

Rumprun Tutorial: Serve a static website as a Unikernel - amirmc
https://github.com/rumpkernel/wiki/wiki/Tutorial%3A-Serve-a-static-website-as-a-Unikernel

======
fennecfoxen
What sort of benefits does this sort of an arrangement provide? Is it aimed at
stripped-down embedded environments or something?

~~~
yazaddaruvala
My understanding about using unikernels is that it helps you optimize.
Unikernels allow you to trade built in safety and portability for
customization and performance.

If there is only one process, the webserver, why deal with a scheduler?

If you're not using the safety features of an OS why have them?

Why context switch if its not needed?

You're hosting a key value store on an SSD. Why deal with a file system
abstraction?

Basically, as I understand it, unikernels are trying to democratize
application deployment "on the metal" (or currently on xen) without the legacy
fundamentals that drove the designs of OSes like Windows or Linux which were
built for shared mainframes in university basements.

For more info here is Xen talking about unikernels,
[http://wiki.xenproject.org/wiki/Unikernels](http://wiki.xenproject.org/wiki/Unikernels)

~~~
shoo
I think another aspect I recall reading somewhere is security: if you can do
the job with a far simpler system, potentially you end up with less attack
surface (assuming the fancy new simpler system is actually well built and
tested, etc).

E.g.

    
    
      > Why use Mirage OS?
      >
      > The cloud has so far mostly been used to
      > consolidate existing operating systems and manage
      > them more conveniently. The interface between
      > guest kernels, applications and VMs are all
      > managed very differently, leading to serious
      > inefficiencies, unreliability and insecurity.
    

[http://www.xenproject.org/developers/teams/mirage-
os.html](http://www.xenproject.org/developers/teams/mirage-os.html)

[https://mirage.io](https://mirage.io)

~~~
GauntletWizard
Further, you have less to lose if that surface is breached; If you penetrate a
unikernel static content server, you can't really do much on that system; It
won't have a shell, compilers, or any of the tooling needed to expand that
hole. Because your OS is so much simpler, the cleanup is simpler too; Nuking
the machine and starting over is much simpler when you've designed for
lightweight unikernels.

