Docker has purchased the Unikernel Systems, a Cambridge, U.K. start-up specializing in unikernel development, Docker announced Thursday.
The purchase will help Docker expand the range of virtualization technologies if offers the enterprise can use, in effect turning Docker into a platform for running a wide range of workloads, not just container-based workloads.
“Just like we did with containers, we are interested is democratizing that technology, making it available and useful to the millions of developers and IT pros out there,” said Solomon Hykes, founder and chief technology officer for Docker. “Unikernels allow you to basically get rid of the operating system, and instead compile into the application the small bits of the operating system it really needs.”
Unikernels “are a completely different approach to deploying and managing applications” – Solomon Hykes
As a base for single-purpose appliances, unikernels are especially well-suited for very small workloads, perhaps running on an embedded or IoT (Internet of Things) device, and they are also well suited for very large distributed microservices-styled workloads running in the data center, Hykes said.
Cambridge, UK-based Unikernel Systems is comprised of many of the pioneers from the Xen Project, so they have deep experience in public cloud workloads and operating systems.
You can think of unikernels, roughly speaking, as stripped-down containers with only the functionality needed to run the specific workload at hand. They borrow the ideas that germinated in the work of building modular operating systems and library operating systems (LibOS) that have been kicking around for decades.
Unikernels “are a completely different approach to deploying and managing applications,” Hykes said.
The Unikernel Systems’ MirageOS, written in OCaml, was designed to “to restructure entire [virtual machines]—including all kernel and user-space code—into more modular components that are flexible, secure, and reusable in the style of a library operating system,” wrote MirageOS developers Anil Madhavapeddy and David J. Scot, in a 2014 paper for the Association for Computing Machinery.
Using unikernels could be advantageous in a number of ways, Hykes said. There is much less supporting code to deploy: Hykes estimated that unikernel could be 10 times smaller than even the smallest bare-bones container. This translates directly into less memory and CPU usage on the host machine.
A smaller footprint means there are fewer chances for security vulnerabilities to pop up. With no unneeded drivers, daemons or libraries, “There’s less surface area for attack,” he said.
To date, unikernel development has been driven by a small community of passionate researchers, with Unikernel Systems leading a lot of the work.
Now, Docker wants to take the technology mainstream. “We intend to make unikernel technology a standard part of the Docker tools,” Hykes said.
Hykes admits that this process of building a unikernel is a complicated process. Because unikernels are collections of discrete functionalities, developers must pick and choose which functionalities they need for the job at hand. So the primary work for the Docker is “add the polish” Hykes said, in terms of defining conventions and standards that will make unikernels easier to deploy.
Terms of the acquisition were not disclosed.
Docker is a sponsor of The New Stack