Lightweight Mirage OS Improves Distributed Storage, Security and Networking Functionality for ARM-based Embedded Devices
Portland, Ore. — OSCON — July 22, 2014 – The Xen Project Collaborative Project hosted at the Linux Foundation today announced the release of Mirage OS v2.0, which includes the industry’s first software framework that unifies cloud and embedded deployments behind a safe, secure programming language, allowing developers to seamlessly build systems that span both embedded devices and public cloud services. The latest release also includes support for distributed computation, networking and storage.
Most applications running in the cloud are not optimized to do so. They make assumptions about the underlying operating system, resulting in larger footprints with increased costs and risks. The open source Mirage OS represents a new approach where the application code is combined with the specific components of the operating system it needs into a single-purpose unikernel appliance. With Mirage OS, developers can create lean and efficient unikernels for secure, cost-effective and high-performance network applications. Mirage OS unikernels run directly on the Xen Project hypervisor, which allows them to be quickly deployed to many leading cloud platforms.
For the first time, application developers using Mirage OS can deploy their projects to embedded ARM-based devices, such as the Cubieboard2 board, as well as to public clouds like Amazon EC2, Rackspace Cloud and Verizon Cloud. With a particular focus on scalability, resilience and safety, Mirage OS is ideal for creating mission-critical systems and can easily span from embedded devices in homes and buildings to large cloud deployments. This milestone release opens up the coming wave of connected devices to application developers with a number of significant new libraries to provide support for disconnected operation, security and enhanced interoperability, including:
• Irmin distributed Git-like storage system: enables a fully distributed workflow, with support for disconnected operation, efficient merge operations and application-specific conflict resolution algorithms. Irmin offers a way to circulate and integrate data among remote workers, sensors or devices in different connectivity environments and can seamlessly sync all information, pairing well with mobile computing and the Internet of Things.
• OCaml-TLS: a clean-slate implementation of the transport layer security (TLS) protocol in pure OCaml for security sensitive applications. TLS, also known as Secure Sockets Layer (SSL), is the Internet’s most widely used security protocol. By re-building security-critical software in OCaml, Mirage OS obstructs bugs related to spatial and temporal memory safety, such as Heartbleed.
• ARM device support: allows Mirage OS applications to be deployed as guest VMs under the Xen Project on ARM hypervisor, making it possible to run on low-power embedded devices, home routers, and many of the low-cost single-board ARM computers now available.
• vchan protocol:natively supports faster and more efficient Xen inter-domain communication using shared memory, eg. between two VMs residing in the same Xen host. This provides a higher level of security compared to network sockets since messages will never leave the host’s shared memory.
• Ctypes library: provides enhanced interoperability with existing C code and Mirage OS components can be linked into existing C applications. Ctypes makes it easy to interact with non-OCaml code by generating C glue code and also can produce standalone native object files that can be embedded within other non-OCaml applications.
“Unikernels built on high-level languages, such as the Mirage OS and our own open source HaLVM, offer tremendous benefits for building security-critical components. By using Mirage OS for our MAC-enhanced XenStore, we were able to quickly and easily add next-generation security features, while maintaining confidence that our additions met critical quality and safety metrics,” said Adam Wick, Technical Director, Systems Software at Galois, a U.S. company developing critical systems that solve critical software security, safety, privacy and performance problems for government and commercial clients.
Another Mirage OS user, OnApp, recently introduced the global OnApp Federation network of 2,000 public OnApp clouds for sharing compute resources (CPU, RAM and storage).
“Unikernels form a building block that enables us to scale out efficient, on-demand virtual machines across the global OnApp federated cloud provider marketplace. Mirage OS is an exciting technology on which to provision new ‘liquid’ services in the public cloud without sacrificing security and isolation,” said Julian Chesterfield, Director of Emerging Technologies at OnApp.
“The seamless development workflow for both the cloud and embedded devices represents the best approach to creating native applications for the Internet of Things and Personal Clouds, including Nymote, which aims to give users lifelong control of their networked personal data. These core advances will enable developers to focus on adding value to their services and impressing their customers with creative offerings. In the future, we believe all software will be written this way.” said Dr. Amir Chaudhry, Programme Manager at OCaml Labs, and part of the international User Centric Networking project.
Mirage OS is an open source project led by Dr. Anil Madhavapeddy of the Systems Research Group at the University of Cambridge. Additional contributors include developers from Citrix, the FreeBSD Core Team, Galois, OCamlPro and a growing number of individual contributors. Institutional and grant support for Mirage OS comes from Horizon Digital Economy Research RCUK, OCaml Labs and the User Centric Networking project. For more information about Mirage OS and to participate, please visit OpenMirage.org.
Anil Madhavapeddy and Richard Mortier, a Horizon Transitional Fellow at the University of Nottingham School of Computer Science, are at OSCON presenting “Nymote: Git Your Own Cloud Here” at 11:00 a.m., PT on Thursday, July 24, 2014.
About Xen Project
Xen Project software is an open source virtualization platform licensed under the GPLv2 with a similar governance structure to the Linux kernel. Designed from the start for cloud computing, the Project has more than a decade of development and is being used by more than 10 million users. A Collaborative Project at The Linux Foundation, the Xen Project community is focused on advancing virtualization in a number of different commercial and open source applications including server virtualization, Infrastructure as a Services (IaaS), desktop virtualization, security applications, embedded and hardware appliances. It counts many industry and open source community leaders among its members including: Amazon Web Services, AMD, ARM, Bromium, CA Technologies, Cavium, Cisco, Citrix, Google, Intel, NetApp, Oracle, Rackspace, and Verizon Terremark. For more information about the Xen Project software and to participate, please visit XenProject.org.
The Xen Project