Arm’s collaboration with Hyper HQ will push runV for the future of container security

Today, Hyper has announced our collaboration on the open-source runV project to enable new ways for technology to drive future infrastructure for the Internet of Things (IoT), edge computing and 5G.

Today’s cloud infrastructure is built upon the concept of a “machine”. Whether it is a virtual or physical machine, the compute instance that the cloud delivers is for full-sized computers. While this makes it easier to migrate legacy applications to the cloud, it comes with certain trade-offs such as slower provisioning speed (tens of seconds), more resource consumption (mem, disk, etc.), and higher operation overhead (server configuration drift).

With the rise of Docker, the industry is shifting towards the application-centric, container-native infrastructure. However, the security of containers is a key priority. When containers run in virtual machines for isolation purpose in the cloud, the various problems of the “machine” still remain.

runV is an OCI-compliant secure container runtime technology developed by Hyper, which aims to bring the virtualization-level security to containers, while still keeping its sub-second boot performance and portability. Instead of Linux container, it launches Docker images (and OCI images) into a micro VM in 100 milliseconds. Though the micro VM works and feels just like container, it is born with the same level of hardware-enforced isolation of traditional VM..

Micro VM hardware-enforced isolation

With this combination of virtualization and containerization, runV enables secure containers as the new building block of the application-centric cloud Infrastructure.

Additionally, the security of containers running on bare metal in the cloud is a key priority. Many companies still use containers running in virtual machines for security, but traditional virtual machines with a full OS can often be too heavy which results in  higher levels of resource utilization and longer boot times. Through the runV project, Hyper aims to tailor the kernel of the virtual machine and run containers on top of it.

Compared to traditional methods, Hyper provides virtual machines with a very small system image size while sustaining the security provided by the hypervisor, removing overhead and achieving more efficient boot times. 

The Hyper runV project delivers both the benefits of containers and security, Hyper initiates the runV project under Open Container Initiative (OCI) and is currently the only one virtual machine runtime implementation for OCI.

runV is an OCI-compliant secure container technology developed by Hyper, which aims to bring virtualization-level security to containers, while still keeping its sub-second boot performance and portability. With this combination, it enables secure containers to replace VMs as the building block of Application-centric Cloud Infrastructure.

runV is vendor agnostic and supports all major open-source hypervisors (KVM, Xen, VirtualBox), as well as Arm and other architectures. Arm is collaborating with Hyper in driving the technical direction of the runV project. This will include various performance optimizations like accelerating boot time, density improvements and more.

In the coming months, and throughout this collaboration, Hyper and Arm will demonstrate the benefits of runV on Arm-based platforms as we look ahead to application-centric infrastructures in support of next-generation of IoT, 5G and pushing more computing to the edge of the network.