SlideShare a Scribd company logo

AWS Firecracker MicroVMs for Serverless Computing

Amazon Web Services
Amazon Web Services

The document discusses Firecracker, an open-source virtualization technology developed by Amazon for securely running containers and functions at high density and low latency. Firecracker provides security and isolation of VMs with the speed and density of containers by using lightweight microVMs. It is used in AWS Lambda and Fargate for improved efficiency and isolation. The document also discusses Firecracker's integration with Containerd and its use as an open-source project.

1 of 44
Download to read offline
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Firecracker: Secure and fast microVMs for serverless computing Meena Gowdar Senior Product Manager Amazon Web Services S E P 3 1 6
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda Introduction to Firecracker Use case: AWS Lambda Use case: AWS Fargate Open-source community engagement
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. What is Firecracker? Open-source virtualization technology (microVM) Security and isolation of traditional VMs Speed and density of containers Low resource overhead Developed at Amazon
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. What problem are we helping to solve? A really hard packing problem ☺ Time Lambda worker load Customer A function A.01 Customer B function B.07 Customer C function C.42 Customer {N} function {N}.{X}
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Benefits of Firecracker Security Startup time Utilization
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Benefits of Firecracker Security from the ground up KVM-based virtualization Speed by design < 125 ms to launch 150 microVMs per second/host Scale and efficiency < 5 MB memory footprint per microVM
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Firecracker design principles Multi-tenant Any vCPU and memory combination Oversubscription permissible Steady mutation rate: 100+ microVMs/host/sec Limited only by hardware resources Host-facing REST API Minimalist guest device model
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Host-facing REST API
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Firecracker design Guest OS and container workload KVM I/O Firecracker scales to thousands of multi-tenant microVMs Configurable microVMs across CPU and memory, running as user space processes Guest OS and container workload RESTful API Network Storage Metadata service Rate limiting Client Control plane Data plane Virtualization barrier Jailer barrier
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Lambda worker Provisions a secure environment for customer code execution
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Lambda worker architecture Hardware Host OS Hypervisor Guest OS Sandbox Lambda runtime Your code
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Lambda isolation One function One account Many accounts Hardware Host OS Hypervisor Guest OS Sandbox Lambda runtime Your code Keeping workloads safe and separate
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Lambda isolation using Amazon EC2 Hardware Host OS Hypervisor Guest OS Sandbox Lambda runtime Your code EC2 instances
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Lambda isolation using Firecracker Hardware Host OS Hypervisor Guest OS Sandbox Lambda runtime Your code Firecracker Amazon EC2 bare metal
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Lambda isolation using Firecracker One account and one function Many accounts Hardware Host OS Hypervisor Guest OS Sandbox Lambda runtime Your code Keeping workloads safe and separate
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Allocate workloads: Pack server with one workload Workload Workload Workload Workload Workload Workload Workload Workload ServerServer Server Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Take advantage of statistical multiplexing
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. More efficient: Pack server with many workloads Workload Workload Workload Workload Workload Workload Workload Workload ServerServer Server Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Take advantage of statistical multiplexing
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Most efficient: Placement optimization Workload Workload Workload Workload Workload Workload Workload Workload ServerServer Server Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Pick workloads that pack well together Minimize contention
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS container services landscape Management Deployment, scheduling, scaling, and management of containerized applications Hosting Where the containers run Amazon Elastic Container Service (Amazon ECS) Amazon Elastic Container Service for Kubernetes (Amazon EKS) Amazon Elastic Compute Cloud (Amazon EC2) AWS Fargate Image registry Container image repository Amazon Elastic Container Registry (Amazon ECR)
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Fargate configurations CPU (vCPU) Memory values (GB) 0.25 0.5, 1, 2 0.5 Min 1 GB, max 4 GB, in 1 GB increments 1 Min 2 GB, max 8 GB, in 1 GB increments 2 Min 4 GB, max 16 GB, in 1 GB increments 4 Min 8 GB, max 30 GB, in 1 GB increments
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Fargate Amazon EC2 resource usage: With warm pool Service account Account 1 Account 2 Account 3
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Fargate Amazon EC2 resource usage: with Firecracker Service account Account 1 Account 2 Account 3
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Fargate Amazon EC2 resource usage: With Firecracker Service account Account 1 Account 2 Account 3
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Fargate Amazon EC2 resource usage: With Firecracker Account 1 Account 2 Account 3
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Fargate Amazon EC2 resource usage: With Firecracker Account 1 Account 2 Account 3
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Fargate price reduction vCPU GB memory Effective price cut 2 12 -47.00% 2 13 -47.90% 2 14 -48.60% 2 15 -49.30% 2 16 -50.00% 4 8 -35.00% 4 9 -36.20% 4 10 -37.30% 4 11 -38.30% 20% per vCPU per second 65% per GB per second 35%–50% cumulative https://aws.amazon.com/blogs/compute/aws-fargate-price-reduction-up-to-50/
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Firecracker-Containerd Containerd to manage containers as Firecracker microVMs Multi-tenant hosts OCI image format Work with popular orchestration frameworks Kubernetes and Amazon ECS Define a future: light as container, secure as VM
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Firecracker and Containerd architecture microVM Containerd FC snapshotter Container Internal FC agent runc Content store FC runtime VM disk image Kernel image Firecracker VMM
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Firecracker as an open-source project 84 contributions from the open source community (~27%) Dozens of bug reports, several feature requests, RFC feedback Talks at 12 industry conferences across 2019 rust-vmm, working with other industry players to build VMM crates
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Firecracker as an open-source project Kata Containers UniK OSv
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Firecracker and Kata Containers Build lightweight virtual machine that seamlessly plugs into containers Kata Containers supports multiple hypervisors Default QEMU Preliminary Firecracker support
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Firecracker and Kata Containers spec: template: spec: runtimeClassName: kata-fc CRI-O or Containerd Annotations or RuntimeClass runc Kata—runtime BusyBox POD php BusyBox Firecracker virtual machine POD php BusyBox QEMU virtual machine POD php Kubelet
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Who should use Firecracker directly? Teams building compute services Teams integrating Firecracker with container stacks Developers who want to contribute
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Getting started with Firecracker Firecracker on AWS bare metal Firecracker on other clouds with bare metal (e.g., Packet) Firecracker on GCP nested-virt Firecracker on Azure nested-virt Firecracker on your dev machine (physical/nested-virt)
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Firectl Firectl is a CLI to create Firecracker microVMs firectl --kernel=hello-vmlinux.bin --root-drive=hello-rootfs.ext4
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. References and contribute https://github.com/firecracker-microvm/
Thank you! © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Meena Gowdar meenag@amazon.com

Recommended

Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019
Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019 Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019
Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019 Amazon Web Services
 
Account automation and temporary AWS credential service - GRC328 - AWS re:Inf...
Account automation and temporary AWS credential service - GRC328 - AWS re:Inf...Account automation and temporary AWS credential service - GRC328 - AWS re:Inf...
Account automation and temporary AWS credential service - GRC328 - AWS re:Inf...Amazon Web Services
 
Technology as a means for compliance - GRC206 - AWS re:Inforce 2019
Technology as a means for compliance - GRC206 - AWS re:Inforce 2019 Technology as a means for compliance - GRC206 - AWS re:Inforce 2019
Technology as a means for compliance - GRC206 - AWS re:Inforce 2019 Amazon Web Services
 
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...Amazon Web Services
 
A security-first approach to delivering end-user computing services - FND327 ...
A security-first approach to delivering end-user computing services - FND327 ...A security-first approach to delivering end-user computing services - FND327 ...
A security-first approach to delivering end-user computing services - FND327 ...Amazon Web Services
 
Security at the speed of cloud: How to think about it & how you can do it now...
Security at the speed of cloud: How to think about it & how you can do it now...Security at the speed of cloud: How to think about it & how you can do it now...
Security at the speed of cloud: How to think about it & how you can do it now...Amazon Web Services
 
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Amazon Web Services
 
Hands-on with AWS Security Hub - FND213-R - AWS re:Inforce 2019
Hands-on with AWS Security Hub - FND213-R - AWS re:Inforce 2019 Hands-on with AWS Security Hub - FND213-R - AWS re:Inforce 2019
Hands-on with AWS Security Hub - FND213-R - AWS re:Inforce 2019 Amazon Web Services
 

Recommended

Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019
Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019 Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019
Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019 Amazon Web Services
 
Account automation and temporary AWS credential service - GRC328 - AWS re:Inf...
Account automation and temporary AWS credential service - GRC328 - AWS re:Inf...Account automation and temporary AWS credential service - GRC328 - AWS re:Inf...
Account automation and temporary AWS credential service - GRC328 - AWS re:Inf...Amazon Web Services
 
Technology as a means for compliance - GRC206 - AWS re:Inforce 2019
Technology as a means for compliance - GRC206 - AWS re:Inforce 2019 Technology as a means for compliance - GRC206 - AWS re:Inforce 2019
Technology as a means for compliance - GRC206 - AWS re:Inforce 2019 Amazon Web Services
 
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...Amazon Web Services
 
A security-first approach to delivering end-user computing services - FND327 ...
A security-first approach to delivering end-user computing services - FND327 ...A security-first approach to delivering end-user computing services - FND327 ...
A security-first approach to delivering end-user computing services - FND327 ...Amazon Web Services
 
Security at the speed of cloud: How to think about it & how you can do it now...
Security at the speed of cloud: How to think about it & how you can do it now...Security at the speed of cloud: How to think about it & how you can do it now...
Security at the speed of cloud: How to think about it & how you can do it now...Amazon Web Services
 
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Amazon Web Services
 
Hands-on with AWS Security Hub - FND213-R - AWS re:Inforce 2019
Hands-on with AWS Security Hub - FND213-R - AWS re:Inforce 2019 Hands-on with AWS Security Hub - FND213-R - AWS re:Inforce 2019
Hands-on with AWS Security Hub - FND213-R - AWS re:Inforce 2019 Amazon Web Services
 
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...Amazon Web Services
 
Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...
Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...
Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...Amazon Web Services
 
In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...
In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...
In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...Amazon Web Services
 
Evolving perimeters with guardrails, not gates: Improving developer agility -...
Evolving perimeters with guardrails, not gates: Improving developer agility -...Evolving perimeters with guardrails, not gates: Improving developer agility -...
Evolving perimeters with guardrails, not gates: Improving developer agility -...Amazon Web Services
 
Build security into CI/CD pipelines for effective security automation on AWS ...
Build security into CI/CD pipelines for effective security automation on AWS ...Build security into CI/CD pipelines for effective security automation on AWS ...
Build security into CI/CD pipelines for effective security automation on AWS ...Amazon Web Services
 
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019 Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019 Amazon Web Services
 
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Amazon Web Services
 
Best practices for choosing identity solutions for applications + workloads -...
Best practices for choosing identity solutions for applications + workloads -...Best practices for choosing identity solutions for applications + workloads -...
Best practices for choosing identity solutions for applications + workloads -...Amazon Web Services
 
Cloud control fitness - GRC202 - AWS re:Inforce 2019
Cloud control fitness - GRC202 - AWS re:Inforce 2019 Cloud control fitness - GRC202 - AWS re:Inforce 2019
Cloud control fitness - GRC202 - AWS re:Inforce 2019 Amazon Web Services
 
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019 Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019 Amazon Web Services
 
Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019
Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019 Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019
Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019 Amazon Web Services
 
An open-source adventure in the cloud, containers, and incident response - SE...
An open-source adventure in the cloud, containers, and incident response - SE...An open-source adventure in the cloud, containers, and incident response - SE...
An open-source adventure in the cloud, containers, and incident response - SE...Amazon Web Services
 
How to secure your Active Directory deployment on AWS - FND306-R - AWS re:Inf...
How to secure your Active Directory deployment on AWS - FND306-R - AWS re:Inf...How to secure your Active Directory deployment on AWS - FND306-R - AWS re:Inf...
How to secure your Active Directory deployment on AWS - FND306-R - AWS re:Inf...Amazon Web Services
 
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Amazon Web Services
 
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019 Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019 Amazon Web Services
 
Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Amazon Web Services
 
Encrypting everything with AWS - SEP402 - AWS re:Inforce 2019
Encrypting everything with AWS - SEP402 - AWS re:Inforce 2019 Encrypting everything with AWS - SEP402 - AWS re:Inforce 2019
Encrypting everything with AWS - SEP402 - AWS re:Inforce 2019 Amazon Web Services
 
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...Amazon Web Services
 
Cloud DevSecOps masterclass: Lessons learned from a multi-year implementation...
Cloud DevSecOps masterclass: Lessons learned from a multi-year implementation...Cloud DevSecOps masterclass: Lessons learned from a multi-year implementation...
Cloud DevSecOps masterclass: Lessons learned from a multi-year implementation...Amazon Web Services
 
Unify security, compliance, and finance teams with governance at scale - GRC2...
Unify security, compliance, and finance teams with governance at scale - GRC2...Unify security, compliance, and finance teams with governance at scale - GRC2...
Unify security, compliance, and finance teams with governance at scale - GRC2...Amazon Web Services
 
Secure and Fast microVM for Serverless Computing using Firecracker
Secure and Fast microVM for Serverless Computing using FirecrackerSecure and Fast microVM for Serverless Computing using Firecracker
Secure and Fast microVM for Serverless Computing using FirecrackerArun Gupta
 
Breaking the Monolith road to containers.pdf
Breaking the Monolith road to containers.pdfBreaking the Monolith road to containers.pdf
Breaking the Monolith road to containers.pdfAmazon Web Services
 

More Related Content

What's hot

Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...Amazon Web Services
 
Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...
Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...
Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...Amazon Web Services
 
In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...
In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...
In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...Amazon Web Services
 
Evolving perimeters with guardrails, not gates: Improving developer agility -...
Evolving perimeters with guardrails, not gates: Improving developer agility -...Evolving perimeters with guardrails, not gates: Improving developer agility -...
Evolving perimeters with guardrails, not gates: Improving developer agility -...Amazon Web Services
 
Build security into CI/CD pipelines for effective security automation on AWS ...
Build security into CI/CD pipelines for effective security automation on AWS ...Build security into CI/CD pipelines for effective security automation on AWS ...
Build security into CI/CD pipelines for effective security automation on AWS ...Amazon Web Services
 
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019 Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019 Amazon Web Services
 
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Amazon Web Services
 
Best practices for choosing identity solutions for applications + workloads -...
Best practices for choosing identity solutions for applications + workloads -...Best practices for choosing identity solutions for applications + workloads -...
Best practices for choosing identity solutions for applications + workloads -...Amazon Web Services
 
Cloud control fitness - GRC202 - AWS re:Inforce 2019
Cloud control fitness - GRC202 - AWS re:Inforce 2019 Cloud control fitness - GRC202 - AWS re:Inforce 2019
Cloud control fitness - GRC202 - AWS re:Inforce 2019 Amazon Web Services
 
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019 Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019 Amazon Web Services
 
Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019
Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019 Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019
Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019 Amazon Web Services
 
An open-source adventure in the cloud, containers, and incident response - SE...
An open-source adventure in the cloud, containers, and incident response - SE...An open-source adventure in the cloud, containers, and incident response - SE...
An open-source adventure in the cloud, containers, and incident response - SE...Amazon Web Services
 
How to secure your Active Directory deployment on AWS - FND306-R - AWS re:Inf...
How to secure your Active Directory deployment on AWS - FND306-R - AWS re:Inf...How to secure your Active Directory deployment on AWS - FND306-R - AWS re:Inf...
How to secure your Active Directory deployment on AWS - FND306-R - AWS re:Inf...Amazon Web Services
 
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Amazon Web Services
 
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019 Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019 Amazon Web Services
 
Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Amazon Web Services
 
Encrypting everything with AWS - SEP402 - AWS re:Inforce 2019
Encrypting everything with AWS - SEP402 - AWS re:Inforce 2019 Encrypting everything with AWS - SEP402 - AWS re:Inforce 2019
Encrypting everything with AWS - SEP402 - AWS re:Inforce 2019 Amazon Web Services
 
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...Amazon Web Services
 
Cloud DevSecOps masterclass: Lessons learned from a multi-year implementation...
Cloud DevSecOps masterclass: Lessons learned from a multi-year implementation...Cloud DevSecOps masterclass: Lessons learned from a multi-year implementation...
Cloud DevSecOps masterclass: Lessons learned from a multi-year implementation...Amazon Web Services
 
Unify security, compliance, and finance teams with governance at scale - GRC2...
Unify security, compliance, and finance teams with governance at scale - GRC2...Unify security, compliance, and finance teams with governance at scale - GRC2...
Unify security, compliance, and finance teams with governance at scale - GRC2...Amazon Web Services
 

What's hot (20)

Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
 
Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...
Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...
Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...
 
In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...
In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...
In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...
 
Evolving perimeters with guardrails, not gates: Improving developer agility -...
Evolving perimeters with guardrails, not gates: Improving developer agility -...Evolving perimeters with guardrails, not gates: Improving developer agility -...
Evolving perimeters with guardrails, not gates: Improving developer agility -...
 
Build security into CI/CD pipelines for effective security automation on AWS ...
Build security into CI/CD pipelines for effective security automation on AWS ...Build security into CI/CD pipelines for effective security automation on AWS ...
Build security into CI/CD pipelines for effective security automation on AWS ...
 
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019 Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019
 
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
 
Best practices for choosing identity solutions for applications + workloads -...
Best practices for choosing identity solutions for applications + workloads -...Best practices for choosing identity solutions for applications + workloads -...
Best practices for choosing identity solutions for applications + workloads -...
 
Cloud control fitness - GRC202 - AWS re:Inforce 2019
Cloud control fitness - GRC202 - AWS re:Inforce 2019 Cloud control fitness - GRC202 - AWS re:Inforce 2019
Cloud control fitness - GRC202 - AWS re:Inforce 2019
 
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019 Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019
 
Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019
Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019 Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019
Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019
 
An open-source adventure in the cloud, containers, and incident response - SE...
An open-source adventure in the cloud, containers, and incident response - SE...An open-source adventure in the cloud, containers, and incident response - SE...
An open-source adventure in the cloud, containers, and incident response - SE...
 
How to secure your Active Directory deployment on AWS - FND306-R - AWS re:Inf...
How to secure your Active Directory deployment on AWS - FND306-R - AWS re:Inf...How to secure your Active Directory deployment on AWS - FND306-R - AWS re:Inf...
How to secure your Active Directory deployment on AWS - FND306-R - AWS re:Inf...
 
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
 
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019 Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
 
Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019
 
Encrypting everything with AWS - SEP402 - AWS re:Inforce 2019
Encrypting everything with AWS - SEP402 - AWS re:Inforce 2019 Encrypting everything with AWS - SEP402 - AWS re:Inforce 2019
Encrypting everything with AWS - SEP402 - AWS re:Inforce 2019
 
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
 
Cloud DevSecOps masterclass: Lessons learned from a multi-year implementation...
Cloud DevSecOps masterclass: Lessons learned from a multi-year implementation...Cloud DevSecOps masterclass: Lessons learned from a multi-year implementation...
Cloud DevSecOps masterclass: Lessons learned from a multi-year implementation...
 
Unify security, compliance, and finance teams with governance at scale - GRC2...
Unify security, compliance, and finance teams with governance at scale - GRC2...Unify security, compliance, and finance teams with governance at scale - GRC2...
Unify security, compliance, and finance teams with governance at scale - GRC2...
 

Similar to AWS Firecracker MicroVMs for Serverless Computing

Secure and Fast microVM for Serverless Computing using Firecracker
Secure and Fast microVM for Serverless Computing using FirecrackerSecure and Fast microVM for Serverless Computing using Firecracker
Secure and Fast microVM for Serverless Computing using FirecrackerArun Gupta
 
Breaking the Monolith road to containers.pdf
Breaking the Monolith road to containers.pdfBreaking the Monolith road to containers.pdf
Breaking the Monolith road to containers.pdfAmazon Web Services
 
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019AWS Summits
 
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019Amazon Web Services
 
Breaking the Monolith road to containers.pdf
Breaking the Monolith road to containers.pdfBreaking the Monolith road to containers.pdf
Breaking the Monolith road to containers.pdfAmazon Web Services
 
Firecracker, 서버리스 컴퓨팅을 위한 오픈소스 microVM 기술
Firecracker, 서버리스 컴퓨팅을 위한 오픈소스 microVM 기술Firecracker, 서버리스 컴퓨팅을 위한 오픈소스 microVM 기술
Firecracker, 서버리스 컴퓨팅을 위한 오픈소스 microVM 기술Han Jin Ryu
 
Firecracker, 서버리스 컴퓨팅을 위한 오픈소스 microVM 기술 :: 류한진 - AWS ...
Firecracker, 서버리스 컴퓨팅을 위한 오픈소스 microVM 기술 :: 류한진 - AWS ...Firecracker, 서버리스 컴퓨팅을 위한 오픈소스 microVM 기술 :: 류한진 - AWS ...
Firecracker, 서버리스 컴퓨팅을 위한 오픈소스 microVM 기술 :: 류한진 - AWS ...AWSKRUG - AWS한국사용자모임
 
Breaking the Monolith using AWS Container Services
Breaking the Monolith using AWS Container ServicesBreaking the Monolith using AWS Container Services
Breaking the Monolith using AWS Container ServicesAmazon Web Services
 
AWS DevDay Berlin - Resiliency and availability design patterns for the cloud
AWS DevDay Berlin - Resiliency and availability design patterns for the cloudAWS DevDay Berlin - Resiliency and availability design patterns for the cloud
AWS DevDay Berlin - Resiliency and availability design patterns for the cloudCobus Bernard
 
AWS Accra Meetup - Developing Modern Applications in the Cloud
AWS Accra Meetup - Developing Modern Applications in the CloudAWS Accra Meetup - Developing Modern Applications in the Cloud
AWS Accra Meetup - Developing Modern Applications in the CloudCobus Bernard
 
[CPT DevOps Meetup] Developing Modern Applications in the Cloud
[CPT DevOps Meetup] Developing Modern Applications in the Cloud[CPT DevOps Meetup] Developing Modern Applications in the Cloud
[CPT DevOps Meetup] Developing Modern Applications in the CloudCobus Bernard
 
AWS Jozi Meetup Developing Modern Applications in the Cloud
AWS Jozi Meetup Developing Modern Applications in the CloudAWS Jozi Meetup Developing Modern Applications in the Cloud
AWS Jozi Meetup Developing Modern Applications in the CloudCobus Bernard
 
Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...
Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...
Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...Amazon Web Services
 
Orchestrating containers on AWS | AWS Floor28
Orchestrating containers on AWS | AWS Floor28Orchestrating containers on AWS | AWS Floor28
Orchestrating containers on AWS | AWS Floor28Amazon Web Services
 
Getting Started with ARM-Based EC2 A1 Instances - CMP302 - Anaheim AWS Summit
Getting Started with ARM-Based EC2 A1 Instances - CMP302 - Anaheim AWS SummitGetting Started with ARM-Based EC2 A1 Instances - CMP302 - Anaheim AWS Summit
Getting Started with ARM-Based EC2 A1 Instances - CMP302 - Anaheim AWS SummitAmazon Web Services
 
Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...Amazon Web Services
 
CICDforModernApplications-Oslo.pdf
CICDforModernApplications-Oslo.pdfCICDforModernApplications-Oslo.pdf
CICDforModernApplications-Oslo.pdfAmazon Web Services
 

Similar to AWS Firecracker MicroVMs for Serverless Computing (20)

Secure and Fast microVM for Serverless Computing using Firecracker
Secure and Fast microVM for Serverless Computing using FirecrackerSecure and Fast microVM for Serverless Computing using Firecracker
Secure and Fast microVM for Serverless Computing using Firecracker
 
Breaking the Monolith road to containers.pdf
Breaking the Monolith road to containers.pdfBreaking the Monolith road to containers.pdf
Breaking the Monolith road to containers.pdf
 
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
 
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
 
Breaking the Monolith road to containers.pdf
Breaking the Monolith road to containers.pdfBreaking the Monolith road to containers.pdf
Breaking the Monolith road to containers.pdf
 
Core services
Core servicesCore services
Core services
 
Firecracker, 서버리스 컴퓨팅을 위한 오픈소스 microVM 기술
Firecracker, 서버리스 컴퓨팅을 위한 오픈소스 microVM 기술Firecracker, 서버리스 컴퓨팅을 위한 오픈소스 microVM 기술
Firecracker, 서버리스 컴퓨팅을 위한 오픈소스 microVM 기술
 
Firecracker, 서버리스 컴퓨팅을 위한 오픈소스 microVM 기술 :: 류한진 - AWS ...
Firecracker, 서버리스 컴퓨팅을 위한 오픈소스 microVM 기술 :: 류한진 - AWS ...Firecracker, 서버리스 컴퓨팅을 위한 오픈소스 microVM 기술 :: 류한진 - AWS ...
Firecracker, 서버리스 컴퓨팅을 위한 오픈소스 microVM 기술 :: 류한진 - AWS ...
 
Breaking the Monolith using AWS Container Services
Breaking the Monolith using AWS Container ServicesBreaking the Monolith using AWS Container Services
Breaking the Monolith using AWS Container Services
 
Containers on AWS
Containers on AWSContainers on AWS
Containers on AWS
 
AWS DevDay Berlin - Resiliency and availability design patterns for the cloud
AWS DevDay Berlin - Resiliency and availability design patterns for the cloudAWS DevDay Berlin - Resiliency and availability design patterns for the cloud
AWS DevDay Berlin - Resiliency and availability design patterns for the cloud
 
Cloud Migration Workshop
Cloud Migration WorkshopCloud Migration Workshop
Cloud Migration Workshop
 
AWS Accra Meetup - Developing Modern Applications in the Cloud
AWS Accra Meetup - Developing Modern Applications in the CloudAWS Accra Meetup - Developing Modern Applications in the Cloud
AWS Accra Meetup - Developing Modern Applications in the Cloud
 
[CPT DevOps Meetup] Developing Modern Applications in the Cloud
[CPT DevOps Meetup] Developing Modern Applications in the Cloud[CPT DevOps Meetup] Developing Modern Applications in the Cloud
[CPT DevOps Meetup] Developing Modern Applications in the Cloud
 
AWS Jozi Meetup Developing Modern Applications in the Cloud
AWS Jozi Meetup Developing Modern Applications in the CloudAWS Jozi Meetup Developing Modern Applications in the Cloud
AWS Jozi Meetup Developing Modern Applications in the Cloud
 
Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...
Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...
Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...
 
Orchestrating containers on AWS | AWS Floor28
Orchestrating containers on AWS | AWS Floor28Orchestrating containers on AWS | AWS Floor28
Orchestrating containers on AWS | AWS Floor28
 
Getting Started with ARM-Based EC2 A1 Instances - CMP302 - Anaheim AWS Summit
Getting Started with ARM-Based EC2 A1 Instances - CMP302 - Anaheim AWS SummitGetting Started with ARM-Based EC2 A1 Instances - CMP302 - Anaheim AWS Summit
Getting Started with ARM-Based EC2 A1 Instances - CMP302 - Anaheim AWS Summit
 
Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...
 
CICDforModernApplications-Oslo.pdf
CICDforModernApplications-Oslo.pdfCICDforModernApplications-Oslo.pdf
CICDforModernApplications-Oslo.pdf
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

AWS Firecracker MicroVMs for Serverless Computing

  • 1. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Firecracker: Secure and fast microVMs for serverless computing Meena Gowdar Senior Product Manager Amazon Web Services S E P 3 1 6
  • 2. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda Introduction to Firecracker Use case: AWS Lambda Use case: AWS Fargate Open-source community engagement
  • 3. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. What is Firecracker? Open-source virtualization technology (microVM) Security and isolation of traditional VMs Speed and density of containers Low resource overhead Developed at Amazon
  • 4. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. What problem are we helping to solve? A really hard packing problem ☺ Time Lambda worker load Customer A function A.01 Customer B function B.07 Customer C function C.42 Customer {N} function {N}.{X}
  • 5. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Benefits of Firecracker Security Startup time Utilization
  • 6. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Benefits of Firecracker Security from the ground up KVM-based virtualization Speed by design < 125 ms to launch 150 microVMs per second/host Scale and efficiency < 5 MB memory footprint per microVM
  • 7. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Firecracker design principles Multi-tenant Any vCPU and memory combination Oversubscription permissible Steady mutation rate: 100+ microVMs/host/sec Limited only by hardware resources Host-facing REST API Minimalist guest device model
  • 8. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Host-facing REST API
  • 9. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Firecracker design Guest OS and container workload KVM I/O Firecracker scales to thousands of multi-tenant microVMs Configurable microVMs across CPU and memory, running as user space processes Guest OS and container workload RESTful API Network Storage Metadata service Rate limiting Client Control plane Data plane Virtualization barrier Jailer barrier
  • 10. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 11. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Lambda worker Provisions a secure environment for customer code execution
  • 12. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Lambda worker architecture Hardware Host OS Hypervisor Guest OS Sandbox Lambda runtime Your code
  • 13. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Lambda isolation One function One account Many accounts Hardware Host OS Hypervisor Guest OS Sandbox Lambda runtime Your code Keeping workloads safe and separate
  • 14. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Lambda isolation using Amazon EC2 Hardware Host OS Hypervisor Guest OS Sandbox Lambda runtime Your code EC2 instances
  • 15. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Lambda isolation using Firecracker Hardware Host OS Hypervisor Guest OS Sandbox Lambda runtime Your code Firecracker Amazon EC2 bare metal
  • 16. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Lambda isolation using Firecracker One account and one function Many accounts Hardware Host OS Hypervisor Guest OS Sandbox Lambda runtime Your code Keeping workloads safe and separate
  • 17. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Allocate workloads: Pack server with one workload Workload Workload Workload Workload Workload Workload Workload Workload ServerServer Server Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Take advantage of statistical multiplexing
  • 18. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. More efficient: Pack server with many workloads Workload Workload Workload Workload Workload Workload Workload Workload ServerServer Server Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Take advantage of statistical multiplexing
  • 19. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Most efficient: Placement optimization Workload Workload Workload Workload Workload Workload Workload Workload ServerServer Server Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Workload Pick workloads that pack well together Minimize contention
  • 20. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS container services landscape Management Deployment, scheduling, scaling, and management of containerized applications Hosting Where the containers run Amazon Elastic Container Service (Amazon ECS) Amazon Elastic Container Service for Kubernetes (Amazon EKS) Amazon Elastic Compute Cloud (Amazon EC2) AWS Fargate Image registry Container image repository Amazon Elastic Container Registry (Amazon ECR)
  • 21. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 22. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Fargate configurations CPU (vCPU) Memory values (GB) 0.25 0.5, 1, 2 0.5 Min 1 GB, max 4 GB, in 1 GB increments 1 Min 2 GB, max 8 GB, in 1 GB increments 2 Min 4 GB, max 16 GB, in 1 GB increments 4 Min 8 GB, max 30 GB, in 1 GB increments
  • 23. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Fargate Amazon EC2 resource usage: With warm pool Service account Account 1 Account 2 Account 3
  • 24. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Fargate Amazon EC2 resource usage: with Firecracker Service account Account 1 Account 2 Account 3
  • 25. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Fargate Amazon EC2 resource usage: With Firecracker Service account Account 1 Account 2 Account 3
  • 26. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Fargate Amazon EC2 resource usage: With Firecracker Account 1 Account 2 Account 3
  • 27. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Fargate Amazon EC2 resource usage: With Firecracker Account 1 Account 2 Account 3
  • 28. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Fargate price reduction vCPU GB memory Effective price cut 2 12 -47.00% 2 13 -47.90% 2 14 -48.60% 2 15 -49.30% 2 16 -50.00% 4 8 -35.00% 4 9 -36.20% 4 10 -37.30% 4 11 -38.30% 20% per vCPU per second 65% per GB per second 35%–50% cumulative https://aws.amazon.com/blogs/compute/aws-fargate-price-reduction-up-to-50/
  • 29. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 30. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Firecracker-Containerd Containerd to manage containers as Firecracker microVMs Multi-tenant hosts OCI image format Work with popular orchestration frameworks Kubernetes and Amazon ECS Define a future: light as container, secure as VM
  • 31. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Firecracker and Containerd architecture microVM Containerd FC snapshotter Container Internal FC agent runc Content store FC runtime VM disk image Kernel image Firecracker VMM
  • 32. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 33. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Firecracker as an open-source project 84 contributions from the open source community (~27%) Dozens of bug reports, several feature requests, RFC feedback Talks at 12 industry conferences across 2019 rust-vmm, working with other industry players to build VMM crates
  • 34. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Firecracker as an open-source project Kata Containers UniK OSv
  • 35. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Firecracker and Kata Containers Build lightweight virtual machine that seamlessly plugs into containers Kata Containers supports multiple hypervisors Default QEMU Preliminary Firecracker support
  • 36. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Firecracker and Kata Containers spec: template: spec: runtimeClassName: kata-fc CRI-O or Containerd Annotations or RuntimeClass runc Kata—runtime BusyBox POD php BusyBox Firecracker virtual machine POD php BusyBox QEMU virtual machine POD php Kubelet
  • 37. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 38.
  • 39. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 40. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Who should use Firecracker directly? Teams building compute services Teams integrating Firecracker with container stacks Developers who want to contribute
  • 41. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Getting started with Firecracker Firecracker on AWS bare metal Firecracker on other clouds with bare metal (e.g., Packet) Firecracker on GCP nested-virt Firecracker on Azure nested-virt Firecracker on your dev machine (physical/nested-virt)
  • 42. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Firectl Firectl is a CLI to create Firecracker microVMs firectl --kernel=hello-vmlinux.bin --root-drive=hello-rootfs.ext4
  • 43. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. References and contribute https://github.com/firecracker-microvm/
  • 44. Thank you! © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Meena Gowdar meenag@amazon.com