A unikernel is an executable image that can execute natively on a hypervisor, without the need for a separate operating system. The image contains application code, as well as all the operating system functions required by that application.
Unikernels are usually built using compilers that leverage library operating systems, which are collections of libraries that represent an operating system's core capabilities. This allows a unikernel developer to selectively include only those library components required to make an application work, with the unikernel code orchestrating these drivers. Traditional operating system functions, such as network or file-system handling, are compiled into the final executable on an as-needed basis.
Unikernels use a fraction of the resources required by full, multipurpose operating systems, such as Linux distributions or Microsoft Windows Server. Their diminutive size enables subsecond startup times and high deployment densities unmatched in traditional server virtualization. Additionally, the minimal footprint of the library OS functions and the absence of traditional operating system utilities greatly reduce the attack surface available for exploitation by malicious hackers. Some unikernel build systems leverage type-safe languages, such as Haskell or Erlang, while others can bind to more common languages, like C, C++ or Java.
Other kernel-based library OS models include exokernels that multiplex the raw hardware for the application's use, and micro-, nano- or picokernels that provide no or only basic services at the kernel level.
The introduction of library OSes complicates production IT management and monitoring, without processes that the administrator can debug. It also requires different IT resource management than server virtualization or containers that rely on shared memory, CPU and so on. And in the build phase, developers must put more effort into setup and design than with VMs and containers that use a multipurpose OS.
Uses for unikernel OSes
The unikernel concept has potential as a cloud OS due to the boot-up speed and small footprint. Unikernels offer an alternative to containers for minimizing the footprint required to host application code with isolation and a high specialization of functions.
Not all applications are suitable for unikernels. Applications that require multiple processes in a single VM are not good candidates, but a high number of traditional application images could become much smaller and faster when recompiled as unikernels. A lightweight Linux operating system is one proposed alternative to a library OS for environments that require little resource overhead, such as cloud OSes.
Numerous unikernel build systems are available from multiple sources, with the open source community leading the way. Some of the more popular unikernel systems include:
- MirageOS from the Xen Project incubator;
- Drawbridge from Microsoft;
- Haskell Lightweight Virtual Machine;
- LING (formerly Erlang on Xen);
- Cloudius Systems' OSv;
- Project Guest VM Microkernel;
- Rump kernels, which leverage NetBSD's library of OS functions;
- ClickOS created by NEC Laboratories Europe; and
- Clive from researchers at the Universidad Rey Juan Carlos of Madrid, Spain.