LynxElement: Lynx's Second Generation of Secure Unikernel
Followers of Lynx will know that our primary focus is LYNX MOSA.ic. This software framework, founded on the LynxSecure® separation kernel hypervisor,...
2 min read
Ian Ferguson | VP Marketing
:
Jun 6, 2022 9:00:00 AM
Virtualization technology, whereby multiple operating systems can be run on shared hardware, is extremely well understood if somewhat inefficient in its use of resources. The original virtualization architecture system was based on the implementation of a number of virtual machines (VMs). Every VM has to run its own instance of an operating system, resulting in a duplication of responsibility. It is also hard to manage such an infrastructure as there are multiple servers which are all independent virtual machines.
Containers, like Docker and Kubernetes, try to achieve the same concept as virtual machines but eliminate duplication of effort between machines. Instead of loading an entire operating system for an app, containers use the kernel of the host OS while allowing them to sideload app-specific libraries and programs. By adjusting the container and its image, it is possible to fine-tune the specific libraries and configuration your app will use. This results in performance gains without the overhead of running an entire OS.
The container-based approach has its downsides. The software has to be adapted for usage in containers (containerized), and this can get tricky, especially with legacy codebases. Containers have many more configurations for resource allocation and interop capabilities, so it is quite easy to misconfigure them.
The next logical step in the progression from VMs to containers is unikernels, which try to push the concepts of containers even further. Unikernels are effectively a set of pre-built binary libraries and do not handle resource allocation. A hypervisor handles direct hardware interoperation. All application-specific system calls are pushed as close to the app as possible. Lynx views unikernels as being able to deliver the security strengths of VM level partitioning with the speed and footprint size benefits attributed to containers.
Unikernels are not new. This piece written by Ericsson in 2016 illustrates the distinction between different architecture approaches. There are, however, several issues associated with unikernels which have limited their applications until now. These include:
Followers of Lynx will know that our primary focus is LYNX MOSA.ic. This software framework, founded on the LynxSecure® separation kernel hypervisor,...
Global armed services are looking at strategies and techniques to open up systems and reduce vendor lock. These programs are often deployed for...
AdaCore has partnered closely with Lynx to deliver Ada language support alongside its LYNX MOSA.ic software framework that comprises a real-time...