ZeroVM

Last updated
ZeroVM
Original author(s) Camuel Gilyadov, Constantine Peresypkin & Dmitri Bortok
Developer(s) LiteStack which was acquired by Rackspace
Stable release
1.0 [1]   OOjs UI icon edit-ltr-progressive.svg / 20 March 2014;9 years ago (20 March 2014)
Repository
Written in C, assembly
Operating system Linux
Platform x86-64
Type Application virtualization
License Apache License 2.0
Website zerovm.org

ZeroVM is an open source light-weight virtualization and sandboxing technology. It virtualizes a single process using the Google Native Client platform. Since only a single process is virtualized (instead of a full operating system), the startup overhead is in the order of 5 ms. [2] [ third-party source needed ]

Contents

Sandboxing

ZeroVM creates a sandbox around a single process, [3] using technology based on Google Native Client (NaCl). The sandbox ensures that the application executed cannot access data in the host operating system, so it is safe to execute untrusted code. The programs executed in ZeroVM must first be cross-compiled to the NaCl platform. ZeroVM can only execute NaCl code compiled for the x86-64 platform, not the portable Native Client (PNaCl) format.

Code executed in ZeroVM cannot call normal system calls and initially cannot interact with the host environment. All communication with the outside world takes place over channels, which must be declared before the program starts. Outside the sandbox, a channel can be connected to a local file, to a pipe, or to another ZeroVM instance. [4] Inside the sandbox, the program sees the channel as a file descriptor. The sandboxed program can read/write data from/to the channel, but does not know where the channel is connected in the host.

Programs compiled for ZeroVM can optionally use the ZeroVM Runtime library called ZRT. This library aims to provide the program with a POSIX environment. [5] It does this by replacing parts of the C standard library. In particular, ZRT replaces C file input/output functions such as fopen and opendir with versions that operate on an in-memory filesystem. The root filesystem is provided as a tarball. This allows a program to "see" a normal Unix environment.

The ZRT also replaces C date and time functions such as time to give programs a fixed and deterministic environment. With fixed inputs, every execution is guaranteed to give the same result. Even non-functional programs become deterministic in this restricted environment. [6] This makes programs easier to debug since their behavior is fixed.

Integration with Swift

ZeroVM has been integrated with Swift, the distributed object storage component of OpenStack. [7] When the ZeroCloud middleware is installed into Swift, a client can make a request to Swift containing a ZeroVM program. The program is then executed directly on the storage nodes. This means that the program has direct access to the data.

History

ZeroVM was developed by LiteStack, an Israeli startup. The first commit in the zerovm Git repository was added in November 2011. [8] LiteStack was bought by Rackspace in October 2013. [2] [9] [10] ZeroVM participated in Techstars Cloud 2013 incubator program and got $500,000 in seed funding. [11] [12] The first ZeroVM Design Summit was held in January 2014 at the University of Texas at San Antonio. [13]

See also

Related Research Articles

Unionfs is a filesystem service for Linux, FreeBSD and NetBSD which implements a union mount for other file systems. It allows files and directories of separate file systems, known as branches, to be transparently overlaid, forming a single coherent file system. Contents of directories which have the same path within the merged branches will be seen together in a single merged directory, within the new, virtual filesystem.

A chroot on Unix and Unix-like operating systems is an operation that changes the apparent root directory for the current running process and its children. A program that is run in such a modified environment cannot name files outside the designated directory tree. The term "chroot" may refer to the chroot(2) system call or the chroot(8) wrapper program. The modified environment is called a chroot jail.

<span class="mw-page-title-main">Xen</span> Type-1 hypervisor

Xen is a free and open-source type-1 hypervisor, providing services that allow multiple computer operating systems to execute on the same computer hardware concurrently. It was originally developed by the University of Cambridge Computer Laboratory and is now being developed by the Linux Foundation with support from Intel, Citrix, Arm Ltd, Huawei, AWS, Alibaba Cloud, AMD, Bitdefender and epam.

Filesystem in Userspace (FUSE) is a software interface for Unix and Unix-like computer operating systems that lets non-privileged users create their own file systems without editing kernel code. This is achieved by running file system code in user space while the FUSE module provides only a bridge to the actual kernel interfaces.


This is a comparison of notable free and open-source configuration management software, suitable for tasks like server configuration, orchestration and infrastructure as code typically performed by a system administrator.

Ceph is a free and open-source software-defined storage platform that provides object storage, block storage, and file storage built on a common distributed cluster foundation. Ceph provides completely distributed operation without a single point of failure and scalability to the exabyte level, and is freely available. Since version 12 (Luminous), Ceph does not rely on any other, conventional filesystem and directly manages HDDs and SSDs with its own storage backend BlueStore and can expose a POSIX filesystem.

<span class="mw-page-title-main">Rackspace Cloud</span> Cloud computing platform

The Rackspace Cloud is a set of cloud computing products and services billed on a utility computing basis from the US-based company Rackspace. Offerings include Cloud Storage, virtual private server, load balancers, databases, backup, and monitoring.

Google Native Client (NaCl) is a discontinued sandboxing technology for running either a subset of Intel x86, ARM, or MIPS native code, or a portable executable, in a sandbox. It allows safely running native code from a web browser, independent of the user operating system, allowing web apps to run at near-native speeds, which aligns with Google's plans for ChromeOS. It may also be used for securing browser plugins, and parts of other applications or full applications such as ZeroVM.

<span class="mw-page-title-main">TurnKey Linux Virtual Appliance Library</span>

The TurnKey Linux Virtual Appliance Library is a free open-source software project which develops a range of Debian-based pre-packaged server software appliances. Turnkey appliances can be deployed as a virtual machine, in cloud computing services such as Amazon Web Services or installed in physical computers.

This is a list of file synchronization software for which there are Wikipedia articles.

<span class="mw-page-title-main">OpenStack</span> Cloud computing software

OpenStack is a free, open standard cloud computing platform. It is mostly deployed as infrastructure-as-a-service (IaaS) in both public and private clouds where virtual servers and other resources are made available to users. The software platform consists of interrelated components that control diverse, multi-vendor hardware pools of processing, storage, and networking resources throughout a data center. Users manage it either through a web-based dashboard, through command-line tools, or through RESTful web services.

<span class="mw-page-title-main">Juju (software)</span> Open source service orchestration management tool

Juju is a free and open source application modeling tool developed by Canonical Ltd. Juju is an application management system. It was built to reduce the operation overhead of software by facilitating, deploying, configuring, scaling, integrating, and performing operational tasks on public and private cloud services along with bare-metal servers and local container-based deployments.

CloudStack is open-source Infrastructure-as-a-Service cloud computing software for creating, managing, and deploying infrastructure cloud services. It uses existing hypervisor platforms for virtualization, such as KVM, VMware vSphere, including ESXi and vCenter, XenServer/XCP and XCP-ng. In addition to its own API, CloudStack also supports the Amazon Web Services (AWS) API and the Open Cloud Computing Interface from the Open Grid Forum.

Synnefo is a complete open-source cloud stack written in Python that provides Compute, Network, Image, Volume and Storage services, similar to the ones offered by AWS. Synnefo manages multiple Google Ganeti clusters at the backend that handle low-level VM operations and uses Archipelago to unify cloud storage. To boost 3rd-party compatibility, Synnefo exposes the OpenStack APIs to users.

<span class="mw-page-title-main">Proxmox Virtual Environment</span> Linux distribution for server virtualization

Proxmox Virtual Environment is a hyper-converged infrastructure open-source software. It is a hosted hypervisor that can run operating systems including Linux and Windows on x64 hardware. It is a Debian-based Linux distribution with a modified Ubuntu LTS kernel and allows deployment and management of virtual machines and containers. Proxmox VE includes a web console and command-line tools, and provides a REST API for third-party tools. Two types of virtualization are supported: container-based with LXC, and full virtualization with KVM. It includes a web-based management interface.

<span class="mw-page-title-main">Google App Runtime for Chrome</span> Compatibility layer and sandboxing technology

Android Runtime for Chrome (ARC) is a compatibility layer and sandboxing technology for running Android applications on desktop and laptop computers in an isolated environment. It allows applications to be safely run from a web browser, independent of user operating system, at near-native speeds.

<span class="mw-page-title-main">WebAssembly</span> Cross-platform assembly language and bytecode designed for execution in web browsers

WebAssembly defines a portable binary-code format and a corresponding text format for executable programs as well as software interfaces for facilitating interactions between such programs and their host environment.

<span class="mw-page-title-main">Snap (software)</span> Software deployment system for Linux by Canonical

Snap is a software packaging and deployment system developed by Canonical for operating systems that use the Linux kernel and the systemd init system. The packages, called snaps, and the tool for using them, snapd, work across a range of Linux distributions and allow upstream software developers to distribute their applications directly to users. Snaps are self-contained applications running in a sandbox with mediated access to the host system. Snap was originally released for cloud applications but was later ported to also work for Internet of Things devices and desktop applications.

<span class="mw-page-title-main">Windows Subsystem for Linux</span> Compatibility layer for running Linux binary executables natively on Windows

Windows Subsystem for Linux (WSL) is a feature of Windows that allows developers to run a Linux environment without the need for a separate virtual machine or dual booting. There are two versions of WSL: WSL 1 and WSL 2. WSL 1 was first released on August 2, 2016, and acts as a compatibility layer for running Linux binary executables by implementing Linux system calls on the Windows kernel. It is available on Windows 10, Windows 10 LTSB/LTSC, Windows 11, Windows Server 2016, Windows Server 2019 and Windows Server 2022.

<span class="mw-page-title-main">Deno (software)</span> Secure Javascript and Typescript runtime

Deno is a runtime for JavaScript, TypeScript, and WebAssembly that is based on the V8 JavaScript engine and the Rust programming language. Deno was co-created by Ryan Dahl, who also created Node.js.

References

  1. "Release 1.0". 20 March 2014. Retrieved 23 July 2018.
  2. 1 2 Lindberg, Van. "ZeroVM: Smaller, Lighter, Faster". Rackspace Blog. Archived from the original on 19 September 2015. Retrieved 14 April 2014.
  3. Yegulalp, Serdar (23 October 2013). "ZeroVM virtualizes apps, not machines". InfoWorld. Retrieved 14 April 2014.
  4. "ZeroVM Channels". GitHub . Retrieved 14 April 2014.
  5. "ZRT Readme". GitHub . Retrieved 14 April 2014.
  6. "ZeroVM Architecture" . Retrieved 14 April 2014.
  7. "ZeroCloud". GitHub . Retrieved 14 April 2014.
  8. Gilyadov, Camuel. "First Commit". GitHub. Retrieved 18 April 2014.
  9. Shamah, David (October 24, 2013). "Rackspace picks up ZeroVM's 'built-for-cloud' hypervisor". ZDNet. Retrieved 14 April 2014.
  10. Clark, Jack (25 October 2013). "Rackspace goes to Israel, picks up slick new weapon for cloud wars". The Register. Retrieved 14 April 2014.
  11. Idan, Henn (3 November 2013). "Israeli ZeroVM acquired by RackSpace". Geektime. Retrieved 14 April 2014.
  12. Lorek, Laura (19 April 2013). "ZeroVM Creates Software for Cloud Computing". Silicon Hills News. Retrieved 14 April 2014.
  13. Rackspace. "ZeroVM Design Summit". YouTube. Retrieved 18 April 2014.