The Xen Project Collaborative Project hosted at the Linux Foundation today announced the release of
Mirage OS v2.0,
which includes the industry's first software framework that unifies
cloud and embedded deployments behind a safe, secure programming
language, allowing developers to seamlessly build systems that span both
embedded devices and public cloud services. The latest release also
includes support for distributed computation, networking and storage.
Most applications running in the cloud are not optimized to
do so. They make assumptions about the underlying operating system,
resulting in larger footprints with increased costs and risks. The open
source Mirage OS represents a new approach where the application code is
combined with the specific components of the operating system it needs
into a single-purpose unikernel appliance. With Mirage OS, developers
can create lean and efficient unikernels for secure, cost-effective and
high-performance network applications. Mirage OS unikernels run directly
on the Xen Project hypervisor, which allows them to be quickly deployed
to many leading cloud platforms.
For the first time, application developers using Mirage OS
can deploy their projects to embedded ARM-based devices, such as the
Cubieboard2 board, as well as to public clouds like Amazon EC2,
Rackspace Cloud and Verizon Cloud. With a particular focus on
scalability, resilience and safety, Mirage OS is ideal for creating
mission-critical systems and can easily span from embedded devices in
homes and buildings to large cloud deployments. This milestone release
opens up the coming wave of connected devices to application developers
with a number of significant new libraries to provide support for
disconnected operation, security and enhanced interoperability,
including:
- Irmin distributed Git-like storage system:
enables a fully distributed workflow, with support for disconnected
operation, efficient merge operations and application-specific conflict
resolution algorithms. Irmin offers a way to circulate and integrate
data among remote workers, sensors or devices in different connectivity
environments and can seamlessly sync all information, pairing well with
mobile computing and the Internet of Things.
- OCaml-TLS: a
clean-slate implementation of the transport layer security (TLS)
protocol in pure OCaml for security sensitive applications. TLS, also
known as Secure Sockets Layer (SSL), is the Internet's most widely used
security protocol. By re-building security-critical software in OCaml,
Mirage OS obstructs bugs related to spatial and temporal memory safety,
such as Heartbleed.
- ARM device support:
allows Mirage OS applications to be deployed as guest VMs under the Xen
Project on ARM hypervisor, making it possible to run on low-power
embedded devices, home routers, and many of the low-cost single-board
ARM computers now available.
- vchan protocol: natively
supports faster and more efficient Xen inter-domain communication using
shared memory, e.g. between two VMs residing in the same Xen host. This
provides a higher level of security compared to network sockets since
messages will never leave the host's shared memory.
- Ctypes library:
provides enhanced interoperability with existing C code and Mirage OS
components can be linked into existing C applications. Ctypes makes it
easy to interact with non-OCaml code by generating C glue code and also
can produce standalone native object files that can be embedded within
other non-OCaml applications.
"Unikernels built on high-level languages, such as the Mirage
OS and our own open source HaLVM, offer tremendous benefits for
building security-critical components. By using Mirage OS for our
MAC-enhanced XenStore, we were able to quickly and easily add
next-generation security features, while maintaining confidence that our
additions met critical quality and safety metrics," said Adam Wick,
Technical Director, Systems Software at Galois, a U.S. company
developing critical systems that solve critical software security,
safety, privacy and performance problems for government and commercial
clients.
Another Mirage OS user, OnApp, recently introduced the global
OnApp Federation network of 2,000 public OnApp clouds for sharing
compute resources (CPU, RAM and storage).
"Unikernels form a building block that enable us to scale out
efficient, on-demand virtual machines across the global OnApp federated
cloud provider marketplace. Mirage OS is an exciting technology on
which to provision new 'liquid' services in the public cloud without
sacrificing security and isolation," said Julian Chesterfield, Director
of Emerging Technologies at OnApp.
"The seamless development workflow for both the cloud and
embedded devices represents the best approach to creating native
applications for the Internet of Things and Personal Clouds, including Nymote,
which aims to give users lifelong control of their networked personal
data. These core advances will enable developers to focus on adding
value to their services and impressing their customers with creative
offerings. In the future, we believe all software will be written this
way." said Dr. Amir Chaudhry, Programme Manager at OCaml Labs, and part
of the international User Centric Networking project.
Mirage OS is an open source project led by Dr. Anil
Madhavapeddy of the Systems Research Group at the University of
Cambridge. Additional contributors include developers from Citrix, the
FreeBSD Core Team, Galois, OCamlPro and a growing number of individual
contributors. Institutional and grant support for Mirage OS comes from
Horizon Digital Economy Research RCUK, OCaml Labs and the User Centric
Networking project. For more information about Mirage OS and to
participate, please visit OpenMirage.org.