Home / Linux / How to quickly deploy, run Linux applications as unikernels

How to quickly deploy, run Linux applications as unikernels

Building and deploying lightweight apps is becoming an easier and more reliable process with the emergence of unikernels. While limited in functionality, unikernals offer many advantages in terms of speed and security.

What are unikernels?

A unikernel is a very specialized single-address-space machine image that is similar to the kind of cloud applications that have come to dominate so much of the internet, but they are considerably smaller and are single-purpose. They are lightweight, providing only the resources needed. They load very quickly and are considerably more secure — having a very limited attack surface. Any drivers, I/O routines and support libraries that are required are included in the single executable. The resultant virtual image can then be booted and run without anything else being present. And they will often run 10 to 20 times faster than a container.

Would-be attackers cannot drop into a shell and try to gain control because there is no shell. They can’t try to grab the system’s /etc/passwd or /etc/shadow files because these files don’t exist. Creating a unikernel is much like turning your application into its own OS. With a unikernel, the application and the OS become a single entity. You omit what you don’t need, thereby removing vulnerabilities and improving performance many times over.

In short, unikernels:

  • Provide improved security (e.g., making shell code exploits impossible)
  • Have much smaller footprints then standard cloud apps
  • Are highly optimized
  • Boot extremely quickly

Are there any downsides to unikernels?

The only serious downside to unikernels is that you have to build them. For many developers, this has been a giant step. Trimming down applications to just what is needed and then producing a tight, smoothly running application can be complex because of the application’s low-level nature. In the past, you pretty much had to have been a systems developer or a low level programmer to generate them.

How is this changing?

Just recently (March 24, 2019) NanoVMs announced a tool that loads any Linux application as a unikernel. Using NanoVMs OPS, anyone can run a Linux application as a unikernel with no additional coding. The application will also run faster, more safely and with less cost and overhead.


>> Source Link

Check Also

Lenovo shipping Ubuntu Linux on 2019 ThinkPad P-series models

It’s possible to purchase Lenovo’s high-performance ThinkPad systems with Ubuntu shipped from the factory, starting …

%d bloggers like this: