Petya Petrova - Fotolia
Micro VMs bridge the gap between full VMs and containers
Micro VMs address full VM and container disadvantages, all while providing a lightweight container architecture and retaining VM security for each instance.
VMs and containers are popular technologies, but they have drawbacks that make management challenging, such as reduced mobility and weak security. Micro VMs provide IT administrators the desired features of both without the added disadvantages.
Micro VMs enable admins to run a vast number of small VMs per host. As these micro VMs accumulate over time, the host becomes increasingly stressed. This can lead to problems such as reduced system performance and exhausted resources. But AWS Firecracker is a platform that provides micro VMs and corresponding management capabilities, ensuring peak performance.
Understand micro VMs and their benefits
Before admins can understand what a micro VM offers, they must know the advantages and disadvantages of both VMs and containers. VMs enable admins to run several OS instances, which are independent of each other. This provides added isolation, but requires a lot of resources. Compared to VMs, containers are smaller and less resource-intensive, but they can expose the entire system to security risks because containers on the same host share a common OS.
Micro VMs provide admins with the best of both worlds. Essentially, a micro VM adopts container architecture, but retains VM isolation for each instance. This enables admins to create and deploy a large number of micro VMs quickly without risking resource contention. And security remains intact.
When to use a full VM, container or micro VM
It can be difficult to know when to use a full VM, container or micro VM. Simply put, each instance type has its own specific use case, and an admin's choice hinges on the type of workloads he runs.
If an admin relies on traditional, monolithic applications, full VMs are ideal. This is because a VM is a complete and independent server, which can deploy complex legacy applications such as databases.
Containers are more ideal for admins who require scalability and workload mobility. Due to their lack of isolation, containers are also better suited for workloads that don't require high-level security.
Admins looking to support traditional, monolithic applications and achieve scalability and mobility should consider micro VMs. Micro VMs offer the benefits of container architecture while retaining the security and isolation that full VMs provide.
Micro VM management challenges
Micro VMs bridge the gap between containers and full VMs, offering admins the benefits of both. But that isn't to say that micro VMs are without their own unique challenges.
Micro VMs enable admins to create a lot of small VMs at once and continually over time. But as micro VMs accumulate, admins risk exceeding both the hypervisor's limit on VMs and the available software licenses.
Large-scale use of micro VMs can also lead to resource contention. A common misconception is that, because of their reduced size, micro VMs don't consume a large amount of resources. But the size of the VM doesn't necessarily determine the number of resources it uses. More often, it's the sheer volume of VMs in a single host that causes resource contention. And if admins create too many micro VMs in a short period of time, they can potentially overwhelm the host.
Introduction to AWS Firecracker
Although micro VMs have their own management challenges, there are different vendors and platforms that can help admins manage them successfully. AWS Firecracker is one example. Firecracker is an open source virtualization technology that enables admins to build micro VMs for containerized apps.
AWS uses Firecracker to underpin some of its cloud services, such as Lambda and Fargate, but has also made the software available for admins to use in on-premises environments. AWS first introduced Firecracker, which offers the isolation and security of full VMs with the mobility of containers, in November 2018.
AWS Firecracker is ideal for workloads that are event-driven and short-lived, such as serverless computing. Admins looking for multiple levels of isolation and protection will benefit from Firecracker. At its core, Firecracker relies on a KVM module built into Linux, which enables it to launch lightweight micro VMs in non-virtualized environments.
How to use AWS Firecracker
Once admins have determined whether micro VMs are ideal for their workloads, they can use AWS Firecracker to build micro VMs. AWS Firecracker provides admins with a minimalist design, which reduces memory requirements and better protects against malicious attacks.
Before admins can use AWS Firecracker, they must download the Firecracker binaries. Then, admins need an uncompressed Linux kernel binary that can serve as the guest OS, as well as a root file system such as an ext4 file system image.
Once admins acquire these binaries, they must open one shell prompt to successfully start and run Firecracker and another to write to its API. Both shells must run in the same directory as the Firecracker binaries.
After completing these steps, admins should set the guest OS kernel and guest root file system in the second shell to start the guest machine. Admins can then return to the first shell, being sure to log in to the guest machine from the provided prompt.