[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[MirageOS-devel] Qns about Unikernels/hypervisors/baremetal/security




I've been looking at Unikernels for a while and am starting to present on the subject, but I still have a few basic questions ...

I understand that runnings unikernels above a hypervisor such as Xen removes the need to include h/w device drivers in the unikernel itself.

For embedded/IoT applications this will be feasible for nodes which have sufficient compute power to run a hypervisor but I think there is significant interest in being able to use Unikernels, especially "clean slate" unikernels on the smaller devices (where I guess you'd have to deal with manually installed unikernels rather than being able to push images).

How feasible is running on BareMetal?
If a manufacturer expects to sell 100k devices of a webcam for example, economies of scale might make writing the necessary drivers for the associated hardware worthwhile.
Are there examples of baremetal implementations?
Are "legacy" unikernels (rumpkernel, OSv etc) more appropriate for this?

Mirage can create a linux binary or a Xen compatible VM.
How would you create a bootable image for BM (would you wrap up the "Xen compatible VM" in some way?)
I guess this wouldn't actually run on any hardware due to lack of drivers, but they could be provided as Ocaml libraries.

How can we be sure about the Hypervisor security.
Are there any comparisons of security between Xen, kvm, hyper-v, esxi ?

I understand that Xen is being optimized to be able to run 1000's of VMs.
How does Xen currently compare with other hypervisors

I see we talk about "potential" security improvements - due to less LOC, due to easier to understand code (because of less LOC).
Are there any studies/figures to support this position?
Obviously there's pinata

What Unikernels are actually used in production today?
(deferpanic has a IaaS)


Thanks for any comments on these questions, assumptions.
Mike.


_______________________________________________
MirageOS-devel mailing list
MirageOS-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.