We plan to evaluate and benchmark our unikernel and toolchain solutions in four highly relevant industrial use cases.
Serverless computing platforms such as Amazon EC2’s lambda services are taking the cloud world by storm, and more cloud providers are beginning to offer them. However, the current implementations either use containers (being thus insecure) or rely on full blown VMs which makes them highly inefficient.
UNICORE technology and APIs will be used to enable novel serverless computing.
CSUC will develop a lambda services offering based on UNICORE which it will trial in Barcelona, providing services to citizens and especially to the university and research community. Implementations of existing services will be developed to assess the performance and scalability of unikernels in web crawling and video transcoding functions.
Correct Networks will integrate unikernels in PacketCloud, an edge serverless computing platform it is developing. The current version of PacketCloud uses containers and thus has poor isolation, as well as sub-optimal performance. CNW will use UNICORE tools to develop a unikernel to run lambda functions written in Node.js. It will integrate this unikernel in the PacketCloud orchestration framework and use it as basis to run trials in public and edge clouds.
Efficient, Secure Network Function Virtualization
For operators and service providers, the holy grail of a Network Function Virtualization (NFV) implementation is the ability to dynamically provision network components, services and applications in a matter of minutes rather than the weeks or months it takes to do so now. With boot-times in the order of milliseconds, unikernels will provide disrupting NFV solutions.
Several separate NFV application domains will be explored in UNICORE:
Universal CPE. Ekinops will use UNICORE tools to develop a footprint optimized virtual router (vCPE) and micro-services (such as DHCP servers, NAT or probes) running on lightweight virtual machines that offer good performance, while offering strong isolation and tangible security guarantees.
Broadband Network Gateway for wired Internet access. Orange plan to upgrade from a monolithic approach using Linux on the Broadband Network Gateway (BNG) to one with unikernel VMs with each Point-to-Point Protocol over Ethernet (PPPoE) session running in a separate unikernel VM. Since each unikernel VM will be dedicated to a single customer, isolation will be much stronger than today. Performance should also increase because of reduced overhead of the OS, unikernels VM being small and fast and specialised functionality. Again, the performance optimization tool will be used to speed up the disaggregated BNG.
Wireless 5G vRAN NFV Clusters. 5G core and radio access network (RAN) elements are becoming Virtualized Network Functions (VNFs), chained together and deployed according to the needs of the network slice use-cases. Many new 5G networks will be in ‘resource constrained’ environments, where more optimal deployment technologies like Unikernels can provide competitive advantages.
Accelleran will start by porting its 4G and 5G control plane (Layer 3) vRAN VNFs to Unikernels to target real world 5G testbeds. Additionally, MEC apps and user plane VNFs will be experimented evaluated for similar commercial deployments.
Internet of Things
Offloading IoT platform controllers to the cloud is not a new area, yet valid privacy concerns raised by clouds run in different jurisdictions hamper offloading, forcing IoT systems to install hardware in the home to control IoT devices, and reducing economic efficiency. Federated, smaller clouds are a key direction of EU development that aims to enable such offloading to nearby clouds thus retaining the privacy of European users and ensuring compliance to EU general data protection regulation.
In UNICORE, Nextworks will migrate a selected set of application services to unikernels from their Symphony “digital living” platform, a product developed by Nextworks that is currently deployed in VMs and containers. Possible unikernel-based services can include home and building automation, data storage and analytics, media services and voice/video communications. Additionally, Correct Networks will use PacketCloud serverless computing functions to develop a proof-of-concept IoT controller.
A smart contract is a program that keeps state of promises that are executed when the involved parties fulfill the terms. The main challenges for smart contracts in a blockchain environment are ensuring deterministic execution support, because all participants need to be able to verify the result of a smart contract; safe running of untrusted code, to avoid security issues on the nodes involved in the system; and handling the interaction between smart contracts.
The DEDIS lab at EPFL created a permissioned blockchain called skipchain that includes precompiled smart contracts, but that lacks so far the possibility to run smart contracts provided by the users. UNICORE will enable secure, deterministic execution of smart contracts that will open an entire new field of application and can potentially change many aspects of society, such as e-voting.