What the Heck is a Unikernel?

Posted by Ian Eyberg on Jul 6, 2018 12:41:10 PM

Find me on:

Guest post from Ian Eyberg, CEO and Founder of NanoVMS

Virtual machines, containers, and unikernels. What are the differences? What is a unikernel anyways?

While virtual machines and containers get tossed around a lot in IT circles a new term has started entering the vernacular - unikernels - but what are they? Unikernels are a method of deploying software. They contain a given software application and the bits of the operating system that is needed boiled down to a very small lightweight secure virtual machine. Unlike containers, unikernels are at the end of the day, just virtual machines, albeit special tiny ones. Sometimes the VM can be ten to twenty megabytes.

Why is the VM so small? It’s because it is only running one application and that application alone compared to traditional general purpose operating systems like Windows or Linux that are designed to run multiple programs.

This unique trait gives unikernels unprecedented security advantages that other systems simply don’t have. It also comes with unparalleled performance enhancements. Lastly, since they are so small and consume so little resources unikernels can be provisioned by the thousands per given server massively reducing vm sprawl.

In terms of security unikernels don’t have the notion of ‘users’ or the ability to log into them remotely. Also, they are resilient to various forms of remote code execution attacks since the majority of those style of attacks rely on the ability to run multiple programs on the same system. Unikernels lack the capability at the system level to do this so those attacks stop working. Ransomware based on SamSam attacking JBoss servers doesn’t work. The Apache Struts attacks that affected Equifax doesn’t work.

The single process design that unikernels have give it interesting performance considerations as well. Since there is a lack of context switching and so-called “system calls” are plain old functions, applications such as databases scream up to 20% faster than if they were even deployed on bare metal. This is all without modification to the underlying software or any performance tweaks - it just gets the speed from the system design.

Lastly, unikernels can be provisioned on servers in the thousands. Their size and resource utilization are so low that it’s very easy to consolidate vm sprawl that is present in datacenter environments. This can bring very meaningful impact to both datacenter capex as well as to opex since there is less devops work involved.

Unikernels are starting to crop up in corporate datacenters so next time you get asked what type of animal this is you can point the confused at this article.

Topics: Virtual Machines, Unikernel

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all

Follow Me