Rust-Based Cloud Hypervisor Heads to Linux Foundation
Cloud Hypervisor was first created during a wave of hypervisor creation, explained Arjan van de Ven, an Intel Fellow and founding technical sponsor for the project, and finds common roots with other similar projects, but offers an approach through modularity that provides security and performance alongside flexibility.
“At a conference, a bunch of us sat together, and we said, ‘Look we’re each doing our own, that doesn’t make sense.’ But it was immediately clear that there wasn’t going to be a one size fits all — what works for Lambda doesn’t work for containers. It’s a continuum of needs,” said van de Ven. “We had to figure out how to sort of share common code because you don’t want to reinvent the wheel, and at the same time, be flexible so that you can sort of dial in exactly what you want for your problem, for your solution. So that’s where we ended up with what is now Cloud Hypervisor.”
Legacy and Modularity
A key tenet of Cloud Hypervisor is its modularity. By providing a bare minimum and letting users choose the components they include, not only offers better performance, but also helps with security. Legacy hypervisors not made specifically for cloud computing, explained van de Ven, might emulate legacy hardware — even things like floppy drives. Cloud Hypervisor operates under the assumption that you don’t need legacy hardware, by default, which he said simplifies things drastically.
“When we talked to some of the big cloud companies, their biggest concern with existing solutions is that it was this big monolithic block. Security teams had a hard time showing that certain parts were not used by accident. You can show that something is not used by normal uses, but you can’t show that something isn’t used by a hacker,” said van de Ven. “The most secure code is code that isn’t even in the binary, right?”
While modularity reduces the attack surface, it also means that Cloud Hypervisor is fast, with its ability to boot to userspace in less than 100ms with direct kernel boot, and it’s lightweight in terms of memory. Part of that performance can also be attributed to the programming language used to build it: Rust.
Cloud Hypervisor is based on the Rust virtual machine manager, or rust-vmm, which is the open source set of hypervisor components that Amazon’s Firecracker micro virtual machine is built on. In terms of language choice, van de Ven said that there was no competition.
“If you want to go for security on this layer today, Rust is the language to use. That’s it,” said van de Ven. “We looked at Go, we looked at C, Go was too high level because you have all these garbage collection elements that aren’t as attractive for this layer of the software stack. In this layer, you want to be a little bit closer to the metal and Rust has all the security properties. If you start fresh, which we did, you start with Rust.”
Moving the project forward, van de Ven said the focus would be on getting Cloud Hypervisor ready for operating in production environments with hardening and the addition of trusted domain extensions (TDX). Beyond that, he said he expects a natural evolution of the product as more modules are made available, for things like AI accelerators or databases, for example.
“I can imagine each of those coming in. That’s the goal of it. Once you get to real production use, these things come almost out of the woodwork by themselves,” he said, noting that this is where joining the Linux Foundation comes into things. “This is why we’re now going to the Linux Foundation because we’re at a point where it’s clear this is working. We’re wanting to start getting towards a more adoption phase. It makes more sense to be Linux Foundation neutral versus vendor-driven.”