A full virtualizer and an alternative to containers

Lighting the Fuse

Who Is It For?

Besides Amazon, who is Firecracker suitable for? Amazon says Firecracker is especially recommended to anyone who would otherwise have opted for container-based virtualization. Apparently, Amazon is planning a kind of double virtualization: VMs in Firecracker could be the basis for Docker. Users could then combine the advantages of Firecracker and true container virtualization: minimal overhead, but exactly the same isolation and security that Qemu offers in comparison.

A couple of things are still missing. Integration of Firecracker into other solutions like OpenStack simply doesn't exist yet. The minimum you would expect would be a nova-compute-firecrack. However, it is unlikely that Amazon will develop this, because they would then indirectly compete with each other in the cloud. It's up to the community here. However, if Firecracker proves to be useful and helpful, it cannot be completely ruled out that one of the large Linux distributors might jump into the breach.

Conclusions

Firecracker attacks the weaknesses of full virtualization (massive overhead, even when almost nothing is happening, and maintaining and servicing several virtual machines) and containers (access by hackers to the physical system, as well as to other virtual systems running on the same hardware, and imperfect isolation of resources) by combining the security and isolation of real VMs with the light weight of containers.

My first conclusion is that Firecracker is cool, but not quite useful in everyday life yet, especially in a production environment. Whether or not Firecracker can be successful in the long run will largely depend on community acceptance and the way it integrates with other solutions. Unfortunately, you also cannot rule out Amazon killing it and relying on Kata Containers or a completely different solution, if the intended base in the community is not as successful as expected.

If you are interested in virtualization, and are looking for a lightweight alternative to Qemu, it makes sense to take a closer look at Firecracker.

The Author

In his spare time, Debian developer Martin Gerhard Loschwitz works professionally as a Telekom Public Cloud Architect at T-Systems, where he primarily focuses on topics such as OpenStack, Ceph, and Kubernetes.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Virtualization with KVM
    KVM continues to gain popularity in the world of Linux – so much so, that it has become Red Hat and Ubuntu's preferred virtualization solution. In contrast to Xen, setting up KVM involves just a couple of steps, and the guest operating systems can run without special patches.
  • OpenStack Foundation Grows Beyond OpenStack
  • Take your pick from a variety of AWS databases
    We look at the variety of databases available in Amazon Web Services – from relational, to NoSQL, to data warehouses for petabyte data volumes.
  • Avoiding KVM configuration errors
    Virtualization solutions isolate their VM systems far more effectively than a container host isolates its guests. However, implementation weaknesses in the hypervisor and configuration errors can lead to residual risk, as we show, using KVM as an example.
  • Secure Your KVM Virtual Machines
    A common misconception posits that software cannot cause mischief if you lock the system away in a virtual machine, because even if an intruder compromises the web server on the virtual machine, it will only damage the guest. If you believe this, you are in for a heap of hurt.
comments powered by Disqus