My other Internet is a Mirage

My other Internet is a Mirage

Seacliff A/B
Monday, 10:30am - 11:20am

We are now used to being roused out of bed by news of the latest serious Internet security alert or major data leak. The software services we now use are tremendously complex, and mash together a complex spectrum of policy and mechanisms. I'll talk about a different approach to building Internet services that cleanly separately both of these, and results in an extremely efficient deployment model.


Hypervisors such as Xen or VMWare provide a flexible platform to host applications as a set of appliances, e.g., web servers or databases. Each appliance usually contains an OS kernel and userspace processes, within which applications access resources via APIs such as POSIX. The flexible architecture of the cloud comes at a cost: the addition of another layer in the already complex software stack. This reduces performance and increases the size of the trusted computing base.


Our new Mirage operating system proposes a radically different way of building these appliances. Mirage supports the progressive specialisation of functional language (OCaml) application source code, and gradually replaces traditional OS components with type-safe libraries. This ultimately results in “unikernels”: sealed, fixed-purpose images that run directly on the hypervisor without an intervening guest OS such as Linux.


Developers no longer need to become sysadmins, expert in the configuration of all manner of system components, to use cloud resources. At the same time, they can develop their code using their usual compiler tools, and simply recompile into specialized kernels when ready. As they explicitly link in components that would normally be provided by the host OS, the resulting unikernels are also highly compact: facilities that are not used are simply not included in the resulting unikernel. For example, the self-hosting Mirage web server image is less than a megabyte in size!

Anil.Madhavapeddy's picture
Anil Madhavapeddy is a Senior Research Fellow at the University of Cambridge, based in the Systems Research Group. He was on the original team that developed the Xen hypervisor, and helped develop an industry-leading cloud management toolstack written entirely in OCaml. This XenServer product has been deployed on hundreds of thousands of physical hosts, and drives critical infrastructure for many Fortune 500 companies. Prior to obtaining his PhD in 2006 from the University of Cambridge, Anil had a diverse background in industry at Network Appliance, NASA and Internet Vision. In addition to professional and academic activities, he is an active member of the open-source development community with the OpenBSD operating system, is co-chair of the Commercial Uses of Functional Programming workshop, and an author of the O'Reilly Real World OCaml book.