What Are Unikernels? A Guide to the Emerging Unikernel Landscape

Containers, which went mainstream with the launch of Docker in 2013, are now becoming old news. There’s some reason to think that unikernels, which offer many of the benefits of containers but without the drawbacks, are the next big thing in the world of agile, resource-efficient application deployment.

But before you go making plans to ditch Docker in favor of unikernels, it’s important to understand how unikernels work and what they can and can’t do well vis-à-vis containers and virtual machines.

What Is a Unikernel?

A unikernel is a machine image that contains absolutely everything required to execute an application inside a single, standalone package. Because of this feature, unikernels can run in an environment without any type of external operating system to host them--a trait that offers the potential for huge security, performance and scalability advantages.

How Do Unikernels Work?

When developers create a unikernel, they build a machine image that contains just the specific snippets of the operating system libraries that are required to run a given application. They package these library components along with the application itself.

Unikernels also typically have only a single address space. That means that they work best when each unikernel hosts a single process. Technically, it is possible to run multiple processes inside a single unikernel and have them share an address space, but most unikernel platforms instead take the simpler approach of creating a different unikernel for each process.

What Problems Do Unikernels Solve?

Compared to other types of technologies for deploying applications--such as bare-metal servers, virtual machines and containers--unikernels offer a simpler, more secure way to deploy applications.

Because there is no operating system inside a unikernel, there are many fewer potential security holes for attackers to exploit. Containers and virtual machines lack this advantage. They require conventional operating systems to host them, which means you need to worry about locking them down with antivirus software, access controls and the like.

The bare-bones environment inside unikernels also boosts performance. When you don’t have a full operating system or extraneous software libraries to run, you can devote every bit of your hardware resources to running your actual application. The caveat here is that unikernels usually run only on a hypervisor, not bare metal, so you will still have to expend some resources on the hypervisor and an operating system to host it. Still, compared to containers (which have to devote some resources to runtimes and orchestration layers) and virtual machines (which spend resources on hypervisors and guest operating systems), unikernels are lean and mean performance-wise.

Indeed, unikernels can typically start very, very quickly--in a handful of milliseconds. That beats containers, which in the best cases take at least a couple of seconds to start. VMs, for their part, typically need at least 20 or 30 seconds to boot, and can sometimes take minutes before they are fully initialized.

And because unikernels are machine images that run on top of a hypervisor, they are hardware-independent. You can move a unikernel from one host server to another seamlessly, as long as you have the necessary hypervisor provisioned.

Can Unikernels Replace Containers or VMs?

In some respects, unikernels represent the next frontier in application deployment. They provide the portability of VMs and the efficiency of containers, all while offering performance and security benefits that containers and VMs can’t come close to matching.

That said, it’s hard to imagine unikernels fully replacing containers and VMs. Unikernels are more complicated to create than a container or a VM image, and, in most cases you’ll need some specialized development expertise to design and build a unikernel. There is also currently no production-ready solution for automating unikernel orchestration, which is important if you want to deploy hundreds or thousands of unikernels.

For these reasons, it’s a safe bet that, for the foreseeable future, unikernels will become a technology that runs alongside containers and VMs rather than replacing them. Unikernels will host workloads that are not good fits for other deployment formats.

Use Cases for Unikernels

For instance, unikernels could work well in highly dynamic environments where application instances need to spin up or down with dizzying speed--faster than you can achieve with containers. They are also prime candidates for deploying software on IoT devices that lack the hardware resources to host a conventional operating system. Unikernels may also have a place in edge computing. For example, unikernels could be used to deploy applications quickly and efficiently to edge hardware in response to fluctuations in traffic or demand.

Where to Get Unikernels

Right now, unikernels are somewhere along the journey from academic concept to production-ready technology. There are a variety of unikernel development efforts, such as MirageOS and Unik, but most are not yet ready for real-world use at scale.

There are also platforms like Vorteil, which is technically not a unikernel platform but provides something similar. The project’s founder, Wilhelm Wonigkeit, tells us that the team used to call its packaged applications unikernels, but now refers to them as “Micro-VMs” because they can support multiple processes. Vorteil pitches itself as a production-ready platform that can take existing applications, convert them to unikernel-like packages, and deploy them in any public cloud or local hypervisor environment without the need for refactoring of the application code--exactly the kind of turnkey solution that unikernels need in order to be ready for prime-time enterprise use.

Currently, however, there is little evidence that many organizations are using unikernels in production. But that may change in the near future as unikernel and unikernel-like platforms reach full maturity, giving IT teams a real alternative to containers and VMs.