Virtualizing operating systems has been around for decades. A tried and true system to better utilize hardware and improve security, virtualizing allows for the execution of an OS in a sandbox-type of environment. This environment can allow for multiple operating systems to run simultaneously on the same hardware, efficiently sharing resources all the while. A few popular examples of virtual machine (VM) technology are Virtualbox and ESXi.
Containerization has also had its time and place in scalable computing and portability. Both of these inventions have revolutionized computing across server infrastructure and desktop environments alike. Containerizing allows for the packaging of a service to be shared across operating systems, as all of the required dependencies come pre-packaged and are not reliant on one specific flavor of Linux or Windows architecture. Some well known examples of container programs are Docker and Podman.
If you are curious about virtualization and containers, you can check out my previous articles on the topic.
With all this in mind, one might consider the following:
If using containerization is so advantageous, and the deployability of virtual machines provides such a convenience, why has there not been some intersection of the two? A wide-scale product that allows for consumers and techies alike to take advantage of all of the security, portability, and scalability.
Enter the Immutable Operating System.
An “immutable operating system” is an operating system that is designed and configured in such a way that its core components and configurations cannot be modified once they are deployed. Rather than conventional operating systems, which allow for various degrees of customization and modification after installation.
Now while this sounds rigid and boring, there is so much more than this surface-level definition. The user would have full control of the operating system, however it would be through unconventional means.
Lets take NixOS for example. Rising in popularity, NixOS was actually created in 2003 and is based on the Nix Package manager. NixOS relies on an entirely declarative model, where all packages, tweaks, and customizable options are ‘declared’ in a configuration file that is required for the operating system to run. With these preset options chosen, all of the packages are containerized and deployed at each boot, remaining persistent only if declared in the config file. This model allows for a ‘clean slate’ each time the operating system reboots.
Another massively popular example of an immutable Operating System is SteamOS. This operating system is centered around gaming and was designed by Valve primarily for use on their Gaming Hardware such as the Steam Deck. This OS was really what drove me to write this article as I picked up a Steam Deck in September and am absolutely loving it.
Now, let’s talk about why an immutable operating system can be a smart choice:
- Stays Locked: In an immutable OS, the core components and system settings are set in stone once it’s deployed. You can’t just go in and make changes whenever you want. This makes the system more secure because it lowers the attack surface and ensures nobody can tamper with the core components that could potentially wreck your system.
- Increased Security: Security gets a significant boost because the chances of someone tampering with the OS are minimal. Lower attack surface means less vulnerabilities. Any updates or patches are applied separately, without messing with the core system, therefore no ‘dependency hell’.
- Reliability Guaranteed: An immutable OS is super reliable and predictable. You won’t have to deal with unexpected changes or errors because everything stays as it should be. If something goes wrong, you can quickly revert to a known, stable state.
- Easy Recovery: If things do go sideways, recovery is a breeze. You can roll back to a safe and stable state without getting lost in complex troubleshooting.
- Scalability: It’s fantastic for businesses that need to scale up quickly and consistently. You can easily copy and deploy the same OS image across multiple servers or virtual machines, especially useful in cloud environments.
- Less Maintenance: Admins spend less time babysitting individual systems with immutable OS instances. Instead, they focus on maintaining and updating the base OS image, which can be used across many instances. That reduces the overall workload.
- Compliance and Auditing: For organizations that need to follow specific rules and regulations, immutable OS deployments are a dream. The system state is well-defined, and all changes are closely monitored, making compliance and auditing a lot smoother.
While immutable operating systems are fantastic in many ways, they may not fit every situation. Some environments need the flexibility that conventional operating systems offer, allowing for more customization and tweaks. Immutable OS deployments are typically a great choice when consistency, security, and predictability are top priorities, like in cloud-native applications and microservices setups.
With all that, I am going to start doing some hands on research with NixOS and see if it fits my use-case or has any application to me. I have been hearing so much about it in the Linux User Space and I think its about time to take the dive and learn it.
I hope you’ve learned something from this article. As always feel free to reach out with comments, critiques or questions.
Please stay safe and stay curious.
Greyson's Tech Blog 