Cloudflare Thinks VMs Aren't the Future

[AlphaAtlas]

Containers and Virtual Machines are the foundation of the world's cloud infrastructure today, as they allow clients to isolate their environments from neighbors running on the same machine. But in a blog post, Cloudflare, one of the largest cloud providers in the world, argued that they aren't necessarily the future. Instead of walling off instances totally, Cloudflare runs their clients' JavaScript code in "isolates" that are based on one of the most popular pieces of software on Earth: Google Chrome. Chrome's V8 JavaScript engine is explicitly designed to run multiple instances of code with as little overhead as possible, and they say leveraging it has a number of advantages. All the work is done in a single process, which means no context switching is needed, and memory usage can be lowered by "an order of magnitude." Running all that code simultaneously without the isolation of a VM may seem insecure, but Cloudflare points out that Chome's JavaScript engine is "perhaps the most well security tested piece of software on earth," and that they add some security measures on top of it. Obviously, Cloudflare has an interest in pushing their own cloud instance technology, and they do tout massive economic advantages over Amazon's Lambda instances. But they're quick to point out weaknesses (namely, their implementation can only run Javascript right now), and the bigger implication seems to be that other companies could eventually move away from VMs too.

We pay the overhead of a Javascript runtime once, and then are able to run essentially limitless scripts with almost no individual overhead. Any given Isolate can start around a hundred times faster than I can get a Node process to start on my machine. Even more importantly, they consume an order of magnitude less memory than that process. They have all the lovely function-as-a-service ergonomics of getting to just write code and not worry how it runs or scales. Simultaneously, they don't use a virtual machine or a container, which means you are actually running closer to the metal than any other form of cloud computing I'm aware of. I believe it's possible with this model to get close to the economics of running code on bare metal, but in an entirely Serverless environment.

 

[Nobu]

So, the future isn't VMs, it's... sandboxing?

 

[Bigdady92]

Docker containers aren't VM's.

 

[RealBeast]

Somebody call VMWare and give 'em the bad news.

Not the first time that I've heard [insert company name here] say that their [insert product name here] is the future.

 

[MRAB54]

Yikes. Putting an awful lot of trust in the security of the CPU.

An Isolate-based system runs all of the code in a single process and uses its own mechanisms to ensure safe memory access. This means there are no expensive context switches, the machine spends virtually all of its time running your code.

 

[the-one1]

Chome's JavaScript engine is "perhaps the most well security tested piece of software on earth,"

Challenge accepted.

 

[Mega6]

Desperate PR

 

[nutzo]

So SQL, Exchange, etc. can now run as a JavaScript?

 

[Lakados]

So they are coming out with something new, that saves host system memory. I am not too familiar with Cloudfare but I do know my servers eat memory like (insert gratuitous comment here), I am having to run upwards to 256GB in the new host servers which then rarely peak above 40% CPU usage and 60% HDD usage but RAM usage is always in the high 80's.

 

[purple_monster]

for once i know about the thing being discussed. for scaling and fault tolerance, you want the app you are scaling to be run in not necessarily different VMs, but definitely different processes. Processes crash. Everything running on one process is not good, especially when you are running someone elses code. Containers add the tiniest app layer and give everything you need that a VM might have. For example, how can you have the same process running cross-datacenter? but who knows, managing infrastructure has changed drastically in the past 5 years.

 

[TordanGow]

The point of having VMs is isolation. Isolation isn't a bug, it's a feature. Some concerns come to mind:

• I like portable backups and don't want to be locked into some third party's custom implementation that is not an industry standard.
• I want Dedicated resources. I don't want to share. If I need 128 GB of RAM I'm not interested in having "my" server resources shared out to some other third party that I have nothing to do with.
• What happens when my process that is shared with someone else's process is crashed because their code was screwed up?

I get it... Cloudflare wants to decrease necessary resources (and thus expenses) in their data centers. It doesn't mean I want or will accept that product.

 

[velusip]

It seems so bizarre to read piece on server performance running Javascript "closer to the metal".

It's a jury-rigged Chrome V8. What can you expect?