You are viewing content from a past/completed QCon

Presentation: Fine-Grained Sandboxing With V8 Isolates

Track: Modern Operating Systems

Location: Westminster, 4th flr.

Duration: 2:55pm - 3:45pm

Day of week: Monday

Share this on:

This presentation is now available to view on InfoQ.com

Watch video with transcript

What You’ll Learn

  1. Learn why using V8 isolates as an alternative to VMs or containers allows running orders of magnitude more independent services per machine, enabling new approaches to cloud architecture.
  2. Understand logistical requirements and security risks and benefits involved in building a runtime environment based on V8.

Abstract

In an ideal world, code would always run as close as possible to the things with which it communicates -- end users, storage, external APIs, etc. However, most software stacks are only cost-effective if applications are long-running, handling many events in one place. We need a new approach that can efficiently load code to handle just one event, so that it can be executed wherever is best for that one event, across a distributed network.

 

Kenton Varda explains how Cloudflare solved this problem by building a compute platform using V8 isolates instead of containers or VMs, achieving 10x-100x faster cold starts and lower memory footprints. We'll go through technical details of embedding V8, distributing code, scheduling isolates, resource management, and security risks.

Question: 

What is the work you’re doing today?

Answer: 

We run a CDN with 165 remote locations. Cloudflare Workers provides a lightweight JavaScript execution environment that allows developers to handle HTTP requests directly on the closest server to the end user. This can be used to optimize existing applications or build entirely new ones. To allow every customer to deploy to every location, we leverage the V8 JavaScript runtime rather than VMs or containers. With this we provide a "serverless" experience but with low latency and almost zero cold start times.

Question: 

What are your goals for the talk?

Answer: 

I hope to show people how to build systems that embed V8 to host customer code. For example, if you currently expose a web-based API, you might also want to create a way for customers to host code directly on your servers to call that API, rather that calling it over the internet. You'll probably want a solution that can host tens of thousands of customers per machine, which means you need to use isolates. I'll explain why this makes sense, the basics of how to do it, and also discuss security concerns to be aware of.

Question: 

How do you prevent things like blocked threads affecting other users?

Answer: 

We enforce time limits and memory limits on execution, and we can preempt isolates that go over their limits. I'll explain how to do this in the talk.

Question: 

What do you want people to leave the talk with?

Answer: 

I want them to leave with an understanding that you can embed the V8 runtime in your infrastructure and why doing so will allow applications to achieve far better performance, reliability, and ease of operations.

Speaker: Kenton Varda

Tech lead @Cloudflare Workers

Kenton is the architect of Cloudflare Workers, a "serverless" compute platform which distributes your code to 165+ locations globally so that it always runs as close to the client as possible. Prior to joining Cloudflare, Kenton created Sandstorm.io and Cap'n Proto. Further back, while at Google, Kenton wrote Protobuf v2 and open sourced it.

Find Kenton Varda at

Tracks

  • Architectures You've Always Wondered About

    Hard-earned lessons from the names you know on scalability, reliability, security, and performance.

  • Machine Learning: The Latest Innovations

    AI and machine learning is more approachable than ever. Discover how ML, deep learning, and other modern approaches are being used in practice.

  • Kubernetes and Cloud Architectures

    Practical approaches and lessons learned for deploying systems into Kubernetes, cloud, and FaaS platforms.

  • Evolving Java

    JVM futures, JIT directions and improvements to the runtimes stack is the theme of this year’s JVM track.

  • Next Generation Microservices: Building Distributed Systems the Right Way

    Microservice-based applications are everywhere, but well-built distributed systems are not so common. Early adopters of microservices share their insights on how to design systems the right way.

  • Chaos and Resilience: Architecting for Success

    Making systems resilient involves people and tech. Learn about strategies being used, from cognitive systems engineering to chaos engineering.

  • The Future of the API: REST, gRPC, GraphQL and More

    The humble web-based API is evolving. This track provides the what, how, and why of future APIs.

  • Streaming Data Architectures

    Today's systems move huge volumes of data. Hear how the innovators in this space are designing systems and leveraging modern data stream processing platforms.

  • Modern Compilation Targets

    Learn about the innovation happening in the compilation target space. WebAssembly is only the tip of the iceberg.

  • Leaving the Ivory Tower: Modern CS Research in the Real World

    Thoughts pushing software forward, including consensus, CRDT's, formal methods & probabilistic programming.

  • Bare Knuckle Performance

    Crushing latency and getting the most out of your hardware.

  • Leading Distributed Teams

    Remote and distributed working are increasing in popularity, but many organisations underestimate the leadership challenges. Learn from those who are doing this effectively.

  • Full Cycle Developers: Lead the People, Manage the Process & Systems

    "Full cycle developers" is not just another catch phrase; it's about engineers taking ownership and delivering value, and doing so with the support of their entire organisation. Learn more from the pioneers.

  • JavaScript: Pushing the Client Beyond the Browser

    JavaScript is not just the language of the web. Join this track to learn how the innovators are pushing the boundaries of this classic language and ecosystem.

  • When Things Go Wrong: GDPR, Ethics, & Politics

    Privacy, confidentiality, safety and security: learning from the frontlines, from both good and bad experiences

  • Growing Unicorns in the EU: Building, Leading and Scaling Financial Tech Start Ups

    Learn how EU FinTech innovators have designed, built, and led both their technologies and organisations.

  • Building High Performing Teams

    To have a high-performing team, everybody on it has to feel and act like an owner. Learn about cultivating culture, creating psychological safety, sharing the vision effectively, and more

  • Scaling Security, from Device to Cloud

    Implementing effective security is vitally important, regardless of where you are deploying software applications.