Building and deploying lightweight apps is becoming an easier and more reliable process with the emergence of unikernels. While limited in functionality, unikernals offer many advantages in terms of speed and security.\nWhat are unikernels?\nA unikernel is a very specialized single-address-space machine image that is similar to the kind of cloud applications that have come to dominate so much of the internet, but they are considerably smaller and are single-purpose. They are lightweight, providing only the resources needed. They load very quickly and are considerably more secure -- having a very limited attack surface. Any drivers, I\/O routines and support libraries that are required are included in the single executable. The resultant virtual image can then be booted and run without anything else being present. And they will often run 10 to 20 times faster than a container.\n\nWould-be attackers cannot drop into a shell and try to gain control because there is no shell. They can't try to grab the system's \/etc\/passwd or \/etc\/shadow files because these files don't exist. Creating a unikernel is much like turning your application into its own OS. With a unikernel, the application and the OS become a single entity. You omit what you don't need, thereby removing vulnerabilities and improving performance many times over.\nIn short, unikernels:\n\nProvide improved security (e.g., making shell code exploits impossible)\nHave much smaller footprints then standard cloud apps\nAre highly optimized\nBoot extremely quickly\n\nAre there any downsides to unikernels?\nThe only serious downside to unikernels is that you have to build them. For many developers, this has been a giant step. Trimming down applications to just what is needed and then producing a tight, smoothly running application can be complex because of the application's low-level nature. In the past, you pretty much had to have been a systems developer or a low level programmer to generate them.\nHow is this changing?\nJust recently (March 24, 2019) NanoVMs announced a tool that loads any Linux application as a unikernel. Using NanoVMs OPS, anyone can run a Linux application as a unikernel with no additional coding. The application will also run faster, more safely and with less cost and overhead.\nWhat is NanoVMs OPS?\nNanoVMs is a unikernel tool for developers. It allows you to run all sorts of enterprise class software yet still have extremely tight control over how it works.\nOther benefits associated with OPS include:\n\nDevelopers need no prior experience or knowledge to build unikernels.\nThe tool can be used to build and run unikernels locally on a laptop.\nNo accounts need to be created and only a single download and one command is required to execute OPS.\n\nAn intro to NanoVMs is available on NanoVMs on youtube. You can also check out the company's LinkedIn page and can read about NanoVMs security here.\nHere is some information on how to get started.