Have you heard about unikernels? A unikernel, or cloud operating system, as it has also been called, is a specialized lightweight operating system intended to be used within a virtual machine. Unikernels have the potential to become the core of a new form of cloud computing in which a single hypervisor instance can support hundreds or even thousands of virtual machines. A rethinking of how we populate the cloud infrastructure, the unikernel is a specialized, single-address-space virtual machine image constructed by using a virtual library operating system.

Normally, when you think of virtualization or cloud computing, you think of a virtual host or hypervisor that will load a virtual machine that is encapsulated with a fully functional operating system. That encapsulated operating system could be any flavor of Linux, Windows, or BSD. These typical virtual machines are designed to be run just like their physical counterparts in that they have a variety of hardware drivers from an assortment of third-party vendors, all based on different design concepts. These virtual machines are installed and intended to be multi-user and multi-process as well as multipurpose. Just like physical servers, these virtual machines are meant to be able to run almost everything that could be needed by just about anyone. This concept is one of the reasons why virtualization was able to gain such a big footprint in the data center so quickly. It is able to simply covert a physical machine into a virtual machine that looks and operates the exact same way and, for all practical purposes, functions exactly the same as a physical server as it does as a virtual server.

It seems a natural progression to shrink virtual machines from being “virtual Jacks of many to virtual masters of one.” Unikernels are very specialized single-address-space or single-process virtual machine images that are constructed by using library operating systems. The library operating system allows the unikernel machine to create a single thread or single process of code that is responsible for running a single application. Unikernels shrink the attack surface and resource footprint of cloud services. They are built by compiling high-level languages directly into specialized machine images that run directly on a hypervisor, such as Xen, or on bare metal. Unikernels provide many benefits compared to a traditional OS, including improved security, smaller footprints, and more optimization, as well as faster boot times. How much faster can the boot time get? If we are talking about a single thread or single process, the boot times can be measured in milliseconds instead of minutes.

How do unikernels compare to containers? Containers and unikernels accomplish the same goal: isolating processes and code to run them separately. Container virtualization (often referred to as operating system virtualization) is more than just a different kind of hypervisor. Containers use the host operating system as their base, and not the hypervisor. Rather than virtualizing the hardware (which requires full virtualized operating system images for each guest), containers virtualize the OS itself, sharing the host OS kernel and its resources with both the host and other containers. Containers and unikernels are actually similar technologies, with the unikernel being described as “a Docker container that is on a diet. ” It is the natural evolution to slim down the inner workings of the container. Docker containers have everything they need to run enabled by default, but with unikernels, many features are turned off by default, which means there are more specific setup choices. Once these setup choices have been made, the end result is a resilient new stack that is secure while also being customizable to the needs of the current project. It is really a natural progression from standard virtual machines to standard containers and now unikernels.

It seems that Docker believes that unikernels could be key to the future of its technology: so much so, in fact, that Docker has made the acquisition of Unikernel Systems. Docker plans to integrate support for unikernels into its own tools and services. It is starting to look at technologies beyond containers to help developers build even more efficient microservices architectures, but that’s only partly what this acquisition is about. While you probably only think “containers” when you hear about Docker, the company now seems to think about Docker as an ecosystem that isn’t just about containers. In this view, Docker is mostly about moving the microservices movement forward. If you look at it through this lens, then unikernels are a logical next step for Docker and what could be the future of the cloud.