Rawpixel - Fotolia
Although they both aim to make computing more responsive and less resource-intensive, the natures of unikernels vs. containers contrast significantly.
Containers are a form of virtualization that greatly reduces overhead by encapsulating just the application and its dependencies, such as libraries and frameworks, on top of a shared host OS. In essence, containerization is virtualization lite, without multiple instances of the weighty OS.
Unikernels are akin to a shrunken container. The big difference in unikernels vs. containers is that containers require and depend on a normal OS, and unikernels do not. Instead, there is only what's necessary to achieve a specific function, namely application code, along with the minimum necessary OS functionality to run the application. This grouping of code and supporting OS components lives independently.
Unikernels are arguably the more radical direction versus containers. Containers have the IT industry's attention, but unikernels offer important advantages for some purposes. For example, this completely hermetic approach makes unikernels useful in internet of things (IoT) devices, where processing power and storage are in short supply. Therefore, it's helpful to understand the differences and strengths of each.
Adoption trend for unikernels vs. containers
Some industry watchers say that containerization makes unikernels unnecessary, due to the functional overlap. It's not so simple. Containers are probably more mature, going into 2018, and they are relatively easy to debug and deploy. However, unikernels offer more utility for specific applications.
Ashish NadkarniAnalyst, IDC
Unikernels are well-suited to lightweight computing devices, where it is suboptimal to run a full OS. IoT is an archetypal example. "It's not coincidental that many major container players are not currently focusing heavily on IoT, since containers leverage an underlying host operating system," said one unikernel expert, who requested anonymity due to employer policies
"As a technology, I believe that unikernels could be promising," said Ashish Nadkarni, analyst at IDC. However, in his view, a combination of market developments is, in effect, conspiring to reduce the space available for unikernels vs. containers. Containers have enjoyed success already, and the container leaders are focused on improving that technology. Docker, one of the major forces in the container market, acquired startup Unikernel Systems in 2016. Since then, there has been silence. "You would think a company like that with an important acquisition would be marching toward some kind of position on the technology, and perhaps a product," Nadkarni said. But Docker has bigger fish to fry in an increasingly fragmented container market, he said. Given the extensive commitment already made by many organizations to containers, it may be that unikernels will be absorbed into that market as a sort of additive technology to address specific needs.
But others see an even wider potential for unikernels. "Unikernels [are] not a niche technology; it is the opposite," said Ian Eyberg, founder at DeferPanic, which offers unikernel-based cloud infrastructure. The efficiency created by essentially merging a single app and the relevant aspects of a host OS into one entity offers many practical advantages, he said, although he admits "this concept is pretty foreign to a lot of people." The push and pull between multifunctional host OSes, as for containers, and single-purpose app and OS, as for unikernels, is not new. In the 1960s and 1970s, organizations needed a way for many people to run many programs on the same expensive computer. That demand led to multiple-process OSes, a capability in all modern computers. However, Eyberg noted, in many server-oriented environments, there are performance and management advantages where the architecture isolates programs or runs them on a single instance.
In the 2010s, even a virtualized server actually represents a lot of overhead in some scenarios, with a whole toolkit of unneeded capabilities for tasks or applications. The unikernel approach, versus containers, looks for ways to get the same job done with the smallest possible amount of code, minus a traditional host machine and OS, Eyberg said. That small size is potentially more secure, thanks to a smaller attack surface. Security is also an argument made for container deployment.
The cloud deployment argument
Containers and public cloud are a natural fit, with the major cloud vendors hosting Docker and offering container orchestration services. Although some public clouds, such as Amazon Web Services (AWS), provide bare-metal server offerings, opening up the potential to host unikernels, Eyberg believes their proprietary attributes will not be a good fit. Just as critically, public cloud pricing is based on units of consumption that are oversized, such as gigabytes, by unikernel standards.
"The average unikernel volume size is just 20 MBs, which doesn't fit with the usual unit of planning in AWS," Eyberg said. And even smaller size requirements are possible -- down to the multi-kilobyte range.
Other challenges factor into slow unikernel adoption, according to Edwin Yuen, analyst at Enterprise Strategy Group. "We haven't seen significant traction in unikernels yet, primarily because there isn't a universal library to build them with," he said. Containers are more broadly applicable versus unikernels, because the user can concentrate on how to manage containers and the application inside, running on any compatible version of Linux or Windows, he said.
Containers and unikernels are certainly not mutually exclusive, Yuen said. Furthermore, they may not be the only two ways to address the problem of overhead. "VMs have room for improvement, too, and developments there could potentially reduce the need for either containers or unikernels," Yuen said. "There has been talk before about slimming down virtual machines to achieve the same performance goal," he noted. Ultimately, many existing and emerging business workloads need megabyte boot performance; this calls for seconds or milliseconds, rather than the many seconds or even minutes needed to spin up VMs with bigger images, he explained.
In a cloud world, where many enterprises choose unikernels vs. containers, the unified code and OS technological concept has less general relevance, said Stephen Hendrick, research director at Enterprise Management Associates. However, he added, "for dedicated small-footprint applications in IoT, unikernels are a perfect fit."