We evaluate and benchmark our unikernel and toolchain solutions in four highly relevant industrial use cases.
Serverless computing platforms such as Amazon EC2’s lambda services are taking the cloud world by storm, and more cloud providers are beginning to offer them. However, the current implementations either use containers (being thus insecure) or rely on full blown VMs which makes them highly inefficient.
UNICORE technology and APIs will be used to enable novel serverless computing.
CSUC has developed a function as a service facility offering based on UNICORE which it has been trialed in Barcelona, providing services to citizens and especially to the university and research community. Implementations of existing services have been developed to assess the performance and scalability of unikernels in image conversion functions. Watch the demo video!
Correct Networks has integrated unikernels in PacketCloud, an edge serverless computing platform it has developed. The previous version of PacketCloud used containers and thus had poor isolation, as well as sub-optimal performance. CNW has used UNICORE tools to develop a unikernel to run lambda functions written in Node.js. It has integrated this unikernel in the PacketCloud orchestration framework and used it as basis to run trials in public and edge clouds.
Efficient, Secure Network Function Virtualization
For operators and service providers, the holy grail of a Network Function Virtualization (NFV) implementation is the ability to dynamically provision network components, services and applications in a matter of minutes rather than the weeks or months it takes to do so now. With boot-times in the order of milliseconds, unikernels will provide disrupting NFV solutions.
Several separate NFV application domains will be explored in UNICORE:
SD-WAN Key Server. Ekinops has used UNICORE tools to develop a footprint-optimized key server, the main function of the SD-WAN solution, which is responsible for the encrypted keys distribution between sites and their renewal. This key server is running on lightweight virtual machines that offer good performance while ensuring strong isolation and tangible security guarantees. Watch the demo video!
Broadband Network Gateway for wired Internet access. Orange has upgraded from a monolithic approach using Linux on the Broadband Network Gateway (BNG) to one with unikernel VMs with each Point-to-Point Protocol over Ethernet (PPPoE) session running in a separate unikernel VM. Since each unikernel VM is dedicated to a single customer, isolation is much stronger than it used to be. Performance has also increased because of reduced overhead of the OS, unikernels VM being small and fast and specialised functionality. The performance optimization tool has been used to speed up the disaggregated BNG.
Furthermore, Orange has demonstrated the use of Unikernels VMs in delivering Security Gateway capabilities to its fixed and mobile customers, by developing the capacity to route by policy any traffic transiting ORO’s Core Network to specialized Unikernel VMs deployed using CNWs PacketCloud.
Wireless 5G vRAN NFV Clusters. 5G core and radio access network (RAN) elements are becoming Virtualized Network Functions (VNFs), chained together and deployed according to the needs of the network slice use-cases. Many new 5G networks will be in ‘resource constrained’ environments, where more optimal deployment technologies like Unikernels have demonstrated to provide competitive advantages.
Accelleran started by porting its 4G and 5G control plane (Layer 3) vRAN VNFs to Unikernels to target real world 5G testbeds. Additionally, MEC apps and user plane VNFs have been evaluated for similar commercial deployments. Play the demo video!
Internet of Things
Offloading IoT platform controllers to the cloud is not a new area, yet valid privacy concerns raised by clouds run in different jurisdictions hamper offloading, forcing IoT systems to install hardware in the home to control IoT devices, and reducing economic efficiency. Federated, smaller clouds are a key direction of EU development that aims to enable such offloading to nearby clouds thus retaining the privacy of European users and ensuring compliance to EU general data protection regulation.
In UNICORE, Nextworks have migrated a selected set of application services to unikernels from their Symphony “digital living” platform, a product developed by Nextworks that had initially been deployed in VMs and containers. Several IoT functions have been migrated in unikernel, most of them are improving the performance of the Nextworks IoT platform and have been functionally validated. Watch the demo video!
A smart contract is a program that keeps state of promises that are executed when the involved parties fulfill the terms. The main challenges for smart contracts in a blockchain environment are ensuring deterministic execution support, because all participants need to be able to verify the result of a smart contract; safe running of untrusted code, to avoid security issues on the nodes involved in the system; and handling the interaction between smart contracts.
The DEDIS lab at EPFL created a permissioned blockchain called skipchain that includes precompiled smart contracts, but that lacks so far the possibility to run smart contracts provided by the users. UNICORE will enable secure, deterministic execution of smart contracts that will open an entire new field of application and can potentially change many aspects of society, such as e-voting. Play the demo video!