Back to Blog

Eric Wright

So, what’s the deal with this unikernel thing?

Blog header (cloud-infrastructure)It almost sounds made up:  unikernel.  If you try to type it out in a word processor, it will probably be highlighted as a spelling and grammar issue.  The reality is that unikernels are already becoming something very important in the data center and cloud ecosystem.  You’ll see a lot more talk about the cloud when we talk unikernels, but before we get too far, let’s just recap on the basics.

What is a unikernel?

supergreg-uniThe premise of a unikernel is to deliver an operating environment with the thinnest possible delivery.  A minimal operating system, with a subset of the libraries needed to support only core and critical functions.  The reason that it is being called a unikernel is that it is being delivered as a more single-purposed product.

The formal description is "specialised, single-address-space machine images constructed by using library operating systems”, and although that may sound

This is not a new thing, and you can see that by reading the 2013 paper titled “Unikernels: Library Operating Systems for the Cloud” at that shows the approach being used to solve specific problems in cloud platforms where a thin, agile, application environment is needed.

I liken the unikernel concept to the way that we’ve dealt with networking in the past.  ASIC-based solutions used a specific, singular system with a whittled-down kernel to provide very distinct features and nothing more.

Advantages of a unikernel approach

There are a few reasons why the unikernel approach is interesting and important.  Among them are these that I’d like to highlight:

SPEED - Sub-second boot time or at least a very short number of seconds from boot to availability.  This is the heart of unikernels and also what a lot of the container ecosystem has been hunting for.  By providing a lightweight operating and application environment, the boot time is small, and patching or restarting the unikernel system is similarly quick.

SECURITY - Security is not implied by the use of a unikernel architecture.  Security comes in the ability to reduce the attack surface that is in play when operating in a unikernel environment.  Providing less libraries that could be exposed to vulnerability is done in hopes that no unnecessary code is hanging on to open up to potential intruders.  Securing the unikernel environment is simpler because less of the platform has low-level or root-level access.

SIMPLICITY - Patching and maintenance is easier with less moving parts.  Think if a unikernel to a traditional VM architecture in the same way an SSD is to a spinning disk.  They each strive to solve a problem in the same area, but one provides a more targeted approach.

Challenges in a unikernel approach

Complexity through simplicity.  We gain the ability to boot quickly and reduce the attack surface with a unikernel architecture, but that also opens the door to having to architect your applications and infrastructure to support the use of single-purpose subsets of the environment acting in what will often be a microservices type of deployment.

For the true single-purpose application, we also have opportunities to place unikernels at the edge in our data center or cloud environment.  The result is that we must design the network to be able to work with these small form factor environments to ensure we support the network needs and other requirements in the infrastructure to supporting fast-boot, potentially volatile systems.

Unikernels solve very focused challenges.  They also can be myopic in the approach, which opens the door to having to have multiple systems in order to solve the multitude of challenges we have today in the cloud and data center environments.  On a positive note, nobody will be laying claim to being a “single pane of glass” with a unikernel architecture.  They are much more like a surgical approach to specific problems.  It’s both good and challenged at the same time.

Will unikernels replace [some technology]?

No.  I don’t even hesitate to say that unikernels are a long way from replacing much of what we have out there today.

If you want to dig in a little further with some specific examples of things like MirageOS and more, you can visit the site to see some of the example applications that are out there today, and watch as more new opportunities open up to create and consume unikernel environments.

I’m a fan of the concept.  It feels like the right solution for something in between a container solution and a PaaS solution.  That may be an oversimplification of the unikernel approach.  In the end, this will add to the multiple solutions that we add to our toolkit in order to fill in the whitespace of solutions to deliver a complete IT ecosystem.

Image source: