SlideShare a Scribd company logo

Unikernels: When They Work and When They Don't

The Linux Foundation
The Linux Foundation

Over the last several years, I and others have talked about the promise of unikernels — single-purpose, lightweight virtual machines — in the cloud. However, all of these talks have simply presented our architectures and speculated about their usefulness. Over the last several years, Galois has actually been using unikernels to implement interesting components in critical systems: non-bypassable encryption components, network monitors and alarms, platform obfuscation capabilities, Tor nodes, network re-routers, and so on. In this talk, I will speak briefly on each of them and ask the question: Was a unikernel a good platform for this project? If so, why? If not, why not? What are the general rules we can infer about when unikernels are useful, and what part of the cloud ecosystem they are best suited to serve?

Technology
1 of 30
Download to read offline
© 2014 Galois, Inc. All rights reserved. Unikernels: Who, What, Where, When, Why? Adam Wick (awick@galois.com) Xen Developer Summit | August 19th, 2014
© 2014 Galois, Inc. All rights reserved. ? mini OS HALVM Which? When? Why?
© 2014 Galois, Inc. All rights reserved. ? mini OS HALVM Unikernel: (a.k.a. Library OSes) A single-purpose, single-language virtual machine hosted on a minimal environment.
© 2014 Galois, Inc. All rights reserved. Unikernels: Who, What, Where, When, Why? • The advantages and disadvantages of unikernels. • Where Galois has used them in the past that worked. • … and didn’t work. • What general rules we think apply.
Application Application Application opengl iconv gtk libz libgmp libtls libC libstdc++ libgcc © 2014 Galois, Inc. All rights reserved. ? Operating System
© 2014 Galois, Inc. All rights reserved. Why?
© 2014 Galois, Inc. All rights reserved. Why?  Reduced memory footprint.  Greatly reduced need for disk space.  Reduced computational burden. Use less powerful VM classes for the same work, and save money.
© 2014 Galois, Inc. All rights reserved. Why?  Reduced memory footprint.  No extraneous processes taking up your CPU.  Fewer schedulers interrupting things. Faster load times, lower latencies.
© 2014 Galois, Inc. All rights reserved. Why?  Reduced code size.  Customized to application.  (Potentially) Stronger walls between disparate components. Less exposure to general attacks, reduced privileges, reduced attack surface.
Why not? Application Application Application opengl iconv gtk libz libgmp libtls libC libstdc++ libgcc © 2014 Galois, Inc. All rights reserved. ? Operating System If this is what you want, don’t fix what isn’t broken.
Why not? opengl iconv gtk libz libgmp libtls libC libstdc++ libgcc © 2014 Galois, Inc. All rights reserved. ? Operating System There is a lot of software for Linux; with a unikernel, you will end up writing these bits and pieces.
© 2014 Galois, Inc. All rights reserved. Why not? * These savings come from avoiding some expenses: removing the need for disks, lowering processor costs. If your application needs them anyways, you’re not going to see any savings. *
© 2014 Galois, Inc. All rights reserved. Unikernels: Who, What, Where, When, Why? • The advantages and disadvantages of unikernels. • Where Galois has used them in the past that worked. • … and didn’t work. • What general rules we think apply.
Mission: To create trustworthiness in critical systems. Research services and prototype development in computer science. Operating Systems Networking Cryptography Scientific Computing Human/Computer Interaction Programming Lanuages Formal Methods We built the HaLVM as part of one of our projects, and have successfully used it on many more since then. What have we learned? © 2014 Galois, Inc. All rights reserved. Security Safety Privacy Reliability Predictability Integrity W
© 2014 Galois, Inc. All rights reserved. Three Main Use Cases Use Case #1 Embedded, Single-Host, Deprivileged Security Apparatus Use Case #3 Highly flexible, Highly mobile, On-demand Network Nodes Use Case #2 Lightweight, Scalable, Local Network Capabilities
© 2014 Galois, Inc. All rights reserved. Use Case #1 Dom0 DomU
© 2014 Galois, Inc. All rights reserved. Use Case #1 Dom0 DomU Unavoidable … … encryption. … filtering. … tunneling.
© 2014 Galois, Inc. All rights reserved. Use Case #1 Unikernels allow for fine-grained separation of concerns: • Key management • RNG • Encrypt / Decrypt • Networking
© 2014 Galois, Inc. All rights reserved. Use Case #1 Lesson: Unikernels are small and fast, so they make a great platform for building critical security components. Combine with XSM to use Xen as a lightweight separation kernel. BUT
© 2014 Galois, Inc. All rights reserved. Use Case #1 We have been mostly successful using unikernels in this general area. dangerous word The one place it didn’t work: a device driver. opengl iconv gtk libz libgmp libtls ? libC libstd c++ libgcc Operating System Unikernels can make major, mid-stream changes more costly, because their specialization works against them.
© 2014 Galois, Inc. All rights reserved. Awkward Transition Slide
Use Case #2 (Your Network) © 2014 Galois, Inc. All rights reserved. Firewalls are nice, but they are going to be broken. (Or dodged.) How quickly can you detect that someone has broken into yournetwork, and how fast can you respond? Confuse, distract, delay, discover: Make them work harder, and make them easier to detect. Unikernels make great hosts for these nodes, because they are lightweight and responsive.
© 2014 Galois, Inc. All rights reserved. Use Case #3 (The Cloud!) Unikernels have two major advantages over more traditional systems in the cloud: 1. They’re nimble. 2. They scale massively. … as long as your service fits within a certain mold. Do you need a local disk?
© 2014 Galois, Inc. All rights reserved. Use Case #3: Nimble
© 2014 Galois, Inc. All rights reserved. Use Case #3: Nimble
Use Case #3: Nimble + Massive © 2014 Galois, Inc. All rights reserved.
© 2014 Galois, Inc. All rights reserved. Unikernels: Who, What, Where, When, Why? • The advantages and disadvantages of unikernels. • Where Galois has used them in the past that worked. • … and didn’t work. • What general rules we think apply.
© 2014 Galois, Inc. All rights reserved. Unikernels What? A lightweight mechanism for implementing single-service components. Who? Designers of cloud, local network, or low-level security services. Where? Useful for securing or rapidly deploying lightweight or security-sensitive services. When? For situations, like those described, for which the increased cost of development for a unikernel is outweighed by a unikernel’s advantages. Why? To save money. To improve efficiency. To improve security.
© 2014 Galois, Inc. All rights reserved. Summary Unikernels: Useful for us. ≥? Where will you use them? HaLVM: http://halvm.org Mirage: http://openmirage.org
All trademarks, service marks, trade names, trade dress, product names and logos appearing in these slides are the property of their respective owners, including in some instances Galois, Inc. © 2014 Galois, Inc. All rights reserved. All rights are reserved.

Recommended

Unikernels and Cloud Computing
Unikernels and Cloud ComputingUnikernels and Cloud Computing
Unikernels and Cloud ComputingSKORDEMIR
 
Microservices in Unikernels
Microservices in UnikernelsMicroservices in Unikernels
Microservices in UnikernelsMadhuri Yechuri
 
Next Generation Cloud: Rise of the Unikernel V3 (UPDATED)
Next Generation Cloud: Rise of the Unikernel V3 (UPDATED)Next Generation Cloud: Rise of the Unikernel V3 (UPDATED)
Next Generation Cloud: Rise of the Unikernel V3 (UPDATED)The Linux Foundation
 
Unikernels
UnikernelsUnikernels
Unikernelssally.de
 
Présentation d'Unikernel
Présentation d'UnikernelPrésentation d'Unikernel
Présentation d'UnikernelProto204
 
OSAC16: Unikernel-powered Transient Microservices: Changing the Face of Softw...
OSAC16: Unikernel-powered Transient Microservices: Changing the Face of Softw...OSAC16: Unikernel-powered Transient Microservices: Changing the Face of Softw...
OSAC16: Unikernel-powered Transient Microservices: Changing the Face of Softw...Russell Pavlicek
 
Lightning talk unikernels
Lightning talk unikernelsLightning talk unikernels
Lightning talk unikernelsMichael Bright
 
CIF16: Unikernels, Meet Docker! Containing Unikernels (Richard Mortier, Anil ...
CIF16: Unikernels, Meet Docker! Containing Unikernels (Richard Mortier, Anil ...CIF16: Unikernels, Meet Docker! Containing Unikernels (Richard Mortier, Anil ...
CIF16: Unikernels, Meet Docker! Containing Unikernels (Richard Mortier, Anil ...The Linux Foundation
 

More Related Content

What's hot

CIF16: Unikernels: The Past, the Present, the Future ( Russell Pavlicek, Xen ...
CIF16: Unikernels: The Past, the Present, the Future ( Russell Pavlicek, Xen ...CIF16: Unikernels: The Past, the Present, the Future ( Russell Pavlicek, Xen ...
CIF16: Unikernels: The Past, the Present, the Future ( Russell Pavlicek, Xen ...The Linux Foundation
 
Unik: Unikernel Backend to Cloud Foundry
Unik: Unikernel Backend to Cloud FoundryUnik: Unikernel Backend to Cloud Foundry
Unik: Unikernel Backend to Cloud FoundryVMware Tanzu
 
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)The Linux Foundation
 
Unikernel User Summit 2015: The Next Generation Cloud: Unleashing the Power o...
Unikernel User Summit 2015: The Next Generation Cloud: Unleashing the Power o...Unikernel User Summit 2015: The Next Generation Cloud: Unleashing the Power o...
Unikernel User Summit 2015: The Next Generation Cloud: Unleashing the Power o...The Linux Foundation
 
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...The Linux Foundation
 
Metrics towards enterprise readiness of unikernels
Metrics towards enterprise readiness of unikernelsMetrics towards enterprise readiness of unikernels
Metrics towards enterprise readiness of unikernelsMadhuri Yechuri
 
XPDS16: Xen Project Weather Report 2016
XPDS16: Xen Project Weather Report 2016XPDS16: Xen Project Weather Report 2016
XPDS16: Xen Project Weather Report 2016The Linux Foundation
 
CIF16: Solo5: Building a Unikernel Base From Scratch (Dan Williams, IBM)
CIF16: Solo5: Building a Unikernel Base From Scratch (Dan Williams, IBM)CIF16: Solo5: Building a Unikernel Base From Scratch (Dan Williams, IBM)
CIF16: Solo5: Building a Unikernel Base From Scratch (Dan Williams, IBM)The Linux Foundation
 
Unikernels - Keep It Simple to the Bare Metal
Unikernels - Keep It Simple to the Bare MetalUnikernels - Keep It Simple to the Bare Metal
Unikernels - Keep It Simple to the Bare MetalPivorak MeetUp
 
4 virtual router CloudStack Developer Day
4 virtual router CloudStack Developer Day4 virtual router CloudStack Developer Day
4 virtual router CloudStack Developer DayKimihiko Kitase
 
UniK: Deploy Unikernels with Ease
UniK: Deploy Unikernels with EaseUniK: Deploy Unikernels with Ease
UniK: Deploy Unikernels with EaseScott Weiss
 
2017 jan-19 meetup-unikernels
2017 jan-19 meetup-unikernels2017 jan-19 meetup-unikernels
2017 jan-19 meetup-unikernelsMichael Bright
 
Scale14x: Are today's foss security practices robust enough in the cloud era ...
Scale14x: Are today's foss security practices robust enough in the cloud era ...Scale14x: Are today's foss security practices robust enough in the cloud era ...
Scale14x: Are today's foss security practices robust enough in the cloud era ...The Linux Foundation
 
CPOSC2014: Next Generation Cloud -- Rise of the Unikernel
CPOSC2014: Next Generation Cloud -- Rise of the UnikernelCPOSC2014: Next Generation Cloud -- Rise of the Unikernel
CPOSC2014: Next Generation Cloud -- Rise of the UnikernelThe Linux Foundation
 
SCALE13x: Next Generation of the Cloud - Rise of the Unikernel
SCALE13x: Next Generation of the Cloud - Rise of the UnikernelSCALE13x: Next Generation of the Cloud - Rise of the Unikernel
SCALE13x: Next Generation of the Cloud - Rise of the UnikernelThe Linux Foundation
 
XPDDS19: When Unikraft Meets Arm64 - Jia He, Arm
XPDDS19: When Unikraft Meets Arm64 - Jia He, ArmXPDDS19: When Unikraft Meets Arm64 - Jia He, Arm
XPDDS19: When Unikraft Meets Arm64 - Jia He, ArmThe Linux Foundation
 
Solar Powered MicroServers - Green Computing
Solar Powered MicroServers - Green ComputingSolar Powered MicroServers - Green Computing
Solar Powered MicroServers - Green ComputingPaul Morse
 

What's hot (20)

CIF16: Unikernels: The Past, the Present, the Future ( Russell Pavlicek, Xen ...
CIF16: Unikernels: The Past, the Present, the Future ( Russell Pavlicek, Xen ...CIF16: Unikernels: The Past, the Present, the Future ( Russell Pavlicek, Xen ...
CIF16: Unikernels: The Past, the Present, the Future ( Russell Pavlicek, Xen ...
 
Unik: Unikernel Backend to Cloud Foundry
Unik: Unikernel Backend to Cloud FoundryUnik: Unikernel Backend to Cloud Foundry
Unik: Unikernel Backend to Cloud Foundry
 
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)
 
Unikernels Introduction
Unikernels IntroductionUnikernels Introduction
Unikernels Introduction
 
Unikernel User Summit 2015: The Next Generation Cloud: Unleashing the Power o...
Unikernel User Summit 2015: The Next Generation Cloud: Unleashing the Power o...Unikernel User Summit 2015: The Next Generation Cloud: Unleashing the Power o...
Unikernel User Summit 2015: The Next Generation Cloud: Unleashing the Power o...
 
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
 
Unik Slides
Unik SlidesUnik Slides
Unik Slides
 
Metrics towards enterprise readiness of unikernels
Metrics towards enterprise readiness of unikernelsMetrics towards enterprise readiness of unikernels
Metrics towards enterprise readiness of unikernels
 
XPDS16: Xen Project Weather Report 2016
XPDS16: Xen Project Weather Report 2016XPDS16: Xen Project Weather Report 2016
XPDS16: Xen Project Weather Report 2016
 
CIF16: Solo5: Building a Unikernel Base From Scratch (Dan Williams, IBM)
CIF16: Solo5: Building a Unikernel Base From Scratch (Dan Williams, IBM)CIF16: Solo5: Building a Unikernel Base From Scratch (Dan Williams, IBM)
CIF16: Solo5: Building a Unikernel Base From Scratch (Dan Williams, IBM)
 
Unikernels - Keep It Simple to the Bare Metal
Unikernels - Keep It Simple to the Bare MetalUnikernels - Keep It Simple to the Bare Metal
Unikernels - Keep It Simple to the Bare Metal
 
4 virtual router CloudStack Developer Day
4 virtual router CloudStack Developer Day4 virtual router CloudStack Developer Day
4 virtual router CloudStack Developer Day
 
UniK: Deploy Unikernels with Ease
UniK: Deploy Unikernels with EaseUniK: Deploy Unikernels with Ease
UniK: Deploy Unikernels with Ease
 
2017 jan-19 meetup-unikernels
2017 jan-19 meetup-unikernels2017 jan-19 meetup-unikernels
2017 jan-19 meetup-unikernels
 
Scale14x: Are today's foss security practices robust enough in the cloud era ...
Scale14x: Are today's foss security practices robust enough in the cloud era ...Scale14x: Are today's foss security practices robust enough in the cloud era ...
Scale14x: Are today's foss security practices robust enough in the cloud era ...
 
CPOSC2014: Next Generation Cloud -- Rise of the Unikernel
CPOSC2014: Next Generation Cloud -- Rise of the UnikernelCPOSC2014: Next Generation Cloud -- Rise of the Unikernel
CPOSC2014: Next Generation Cloud -- Rise of the Unikernel
 
SCALE13x: Next Generation of the Cloud - Rise of the Unikernel
SCALE13x: Next Generation of the Cloud - Rise of the UnikernelSCALE13x: Next Generation of the Cloud - Rise of the Unikernel
SCALE13x: Next Generation of the Cloud - Rise of the Unikernel
 
XPDDS19: When Unikraft Meets Arm64 - Jia He, Arm
XPDDS19: When Unikraft Meets Arm64 - Jia He, ArmXPDDS19: When Unikraft Meets Arm64 - Jia He, Arm
XPDDS19: When Unikraft Meets Arm64 - Jia He, Arm
 
Xen time machine
Xen time machineXen time machine
Xen time machine
 
Solar Powered MicroServers - Green Computing
Solar Powered MicroServers - Green ComputingSolar Powered MicroServers - Green Computing
Solar Powered MicroServers - Green Computing
 

Viewers also liked

Containers technologies
Containers technologiesContainers technologies
Containers technologiesJoris Bonnefoy
 
UniK - a unikernel compiler and runtime
UniK - a unikernel compiler and runtimeUniK - a unikernel compiler and runtime
UniK - a unikernel compiler and runtimeLee Calcote
 
Mirage: extreme specialisation of virtual appliances
Mirage: extreme specialisation of virtual appliancesMirage: extreme specialisation of virtual appliances
Mirage: extreme specialisation of virtual appliancesThe Linux Foundation
 
Containers Through the Ages - SysEleven
Containers Through the Ages - SysElevenContainers Through the Ages - SysEleven
Containers Through the Ages - SysElevenJohann Paulus Almeida
 
2017 feb-10 snowcamp.io-unikernels
2017 feb-10 snowcamp.io-unikernels2017 feb-10 snowcamp.io-unikernels
2017 feb-10 snowcamp.io-unikernelsMichael Bright
 
OSCON: Unikernels and Docker: From revolution to evolution
OSCON: Unikernels and Docker: From revolution to evolutionOSCON: Unikernels and Docker: From revolution to evolution
OSCON: Unikernels and Docker: From revolution to evolutionDocker, Inc.
 

Viewers also liked (6)

Containers technologies
Containers technologiesContainers technologies
Containers technologies
 
UniK - a unikernel compiler and runtime
UniK - a unikernel compiler and runtimeUniK - a unikernel compiler and runtime
UniK - a unikernel compiler and runtime
 
Mirage: extreme specialisation of virtual appliances
Mirage: extreme specialisation of virtual appliancesMirage: extreme specialisation of virtual appliances
Mirage: extreme specialisation of virtual appliances
 
Containers Through the Ages - SysEleven
Containers Through the Ages - SysElevenContainers Through the Ages - SysEleven
Containers Through the Ages - SysEleven
 
2017 feb-10 snowcamp.io-unikernels
2017 feb-10 snowcamp.io-unikernels2017 feb-10 snowcamp.io-unikernels
2017 feb-10 snowcamp.io-unikernels
 
OSCON: Unikernels and Docker: From revolution to evolution
OSCON: Unikernels and Docker: From revolution to evolutionOSCON: Unikernels and Docker: From revolution to evolution
OSCON: Unikernels and Docker: From revolution to evolution
 

Similar to Unikernels: When They Work and When They Don't

The Next Generation Cloud: Unleashing the Power of the Unikernal
The Next Generation Cloud: Unleashing the Power of the UnikernalThe Next Generation Cloud: Unleashing the Power of the Unikernal
The Next Generation Cloud: Unleashing the Power of the UnikernalAll Things Open
 
Future of Sysadmin 2014
Future of Sysadmin 2014Future of Sysadmin 2014
Future of Sysadmin 2014Kris Buytaert
 
Using containerization to enable your microservice architecture
Using containerization to enable your microservice architecture Using containerization to enable your microservice architecture
Using containerization to enable your microservice architecture Apigee | Google Cloud
 
Tw Technology Radar Qtb Sep11
Tw Technology Radar Qtb Sep11Tw Technology Radar Qtb Sep11
Tw Technology Radar Qtb Sep11Adrian Treacy
 
Creating hybrid cloud openstack + public cloud
Creating hybrid cloud openstack + public cloudCreating hybrid cloud openstack + public cloud
Creating hybrid cloud openstack + public cloudMiguel Zuniga
 
A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
A Profile of the Backoff PoS Malware that Hit 1000+ Retail BusinessesA Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
A Profile of the Backoff PoS Malware that Hit 1000+ Retail BusinessesLastline, Inc.
 
Data Con LA 2022-Open Source or Open Core in Your Data Layer? What Needs to B...
Data Con LA 2022-Open Source or Open Core in Your Data Layer? What Needs to B...Data Con LA 2022-Open Source or Open Core in Your Data Layer? What Needs to B...
Data Con LA 2022-Open Source or Open Core in Your Data Layer? What Needs to B...Data Con LA
 
Smart Phones Dumb Apps
Smart Phones Dumb AppsSmart Phones Dumb Apps
Smart Phones Dumb AppsDenim Group
 
Docker Enterprise Deployment Planning
Docker Enterprise Deployment PlanningDocker Enterprise Deployment Planning
Docker Enterprise Deployment PlanningStephane Woillez
 
Strategy, planning and governance for enterprise deployments of containers - ...
Strategy, planning and governance for enterprise deployments of containers - ...Strategy, planning and governance for enterprise deployments of containers - ...
Strategy, planning and governance for enterprise deployments of containers - ...The Incredible Automation Day
 
The influence of "Distributed platforms" on #devops
The influence of "Distributed platforms" on #devopsThe influence of "Distributed platforms" on #devops
The influence of "Distributed platforms" on #devopsKris Buytaert
 
stackconf 2022: It’s Time to Debloat the Cloud with Unikraft
stackconf 2022: It’s Time to Debloat the Cloud with Unikraftstackconf 2022: It’s Time to Debloat the Cloud with Unikraft
stackconf 2022: It’s Time to Debloat the Cloud with UnikraftNETWAYS
 
Microcontainers and Tools for Hardcore Container Debugging
Microcontainers and Tools for Hardcore Container DebuggingMicrocontainers and Tools for Hardcore Container Debugging
Microcontainers and Tools for Hardcore Container DebuggingOracle Developers
 
Phoenix Emulator PPT
Phoenix Emulator PPTPhoenix Emulator PPT
Phoenix Emulator PPTVineet Kumar
 
Why Cloud Computing has to go the FOSS way
Why Cloud Computing has to go the FOSS wayWhy Cloud Computing has to go the FOSS way
Why Cloud Computing has to go the FOSS wayAhmed Mekkawy
 
Containers behind the curtains
Containers behind the curtainsContainers behind the curtains
Containers behind the curtainsOmer Barel
 
How DreamHost builds a public cloud with OpenStack.pdf
How DreamHost builds a public cloud with OpenStack.pdfHow DreamHost builds a public cloud with OpenStack.pdf
How DreamHost builds a public cloud with OpenStack.pdfOpenStack Foundation
 

Similar to Unikernels: When They Work and When They Don't (20)

Help Doctor, my application is an onion!
Help Doctor, my application is an onion!Help Doctor, my application is an onion!
Help Doctor, my application is an onion!
 
The Next Generation Cloud: Unleashing the Power of the Unikernal
The Next Generation Cloud: Unleashing the Power of the UnikernalThe Next Generation Cloud: Unleashing the Power of the Unikernal
The Next Generation Cloud: Unleashing the Power of the Unikernal
 
Future of Sysadmin 2014
Future of Sysadmin 2014Future of Sysadmin 2014
Future of Sysadmin 2014
 
Using containerization to enable your microservice architecture
Using containerization to enable your microservice architecture Using containerization to enable your microservice architecture
Using containerization to enable your microservice architecture
 
Tw Technology Radar Qtb Sep11
Tw Technology Radar Qtb Sep11Tw Technology Radar Qtb Sep11
Tw Technology Radar Qtb Sep11
 
Creating hybrid cloud openstack + public cloud
Creating hybrid cloud openstack + public cloudCreating hybrid cloud openstack + public cloud
Creating hybrid cloud openstack + public cloud
 
A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
A Profile of the Backoff PoS Malware that Hit 1000+ Retail BusinessesA Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
 
Data Con LA 2022-Open Source or Open Core in Your Data Layer? What Needs to B...
Data Con LA 2022-Open Source or Open Core in Your Data Layer? What Needs to B...Data Con LA 2022-Open Source or Open Core in Your Data Layer? What Needs to B...
Data Con LA 2022-Open Source or Open Core in Your Data Layer? What Needs to B...
 
Smart Phones Dumb Apps
Smart Phones Dumb AppsSmart Phones Dumb Apps
Smart Phones Dumb Apps
 
Docker Enterprise Deployment Planning
Docker Enterprise Deployment PlanningDocker Enterprise Deployment Planning
Docker Enterprise Deployment Planning
 
Strategy, planning and governance for enterprise deployments of containers - ...
Strategy, planning and governance for enterprise deployments of containers - ...Strategy, planning and governance for enterprise deployments of containers - ...
Strategy, planning and governance for enterprise deployments of containers - ...
 
The influence of "Distributed platforms" on #devops
The influence of "Distributed platforms" on #devopsThe influence of "Distributed platforms" on #devops
The influence of "Distributed platforms" on #devops
 
stackconf 2022: It’s Time to Debloat the Cloud with Unikraft
stackconf 2022: It’s Time to Debloat the Cloud with Unikraftstackconf 2022: It’s Time to Debloat the Cloud with Unikraft
stackconf 2022: It’s Time to Debloat the Cloud with Unikraft
 
Serverless Kotlin
Serverless KotlinServerless Kotlin
Serverless Kotlin
 
Erlang os
Erlang osErlang os
Erlang os
 
Microcontainers and Tools for Hardcore Container Debugging
Microcontainers and Tools for Hardcore Container DebuggingMicrocontainers and Tools for Hardcore Container Debugging
Microcontainers and Tools for Hardcore Container Debugging
 
Phoenix Emulator PPT
Phoenix Emulator PPTPhoenix Emulator PPT
Phoenix Emulator PPT
 
Why Cloud Computing has to go the FOSS way
Why Cloud Computing has to go the FOSS wayWhy Cloud Computing has to go the FOSS way
Why Cloud Computing has to go the FOSS way
 
Containers behind the curtains
Containers behind the curtainsContainers behind the curtains
Containers behind the curtains
 
How DreamHost builds a public cloud with OpenStack.pdf
How DreamHost builds a public cloud with OpenStack.pdfHow DreamHost builds a public cloud with OpenStack.pdf
How DreamHost builds a public cloud with OpenStack.pdf
 

More from The Linux Foundation

ELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleThe Linux Foundation
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...The Linux Foundation
 
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...The Linux Foundation
 
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...The Linux Foundation
 
XPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather ReportXPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather ReportThe Linux Foundation
 
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...The Linux Foundation
 
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxXPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxThe Linux Foundation
 
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...The Linux Foundation
 
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderXPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderThe Linux Foundation
 
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...The Linux Foundation
 
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making... OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...The Linux Foundation
 
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixXPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixThe Linux Foundation
 
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdXPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdThe Linux Foundation
 
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...The Linux Foundation
 
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DXPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DThe Linux Foundation
 
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsXPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsThe Linux Foundation
 
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...The Linux Foundation
 
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...The Linux Foundation
 
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...The Linux Foundation
 
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEXPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEThe Linux Foundation
 

More from The Linux Foundation (20)

ELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made Simple
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
 
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
 
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
 
XPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather ReportXPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather Report
 
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
 
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxXPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
 
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
 
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderXPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
 
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
 
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making... OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
 
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixXPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
 
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdXPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
 
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
 
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DXPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
 
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsXPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
 
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
 
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
 
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
 
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEXPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
 

Recently uploaded

A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 

Recently uploaded (20)

A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 

Unikernels: When They Work and When They Don't

  • 1. © 2014 Galois, Inc. All rights reserved. Unikernels: Who, What, Where, When, Why? Adam Wick (awick@galois.com) Xen Developer Summit | August 19th, 2014
  • 2. © 2014 Galois, Inc. All rights reserved. ? mini OS HALVM Which? When? Why?
  • 3. © 2014 Galois, Inc. All rights reserved. ? mini OS HALVM Unikernel: (a.k.a. Library OSes) A single-purpose, single-language virtual machine hosted on a minimal environment.
  • 4. © 2014 Galois, Inc. All rights reserved. Unikernels: Who, What, Where, When, Why? • The advantages and disadvantages of unikernels. • Where Galois has used them in the past that worked. • … and didn’t work. • What general rules we think apply.
  • 5. Application Application Application opengl iconv gtk libz libgmp libtls libC libstdc++ libgcc © 2014 Galois, Inc. All rights reserved. ? Operating System
  • 6. © 2014 Galois, Inc. All rights reserved. Why?
  • 7. © 2014 Galois, Inc. All rights reserved. Why?  Reduced memory footprint.  Greatly reduced need for disk space.  Reduced computational burden. Use less powerful VM classes for the same work, and save money.
  • 8. © 2014 Galois, Inc. All rights reserved. Why?  Reduced memory footprint.  No extraneous processes taking up your CPU.  Fewer schedulers interrupting things. Faster load times, lower latencies.
  • 9. © 2014 Galois, Inc. All rights reserved. Why?  Reduced code size.  Customized to application.  (Potentially) Stronger walls between disparate components. Less exposure to general attacks, reduced privileges, reduced attack surface.
  • 10. Why not? Application Application Application opengl iconv gtk libz libgmp libtls libC libstdc++ libgcc © 2014 Galois, Inc. All rights reserved. ? Operating System If this is what you want, don’t fix what isn’t broken.
  • 11. Why not? opengl iconv gtk libz libgmp libtls libC libstdc++ libgcc © 2014 Galois, Inc. All rights reserved. ? Operating System There is a lot of software for Linux; with a unikernel, you will end up writing these bits and pieces.
  • 12. © 2014 Galois, Inc. All rights reserved. Why not? * These savings come from avoiding some expenses: removing the need for disks, lowering processor costs. If your application needs them anyways, you’re not going to see any savings. *
  • 13. © 2014 Galois, Inc. All rights reserved. Unikernels: Who, What, Where, When, Why? • The advantages and disadvantages of unikernels. • Where Galois has used them in the past that worked. • … and didn’t work. • What general rules we think apply.
  • 14. Mission: To create trustworthiness in critical systems. Research services and prototype development in computer science. Operating Systems Networking Cryptography Scientific Computing Human/Computer Interaction Programming Lanuages Formal Methods We built the HaLVM as part of one of our projects, and have successfully used it on many more since then. What have we learned? © 2014 Galois, Inc. All rights reserved. Security Safety Privacy Reliability Predictability Integrity W
  • 15. © 2014 Galois, Inc. All rights reserved. Three Main Use Cases Use Case #1 Embedded, Single-Host, Deprivileged Security Apparatus Use Case #3 Highly flexible, Highly mobile, On-demand Network Nodes Use Case #2 Lightweight, Scalable, Local Network Capabilities
  • 16. © 2014 Galois, Inc. All rights reserved. Use Case #1 Dom0 DomU
  • 17. © 2014 Galois, Inc. All rights reserved. Use Case #1 Dom0 DomU Unavoidable … … encryption. … filtering. … tunneling.
  • 18. © 2014 Galois, Inc. All rights reserved. Use Case #1 Unikernels allow for fine-grained separation of concerns: • Key management • RNG • Encrypt / Decrypt • Networking
  • 19. © 2014 Galois, Inc. All rights reserved. Use Case #1 Lesson: Unikernels are small and fast, so they make a great platform for building critical security components. Combine with XSM to use Xen as a lightweight separation kernel. BUT
  • 20. © 2014 Galois, Inc. All rights reserved. Use Case #1 We have been mostly successful using unikernels in this general area. dangerous word The one place it didn’t work: a device driver. opengl iconv gtk libz libgmp libtls ? libC libstd c++ libgcc Operating System Unikernels can make major, mid-stream changes more costly, because their specialization works against them.
  • 21. © 2014 Galois, Inc. All rights reserved. Awkward Transition Slide
  • 22. Use Case #2 (Your Network) © 2014 Galois, Inc. All rights reserved. Firewalls are nice, but they are going to be broken. (Or dodged.) How quickly can you detect that someone has broken into yournetwork, and how fast can you respond? Confuse, distract, delay, discover: Make them work harder, and make them easier to detect. Unikernels make great hosts for these nodes, because they are lightweight and responsive.
  • 23. © 2014 Galois, Inc. All rights reserved. Use Case #3 (The Cloud!) Unikernels have two major advantages over more traditional systems in the cloud: 1. They’re nimble. 2. They scale massively. … as long as your service fits within a certain mold. Do you need a local disk?
  • 24. © 2014 Galois, Inc. All rights reserved. Use Case #3: Nimble
  • 25. © 2014 Galois, Inc. All rights reserved. Use Case #3: Nimble
  • 26. Use Case #3: Nimble + Massive © 2014 Galois, Inc. All rights reserved.
  • 27. © 2014 Galois, Inc. All rights reserved. Unikernels: Who, What, Where, When, Why? • The advantages and disadvantages of unikernels. • Where Galois has used them in the past that worked. • … and didn’t work. • What general rules we think apply.
  • 28. © 2014 Galois, Inc. All rights reserved. Unikernels What? A lightweight mechanism for implementing single-service components. Who? Designers of cloud, local network, or low-level security services. Where? Useful for securing or rapidly deploying lightweight or security-sensitive services. When? For situations, like those described, for which the increased cost of development for a unikernel is outweighed by a unikernel’s advantages. Why? To save money. To improve efficiency. To improve security.
  • 29. © 2014 Galois, Inc. All rights reserved. Summary Unikernels: Useful for us. ≥? Where will you use them? HaLVM: http://halvm.org Mirage: http://openmirage.org
  • 30. All trademarks, service marks, trade names, trade dress, product names and logos appearing in these slides are the property of their respective owners, including in some instances Galois, Inc. © 2014 Galois, Inc. All rights reserved. All rights are reserved.