Unikernels are specialized virtual machines compiled from application code and only necessary operating system components. They provide benefits like reduced memory usage, faster load times, and a smaller attack surface compared to traditional virtual machines. Several unikernel implementations exist like MirageOS, Rumprun, and IncludeOS which are compiled from different languages and have varying boot times, image sizes, and hypervisor support. Unikernels are being applied to applications such as proxies, edge computing, and IoT gateways.

1. Unikernels
Soheila Dehghanzadeh

2. Agenda
• Methodology
• Definitions
• Benefits and pitfalls (comparison)
• Implementations
• Applications

3. Methodology
• I am collecting
• Related articles indexed by Google Scholar for word unikernel (~170)
• Related videos indexed by Youtube for word unikernel from technical
conferences and summits (~821)
• Blog posts from the unikernel.org website.
• Papers that have cited the unikernel key paper (~115)
• Unikernels: Library operating systems for the cloud (ACM SIGPLAN 2013)

4. Unikernels: Library operating systems for the
cloud
• Library operating systems is a more general term
• Minimizing OS image to libraries that are needed to run an application.
• Lib OS has been used for parallel and distributed OS (Exokernel-1995)
• Lib OS has been used for jvm in a virtualized execution environment (Libra-2007)
• …
• The novelty of unikernel is that Lib OS is used for cloud deployment.

5. Definitions
• Unikernels are a technique to compile specialised applications that
run directly on a hypervisor instead of requiring an intervening guest
operating system.
• Unikernels are specialised, single-address-space machine images
constructed by using library operating systems.
• Unikernels are constructed by combining application code with only
the operating system components necessary for that application to
run.
• Unikernel is a highly specialized, single-purpose application which can
be deployed directly to the cloud or onto IoT-like devices.

6. © 2014 Galois, Inc. All rights reserved.
?
Operating System
libC libstdc++ libgcc
libz libgmp libtls
iconv gtk
opengl
Application Application Application

7. © 2014 Galois, Inc. All rights reserved.
Benefits of using unikernel
Money Speed Security

8. © 2014 Galois, Inc. All rights reserved.
 Reduced memory footprint.
 Greatly reduced need for disk
space.
 Reduced computational burden.
Use less powerful VM classes for
the same work, and save money.
Money

9. © 2014 Galois, Inc. All rights reserved.
Speed
 Reduced memory footprint.
 Low network latency due to small
image size.
 Quicker instance initiation.
 No extraneous processes taking
up your CPU.
 Fewer schedulers interrupting
things.
Faster load times, lower latencies.

10. © 2014 Galois, Inc. All rights reserved.
Security
 Reduced code size.
 Customized to application.
 (Potentially) Stronger walls
between disparate components.
Less exposure to general attacks,
reduced privileges, reduced attack
surface.

11. © 2014 Galois, Inc. All rights reserved.
?
Operating System
libC libstdc++ libgcc
libz libgmp libtls
iconv gtk
opengl
Application Application Application
Pitfalls of using unikernel
If this is what you want, don’t fix what isn’t broken.

12. © 2014 Galois, Inc. All rights reserved.
?
Operating System
libC libstdc++ libgcc
libz libgmp libtls
iconv gtk
opengl
There is a lot of software for Linux; with a unikernel,
you will end up writing these bits and pieces.
Pitfalls of using unikernel

13. © 2014 Galois, Inc. All rights reserved.
* These savings come from
avoiding some expenses:
removing the need for disks,
lowering processor costs.
If your application needs them
anyways, you’re not going to see
any savings.
*
Pitfalls of using unikernel

14. Metrics to compare unikernel with other
technologies
• Memory footprint (B)
• Need for disk space (B)
• Computational burden (B)
• Schedulers (B)
• Code size (B)
• Attack surface (B)
• Development time (P)

15. Comparing unikernel with other
virtualizations
• Network Function Virtualization
• A comparison of containers and virtual machines for use with NFV (Master
thesis 2015)
• Networking latency and throughput and CPU utilization (Master
thesis 2016)
Extracted metrics
Comparisonpapers

16. Unikernel implementations
• (1) MirageOS (2013)
• (2) Rumprun (2015)
• (3) Osv (2014)
• (4) IncludeOS (2016)
• (5) HaLVM (2014)
• (6) clickOS (2014)
• (7) LING (2015)
 Runtime.js ()
 Clive ()
 Drawbridge (2011)
 Graphene ()
 HermitCore (2016)
Ranking is according to https://www.slant.co/topics/2409/~unikernels

17. Comparing unikernel implementations (no
paper)
• Year
• Boot time (Osv less than a second, ClickOs 30milliseconds, )
• Hypervisor (Xen, KVM, bare-metal)
• Language (Ocaml, C, C++, Erlang)
• Number of applications per hypervisor
• Image size (ClickOS 5MB, )
• Process isolation
• …

18. Applications
• Jitsu: Just-In-Time Summoning of Unikernels
• A power-efficient and responsive platform for hosting cloud
services in the edge network.
• SCANDEX
• Service Centric Networking for Challenged Decentralised Networks
• On-the-Fly TCP Acceleration with Miniproxy
• Miniproxy: a Xen unikernel, is as fast as state-of-the-art GNU/Linux-based
proxies, re- quires only 6 MB of RAM to run and can boot in just 12ms.
• The enterprise micro data center: small cell networks, IoT gateways
and edge computing servers

19. Organizations and projects and people
• Cambridge university
• IBM Linux Technology Center
• ALAN TURING INSTITUTE, oxford

20. Conferences to publish
• SIGCOMM
• IEEE/ACM International Symposium on Cluster, Cloud, and Grid
Computing
• USENIX