Is it possible to replace Linux as the heart of serverless cloud computing services? That’s exactly the intent of a startup made up of developers from the open source database project Postgres and data management company Databricks, and computer scientists from the Massachusetts Institute of Technology, Stanford University, and UC Berkeley.
The company DBOS, which announced $8.5 million in seed funding on March 12, aims to simplify the current complicated stack needed for cloud development by replacing Linux containers with its own data-centric operating system (OS) . The operating system keeps track of its state in database tables, natively supports parallelism, and simplifies security by using native database access controls. According to the company, the focus on data will also enable better assurances of compliance and provenance, with comprehensive logging enabling support for data integrity.
The simpler architecture and native logging capabilities of the operating system allow for a smaller attack surface and greater ability to detect anomalies that could indicate an attack, compared to the older Linux architecture, says Michael Coden, president and co-founder of DBOS.
“The number of state variables needed in a modern application is a million times greater than it was thirty years ago,” when Linux was created, he says. To make Linux work for cloud applications, “we added containers on top of Linux and we added Kubernetes on top of the containers to orchestrate them and we added workflow orchestration because Kubernetes is so hard to use. It’s a complex thing, which… .it’s really insecure because there are so many moving parts.”
DBOS aims to change that with its namesake operating system, created by a group of researchers from MIT and Stanford (one of the founders is now at UC Berkeley) and aimed at simplifying data-centric serverless architectures. In a 2020 paper, “DBOS: A Proposal for a Data-Centric Operating System,” the researchers said they expect serverless and machine learning applications will benefit from such a purpose-built operating system.
The operating system is a bet on a serverless future, where enterprise customers only pay for the extent to which they use services. Most companies are at least experimenting with this approach. According to a report by Datadog, more than 70% of organizations using Amazon Web Services also use the platform’s serverless features, while more than 60% of Google Cloud customers and approximately 49% of Microsoft Azure customers use the serverless features of those platforms .The state of serverless“, published in August.
Living better thanks to databases?
DBOS aims to make serverless easier to deploy and more secure. The operating system is based on at least one relational database management system (DBMS) running on a microkernel. The file system, operating system utilities, and job scheduling all run above the database layer, with most utilities written as database stored procedures.
Overall, the architecture provides significant performance improvements for data-intensive applications, says Qian Li, architect and co-founder of DBOS.
“We did a very thorough benchmark between the current stack, which is the serverless stack, and the DBOS method, and we found that we are 100 times faster and more scalable,” he says. “We co-locate your application with the database, thus reducing unnecessary round trips [when an application has to call for more data] and it also makes it very scalable… we can easily scale an application across many, many servers.”
The cybersecurity of a serverless platform is often difficult to evaluate because customers often lack visibility into the underlying stack. If a technology, like DBOS, could change that, it could attract compliance-oriented applications, says Aradhna Chetal, senior executive director of cloud security at financial services organization TIAA.
“In a shared responsibility model, where the security of the application… is the responsibility of the tenant, it is a little difficult to demonstrate the end-to-end security of the deployed application, especially for a regulated environment,” says Chetal . “Truiability can be difficult to prove without end-to-end controls. Simplicity is always a friend of security, and ease of use always ensures a better user experience, overall.”
Betting on the secure future of serverless
These benefits may not be apparent to end users. Serverless functions hide back-end infrastructure, such as containers, virtual machines, operating systems, and application stacks, from developers who use the services as part of their applications.
To convince customers of the benefits of using DBOS, OS-based serverless capabilities must provide a tangible benefit to the end user, says David Linthicum, an independent cloud analyst and consultant, who estimates that only 5% to 10% of the codebase for average cloud applications has been replaced with serverless functions.
While serverless features can add performance, memory and security benefits, such improvements typically reward the vendor, not the end user, who may not see any changes, he says.
“Many of these features are baked into the cake,” notes Linthicum.
Additionally, although the DBOS startup has released a software development kit, the DBOS operating system is closed source, which could limit its adoption and make gaining followers more difficult, especially when open source Linux works quite well.
Yet security could be a differentiator, says DBOS’s Coden. In some simulations using data from previous attacks, DBOS queries could detect an attack in seconds, compared to hours for the original attack, she says.
“There are so many fewer moving parts and so many fewer places for attacks, because the attack surface is so minimal,” he says. “The name of the game is, ‘How can I make my business work and avoid harm?’ And if it’s through the ability to respond, recover and restore quickly, it’s just as useful as prevention.”