A full virtualizer and an alternative to containers

Lighting the Fuse

Who Is It For?

Besides Amazon, who is Firecracker suitable for? Amazon says Firecracker is especially recommended to anyone who would otherwise have opted for container-based virtualization. Apparently, Amazon is planning a kind of double virtualization: VMs in Firecracker could be the basis for Docker. Users could then combine the advantages of Firecracker and true container virtualization: minimal overhead, but exactly the same isolation and security that Qemu offers in comparison.

A couple of things are still missing. Integration of Firecracker into other solutions like OpenStack simply doesn't exist yet. The minimum you would expect would be a nova-compute-firecrack. However, it is unlikely that Amazon will develop this, because they would then indirectly compete with each other in the cloud. It's up to the community here. However, if Firecracker proves to be useful and helpful, it cannot be completely ruled out that one of the large Linux distributors might jump into the breach.


Firecracker attacks the weaknesses of full virtualization (massive overhead, even when almost nothing is happening, and maintaining and servicing several virtual machines) and containers (access by hackers to the physical system, as well as to other virtual systems running on the same hardware, and imperfect isolation of resources) by combining the security and isolation of real VMs with the light weight of containers.

My first conclusion is that Firecracker is cool, but not quite useful in everyday life yet, especially in a production environment. Whether or not Firecracker can be successful in the long run will largely depend on community acceptance and the way it integrates with other solutions. Unfortunately, you also cannot rule out Amazon killing it and relying on Kata Containers or a completely different solution, if the intended base in the community is not as successful as expected.

If you are interested in virtualization, and are looking for a lightweight alternative to Qemu, it makes sense to take a closer look at Firecracker.

The Author

In his spare time, Debian developer Martin Gerhard Loschwitz works professionally as a Telekom Public Cloud Architect at T-Systems, where he primarily focuses on topics such as OpenStack, Ceph, and Kubernetes.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Secure containers with a hypervisor DMZ
    Container technology security is not well defined. We look at several approaches to closing this security gap with hypervisors and buffer zones.
  • Goodbye virtual machines, hello microVMs
    You can have your cake and eat it, too: MicroVMs feature the strong isolation of virtual machines and lightweight behaviors of containers.
  • Amazon Announces AWS Fargate
  • Virtualization with KVM
    KVM continues to gain popularity in the world of Linux – so much so, that it has become Red Hat and Ubuntu's preferred virtualization solution. In contrast to Xen, setting up KVM involves just a couple of steps, and the guest operating systems can run without special patches.
  • Avoiding KVM configuration errors
    Virtualization solutions isolate their VM systems far more effectively than a container host isolates its guests. However, implementation weaknesses in the hypervisor and configuration errors can lead to residual risk, as we show, using KVM as an example.
comments powered by Disqus