"Virtualization is slow... Why not use containers?" We get asked a *lot* about containers vs. unikernels and figured this page versus a simple FAQ entry is warranted.
It's worth pointing out immediately though that containers and virtualization are two completely different technologies with different goals so it's a bit apples/oranges to even begin with.
Having said that - unikernels are definitely in the virtualization space and they typically make use of hypervisors.
Some unikernel software today is slow - that's expected for such a new ecosystem. However, some of it is incredibly fast. Being able to tap virtualization features such as PCI passthrough coupled with VMs that skip many syscalls can make your software hyperfast.
One of the most commonly cited reasons for containers being faster than virtualization is that they assume the VM is a full blown linux operating system when that's never the case with a unikernel. Unikernels can boot extremely fast - sometimes in 10ms fast.
It's a well known and documented fact that containers are inherently insecure and easy to break out of. Not only that but they share a host kernel so once that is hacked very other tenant in the environment is affected.
What's remarkable is that this drawback is not even what gives unikernels their security capability. Its' the simple fact that eliminating the usage of fork effectively defeats the vast majority of security problems we face today.
Manageability is arguablly what defined modern day 'cloud computing'. Abilities such as live migrating a VM from machine to machine, the ablity to programatically attach/resize/clone/etc. networks/disks/etc. from a well defined API. These all features that containers do not implement and what is needed to build something like Amazon Web Services or Google Cloud.
Introducing the future cloud. Ready for the future?
Contact us at 888-PANIC-83 or email us at email@example.com.
Sign up to get alerted about new developments.