Menu
I recently deployed a tiny Haskell app with docker, using "scratch-haskell" as a base image.
Then I read about Unikernels and HALVM. And I got a little confused.
My docker container is about 6MB large. A Unikernel (with the same haskell app) would be roughly the same size I guess.
The Unikernel runs directly on the Xen hypervisor, whereas the docker Image (or general LXC) runs on a normal Linux distribution, which runs on bare metal.
Now I have the "choice" of running Linux with multiple minimal containers OR a Xen machine with multiple small Unikernels.
But what are the advantages and disadvantages of those two solutions? Is one more secure than the other? And are there any significant performance differences between them?
934
The big difference in unikernels vs. containers is that containers require and depend on a normal OS, and unikernels do not. Instead, there is only what's necessary to achieve a specific function, namely application code, along with the minimum necessary OS functionality to run the application.
Docker containers are generally faster and less resource-intensive than virtual machines, but full VMware virtualization still has its unique core benefits—namely, security and isolation.
As long as the application in question has access to the system resources it needs, performance will be about the same whether you are using a virtual machine, Docker or bare metal.
Hypervisors are of two types – the bare metal works directly on the hardware while type two hypervisor works on top of the operating system. Docker, on the other hand, works on the host kernel itself. Hence, it does not allow the user to create multiple instances of operating systems.
from http://wiki.xenproject.org/wiki/Unikernels
What do Unikernels Provide?
Unikernels normally generate a singular runtime environment meant to enable single applications built solely with that environment. Generally, this environment lacks the ability to spawn subprocesses, execute shell commands, create multiple threads, or fork processes. Instead, they provide a pure incarnation of the language runtime targetted, be it OCaml, Haskell, Java, Erlang, or some other environment.
Unikernels Versus Linux Containers
Much has been made recently of the advantages of Linux Container solutions over traditional VMs. It is said by container advocates that their lightweight memory footprint, quick boot time, and ease of packaging makes containers the future of virtualization. While these aspects of containers are certainly notable, they do not spell the end of the world of the hypervisor. In fact, Unikernels may reduce the long-term usefulness of containers.
Unikernels facilitate the very same desirable attributes described by the container proponents, with the addition of an absolutely splendid security story which few other solutions can match.
So if you want just run Haskell application Unikernels may work for you, and they should have even less overhead than docker (and docker overhead is very small anyway), but if your application will need some prepared environment, need to communicate with non Unikernels software docker is a better choice. I guess it is too early to say will Unikernels be useful or widespread or not, only time will tell.
150
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
