Unikernels
Xen Project has been at the forefront of the birth of Cloud Operating Systems: specialized lightweight operating systems which are only intended to be used within a Virtual Machine. These Cloud Operating Systems may become the core of a new form of cloud, where a single hypervisor instance can support hundreds or even thousands of VMs.
Contents
What is a Cloud Operating System?
Normally, a hypervisor loads a Virtual Machine with a fully functional operating system, like some flavor of Linux, Windows, or one of the BSDs. These operating systems were designed to be run on hardware, so they have all the complexity needed for a variety of hardware drivers from an assortment of vendors with different design concepts. These operating systems are also intended to be multi-user, multi-process, and multi-purpose. They are designed to be everything for everyone, so they are necessarily complex and large.
A Cloud Operating System, on the other hand, is single-purpose. It is not designed to run on hardware, and so lacks the bloat and complexity of drivers. It is not meant to be multi-user or multi-process, so it can focus on creating a single thread of code which runs one application, and one application only. It is not multi-purpose, as the target is to create a single payload that a particular instance will execute. Thanks to this single-minded design, the Cloud Operating System is small, lightweight, and quick.
What do Cloud Operating Systems Provide?
Cloud Operating Systems normally generate a singular runtime environment meant to enable single applications built solely with that environment. Generally, this environment lacks the ability to spawn subprocesses, execute shell commands, create multiple threads, or fork processes. Instead, they provide a pure incarnation of the language runtime targetted, be it OCaml, Haskell, Java, Erlang, or some other environment.
What About Security?
Cloud Operating Systems offer an excellent security story. The attack surface for these instances are quite small, as they lack the variety of functions (and, therefore, the potential flaws to be exploited) provided by standard operating systems, as well as the tools used to exploit them (there are no shells, no utilities, and no variety of programs to be leveraged if a flaw is located). Because of the design of Cloud Operating Systems, it is hard to find security flaws, and even harder to find ways to exploit them.
How do Cloud Operating Systems Interact with Xen Project?
Being Open Source, Xen Project can both create its own Cloud Operating System and leverage those developed by others. In fact, Xen Project runs the gamut, as it works on its own Cloud Operating System (MirageOS), is the target engine for some others (like LING), and can use entirely separate efforts (like HaLVM or OSv).
In addition, Xen Project has taken a proactive position in enabling the use of Cloud Operating Systems. An example of this is the "3000 Domains" experiment, in which large numbers of VMs were attempted to be loaded on a single hypervisor host. As a result, modifications were made to the hypervisor code base to enable this concept. Watch the Video.
Cloud Operating System List
The following Cloud Operating Systems are currently of interest to the Xen Project (though the list is not exhaustive):
- MirageOS, an official incubator effort of Xen Project, employs an OCaml-based kernel. See the Presentation.
- LING (formerly Erlang on Xen) creates an Erlang runtime environment. See the Presentation.
- HaLVM, the Haskell Lightweight Virtual Machine from Galois, allows you to run Haskell programs. See the Presentation.
- OSv from Cloudius Systems produces a Java environment. See the Presentation.
Because of the dynamic state of this technology, this list will likely be in constant flux for the next few years.
