Microsoft has announced Hyperlight Wasm. This is an extension of the open-source project Hyperlight.
Whereas Hyperlight was originally presented as an embedded virtual machine manager for small, safe workloads, Hyperlight Wasm now brings support for WebAssembly components to this model. The software is now freely available as open source on GitHub and works on Windows, Linux and macOS.
Hyperlight Wasm is designed to execute WebAssembly (Wasm) modules within a lightweight, virtual sandbox. This allows applications to safely run external or unreliable Wasm code with minimal latency and overhead. Instead of loading a complete operating system, Hyperlight only offers a memory range and a CPU to the VM guest. This makes the system extremely fast, but also requires other forms of compatibility.
Developers can use existing toolchains
To increase this compatibility, Hyperlight Wasm uses WASI (WebAssembly System Interface) and the WebAssembly Component Model. These standards ensure that code from all kinds of programming languages can run within this lightweight VM, provided it is compiled for the correct wasm target. This means that developers can continue to use their existing toolchains to build applications that now also run within Hyperlight micro-VMs.
The Hyperlight Wasm guest is strongly integrated with the popular Wasmtime runtime. This allows code built for wasmtime to run in Hyperlight without modification. This includes applications built with Rust, Python, JavaScript, C#, or other languages that can package a Wasm runtime. For example, there is already a JS runtime called StarlingMonkey, specifically for WebAssembly.
Multiple layers of security
The combination of Hyperlight and WebAssembly not only offers speed, but also extra layers of security. Because Hyperlight Wasm runs on top of a hypervisor and uses WebAssembly’s sandboxing, attackers have to deal with two separate layers of security. Even if the sandbox is breached, the underlying VM offers extra protection.
In addition, performance is strong. Where traditional VMs need about 125 milliseconds to start up, Hyperlight Wasm runs a workload in 1 to 2 milliseconds. In the future, the aim is to achieve less than 1 millisecond. This efficiency makes it possible to plan workloads closer to the user, without idle instances. This also forms the basis for future applications such as Azure Front DoorEdge Actions, which will soon be available in a private preview.