NanoVMs has announced the first unikernel tool for developers that loads any Linux application as a unikernel.

But hang on… what is a unikernel?

The company says that unikernels are unique single process systems that run in a single address space.

Instead of deploying a Linux operating system and then an application on top of it… the application and the operating system become one secure isolated unit.

To run a unikernel system, a developer selects (from a modular stack) the minimal set of libraries which correspond to the OS constructs required for their application to run

These libraries are compiled with the application and configuration code to build sealed, fixed-purpose images (unikernels) which run directly without the need for an operating sysrem.

Because unikernels are a system (with no users) there is no need for usernames or passwords, which are a major contributor in the average data breach.

A system with no shells means no one can remotely log in to the system and start running random programs on it or worse enlist a lowly camera or edge device into a botnet.

NanoVMs Ops The NanoVMs tool, called “Ops” requires no complex coding or configuration and only requires a simple command to execute. The company claims that running an application as a unikernel is beneficial in many ways and can be superior to containers. Unikernels are faster, more secure, smaller and come provisioned as virtual machines, which gives them much greater density. To drill into this, unikernels embrace a four-point security model: No Users

No Shell

Single Process System

Massively Reduced Attack Surface According to NanoVMs, the fact that unikernels are a single process system is vital to solving cyber security vulnerabilities. “A traditional multiple process system such as Linux has the inherent capability of running multiple programs concurrently. With single process systems by design the system can only run your program not anyone else’s. This immediately stops a lot of remote code executions,” noted the company, in a press statement. With Ops, developers need no prior experience or knowledge of how to build unikernels, so [in theory] removing the barriers that may have prevented unikernel use in the past. Ops can be used to build and run unikernels locally on a laptop — no account needs to be created and there aren’t multiple installations to sit through, just a single download and one command. “We have numerous software issues that are reaching critical mass – security and cloud efficiency to name a few – and moving from outdated operating system-based applications to a unikernel system could have a radical impact,” said NanoVMs CEO Ian Eyberg. “Unikernels have been challenging to deploy in the past, but with our new Ops tool any developer can immediately begin implementation and reap the benefits.” NanoVMs will also be offering several premade Ops packages for common programs that users would run, but not necessarily code themselves, in addition to databases and webservers.