A Fresh Look at the Architecture and Performance of Contemporary Isolation Platforms

V.J. van Rijn; Jan S. Rellermeyer

doi:10.1145/3464298.3493404

A Fresh Look at the Architecture and Performance of Contemporary Isolation Platforms

Data-Intensive Systems

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

165 Downloads (Pure)

Abstract

With the ever-increasing pervasiveness of the cloud computing paradigm, strong isolation guarantees and low performance overhead from isolation platforms are paramount. An ideal isolation platform offers both: an impermeable isolation boundary while imposing a negligible performance overhead. In this paper, we examine various isolation platforms (containers, secure containers, hypervisors, unikernels), and conduct a wide array of experiments to measure the performance overhead and degree of isolation offered by the platforms. We find that container platforms have the best, near-native, performance while the newly emerging secure containers suffer from various overheads. The highest degree of isolation is achieved by unikernels, closely followed by traditional containers.

Original language	English
Title of host publication	Proceedings of the 22nd ACM/IFIP International Middleware Conference
Publisher	ACM DL
Number of pages	13
ISBN (Electronic)	978-1-4503-8534-3
DOIs	https://doi.org/10.1145/3464298.3493404
Publication status	Published - 2021
Event	22nd ACM/IFIP International Middleware Conference - Virtual Event, Quebeq City, Canada Duration: 6 Dec 2021 → 10 Dec 2021 https://middleware-conf.github.io/2021/

Conference

Conference	22nd ACM/IFIP International Middleware Conference
Abbreviated title	Middleware '22
Country/Territory	Canada
City	Quebeq City
Period	6/12/21 → 10/12/21
Internet address	https://middleware-conf.github.io/2021/

Keywords

Containers
Virtual Machines
Performance

Access to Document

10.1145/3464298.3493404

middleware2021_camera-readyFinal published version, 3.02 MBLicence: CC BY

Cite this

@inproceedings{3028feb8cf5545178c47ff9678daf05b,

title = "A Fresh Look at the Architecture and Performance of Contemporary Isolation Platforms",

abstract = "With the ever-increasing pervasiveness of the cloud computing paradigm, strong isolation guarantees and low performance overhead from isolation platforms are paramount. An ideal isolation platform offers both: an impermeable isolation boundary while imposing a negligible performance overhead. In this paper, we examine various isolation platforms (containers, secure containers, hypervisors, unikernels), and conduct a wide array of experiments to measure the performance overhead and degree of isolation offered by the platforms. We find that container platforms have the best, near-native, performance while the newly emerging secure containers suffer from various overheads. The highest degree of isolation is achieved by unikernels, closely followed by traditional containers.",

keywords = "Containers, Virtual Machines, Performance",

author = "{van Rijn}, V.J. and Rellermeyer, {Jan S.}",

year = "2021",

doi = "10.1145/3464298.3493404",

language = "English",

booktitle = "Proceedings of the 22nd ACM/IFIP International Middleware Conference",

publisher = "ACM DL",

note = "22nd ACM/IFIP International Middleware Conference, Middleware '22 ; Conference date: 06-12-2021 Through 10-12-2021",

url = "https://middleware-conf.github.io/2021/",

}

TY - GEN

T1 - A Fresh Look at the Architecture and Performance of Contemporary Isolation Platforms

AU - van Rijn, V.J.

AU - Rellermeyer, Jan S.

PY - 2021

Y1 - 2021

N2 - With the ever-increasing pervasiveness of the cloud computing paradigm, strong isolation guarantees and low performance overhead from isolation platforms are paramount. An ideal isolation platform offers both: an impermeable isolation boundary while imposing a negligible performance overhead. In this paper, we examine various isolation platforms (containers, secure containers, hypervisors, unikernels), and conduct a wide array of experiments to measure the performance overhead and degree of isolation offered by the platforms. We find that container platforms have the best, near-native, performance while the newly emerging secure containers suffer from various overheads. The highest degree of isolation is achieved by unikernels, closely followed by traditional containers.

AB - With the ever-increasing pervasiveness of the cloud computing paradigm, strong isolation guarantees and low performance overhead from isolation platforms are paramount. An ideal isolation platform offers both: an impermeable isolation boundary while imposing a negligible performance overhead. In this paper, we examine various isolation platforms (containers, secure containers, hypervisors, unikernels), and conduct a wide array of experiments to measure the performance overhead and degree of isolation offered by the platforms. We find that container platforms have the best, near-native, performance while the newly emerging secure containers suffer from various overheads. The highest degree of isolation is achieved by unikernels, closely followed by traditional containers.

KW - Containers

KW - Virtual Machines

KW - Performance

U2 - 10.1145/3464298.3493404

DO - 10.1145/3464298.3493404

M3 - Conference contribution

BT - Proceedings of the 22nd ACM/IFIP International Middleware Conference

PB - ACM DL

T2 - 22nd ACM/IFIP International Middleware Conference

Y2 - 6 December 2021 through 10 December 2021

ER -

A Fresh Look at the Architecture and Performance of Contemporary Isolation Platforms

Abstract

Conference

Keywords

Access to Document

Fingerprint

Cite this