Microsoft Azure has introduced its latest contribution to open source: Hyperlight, an innovative Rust library that enables the execution of small and embedded functions using hypervisor-based protection for each function call, while maintaining high performance. This project, developed by the Azure Core Upstream team, promises to advance the field of cloud computing by providing greater security and efficiency in high-performance applications.
The Need for Speed and Security
In cloud environments like Microsoft Azure, it is crucial to combine speed with security in code execution. Hypervisors, which act as a proven barrier between trusted and untrusted code, are essential for ensuring security in virtual machine (VM) environments. However, traditional VMs can experience boot delays, complicating their use in applications that require rapid responses. Hyperlight addresses this need, allowing for the fast and secure execution of functions, even in low-resource environments.
How Hyperlight Works
Hyperlight is capable of creating new VMs in just one or two milliseconds, representing a significant improvement over conventional VMs, which can take more than 120 milliseconds to boot. This speed is sufficient to launch VMs based on events, eliminating the need to keep instances active and optimizing resource usage. Thanks to Hyperlight, functions can be executed in a secure environment, protecting applications from potential threats while enjoying the efficiency of function engines.
An Innovative Approach
Unlike conventional hypervisors, Hyperlight does not create a complete computing environment with traditional operating systems. Instead, it establishes a linear memory segment assigned to a virtual central processing unit (CPU). In this environment, specific programs called “VM guests” run, combining a specialized kernel with an application execution environment.
This minimalist design allows Hyperlight to handle large-scale tasks with a fraction of the boot time required by traditional systems, providing the perfect balance between security and performance.
Applications and Open Contributions
Hyperlight is designed for “serverless embedding” applications that require the execution of third-party code in a secure environment. From IoT functions to industrial automation and high-performance cloud services, this library facilitates the integration of customizations without compromising security.
Microsoft has also announced that Hyperlight will be submitted to the Cloud Native Computing Foundation (CNCF) for evaluation as a “sandbox” project. Inclusion in the CNCF will allow Hyperlight to benefit from community expertise, solidifying its position as a vital technology for the cloud ecosystem.
A Collaborative Open Source Project
Microsoft invites developers, solution architects, and IT professionals to contribute to Hyperlight, which is available as an open-source project under the Apache 2.0 license. With this release, Microsoft reaffirms its commitment to innovation and collaboration within the tech community. Hyperlight represents an important step in building a secure and efficient cloud environment for the future of distributed computing.
Source: Code on GitHub and Microsoft OpenSource