Unikernels Highlight How Docker Is Much More than Just Containers

by Paul Rubens

If all goes according to plan you'll soon be able to use the Docker platform to easily manage and run unikernel applications just as if they were apps running in Docker containers.

There's a company nearby called Wycombe Mats. Its tagline is "So much more than just mats!" You get the feeling that it chose its name before it diversified.

It may be tenuous, but there's a link here to Docker. That's because Docker is synonymous with containers, but really Docker is so much more than just containers. Virtually Speaking

Well, not that much more at the moment, but it's pretty clear that the company would like to be a platform for running all kinds of application packages, not just containers.

That follows the mid-January announcement that the company has acquired Unikernel Systems, a U.K.-based outfit staffed by some very smart ex-Xen hypervisor project pioneers that's dedicated to mucking about with unikernels.

So what's a unikernel when it's at home? The idea of unikernels has been knocking about for many years now, and essentially the principal is that if you break an operating system down into a number of libraries, you can take just the operating system components you need to go with your source code, and compile it into a unikernel that runs just your specific applications. You build what Anil Madhavapeddy, CTO at Unikernel Systems before it was acquired by Docker, calls an "artisanal kernel" that runs a specialist application.

The Core Benefits of a Unikernel

The benefit of a unikernel is that instead of needing the 30 million lines of code of a standard kernel just to run a "Hello world!" program, all you have in the unikernel is the code you need to run the program, and no more. You run the code you need to run, not the code your OS insists you need to have.

That means a much smaller attack surface, for one thing. Unikernels should also start up extremely quickly — quicker than containers, certainly. These lean unikernels should offer higher performance, too. That's because everything runs in userland — there's no processor switching between kernel mode and user mode, with the associated performance hit.

While rolling your own unikernels and using them can be quite an effort, the good news is it's possible to use the Docker platform to build and run unikernels on a hypervisor, just as if they were regular containers. (Unikernels can also be run on bare-metal: driver libraries for the hardware can be built right into the apps.)

So rather than having a container host with multiple containers running on it all on a shared kernel, or each container running on its own kernel in a pared-down OS running in its own virtual machine (offering more isolation) , you now have each unikernel app running in its own virtual machine (offering more isolation and the benefits of specialization/efficiency/performance/security.)

Put another way, unikernels are just "the next step in shrinking the payload from VMs to containers to unikernels," Docker CTO Solomon Hykes told TechCrunch.

Unikernels and the Internet of Things

What's additionally exciting here is that this is not just an Intel story. Unikernels are actually ideal for tiny ARM-based microcontrollers that are embedded in many Internet of Things (IoT) devices. The Docker platform will be able to manage fleets of these devices, and thanks to the unikernel approach, they may be more secure than many of the IoT products that we have seen to date.

There are some drawbacks to unikernels though, the most obvious being questions about how to manage them. But Docker plans to increase support for unikernels in the coming months. "The Unikernel Systems team will continue to support the growing unikernel community while working closely with the rest of Docker to make sure unikernels integrate well with Docker tools," is how Docker announced the acquisition in a blog posting.

So if all goes according to plan you'll be able to use the Docker platform to easily manage and run unikernel applications just as if they were applications running in Docker containers.

Whether this story will end with unikernels no-one can be certain. But one thing is for sure: Docker has plans for Docker to be about so much more than just containers.

Paul Rubens is a technology journalist and contributor to ServerWatch, EnterpriseNetworkingPlanet and EnterpriseMobileToday. He has also covered technology for international newspapers and magazines including The Economist and The Financial Times since 1991.

Follow ServerWatch on Twitter and on Facebook

This article was originally published on Monday Feb 29th 2016
Mobile Site | Full Site