
ZeroVM: Virtualization based on Chrome's NaCl - sriku
http://www.zerovm.org/
======
blorgle
I have been following ZeroVM since it's inception and often go to the website
and stare longingly at my screen thinking of amazing things it could do (when
coupled with OpenStack Swift to make "ZeroCloud"). If you look at my HN
comment history you can see multiple articles about "serverless" where I tried
to tell people about ZeroVM.

But they got bought by Rackspace (who originally open sourced Swift) in late
2013, and then their github account activity dropped to 0 by early 2015.
Rackspace has probably one of the worlds largest Swift deployments, so maybe
one day they will do some cool things with ZeroVM ala ZeroCloud but for now
the forward movement of the project seems dead or at least proprietary :(

Other interesting implementations of the same concept include Joyents Manta,
which is also open source and actually probably more flexible than ZeroCloud
(you can SSH into your container).

~~~
notmyname
Yeah the lack of further work on ZeroVM is unfortunate. You may be interested
in
[https://github.com/openstack/storlets](https://github.com/openstack/storlets)
which is conceptually similar and is being actively developed.

------
thepumpkin1979
"What does ZeroVM virtualize?" Also "Docker vs ZeroVM" at
[http://serverfault.com/questions/574504/what-does-zerovm-
vir...](http://serverfault.com/questions/574504/what-does-zerovm-virtualize)

~~~
bluejekyll
Thanks for posting that. It was the exact question in my mind.

For anyone who's worked with it, does the fact that it's pure userspace have
any negatives? Performance? What about access to system resources, opening
sockets, etc.

~~~
SwellJoe
I don't know anything about ZeroVM, but performance would only come into play
when/if it crosses boundaries, and even then, only if the APIs at the boundary
are slow. User space on Linux provides a lot of features to make crossing
boundaries not slow. Zero copy write with sendfile(), efficient async I/O with
epoll(), etc. are tools to allow user space applications to cross that
boundary efficiently.

That said, user space file systems are slower than in-kernel file systems; at
least, according to the data I've seen. But, I suspect ZeroVM will be used in
ways that aren't quite the pathological case of a user-space filesystem under
benchmark load.

As for access, Linux has a nice capabilities system to allow user space to
access privileged resources as a non-privileged user and without being in ring
0 (if privileged access is even needed, which it likely won't be in the cases
where this will be used, I would think). Again, this would still be through
the public APIs, and not by acting like the kernel and hitting the hardware
directly.

I don't think, or get the impression, that this would be used for full-system
virtualization. It seems to be more targeted toward an AWS Lambda sort of
usage pattern; a micro-VM that spins up to serve one API request, or to act as
a long-running tiny daemon to do some housekeeping task. It looks like a fancy
fork(), to me, rather than a competitor to Docker or LXC (and especially not
KVM or Xen, which can run a whole Linux kernel in the VM).

~~~
blorgle
> I don't think, or get the impression, that this would be used for full-
> system virtualization. It seems to be more targeted toward an AWS Lambda
> sort of usage pattern; a micro-VM that spins up to serve one API request, or
> to act as a long-running tiny daemon to do some housekeeping task. It looks
> like a fancy fork(), to me, rather than a competitor to Docker or LXC (and
> especially not KVM or Xen, which can run a whole Linux kernel in the VM).

Almost. With ZeroCloud (OpenStack Swift + ZeroVM + appropriate middleware),
you should imagine Lambda+S3 in the same service! Your "function" executes
much, much closer to the location of the data, it doesn't require "shipping"
from the storage service to the compute service and back again. You can take
in an object, perform a transform (e.g. text search, encryption, transcode,
etc) and store the result as a new object.

If you think about it, it's kind of the future of large scale computing,
immutable dataset + immutable compute, that can horizontally scale to huge
numbers of nodes.

~~~
SwellJoe
> With ZeroCloud (OpenStack Swift + ZeroVM + appropriate middleware), you
> should imagine Lambda+S3 in the same service!

Is that something that exists in a production form today? What's an example of
the use case? I'm having trouble visualizing this "Your "function" executes
much, much closer to the location of the data, it doesn't require "shipping"
from the storage service to the compute service and back again." That sounds
like going back to a monolithic model where data and functions are tightly
coupled, but I assume I'm visualizing it wrong, since that would be moving
backward.

~~~
prutschman
Suppose you have a dataset big enough that it needs to be spread across a
storage cluster. Now you'd like to run some kind of operation that's either
completely parallel, or fits the map/reduce model. Maybe you have a petabyte
worth of video files and you want to generate thumbnails, or extract metadata,
or find all frames of video with text in them.

If compute is separated from storage, then all of that video data has to be
streamed over the network from a storage node to a compute node before
computation can even begin; the data is "shipped" to compute.

Presumably the function you want to execute is vastly smaller than the data.
It would require much less time and bandwidth to run the function on the same
node as the data it's accessing; no network overhead. Assuming you have an
adequate balance between compute and storage, you get much lower latency
access to the data.

Some downsides include \- running arbitrary code on your storage node means
trusting your users or having very good sandboxing \- you now have to balance
compute and storage on any given node

------
solarengineer
I have always been a fan of ZeroVM. I had decided to take the task of adding
multi-threaded support so that we'd have NaCL-enforced security and
performance constraints, rather than depending upon the Linux kernel for the
same. This turned out to be more complex for my skill levels and I gave up
mid-way.

I recommend that you try out ZeroVM for your Python apps. I've seen great
demos where Rackspace devs applied on-the-fly transformations to content being
served from swift. e.g. one demo added watermarks to files, another transcoded
video streams.

At a ZeroVM workshop in Atlanta at the OpenStack summit some years ago, one of
the participants started a discussion with the ZeroVM devs about running
ZeroVM apps via the firmware of SSD drives.

Unfortunately, this nice technology didn't quite catch on.

------
valarauca1
Isn't NaCl completely destaffed an no longer being developed?

[https://bugs.chromium.org/p/chromium/issues/detail?id=239656...](https://bugs.chromium.org/p/chromium/issues/detail?id=239656#c160)

------
mankash666
ZeroVM reduces the accepted X86 instructions and also restricts more syscalls
than Google NaCl.

Per Google's NaCl devs, NaCl's restrictions result in an average of 10% drop
in performance, though it's application specific. ZeroVM should result in
slightly greater drop in performance given its restrictions.

------
newsat13
Maybe someone can mark this is 2015? This is from 2 years ago...

------
zimbatm
To make this project viable they would have to re-build it around
WebAssembly[1] instead. NaCl was conceived before WebAssembly emerged as the
standard for binary executables for the web and is now in maintenance mode.

[1] [http://webassembly.org/](http://webassembly.org/)

~~~
throwaway91111
Why would they rewrite this for the browser?

~~~
zimbatm
Not for the browser but NaCl is going to get less support from compiler
toolchains now that WebAssembly it there.

------
floatboth
CloudABI anyone? [https://nuxi.nl/](https://nuxi.nl/)

------
fourthark
(2015)

