

Library pools act as building blocks in creating customizable unikernels on top of a consistent code base. The library pools include:

•Architecture libraries: Containing libraries specific to a computer architecture (e.g., x86_64, ARM32, or MIPS).

•Platform Libraries: Allowing users to select platforms like Xen, KVM, bare metal, and user-space Linux.

•Core libraries: Consisting of a rich set of functionality, which includes components like drivers (both virtual such as netback/netfront and physical such as ixgbe), filesystems, memory allocators, schedulers, network stacks, runtimes (e.g. a Python interpreter), and debugging and profiling tools.

•External libraries: Ports of standard libs (e.g., libc, openssl) to the Unikraft system.

Automating the Unikernel Build Process

The Unikraft build tool compiles the application and the selected libraries together to create a binary for a specific platform and architecture (e.g., Xen on x86_64). The tool is inspired by the popular Linux kconfig system and consists of a set of Makefiles allowing users to select libraries, to configure them, and to receive warnings when library dependencies are not met.

To create a simple application, the user simply implements a main() function, fills out a simple Makefile and runs "make menuconfig", where he or she selects from the libraries described above and configures the image, choosing, in the process, the target platform(s). The user then saves the configuration, types "make", an Unikraft automatically generates the images, one per selected platform. This means that application developers no longer have to target a particular platform; in essence, with Unikraft, they get multiple platform support for free.

NEC Laboratories Europe, the European labs of NEC's research branch focused on software research in the areas of IoT, data science and security and networking, is the main driving force behind Unikraft and is providing the initial implementation for this project.

The Xen Project will provide Unikraft with basic infrastructure and marketing support. Unikraft uses the 3-Clause BSD license.

Terms of Use | Copyright © 2002 - 2016 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement