{"id":1333,"date":"2016-08-13T21:30:34","date_gmt":"2016-08-13T19:30:34","guid":{"rendered":"https:\/\/blog.mi.hdm-stuttgart.de\/?p=1333"},"modified":"2023-06-07T15:18:38","modified_gmt":"2023-06-07T13:18:38","slug":"mirageos","status":"publish","type":"post","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2016\/08\/13\/mirageos\/","title":{"rendered":"MirageOS"},"content":{"rendered":"

\"mirage-header4\"<\/a><\/h2>\n

Introduction<\/h2>\n

MirageOS is a new and rising trend when it comes to talking about cloud computing. More and more services are being relocated into modern cloud infrastructures, due to a lot of advantages like i.e. reduced costs, maximum flexibility and high performance. Todays services normally depend on big virtual machines (like i.e. Ubuntu Xenial with a size of ~1,5 GB) with a lot of software on it. The service which is running on these virtual machine only needs a very small subpart of the whole software and dependencies which are installed. Also the unneeded additional software running on the virtual machines offers a huge attack surface for hackers. Since data often is a highly valuable asset for a company and exposing it would lead to a huge profit collapse, security gains more and more importance. MirageOS is a minimalistic approach to kick out all unneeded layers and dependencies and deploy as less code as possible. This approach is highly efficient and fits in perfectly in modern microservice-architectures. If MirageOS will be accepted by users in the future, it could possibly replace modern approaches like i.e. Docker or classic virtual machines in the context of cloud-environments.<\/p>\n

<\/p>\n

What is MirageOS?<\/h2>\n

MirageOS is a library operating system that is used to create so called unikernels. These unikernels are able to run directly on the Xen Hypervisor, which allows them to be used in a lot of different cloud platforms. The main programming language for MirageOS and the resulting unikernels is OCaml, which claims and partially proved to be secure and high-performance. It offers a complete toolchain to create, test and deploy unikernels in different environments, like i.e. a development- and test-environment on the local machine. To create a fully functional and deployable  unikernel for production use, you just need to switch a single CLI-parameter. MirageOS already offers a lot of low-level implementations of the most common protocols, like i.e. TCP \/ IP, VNC, HTTP or the Xen Device Drivers. The initial version 1.0 was released in December 2013, since then the team worked hard on implementing more and more protocols and making the development-process as easy and convenient as possible.<\/p>\n

What do I need it for?<\/h2>\n

If you run a monolithic webshop for example and want to switch to an efficient micro-service architecture, you should consider using MirageOS. You can split your webshop into small components and implement them one by one. Each component would be a single unikernel and could be spawned on demand, there is no need to keep the components running all the time. The initial effort to switch to MirageOS and OCaml is high, but the security and performance benefits will be huge, so it will turn for account in the future.<\/p>\n

Xen Hypervisor<\/h2>\n

The Xen Hypervisor is a virtual machine monitor (VMM) which runs directly on the hardware and offers an abstraction for the virtual machines which run on it. A virtual machine which runs on the Xen Hypervisor is called domain. Xen Hypervisor allows to run multiple domains on a single physical system and shares the hardware between these domains. The domains are completely isolated to each other, except the first spawned domain (Dom0), which is used to control all other domains. All modern cloud systems like AWS or Google Compute Engine use the Xen Hypervisor.<\/p>\n

Unikernels<\/h2>\n

A unikernel is a complete application (or component) and its dependencies bundled into a single kernel-image, which is able to run on the Xen Hypervisor. It contains a small bootloader and doesn’t differentiate between a user and a kernel mode – everything runs in the same address space. Compared to the classic virtual machine approach a unikernel is a lot smaller, faster and more secure. The unikernel requires little drivers, since it only needs to run on a Xen Hypervisor. Due to its small size it has a very small memory footprint, which allows the kernel to boot really fast (in about 100ms). If the application experiences high load, the managing software (i.e. Jitsu<\/a>) can easily spawn new instances on-demand, which work off the requests and shutdown afterwards. There is no need to run the application all the time – due to its small boot-up-time it’s available instantly. The unikernels are very secure since they have a very small attack surface, only the needed dependencies are bundled. If a unikernel gets “hacked” (i.e. using a bug in the application) there are no common tools like a shell or user-management for the hacker to gain more privileges or persist himself.<\/p>\n

Development<\/h2>\n

If you want to develop a unikernel you can work in a standard Unix environment. Your write your code in OCaml and let the MirageOS compiler do the rest. The workflow has three stages:<\/p>\n

1.) Development on Unix. The compiler automatically links against Unix libraries and can integrate a debugger like GDB as needed. The code runs directly on Unix without building a complete unikernel each time you want to test your code.<\/p>\n

2.) Testing: the compiler creates a complete unikernel including the bootloader, which then again runs directly on Unix.<\/p>\n

3.) Deployment on a production environment. You just need to switch a single CLI parameter compared to development or testing to create a complete unikernel, which can directly be deployed on the Xen Hypervisor.<\/p>\n

Unikernel meets docker<\/h2>\n

In January 2016 Docker Inc. acquired Unikernel Systems, which was responsible for developing and maintaining MirageOS. They did not talk a lot about their plans using MirageOS in the future, but they already started to integrate it into their new native Docker for Mac and Docker for Windows releases. Maybe Docker sees its future not only in container technologies, but in smaller and more compact unikernels.<\/p>\n

Additional unikernel projects<\/h2>\n

There are several other projects which all have a different approach to create unikernels:<\/p>\n

    \n
  • HaLVM: Haskell<\/li>\n
  • LING: Erlang on Xen<\/li>\n
  • ClickOS: C++<\/li>\n
  • OSv: Multiple languages<\/li>\n
  • Rumprun kernel: Multiple languages<\/li>\n<\/ul>\n

    Conclusion<\/h2>\n

    MirageOS is a new smart way to build your microservice architectures. It offers a fast and secure way to distribute your application into the cloud. But there is a big downside: the learning curve at the beginning is high, since OCaml is not widely known. Maybe big companies like Twitter or Facebook are going to discover MirageOS in the future and start building their applications using OCaml. Docker already did the first step by purchasing the company behind it, starting to integrate the unikernel concept into its own toolchain. This could lead to a bigger acceptance in the developer community.<\/p>\n

    Further questions<\/h2>\n

    Some questions which came into my mind while researching about MirageOS:<\/p>\n

      \n
    • Is MirageOS useful for bigger projects regarding the effort and costs ? (Economical, costs for developers, …)<\/li>\n
    • How big is the learning-curve compared to other programing languages?<\/li>\n
    • Is the unikernel concept mature enough to build a stable base for big software projects?<\/li>\n
    • Does the future lie in the combination of docker and unikernels or will MirageOS completely replace the containter concept?<\/li>\n
    • Which influence will unikernels have on current clouds ecosystems? Will they reduce the load in big data centers and make them more efficient?<\/li>\n
    • Which influence will unikernels have on IT departments? Will there be specialized OCaml developers or is every developer able to learn OCaml easily?<\/li>\n
    • Which influence will unikernels have on the microservice trend? Will it push its acceptance?<\/li>\n<\/ul>\n

      Sources<\/h2>\n
        \n
      • https:\/\/mirage.io<\/li>\n
      • http:\/\/www.xenproject.org\/developers\/teams\/mirage-os.html<\/li>\n
      • http:\/\/www.heise.de\/developer\/meldung\/Jenseits-von-Containern-Docker-uebernimmt-Unikernel-Systems-3081268.html<\/li>\n
      • http:\/\/www.xenproject.org\/developers\/teams\/hypervisor.html<\/li>\n
      • http:\/\/unikernel.org<\/li>\n
      • https:\/\/github.com\/mirage\/jitsu<\/li>\n
      • http:\/\/unikernel.org\/projects\/<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"

        Introduction MirageOS is a new and rising trend when it comes to talking about cloud computing. More and more services are being relocated into modern cloud infrastructures, due to a lot of advantages like i.e. reduced costs, maximum flexibility and high performance. Todays services normally depend on big virtual machines (like i.e. Ubuntu Xenial with […]<\/p>\n","protected":false},"author":55,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[26,651],"tags":[3,66,67],"ppma_author":[711],"class_list":["post-1333","post","type-post","status-publish","format-standard","hentry","category-secure-systems","category-system-designs","tag-docker","tag-mirageos","tag-unikernels"],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":2157,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2017\/03\/09\/of-apache-spark-hadoop-vagrant-virtualbox-and-ibm-bluemix-services-part-4-big-data-engineering\/","url_meta":{"origin":1333,"position":0},"title":"Of Apache Spark, Hadoop, Vagrant, VirtualBox and IBM Bluemix Services – Part 4 – Big Data Engineering","author":"bh051, cz022, ds168","date":"9. March 2017","format":false,"excerpt":"Our objective in this project was to build an environment that could be practical. So we set up a virtual Hadoop test cluster with virtual machines. Our production environment was a Hadoop Cluster in the IBM Bluemix cloud which we could use for free with our student accounts. We developed\u2026","rel":"","context":"In "Student Projects"","block_context":{"text":"Student Projects","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/student-projects\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/03\/dev-env-spark-768x512.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/03\/dev-env-spark-768x512.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/03\/dev-env-spark-768x512.png?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":3057,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2017\/09\/04\/cloud-security-part-1-a-current-market-overview-and-the-concepts-and-technologies-of-the-cloud\/","url_meta":{"origin":1333,"position":1},"title":"Cloud Security \u2013 Part 1: A current market overview and the concepts and technologies of the cloud","author":"Andreas Fliehr","date":"4. September 2017","format":false,"excerpt":"The first of two blog posts, that are dealing with the latest developments in cloud security. This post covers a current market overview of cloud computing and the concepts and technologies used in the cloud.","rel":"","context":"In "Cloud Technologies"","block_context":{"text":"Cloud Technologies","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/scalable-systems\/cloud-technologies\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/09\/Shared-kernel-vs.-specialised-kernels.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/09\/Shared-kernel-vs.-specialised-kernels.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/09\/Shared-kernel-vs.-specialised-kernels.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/09\/Shared-kernel-vs.-specialised-kernels.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":926,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2016\/07\/26\/socialcloud-configure-all-the-things-part-6\/","url_meta":{"origin":1333,"position":2},"title":"SocialCloud – Configure all the things! – Part 6","author":"ew033","date":"26. July 2016","format":false,"excerpt":"One of the requirements of the system is that organizations should be able to set up and deploy the HumHub system on their own. For this purpose, we have designed the Configtool. To meet this requirement we have to use different tools, procedures and interfaces from Bluemix. In the following\u2026","rel":"","context":"In "Allgemein"","block_context":{"text":"Allgemein","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/allgemein\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2016\/07\/socialCloud.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2016\/07\/socialCloud.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2016\/07\/socialCloud.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2016\/07\/socialCloud.jpg?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2016\/07\/socialCloud.jpg?resize=1050%2C600&ssl=1 3x"},"classes":[]},{"id":149,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2016\/01\/03\/more-docker-more-power-part-1-setting-up-virtualbox\/","url_meta":{"origin":1333,"position":3},"title":"More docker = more power? \u2013 Part 1: Setting up VirtualBox","author":"Tobias Schneider","date":"3. January 2016","format":false,"excerpt":"This series of blogposts will focus on the effects on response times when performing different tasks running on a variable number of docker containers in a virtual machine. What will be the performance differences running a small or large number of containers on the same machine? These posts will function\u2026","rel":"","context":"In "System Designs"","block_context":{"text":"System Designs","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/system-designs\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2016\/01\/1429543497dockerimg.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2016\/01\/1429543497dockerimg.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2016\/01\/1429543497dockerimg.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2016\/01\/1429543497dockerimg.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":24065,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2023\/06\/06\/are-grids-dead\/","url_meta":{"origin":1333,"position":4},"title":"Grids are Dead – or are they?","author":"Nadine Weber","date":"6. June 2023","format":false,"excerpt":"Huge datasets \u2013 not enough computing power. What to do? Don\u2019t worry! The supercomputer concept Grid Computing is here to save you! With the rise of cloud computing, fewer companies decide upon using Grid Computing \u2013 and even less know what the latter really is or how it can be\u2026","rel":"","context":"In "Allgemein"","block_context":{"text":"Allgemein","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/allgemein\/"},"img":{"alt_text":"Colourful Grid Structure","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2023\/02\/grid_structure.jpeg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2023\/02\/grid_structure.jpeg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2023\/02\/grid_structure.jpeg?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":12060,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2020\/09\/30\/a-beginners-approach-at-a-cloud-backed-browser-game\/","url_meta":{"origin":1333,"position":5},"title":"A beginners approach at a cloud backed browser game","author":"mk321","date":"30. September 2020","format":false,"excerpt":"Foreword: This article reflects my experiences while developing a real time browser-based game. The game of choice was Tic-Tac-Toe as it is straight forward to implement and does not have complex game mechanics. The following paragraphs explain my experiences I got while developing this game with a cloud-based infrastructure in\u2026","rel":"","context":"In "Allgemein"","block_context":{"text":"Allgemein","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/allgemein\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2020\/09\/image-28.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2020\/09\/image-28.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2020\/09\/image-28.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2020\/09\/image-28.png?resize=700%2C400&ssl=1 2x"},"classes":[]}],"jetpack_sharing_enabled":true,"authors":[{"term_id":711,"user_id":55,"is_guest":0,"slug":"sl110","display_name":"Simon Lipke","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/58a2a1671a646f5f5092e816146c67fea4f7b6e0be4841f041187f2d337c075e?s=96&d=mm&r=g","0":null,"1":"","2":"","3":"","4":"","5":"","6":"","7":"","8":""}],"_links":{"self":[{"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/posts\/1333","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/users\/55"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/comments?post=1333"}],"version-history":[{"count":12,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/posts\/1333\/revisions"}],"predecessor-version":[{"id":24700,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/posts\/1333\/revisions\/24700"}],"wp:attachment":[{"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/media?parent=1333"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/categories?post=1333"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/tags?post=1333"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/ppma_author?post=1333"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}