Operating systems

Context

• Cloud
• Servers
• NOT mobile and desktop OSes.

Typical Cloud hosting scenario

Actual Applications are small

• Eg: redis (key-value store)
• In memory data-structure server
• Used for caching, counting hits, game scores etc.,
• typical binary <1MB

$ du -sh  /usr/local/Cellar/redis/3.0.4/bin/redis-server
656K    /usr/local/Cellar/redis/3.0.4/bin/redis-server

OSes are too general pupose

• Typical linux distribution can be configured to run on everything from a smart-phone, to desktop, to cloud operating system, to a multimedia OS.

OSes are interchangeable

• The advent of DevOps has automated manual "System Administration" for cloud deployment scenarios.
• Configuration management systems (CFEngine, Puppet, Chef) abstract the actual choice of OS/Distro.
• Operating systems are treated as one more line-item in the build system.

Are too big

• Default installation of CentOS (a popular distribution of Redhat Enterprise Linux) is 500 MB+

Accumulate cruft

• Ship with drivers for Floppy disks!
• Things get added but never really removed (Someone, somewhere might need it)

Duplicate functionality

• Hypervisors provide network stack, storage interfaces

So what is the problem?

Security

• When you have more doors, you have to put more alarms; and miss one
• Vulnerability - Shellcheck
• Increased surface area for compromise

Scalability

• Running more servers = $$$

• even in the age of "cloud computing"

Current approaches

Custom OS buids: SmartOS

• SmartOS is based on Sun's OpenSolaris
• Maitained by cloud hosting provider Joyent
• Specialized for Cloud applications
• In memory operating system
• reboot! to start with a new image

Custom OS builds: Alpine

• Alpine Linux -- http://alpinelinux.org/
• uses alternate libc for smaller builds (<50MB default install)
• has hardened kernel (grsecurity/PaX)

Containers

e.g: Linux Containers (LXC), Docker

Custom OS builds and containers

• Advantages: you are still using the familiar OS
• Disadvantage: Stone carving vs 3-D printing

"All I wanted was a banana, what I have is a gorilla holding a banana"

Unikernels

• Specialised OS kernels
• Act as software components, that can be composed.
• Library operating System (Exokernel etc.,)

MirageOS

• https://mirage.io/
• Written in OCaml, a high level, type-safe, functional language
• provides networking, storage and concurrency support.
• output = single application binary
• Directly deploy onto Xen

MirageOS Example

• start unikernel after receing a request
• the backend server is ready

Source: A unikernel experiment: A VM for every URL

Rumpkernel

• Uses netBSD stack
• Can build a rump kernel with existing apps (eg: MySQL, redis, web servers - nginx)
• Can run on a hypervisor and also bare metal

Click OS

• by NEC Europe
• Specialized OS for network appliances (middle boxes)
• Runs on top of Xen (paravirtualization)

Other examples

• OSv - general purpose, C++, Java.
• ErlangOnXen - Erlang programming language
• HalVM - Haskell

Use case - Network security appliances

• specifically -- Intrustion Detection Systems
• Eg: Suricata
• Typical "Middlebox".
• ie., Server running IDS does only one function - IDS
• Directly benefits from lower resource utilisation
• Security appliances are not immune from malicious attacks