Amazon Web Services (AWS) this week revealed it has developed a microVM dubbed Firecracker that it is using to isolate IT infrastructure resources more efficiently for customers using either the managed AWS Fargate container service or the AWS Lambda serverless computing framework.
Announced at the AWS re:Invent 2018 conference, Firecracker is a lightweight instance of a Kernel-based virtual machine (KVM) that AWS has committed to making available as an open source project.
Prior to the development of Firecracker, AWS has been relying on dedicated instances of EC2 cloud services to run AWS Fargate and AWS Lambda. Peter Desantis, vice president of global infrastructure and customer support for AWS, told conference attendees this week that AWS can now isolate workloads running on AWS Fargate and AWS Lambda using Firecracker virtual machines. That approach makes it more efficient for AWS to support those services without having to make dedicated infrastructure available for each customer, says Desantis.
Each Firecracker microVM consumes a little more than 5 MiB of memory and can be launched in as little as 125 milliseconds, which substantially reduces the latency and overhead associated with traditional virtual machines. Firecracker is based on the crosvm developed for ChromeOS and was developed in the Rust programming language. Each guest running on Firecracker is presented with a network device, a block I/O device, a Programmable Interval Timer, the KVM clock, a serial console and a partial keyboard. Each Firecracker process is “jailed” using cgroups and seccomp Berkley Packet Filter (BPF) functions in the Linux kernel, and has access to a small, tightly controlled list of system calls. Each Firecracker process is statically linked and can be launched from “a jailer” to ensure the host environment is safe.
Desantis says AWS has already proven that more than 150 million microVMs can be launched per second on its services. In fact, he notes, there are already tens of millions of containers running on AWS services.
By launching Firecracker AWS is weighing in on a debate concerning how to provide isolation to containers and serverless computing frameworks without having to rely on legacy virtual machines that generate a lot of overhead. Most containers today run on virtual machines to ensure isolation. But on average organizations are deploying somewhere between 10 to 25 containers per virtual machine. A microVM would make it feasible to run hundreds of containers on a guest operating system running on top of a microVM.
It remains to be seen how the relationship between microVMs and legacy virtual machines will evolve. There are millions of legacy applications running in the cloud and in on-premises environments that are optimized for traditional virtual machines. Over time, however, many of those applications will be re-engineered to run as a set of microservices based on containers.
Because Firecracker is an open source project, AWS is making it possible for enterprise IT organizations to deploy microVMs not just in the AWS cloud, but also theoretically in on-premises IT environments or even rival cloud services. Couple that capability with Kubernetes clusters and it may suddenly become a lot simpler to incorporate AWS into a larger hybrid cloud computing strategy.