What does ZeroVM virtualize?

virtualization zerovm

Solution 1:

Good question! I work on the ZeroVM team and hope I can help clear things up!

Is ZeroVM providing a container similar to Docker?

No, not really. Docker uses LXC and other kernel features to provide a sandboxed environment. ZeroVM runs entirely in userspace and sandboxes a single application.

Briefly, ZeroVM works by first validating the application to be run and then simply executing it. When executed, the application runs with basically no extra overhead — there's no virtual machine behind it.

In order to validate an application, it must be cross-compiled into a special form of x86 machine code. This special form has the nice property that it can be statically verified to be "safe". Among other things, "safe" means that the code wont jump to addresses outside a certain memory segment provided by ZeroVM. The program can also not call the normal system calls, it can only call a very narrow syscall interface provided by ZeroVM. This validation is taken from Google's Native Client project.

How would I use ZeroVM to run Wordpress? What benefits would doing so provide?

You could in principle cross-compile the C program that is the PHP interpreter. ZeroVM could then start the PHP interpreter in the sandbox and feed it the PHP files that make up WordPress. ZeroVM provides a read-only in-memory filesystem and this could be used to read a SQLite database from. That would give you a read-only WordPress site — not terribly exciting :-)

However, as I see it, this is not the main use-case for ZerovM. Existing database-heavy applications need to be rewritten for use with ZeroVM. ZeroVM is more meant for massively scalable systems where you want to process many data items in parallel.

Imagine you have 1,000,000 email that you need to search through. The mails are stored in a block storage such as OpenStack Swift or Amazon S3. This means that the physical files are stored on some number of storage servers. Traditionally, you would need to pull all the mail down to some number of compute nodes in order to search them. With ZeroVM and its integration with Swift, you can send the code to the data. This is possible because code is small (some megabytes) compared to a bulky virtual machine image, and because it's safe to execute untrusted code in the ZeroVM sandbox.

So ZeroVM is meant for highly-scalable architectures where each request operates on different pieces of data.

For a WordPress site, this could mean that one should store each blog post in a separate piece of data and have a dedicated ZeroVM instance responsible for each post. Currently, the filesystem is read-only, but there are plans to make it read-write and the ZeroVM instance responsible for a given blog post could then handle things like comments. You would need a load-balancer in front that is capable of routing the traffic appropriately. The result is a very different architecture than the current WordPress, but a more scalable one. Actually implementing this is currently left as an exercise for the reader.

Solution 2:

Seems to be the bleeding edge. Rackspace is taking a dig at LXC for being 'insecure' in comparison, but until the whitepapers show up on the topic, i will with hold judgement.

  • Is ZeroVM Providing a container similar to Docker?

From: Info World "Some obvious comparisons are possible between ZeroVM and a project like Docker, but the intentions are a little different. Docker is about packaging for deployment through a variety of environments. ZeroVM is more about providing a way for apps to be virtualized in a lightweight way in a given environment where a full VM solution would be excessive and not really needed."

  • How Would I use ZeroVM to run Wordpress?

Presumably you would need apache to be compiled for ZeroVM. I'm not sure sure how much of the Wordpress code base will break under such conditions.

  • What are the benefits?

Rackspace's marketing department will make the best case for this: Here

  • What challenges Will I face? (Added for benefit of future readers)

The software / platform is bleeding edge so all trials and difficulities associated with running bleeding edge software apply. (Including a lack of a large user base for support). It is also a new "Platform." Software developers are getting used to dealing with virtualized platforms... but this is a whole new breed of virtualization above and beyond hardware (VMWare. OracleVM, HyperV) and kernel virtualization (OpenVZ)... Don't be surprised if nothing works as expected this early in the game.

Solution 3:

Continuing my example above, how would I use ZeroVM to run Wordpress? What benefits would doing so provide?

ZeroVM is essentially a platform for building PaaS'es. Therefore the question above has little meaning in "ZeroVM world". But let's assume that somebody have installed ZeroVM infrastructure for you (will call it "Provider"). Then you can create your own PaaS or SaaS on top of that infrastructure. In the case of WordPress: Provider gives you an ability to run any code on the Provider's infrastructure, you can run WordPress, when your code is running - you pay for it. When your code is not running - you do not pay. I.e. when somebody opens a wordpress page you will pay for the request, after response is sent to the user - you stop paying anything. More than that, because each ZeroVM instance will serve one request, your WordPress site essentially needs only to serve one page to one user. And then I would argue that you don't really need "WordPress" as WordPress right now is a PHP interface to MySQL database, and in case of one user and one request you don't need any centralized database. And so on.

Does this mean that each request to the ZeroVM app spawns a new process?

Yes and no. Depends how do you want to use it. If each request is a totally different app with totally different code-base - then yes, you will need a brand new process. But if each request is a call to PHP or WSGI web app, then ZeroVM can act as a "daemon" serving requests much faster by saving setup time of the platform (setting up filesystem + python + wsgi in case of WSGI app, for example).

How would requests get routed to the correct app?

Right now the infrastructure is integrated into Swift object store. Request for Swift object will trigger execution of a specific piece of code. Or POST to specific URL will trigger the execution of the POST request payload. Of course any other type of integration is possible, for example into a web-server or distributed queue.

Related

How do I change the root path in nginx
How should I temporarily disable IPv6 for an entire network?
Bootrec /FIXBOOT vs Bootrec /FIXMBR
ipsec verify on ubuntu Two or more interfaces found, checking IP forwarding [FAILED]
dcomcnfg - Can't set Launch and Activation Permissions - Windows Server 2012
How to persist resolv.conf options such as rotate, timeout in CentOS?
Why do some mac-addresses repeat so often?
Storage Spaces Direct guidelines
I am able to ping a device on a different subnet without passing through a L3 device. How?
Win10 NFS Client a SAMBA Killer?
How to access LVM partitions on OS X?
Do I need seperate iptables rule for ipv6 address?