The UNICORE Project: Unikraft and OpenNebula
1 like572 views
The document discusses the development and benefits of unikernels as lightweight virtual machines to enhance application deployment and efficiency in the DevOps era. It details Unicore's objectives to simplify unikernel development through an open-source toolchain, aimed at improving performance, security, and market adoption. Use cases include serverless computing, IoT platforms, and secure smart contracts, along with steps for implementation and automation using various tools.
![© 2019 UNICORE
Unikernels‘ Potential
▌Fast instantiation, destruction and migration time
▌10s of milliseconds or less (and as little as 2.3ms)
(LigthVM [Manco SOSP 2017], Jitsu [Madhvapeddy, NSDI 2015])
▌Low memory footprint
Few MBs of RAM or less (ClickOS [Martins NSDI 2014])
▌High density
8k guests on a singlex86 server (LigthVM [Manco SOSP 2017])
▌High Performance
▌10-40Gbit/s throughput with a single guest CPU
(ClickOS [Martins NSDI 2014], Elastic CDNs [Kuenzer VEE 2017])
▌Reduced attack surface
Small trusted compute base
Strong isolation by hypervisor](https://image.slidesharecdn.com/unicoreunikernelspowerjguijarro-190508080913-190508141746/85/The-UNICORE-Project-Unikraft-and-OpenNebula-4-320.jpg)
The UNICORE Project: Unikraft and OpenNebula
- 1. © 2019 UNICORE @jordiguijarro - UNICORE DESIGN WP LEADER May 2019 – Barcelona OpenNebula Tech Day Unikernels POWER
- 2. © 2019 UNICORE • We are in DevOps era • quickly developing, upgrading and deploying applications is at the core of the new IT industry • Software is more and more massively running on shared hardware • efficiency but also need for isolation, lightweight sw image footprints, • fast boot, etc. • Standard VMs can be heavy load (image size, excessive memory and disk space, long boot time) • Containers are faster, but offer poor isolation The problem... UNIKERNELS (lightweight VM) can be the solution
- 3. © 2019 UNICORE Symbolic execution, deterministic execution, NFV use case Project Coordinator Host infrastructure in support of unikernels (containers, VMs) WP4 leader Microlibraries, build system, performance tools Technical Coordinator & WP3 leader Deterministic execution support, smart contracts use case Microlibraries, APIs, security primitives, performance tool System reqs, NFV use case (5G vRAN) Systems security and safety primitives NFV use cases, industrial exploitation NFV use case Home automation / IoT use case WP6 leader Testbeds/infrastructure, tools integration, serverless use case WP2 leader Serverless / IoT use cases Consortium
- 4. © 2019 UNICORE Unikernels‘ Potential ▌Fast instantiation, destruction and migration time ▌10s of milliseconds or less (and as little as 2.3ms) (LigthVM [Manco SOSP 2017], Jitsu [Madhvapeddy, NSDI 2015]) ▌Low memory footprint Few MBs of RAM or less (ClickOS [Martins NSDI 2014]) ▌High density 8k guests on a singlex86 server (LigthVM [Manco SOSP 2017]) ▌High Performance ▌10-40Gbit/s throughput with a single guest CPU (ClickOS [Martins NSDI 2014], Elastic CDNs [Kuenzer VEE 2017]) ▌Reduced attack surface Small trusted compute base Strong isolation by hypervisor
- 5. • Today, each optimized unikernel is manually built • Image build takes several months or longer • Wash, rinse, repeat for each target application • Need for significant expert resources on OS, computer systems, kernel, etc. The (Big) Downside with Unikernels
- 6. © 2019 UNICORE UNICORE is developing tools to enable lightweight VM development to be as easy as compiling an app for an existing OS UNICORE will release an open-source toolchain to enable secure and portable unikernel development Developing unikernel based applications will be reduced to slight changes in the app Makefile, choosing from a menu of available implementations for the required system functionality, and compiling the app UNICORE can unleash the use of next generation of cloud computing services and technologies UNICORE in a nutshell
- 7. © 2019 UNICORE Unicore Tool Ecosystem
- 8. © 2019 UNICORE Project Objectives Unikerne l toolchain Objective 1: Fine-Grained OS Decomposition and Code Re-use Objective 2: Automated, Multi-platform Unikernel Construction Objective 3: Automated Unikernel Verification, Security and Safety Objective 4: Automated Unikernel Performance Optimization Use Cases Objective 5: Efficient Serverless Computing in Clouds Objective 6: Efficient and Secure NFV Deployment Objective 7: Privacy-aware, Cheap IoT Platform Cloud Offloading Objective 8: Secure, Deterministic Smart Contracts Impact achieve ment Objective 9: Foster Market Adoption for Unikernels Objective 10: Time-to-Market Reduction for Secure Software Development and Deployment
- 9. © 2019 UNICORE Work breakdown WP1: Project Management WP6:ExploitationandDissemination H2020 projects Open source WP2: Platform Design and Evaluation WP3: Core Implementati on WP4: Toolstack Implementati on WP5: Unikernels in Practice Serverless computing – lambda services Home automation/Io T NFV/MEC/RA N virtualization Smart contracts Industrial exploitati on dissemina tion
- 10. • Rationale: Current implementations of serverless computing platforms either use containers (being thus insecure) or rely on full blown VMs which makes them highly inefficient (e.g. Amazon EC2’s lambda services) • Goal: Use UNICORE technology and APIs to enable novel serverless computing • Develop a lambda services offering based on UNICORE and execute trial in Barcelona, providing services (web crawling and video transcoding functions) to citizens and especially to the university and research community • Integrate unikernels in PacketCloud, an edge serverless computing platform developed by Correct Networks, and use UNICORE tools to develop a unikernel to run lambda functions written in Node.js • Target TRL: 7-8 UNICORE Use Case Serverless Computing for novel cloud platforms
- 11. © 2019 UNICORE Unikraft & OpenNebula First steps...
- 12. © 2019 UNICORE Demo Scenario Unikraft & OpenNebula Intel(R) Xeon(R) CPU E5540 @ 2.53GHz 36 GB RAM
- 13. © 2019 UNICORE Build First Unikernel for KVM https://github.com/sysml/ucc-unikraft/wiki Use docker to build the image: https://hub.docker.com/_/gcc/ Unikraft & OpenNebula docker run --rm -v "$(pwd)"/myapp:/usr/src -w /usr/src/apps/helloworld gcc:latest bash -c make
- 14. © 2019 UNICORE Upload the image to Files & Kernels Datastore Unikraft & OpenNebula
- 15. © 2019 UNICORE Update VM Template with the kernel image Unikraft & OpenNebula
- 16. © 2019 UNICORE Instantiate a VM Template Unikraft & OpenNebula
- 17. © 2019 UNICORE Automating deployments with Terraform: Running 1, 5, 10, 25 and 50 unikernels... Unikraft & OpenNebula
- 18. © 2019 UNICORE The default scheduler takes 54’’ to deploy 50 unikernels. It’s the time to execute the terraform plan using the XML- RPC API #1 terraform apply unikraft 0,18s user 0,07s system 2% cpu 10,275 total #5 terraform apply unikraft 0,24s user 0,06s system 2% cpu 10,429 total #10 terraform apply unikraft 0,42s user 0,16s system 4% cpu 13,458 total #25 terraform apply unikraft 1,07s user 0,30s system 4% cpu 30,894 total #50 terraform apply unikraft 2,12s user 0,55s system 4% cpu 54,445 total Unikraft & OpenNebula 10.28 10.43 13.46 30.89 54.45 0 10 20 30 40 50 60 unikernels
- 19. © 2019 UNICORE www.linkedin.com/groups/8752067 info@unicore-project.eu @unicore_project This project has received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No