Understanding Unikernels

Understanding Unikernels — The Future of Cloud Computing, Probably
Photo by Kelvin Ang on Unsplash

What are Unikernels?

Single purpose compute environments packaged with necessary dependencies, runtime, libraries, kernel capabilities and everything else required boot and run Application code, and System code in a single address space with No Operating System, No Users and No Shell resulting in smaller, faster and a more secure system.

  • No Shell
  • No Users
  • Single Process
  • Does not need underlying Host OS(typically runs on Hypervisor)
  • Decreased Attack Surface

Types of Unikernels

Clean Slate


VMs vs. Containers vs. Lightweight VMs vs. Unikernels

VMs vs. Containers vs. Lightweight VMs vs. Unikernels
VMs vs. Containers vs. Lightweight VMs vs. Unikernels

Comparison of High-level Architectures

Comparison of High-level Architectures
Comparison of High-level Architectures

Why isn’t everyone using this already!?

Implementing Unikernels


apt update && apt -y upgrade
echo "Installing golang"
wget https://golang.org/dl/go1.15.7.linux-amd64.tar.gz && tar -C /usr/local -xzf go1.15.7.linux-amd64.tar.gz
export PATH=$PATH:/usr/local/go/bin
echo "Installing AWS-CLI and qemu"
apt install -y awscli qemu
echo "Installing ops"
curl https://ops.city/get.sh -sSfL | sh
Installed prerequisites and respective versions
Installed prerequisites and respective versions

IAM Permissions

If Cloud Security, Containers, Kubernetes Security and DevSecOps is something you’re interested in, be sure to check out AppSecEngineer for self-paced trainings with state-of-the-art hands-on Labs!

IAM Permissions
IAM Permissions

Create Snapshot Image

package main

import (

func main() {
fs := http.FileServer(http.Dir("static"))
http.Handle("/", fs)

log.Println("Listening...on 8080")
http.ListenAndServe(":8080", nil)
<!doctype html>
<meta charset="utf-8">
<h1>Understanding Unikernels!</h1>
GOOS=linux go build server.go
"Dirs" : ["static"],
"CloudConfig" :{
"ProjectID" :"test-project",
"Zone": "<region>",
"RebootOnExit": true
├── config.json
├── server
├── server.go
└── static
└── index.html
ops image create -t aws -c config.json -a server
ops image list -t aws -z <region>
Create Snapshot Image
Create Snapshot Image

Create Instance

ops instance create -c config.json -t aws -z <region> -i server-image --port 8080
Create Instance
Create Instance
aws ec2 describe-images --image-id <ami-id> --query "Images[].EnaSupport"

Delete Instance

ops instance delete -t aws -z <region> <instance-id>
ops instance list -t aws -z <region>
ops image delete <ami-name> -t aws -z <region>
Delete Instance
Delete Instance

Security Considerations

Interesting Projects






Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

A Questionnaire to Hire Certified AngularJS Developers

Four Keys to Modern Product Management

How to get Xlaunchpad software of latest version?

How I scraped 1.5 million images and page text using Scrapy, Digital Ocean and Rotating Proxies

Difference Between Code Editors And IDE. Which One Is Best?

Independent Software Testing: How It Provides More Value To Your Business.

Independent Software Testing

Repository Pattern

Collections in Python

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Nithin Jois

Nithin Jois


More from Medium

Understanding Application Security and APIs

Case Study — NodeJS based Automated Monitoring using Open Source

Creating a 3 Tier AWS Architecture with Redundancy

Application Security #3: How to find SSL Issues for your assets