| Hi all, I just came across and am wondering what the implications are.
Interesting portions of this are:
Many people who advocate for containers start by saying that virtual machines are expensive and slow to start and that containers provide a more efficient alternative. The usual counterpoint is about how secure kernel containers really are against adversarial users with an arsenal of exploits in their pockets. Reasonable people can argue for hours on this topic but the reality is that quite a few potential users of containers see this as a showstopper.
We (the Intel Clear Containers group) are taking a little bit of a different tack on the security of containers by going back to the basic question: how expensive is virtual-machine technology, really? Performance in this regard is primarily measured using two metrics: startup time and memory overhead. The first is about how quickly your data center can respond to an incoming request (say a user logs into your email system); the second is about how many containers you can pack on a single server.
...
To provide a preview of the results: we can launch such a secured container that uses virtualization technology in under 150 milliseconds, and the per-container memory overhead is roughly 18 to 20MB (this means you can run over 3500 of these on a server with 128GB of RAM).
---
I am wondering how the typical unikernel compares in terms of start-up time and memory overhead.
Regards Lars | 
