Why virtualize a whole system when you can just virtualize the apps themselves?
That's the philosophy behind ZeroVM, an open source virtualization platform designed as a lightweight alternative to the bulk of systems like KVM or Xen. It's also the latest addition to the ever-expanding virtualization arsenal used by Rackspace.
Most VMs virtualize an entire system; ZeroVM focuses on applications, which it does by using the Google Native Client as a substrate for running its code. Applications that run inside ZeroVM never see hardware, but instead view only application-level abstractions like pipes. The system is language-neutral as well.
Because processes can be created and destroyed very quickly with ZeroVM, each incoming request is given its own process and is heavily encapsulated. One major advantage of this setup is that an attacker cannot access data from another running instance by exploiting an application bug. (This doesn't account for, say, dumping another user's data by way of a SQL injection, but it's still that much smaller an attack surface.)
Unlike other VMs, though, ZeroVM doesn't run most applications as-is. Binaries need to be compiled to work under ZeroVM, and ZeroVM itself is currently only single-threaded as well. On the other hand, applications written in an interpreted language only need to have the interpreter running under ZeroVM in order to work. Lua and Python are available right now, and a more portable version of ZeroVM is in the works where "LLVM bytecode will be dynamically compiled inside a VM to either ARM or Intel," according to the ZeroVM Wiki.
A major selling point for ZeroVM, from Rackspace's point of view, is embedability. Most of ZeroVM's mechanisms were dreamed up for an environment where large data loads needed to be manipulated, which brought up the question: Rather than bring the data to the applications, why not make the applications as lightweight as possible and bring them to the data? By removing most of the stuff that simply didn't need to be there and concentrating only on what was needed to make a given app work, a good deal of bloat can be cut out.
Some obvious comparisons are possible between ZeroVM and a project like Docker, but the intentions are a little different. Docker is about packaging for deployment through a variety of environments. ZeroVM is more about providing a way for apps to be virtualized in a lightweight way in a given environment where a full VM solution would be excessive and not really needed.
Rackspace's interest in the project isn't hard to suss out. Most of the reason people use a VM in the first place is to run applications rather than an entire OS -- and isn't running applications what an OS is for in the first place? The less Rackspace would have to provision for any individual customer, the more savings they'd be likely to see on their part.
Rackspace is promising a "publicly accessible preview" soon, which ought to give us a far better idea of what this technology can do in their hands -- and how it'll compete with the rest of the rapidly changing VM world.
This story, "ZeroVM virtualizes apps, not machines," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.