UNICORE Project Technical Overview
1 like270 views
Unicore is developing a toolkit to streamline the creation of unikernels, addressing challenges in application deployment in the DevOps era by enhancing efficiency, security, and ease of use. The toolkit includes tools for software decomposition, dependency analysis, automated builds, and performance optimization, aimed at simplifying unikernel development for various applications, including serverless computing and IoT. The project's objectives include improving market adoption of unikernels, reducing time-to-market for secure software, and ensuring optimized and validated applications run on lightweight virtual machines.
![© 2019 UNICORE
Unikernels‘ Potential
▌Fast instantiation, destruction and migration time
10s of milliseconds or less (and as little as 2.3ms)
(LigthVM [Manco SOSP 2017], Jitsu [Madhvapeddy, NSDI 2015])
▌Low memory footprint
Few MBs of RAM or less (ClickOS [Martins NSDI 2014])
▌High density
8k guests on a singlex86 server (LigthVM [Manco SOSP 2017])
▌High Performance
10-40Gbit/s throughput with a single guest CPU
(ClickOS [Martins NSDI 2014], Elastic CDNs [Kuenzer VEE 2017])
▌Reduced attack surface
Small trusted compute base
Strong isolation by hypervisor](https://image.slidesharecdn.com/unicoretechnicaloverview-190314070327/85/UNICORE-Project-Technical-Overview-3-320.jpg)
UNICORE Project Technical Overview
- 1. © 2019 UNICORE UNICORE A Common Code Base and Toolkit for Deployment of Applications to Secure and Reliable Execution Environments Technical Overview March 2019
- 2. © 2019 UNICORE The problem • We are in DevOps era • quickly developing, upgrading and deploying applications is at the core of the new IT industry • Software is more and more massively running on shared hardware • efficiency but also need for isolation, lightweight sw image footprints, fast boot, etc. • Standard VMs can be heavy load (image size, excessive memory and disk space, long boot time) • Containers are faster, but offer poor isolation UNIKERNELS (lightweight VM) can be the solution
- 3. © 2019 UNICORE Unikernels‘ Potential ▌Fast instantiation, destruction and migration time 10s of milliseconds or less (and as little as 2.3ms) (LigthVM [Manco SOSP 2017], Jitsu [Madhvapeddy, NSDI 2015]) ▌Low memory footprint Few MBs of RAM or less (ClickOS [Martins NSDI 2014]) ▌High density 8k guests on a singlex86 server (LigthVM [Manco SOSP 2017]) ▌High Performance 10-40Gbit/s throughput with a single guest CPU (ClickOS [Martins NSDI 2014], Elastic CDNs [Kuenzer VEE 2017]) ▌Reduced attack surface Small trusted compute base Strong isolation by hypervisor
- 4. © 2019 UNICORE The (Big) Downside with Unikernels • Today, each optimized unikernel is manually built • Image build takes several months or longer • Wash, rinse, repeat for each target application • Need for significant expert resources on OS, computer systems, kernel, etc.
- 5. © 2019 UNICORE UNICORE is developing tools to enable lightweight VM development to be as easy as compiling an app for an existing OS UNICORE will release an open‐source toolchain to enable secure and portable unikernel development •Developing unikernel based applications will be reduced to slight changes in the app Makefile, choosing from a menu of available implementations for the required system functionality, and compiling the app UNICORE can unleash the use of next generation of cloud computing services and technologies UNICORE in a nutshell
- 7. © 2019 UNICORE The Unicore Toolkit • Decomposition tool to assist developers in breaking existing monolithic software into smaller components. • Dependency analysis tool to analyze existing, unmodified applications to determine which set of libraries and OS primitives are absolutely necessary for correct execution. • Automatic build tool to match the requirements derived by the dependency analysis tools to the available libraries constructed by the OS decomposition tools. • Verification tool to ensure that the functionality of the resulting, specialized OS+application matches that of the application running on a standard OS. The tools will also take care of ensuring software quality. • Performance optimization tool to analyze the running specialized OS+application and to use this information as input to the automatic build tools so that they can generate even more optimized images.
- 10. © 2019 UNICORE UNICORE Use Case Serverless Computing for novel cloud platforms • Rationale: Current implementations of serverless computing platforms either use containers (being thus insecure) or rely on full blown VMs which makes them highly inefficient (e.g. Amazon EC2’s lambda services) • Goal: Use UNICORE technology and APIs to enable novel serverless computing • Develop a lambda services offering based on UNICORE and execute trial in Barcelona, providing services (web crawling and video transcoding functions) to citizens and especially to the university and research community • Integrate unikernels in PacketCloud, an edge serverless computing platform developed by Correct Networks, and use UNICORE tools to develop a unikernel to run lambda functions written in Node.js • Target TRL: 7‐8
- 11. © 2019 UNICORE UNICORE Use Case Efficient, Secure Network Function Virtualization • Rationale: The holy grail of a Network Function Virtualization (NFV) implementation is the ability to dynamically provision network components, services and applications in a matter of minutes rather than the weeks or months it takes to do so now • Goal: With boot‐times in the order of milliseconds, unikernels will provide disrupting NFV solutions • Universal CPE. Use UNICORE tools to develop a footprint optimized virtual router (vCPE) and micro‐services (such as DHCP servers, NAT or probes) running on lightweight virtual machines that offer good performance, while offering strong isolation and tangible security guarantees • Broadband Network Gateway for wired Internet access. Upgrade from a monolithic approach using Linux on the Broadband Network Gateway (BNG) to one with unikernel VMs with each Point‐to‐Point Protocol over Ethernet (PPPoE) session running in a separate unikernel VM (disaggregated BNG) • Wireless 5G vRAN NFV Clusters. Ports 4G and 5G control plane (Layer 3) vRAN VNFs to Unikernels to target real world 5G testbeds. Additionally, MEC apps and user plane VNFs will be experimented evaluated for similar commercial deployments • Target TRL: 8
- 12. © 2019 UNICORE UNICORE Use Case Internet of Things • Rationale: Offloading IoT platform controllers to the cloud is not a new area, yet valid privacy concerns raised by clouds run in different jurisdictions hamper offloading, forcing IoT systems to install hardware in the home to control IoT devices, and reducing economic efficiency • Goal: Migrate to unikernels a selected set of application services from commercial “digital living” platforms currently deployed in VMs and containers • Symphony IoT platform by Nextworks. Use UNICORE tools to develop unikernels for home and building automation, data storage and analytics, media services and voice/video communications. • Use PacketCloud serverless computing functions to develop a proof‐of‐concept IoT controller • Target TRL: 7
- 13. © 2019 UNICORE UNICORE Use Case Smart Contracts • Rationale: The main challenges for smart contracts in a blockchain environment are ensuring deterministic execution support because all participants need to be able to verify the result of a smart contract; safe running of untrusted code, to avoid security issues on the nodes involved in the system; and handling the interaction between smart contracts • Goal: Migrate to unikernels a selected set of application services from commercial “digital living” platforms currently deployed in VMs and containers • Create a permissioned blockchain called skipchain that includes precompiled smart contracts, but that lacks so far the possibility to run smart contracts provided by the users. • Target TRL: 7
- 14. © 2019 UNICORE Consortium Symbolic execution, deterministic execution, NFV use case Project Coordinator Host infrastructure in support of unikernels (containers, VMs) WP4 leader Microlibraries, build system, performance tools Technical Coordinator & WP3 leader Deterministic execution support, smart contracts use case Testbeds/infrastructure, tools integration, serverless use case WP2 leader Microlibraries, APIs, security primitives, performance tool System reqs, NFV use case (5G vRAN) Systems security and safety primitives Home automation/IoT use case WP6 leader NFV use cases, industrial exploitation NFV use case Serverless / IoT use cases