 So hi everybody. Thank you for coming for my talk. My name is Edith Levine, and I'm working in EMC in the CTO office I'm also the CTO of EMC Cambridge Dojo Cloud Foundry And I wanted to show you a very cool project that we did called Project Unique That was an advanced development that me and two more developer kind of like spin up And we feel that this is very cool. We wanted to show it to you so First let's start talking about the motivation. Why did we do this? So if you're looking around you see the stack This is the stack that today most of the enterprise is using specifically if they're using Cloud Foundry, right? So there is the hardware. There is the hardware drivers then on top of it. There is usually a app advisor There is virtual hard drivers, and then you have the OS kernel Then on the operator system you have also the OS user, sorry the OS user processes, right? Then that basically separate your processes on top of it you have Docker, right? That kind of doing the same thing and then on top of it you have the shared libraries You putting it inside your Docker container, then you have a language one time Your application and your application config. All of this, all this huge stack It's what you're running every time that you want to run. The question is why do we need all this stack and What is important to us to recognize is that the only reason we actually need all this stack is because we want to run a Single application with a single user on a single server That's all we really want to achieve and we have all this huge stack, right? With all those layer And if you're looking at this layer, there is a lot of redundancy For instance, isolation is a great example. You have the physical isolation on the hardware, right? Then you have the IPv4 itself who isolated the VM You have the OS user processes who separate the processes then you have Docker runtime We're basically doing the same thing then you have your application who separate your users, right? So a lot a lot of redundancy and inefficiency So now let's look at the kernel one second and see if there is any complexity there And if we're looking at the kernel We see that most of the complexity is coming from the one target that the kernel should do which is protect, right? It should protect application for application should protect user from user and it should protect application from user, right? So this is basically one of the main job for the kernel the question is That's really needed Like that was very very makes sense on the 50 and 60 when we bought this huge computer was very expensive And as a business use case we decided that we cannot afford ourselves by this huge computer based one for application And therefore what we did we had to share it, right? Because it costs a lot of money But today we're not doing it, right? Today. That's not the model today You can actually run a really small computer VM with what you need If you're looking at the microservices architecture, there is a lot of duplication That Linux kind of already did for us if you're looking at library like it's it's like ETC You will see that basically what Kora is doing with that CD It's kind of like a like just in this deep with it way But there is a lot of stuff that the operating actually already giving us and we duplicate it on the microservices architecture Um And if we're looking at our inefficiency if we're looking at something like the kernel And we're looking at the driver that running inside the kernel We will be surprised to discover that there is a floppy driver there I didn't see a lot of time floppy actually driver attached to a machine But you still have the bit and the byte on your computer same thing for usb. You're running on amazon on aws You can't even get to the machine. You still have the usb Our driver so a lot of unnecessary stuff running on your laptop Constantly now On your laptop or on your infrastructure and what is important to say is that every other Company that's trying to attack this today like core s for instance They're trying to attack the the operating system destroy They never touch the unicerno the kernel itself which means that in the kernel you still have a lot of unnecessary code And if you're looking at the update update model today So when you're doing gay, I don't know if you're running fedora and you're doing yam Or if you're running gay or boondoo and you're doing get up you're getting a lot of stuff to your computer I don't know if you really know what you're getting but a lot of the stuff probably are not necessary You're still getting in and paying for the storage and for all these um beat and byte running So cio probably will appreciate this slide because also in the security there is quite a lot of problem Because the kernel is so big and the operating system is so big The surface of attack is huge right? I mean I can think about A lot of component that I can actually use in order to attack those operating system And when you're looking at linux, which is a very popular operating system There is a lot of explosives targeting it Versus the hypervisor people are less target because it's usually behind the internet right if you're not exposes it to the internet And the last security problem that I notice is the microservices architecture sharing a lot of stuff right You're sharing the kernel you're sharing the memory you're sharing the file system You're sharing the hardware you're sharing quite a lot of stuff And the only thing that actually protected is extension like a c-group a kernel extension like c-group So again, it's not very native right So let's look one second a little bit more about the linux kernel This is an example for how many technologies you need to know in order to actually maintain the linux kernel It's going on and on and I will argue that there is not a lot of of people in the world are actually capable of doing it So very complicated If you're looking at that source line of code This is like my estimation. I think that a small application is around 10k line of code This is what usually we like to say If you're looking at medium and large it's probably around 100k line line of code And you're looking at a big one huge the team is actually maintain probably 1 million lines of code This is the only the kernel of the linux 22 millions lines of code right If you're looking at the db and distro 419 Lines of code this is huge. There is no, you know, it's very hard to maintain tons of Technical depth and it's just very hard to reason about right So this is basically the you know the the ratio between the line of code of the unique of the kernel and the distro So the question is how did we get there right? I mean I just described you tons of inefficiency That we're running every day in your infrastructure And what I came with is that it's probably a regular, you know, it's an evolution right We started with a big computer. We went all the way to the personal computer all the way to you You know to your mech and your entry and the only thing that come between all of this Is basically unix right it supported us all the way So it's so basically so what can linux run on anything right what can run on linux anything I can seriously take right now the last Obuntu distro run it on my 10 years Pentium one left. It's just going to work right. I don't need to do anything out of the box So we made a trade-off right we made a trade-off as a community We decided that it's more important to us to A to support compatibility versus efficiency Right, so we make it work right? I mean we are running it in your data center It's quite very you know, it's performable. There is google and of the world and they're running very efficiency, but It's not right the architecture is wrong And what I I offer right now is that let's make it right and hopefully after it. Let's make it fast So what I suggest is is to use unicernal And so let's talk a little bit about unicernal So the traditional approach today when you're running you have the kernel itself And then you have all the libraries on top of it and your application This is the stack that you're getting no matter which application you're running. It's always look the same This is in your operating system. And that's what you're running Question is do I really need that? And you don't really right you only need what your application actually consume So the unicernal report saying Let's just take just the white Triangle that really need in order to run our application. So you're not going to have the full kernel You're not going to have the driver that you don't in you're only going to have the driver that you actually need in order to run this unicernal So This is sounds like a magic. How does it actually work right? So what we're doing is we're taking your application Code binaries right you're taking your config you're taking your dependency You're taking your runtime language runtime that you need to support your application and you're taking your virtual drivers And you're putting all of this in some packaging tool Right that the unicernal ecosystem already creating for us. There is a few of them And then result it's just a unicernal and you know, it's basically a bootable image, right? So it's can run either on hypervisor All bare metal right because it's basically a bootable image So if it's running on hypervisor, it's it's it's it's it's on machine Like it's a real vm everything that we already knows about hypervisor We work here right if you want to v motion it if you all of these things is going to work because it's running on an hypervisor But unicernal will have their own network stack They have their own virtual memory and they contain and hopefully immutable. That's what we hope Um, so what did we do here? This is the stack We just remove everything that we don't add right very simple It just remove what we don't add much easy to reason about less layers and so on So let's just summarize what is the advantage of unicernal So the first time the first thing is that there is no other user The only user that you know, there is no multi-user support You can add a multi-support for your application, but it's not going to be when you log into your machine, right? No permission check and this is kind of like key because now you don't need to do all Contact switch and you're running on actually ring zero Which means that you act on kernel mod which means that you can actually utilize 100 percent of your hardware Your application is doesn't need to switch between the kernel mod to the user mod It's just running in the kernel mod much quicker much more performance um Isolation only individual hardware the only sharing hardware, which is very very important, right Now if we're talking about sizes Um, the minimum virtual machine that you're taking today with an operator system It's probably one gig. This is what usually people working with right the minimum before you're putting your application The unicernal is case, right? So I mean if you're putting basically that size of the unicernal is the size of your application, right because it's very very tiny And because there is not a lot of line of code not 22 millions only like thousand or so It's very quick to boot up, right? It's not a lot of line to actually boot So the booting time the performance time is as quick as container at least right if not more And the last thing is that the the surface of attack It's very very tiny because if you think about it, there's not a lot to do attack You don't have ssh to this machine. How can you attack a machine that it's very, you know, it's almost impossible to to um log into it And but it's not only that the surface of attack is tiny. It's also cast a customizable which mean The unicernal will look differently between different applications So if I have one application that running from this unicernal the libraries will be different than another application So even if I was very very, you know smart and managed to attack this application I would not be able to do that on a different one. So it's very castable So last slide about unicernal, uh, basically there's two types in the ecosystem today There is the fourth compatibility, which is uh, basically the language specific So it's very performable, but it's work only with a specific language a good example will be Docker just acquired in the beginning of their company called unicernal system They are focusing on something called mirage os mirage os only support or camel as a language So if you don't want to write or camel your few come from Cambridge must a u k You're basically capable of running that and get a very very killer performance But most of us don't write or camel or at least didn't use it until now And therefore we're going to use the other one, which is the posse compliance So posse is basically the api of the operating system and therefore It's supporting most of the language that we know today. So you can run cvc plus plus go Node.js ruby python and name it it's going to work, right? So what did we do right because all I described right now. It's only what is the motivation When I saw this I said to myself why not everybody using unicernal? It's just very very good And what I realized is that the reason people not using it because it's very hard, right? You need to take your driver and you need to understand how it's working very complicated to work with And if you think about it, this is exactly what docker did to linux container linux container was there for a long time But it couldn't actually been used because it was very hard for the developer to understand what's going on there What what docker did they make it very easy to use? So what we did is exactly the same thing for unicernal basically creating a command line Rest api tool that make it very easy for you. It's abstract from you all this mess You're just pushing your application and we're taking care of the rest So it's called unique So how does unique work very simple right very like docker So unique daemon will set up your environment Mainly it will set up the daemon itself, right of the unique And if you're running and you don't have your infrastructure dns We also spin it up a new unique kernel actually which is very cool because it's 300 mag That actually will give dns to you. So if you're running on there something like vSphere and Then you just build your application your unique kernel Then you can attach volumes and then you can just run it very very simple to use So for my opinion, this is the most important slide that I hope that you will take from here Is the fact that we were I I believe that we were very very smart about making a decision About how to architect unit and because this ecosystem is very very new We didn't know what will catch we didn't want to bet on one unicernal type And we didn't want to bet on one cloud and we didn't want to bet on processes We just wanted it to be very very pluggable. So what we did we make unique very not opinionated So today if you wanted to add, you know out of the box, we're supporting ram kernel Which for my opinion the best unicernal today There is a mirage os which as I said is language specific and osv Specifically very important if you're running java So we're supporting all of those right, but there is more and we invited the community to help us Create a compiler for them, right In terms of cloud provider out of the box AWS That's the first one we did then we added all the vSphere. So you're supporting vSphere and it's supporting futon the new The new a platform on its scale of VMware We also want you to have the ability to run it on your laptop because we think it's very cool So we're supporting right now virtual box. We're going to add a q mu and kvm very soon So basically what we're trying to do is cover most of the ecosystem that you can run it whenever you like And we're also working on open stack as we speak actually And the other thing is that we didn't want to be only Intel specifics because my belief is that The big use case for unicernal will be in the internet of think He people can argue about if it's suitable for cloud. Yes, if it's too mature But no one will argue that this is the best fit for internet of thing And for a few reason one of them very small footprint, right? It's not taking a lot of storage second of all very performable and third one very secure So like the third quality, I think this is like perfect fit for you for Internet of think and this is why we decided to support arm as well to show that this is Can run on those embedded devices But we wanted to make it easy for you to run. So what we're working on right now is unique up Um, not always the guys who actually building the unicernal will be the one that running it So we want to make sure that you can pull and push And and also it will make an easier experience to try in And okay, so we didn't stop there because we know how the community really really like docker api So it was very important to us that it will not have going to be very hard to adopt So what we did were basically Each unique out to speak docker api. So today you can just use the minus age flag in docker Target daemon of unique instead of docker and then you basically can do docker run docker build docker ps Docker rm. It's just going to work for you out of the box So you don't need to change any script that you had before it's going to work But our main target as the cdo fmc dodo was To integrate it with cloud foundry because we feel that that's will be the best experience for the user So what we did is exactly that Today if you're running cloud foundry, you can run it on a regular a you know If you're pushing it it will go to the old architecture of cloud foundry If you're pushing it with the navel diego flag It's going to go to the diego new architecture if you're doing right now enable unique It's going to go and run unicernal. So the same application you can do push to diego or push to unicernal. It's going to work Demo Let's see them Okay, can you see that it's good Okay So the first thing that we will do is we will do unique queue that will tell us what is the unicernal that I already compile So What is what are unicernal when after I compile unical? I'm getting it depends when I'm running but what I'm getting is a bootable image if I'm running an aws I will get an AMI if I'm running on a on a VMware I will get a VMDK Okay, uh, so basically what you see is that before that I had a application that I'm that I that I build already Now what we're going to do is unique ps that will tell me when I'm running already So as you see I'm not running anything So let's just go and run something real quick so unique run And the name of the application that's simple, right? So that's specifically running on aws. And as you see, I have a unicernal running. So that's quick, right? If we're going to go just to see that let's do unique ps Let's grab the the ip Let's go to a website Anyone and as you see we have very stupid static go website running Whoever know me know that I'm really adored stiff job. So every demo that I have will be with stiff job So as you see we have stiff jobs running, right? Um, so that's cool. It was very very simple. But now let's build one Okay, so again, it's very simple Nick push Let's give it a name And I just want to make sure that I'm on the right place Okay, so now let's run it The only thing that I'm doing is unique Run a build push And I'm giving it a name Let's give it cf And I'm running it and what you will see right now that it's starting building the unicernal But we'll take a sec. So let's go for the meantime and look At the cloud foundry one It's creation So what you see is I have a cloud foundry here for each Up so we have no application running, right? Can you see it good? Do you want me to Okay, so we don't have application running. What we're going to do right now is go and push an application Let's see that just do right so The only thing that I need to do is cf push So see what I'm doing here. There is cf push. I'm not starting the application and then I'm enabling unique I'm giving the endpoint of unique and I'm starting it, right? So this is basically what I'm going to do what you will see right now is that it will go It will build it using the build pack We take a minute. Let's continue. Look at it and So as you see it's running all the build pack It will take the build packet of the unicernal that we build it's going to support everything that that cloud foundry support today logs um If you need a you know the router everything out of the box will work for you, right? So as you see it's we work right now um So while it's doing it What I would suggest is that let's go one second back and see a little bit more demos while it's working So as I said to you the thing that I believe is that Internet of Things will be a killer use case And we decided that instead of wait for that to happen. We should do it So the future is out to create what we did here. We basically took a Raspberry Pi and We attached it to another Raspberry Pi that actually debugging the Raspberry Pi And we were the first people in the world that actually run unicernal from kernel on a Raspberry Pi As you see, this is how we're working on it. There is the gdb that actually debugging it and that's exactly how we did it So what I want to show you for the meantime is a quick demo Before we did that and what I'm going to do right now. We'll ask unic To push unicernal to a raspberry pi that will talk to the toaster and we'll make a toast because I skip breakfast Okay, so you want to do that Let's do it real quick And just verify that you see so this is still building the the application This one is already ready. So if we'll go right now just quick, I will show you this For removing so if we're doing unique queue right now We will see that We built another application. It's probably waking up Yeah, you see cf that we just built so now we have the unicernal we can do again cf Now if we want to do logs just before we're doing this, so we're saying if we want to do You can do unique logs the name of the ps.running. So let's first do unique ps And then unique logs Putting the unicernal name But you can see this is the actual Putting of the of the unicernal now you need to understand unicernal is actually running. It's it's the kernel it's running Inside and your application inside the kernel, right? It's kind of like up together So as you see it's actually putting up your application, you know the operated system and then it will boot up your application Okay, so now let's do this In order to do that we need to switch network the second Okay, switching Unicernal Which i'm connecting to the network. We are going to Run this real quick The website, okay So you see right now that should work Okay, so this is basically the website that i build and what i want to do right now is i'm going to plug in everything And i'm going to click. Oh, i forgot to put the toaster though So i have bread right i'm going to put it in the toaster Close it As you can see it's closed. No working the raspberry pi is attached and then let's just ask unique Okay, so now Soon, hopefully it will start working Yeah, so again, what's happening is We put the u-boot. I don't know if you know what it is, but it's basically boot on network on the raspberry pi It's waking up. It's going to unique. It said do i have something to run? Taking all the unique kernel. It's putting it on the raspberry pi. We should Switch this switch was going to open the disk So now what you see is that it started it and this one is working right So let it work and then the last thing. Let's just see what's going on with cloud foundering Let's go back to Your network Let's do cf apps We have one application running Hopefully it will work or if we didn't fail because it looks bad. It's maybe because a switch network And So as you see, this is this cloud foundering running Steve jobs different Steve jobs And now what we can do will quick Because I know I'm out of time Let's go and scale this application will quick. So i'm doing cf scale Right i'm scaling it to three So now I have three instance of three unique kernel running right and cloud foundering Let's go quick today Let's go here to unique and do your unique ps What you see is that there is four four unique kernel running The first one is the unique kernel demo that we did the first one Then there is three example app right now what we're going to do we're going to kill it from unique So i'm basically doing unique a rm And just choosing one of them doesn't really matter which So what you will see now and what I want to show you is that basically what will happen is that Cloud Founder will will just add a new one right because he just lost one of the unique kernel so We're looking right now this one is shutting down and we'll soon cloud foundering We'll do this a new one So until that's working any question Yes, I forgot to say that yeah, and we did open source it um So you can go to the github we really like open source so Well, you can go to the github of us Just one of them Just maybe github So you can go here it's open sources You see the community actually really digging already 299 stars Great traffics people are coming people are cloning people are watching So the community actually really really digging to it and I will suggest that you will do the same There is a very very easy kickstart We did everything so so simple like it's Docker and it's running So really like go try it. Let's see if Diego actually got it. I don't know. Diego is not recover Okay. Oh, yeah, you see sir. See so I'm still I have one shutting down application Three new one right like basically I have three instances that I want to ask for cloud foundering and The last thing because I think beyond that Is that you can see that the toaster is actually working We can eat that's it. I mean do you have any other questions? Different for microkernel So microkernel they've been around for a while I mean for a long time Yeah, I mean Let me take it with you offline I will answer that Do you have other? Yeah Yes No, so the thing is that what I'm doing is I running unique channel instead of container The only limitation is that this is as you say it's one user So which means that they cannot fork That's the only limitation that I have on the the platform itself, right? So application that you're forking will not work Yeah, so I mean this is a regular cloud foundering destroy, right? The only thing that I did is I basically created the back end So when I'm running it instead of running content it will run on unique channel Okay, I question You know that set Think relate Okay, so thank you guys