Unikernels: Library operating systems for the cloud
ACM SIGARCH Computer Architecture News, 2013•dl.acm.org
We present unikernels, a new approach to deploying cloud services via applications written
in high-level source code. Unikernels are single-purpose appliances that are compile-time
specialised into standalone kernels, and sealed against modification when deployed to a
cloud platform. In return they offer significant reduction in image sizes, improved efficiency
and security, and should reduce operational costs. Our Mirage prototype compiles OCaml
code into unikernels that run on commodity clouds and offer an order of magnitude reduction …
in high-level source code. Unikernels are single-purpose appliances that are compile-time
specialised into standalone kernels, and sealed against modification when deployed to a
cloud platform. In return they offer significant reduction in image sizes, improved efficiency
and security, and should reduce operational costs. Our Mirage prototype compiles OCaml
code into unikernels that run on commodity clouds and offer an order of magnitude reduction …
We present unikernels, a new approach to deploying cloud services via applications written in high-level source code. Unikernels are single-purpose appliances that are compile-time specialised into standalone kernels, and sealed against modification when deployed to a cloud platform. In return they offer significant reduction in image sizes, improved efficiency and security, and should reduce operational costs. Our Mirage prototype compiles OCaml code into unikernels that run on commodity clouds and offer an order of magnitude reduction in code size without significant performance penalty. The architecture combines static type-safety with a single address-space layout that can be made immutable via a hypervisor extension. Mirage contributes a suite of type-safe protocol libraries, and our results demonstrate that the hypervisor is a platform that overcomes the hardware compatibility issues that have made past library operating systems impractical to deploy in the real-world.
ACM Digital Library