Sergey Nivens - Fotolia


It's an OS. It's a container. No, it's unikernel!

Unikernels improve application performance and security by getting the OS down to a smaller footprint with no waste. But this new invention in the OS field isn't for every app.

Unikernels shrink the OS to conserve compute resources, improve performance and boost security.

Typical enterprise-class operating systems have become onerously big and packed with features, yet only a small fraction of those capabilities are actually needed by applications. The unused functionality consumes important computing resources that could be otherwise utilized by additional virtual machines. A unikernel approach compiles selected OS functionality directly into the application itself.

Traditionally, an OS provides a user interface, identifies and organizes the underlying system hardware, and launches and supports applications using the hardware. These components are supplemented by dynamic link libraries and other drivers to create complex OS platforms that require significant memory, processor cycles and storage space before the application even starts consuming resources. Demands multiply with virtualization, which runs each VM with an individual OS instance.

Low-profile operating systems, such as the Nano Server version of Windows Server 2016, heavily strip down the installation, leaving off the graphical user interface, 32-bit compatibility, Windows Installer support and other elements.

The unikernel concept also minimizes the OS, but uses a different strategy. A developer compiles the unikernel components that the application demands for its operation along with the application. Unikernel libraries directly suit the application's needs, with no extra functionality.

Not a developer's superhero

While the advantages are intriguing, there are some disadvantages to unikernel operating systems, particularly for developers.

The need to recompile and redeploy the application and unikernel for each new version or functionality presents logistical problems for developers. The limited scope of a unikernel doesn't suit many enterprise applications. And the language and runtime environment needs for unikernels can limit flexibility.

Developers and their IT organizations should evaluate potential unikernels based on each platform's maturity and scope, the unikernel's underlying development language (e.g., C, Java, OCaml, Haskell and so on), the intended or preferred target environment (such as Xen, KVM, kFreeBSD and others), and the size of the unikernel's overall library ecosystem.

The OS of tomorrow in the data center

Unikernels promise advantages over conventional operating systems such as Windows 2016 Nano Server, including reduced resource requirements, better performance, flexible running environments and better security.

Unikernels' stingy resource usage frees up data centers to host more VMs and workloads on given IT infrastructure. A unikernel OS such as ClickOS boasts memory requirements of about 5 MB for a typical VM, compared to a minimum of 512 MB required for Windows Server 2016. The actual requirements vary depending on the number of unikernel libraries actually compiled with the application.

Smaller resource requirements can boost performance. A small OS supports much faster boot times than full conventional OS versions. A unikernel OS could reduce that to less than one second, according to claims from unikernel maker MirageOS. VM migration and data protection processes might take less time with the slashed OS footprint as well.

A unikernel-run application essentially forms a fixed image on a VM or directly on underlying physical hardware. This promises more flexible heterogeneous -- virtualized and physical data center environments -- operations.

Unikernels also benefit security. Fewer OS elements reduce the potential attack surface, and compiling library components along with the application creates a fixed image where neither the application nor the OS components can change. This is a radical departure from conventional operating systems, which are typically updated and patched.

The unikernel concept is just one variation of kernel use. Other kernel models such as exokernels and microkernels, nanokernels, and picokernels represent a new emphasis on shrinking the OS footprint and changing the face of application deployment.

The unikernel, hypervisors and virtualization

Where a typical VM would run a complete OS and separate application, a unikernel runs a far smaller OS and application within the VM sitting atop a hypervisor. But that's not the only way in which unikernels rely on the hypervisor.

In practice, developers often rely on a hypervisor to handle some of the features and functionality usually provided by an OS. Most unikernel-based deployments rely on the services of an underlying hypervisor such as VMware ESXi, Microsoft Hyper-V, Xen or KVM.

Unikernel vs. container

Unikernels differ from containers, though unikernel characteristics resemble the behaviors of container-based virtualization. In containers, applications all share a common OS kernel. With unikernels, a data center could deploy large numbers of smaller VMs hosting individual OSes, with each VM benefiting from quick startup time. Unikernels may eventually become viable candidates for microservices-type application deployments.

Next Steps

The benefits of microservices come at a cost

A vision of the 2020 data center comes into focus

Why you need microservices architecture

Dig Deeper on Deploying Microservices