Danilo (Dan) Chiarlone

Danilo (Dan) Chiarlone is an open-source software engineer on Microsoft’s Azure Core Upstream team, shaping secure, high-performance cloud-native architectures. Author of Server-side Wasm (Manning), core maintainer of CNCF Hyperlight, and champion of several WASI proposals advancing WebAssembly in the cloud. He previously contributed to runwasi and SpiderLightning and, in his free time, shares practical Rust and Wasm lessons on YouTube.


Session

11-08
16:00
30min
VM-Class Secure, Millisecond-Fast Cloud-Native Apps With Hyperlight + Nanvix
Danilo (Dan) Chiarlone, Pedro Henrique Penna

Kubernetes enables teams to deploy almost any workload without modification, but its boundaries are still defined by namespaces and cgroups. The presence of seven container-escape CVEs from 2022 to 2024 shows these boundaries can be breached. Full VMs or Kata Containers can restore security but suffer from multi-second cold starts and high memory usage, impacting latency-sensitive or densely packed clusters.
In this talk, we will explore a middle ground with Hyperlight, a CNCF virtual-machine monitor that boots micro-VMs, and Nanvix, an open-source Rust microkernel designed to keep guests small yet compatible. This combination allows unmodified Rust, Python, and Wasm services to start up in tens of milliseconds while maintaining VM-class isolation.
We will delve into the architecture, present head-to-head benchmarks, and conduct a live demo. By the end of the session, you will have a clear understanding of the trade-offs and a checklist for implementing micro-VM isolation.

Crystal Dining Room