Running applications in the Cloud has changed the way users develop and ship their code. Quite recently, the community has given rise to microservices-based approaches, towards solutions that follow the paradigm of Platform-, Software-, and Function-as-a-Service (PaaS, SaaS, and FaaS respectively).
To accommodate user demands, while maintaining security and isolation, Cloud vendors have adopted a hybrid approach where user workloads are being executed in lightweight sandboxed environments, where micro-hypervisors provide the isolation and container-based images facilitate application deployment. As a result, lighter virtualization stacks remains a key aspect to maximize performance in a multi-tenant but isolated environment.
To this end, we started experimenting with various Virtual Machine Monitors (VMMs) that could provide the ideal trade-off between performance, flexibility and application portability. In this talk, we present the design of a minimal VMM, based on KVM, residing entirely in the Linux Kernel and showcase the merits and shortcomings (minimal footprint, security concerns), for each use-case (Cloud FaaS, edge multi-tenancy). Additionally, we present our experience from porting Firecracker to a low-power device (RPi4) demonstrating the merits of lightweight hypervisor stacks for flexible application execution at the edge.
Speakers: Anastassios Nanos Babis Chalios