The evolution of the Eclipse Glassfish and Jakarta Enterprise ecosystem is converging toward an increasingly simple, efficient, and scalable architecture that improves security, delivers higher performance, and reduces hardware and infrastructure costs.
For years, Kubernetes has been considered the de‑facto standard for modernizing Java applications in a cloud‑native direction. However, Kubernetes is not the only way to achieve scalability, continuous upgrades, and isolation. An alternative approach — often underestimated — is to leverage the hypervisors already included and fully managed by major cloud providers, using Unikernel images based on Nanos.
Nanos images are not just an alternative to containers: they are lighter, faster, more secure, more performant, and more efficient. Unlike containers, which coexist with a general‑purpose Linux kernel, a Nanos image contains only what the Java application needs, allowing the JVM to use 100% of the CPU and RAM of the VM. The result is a more efficient environment with higher density, less waste, and lower operational costs.
This article explains Why and How to use Nanos Unikernel, and how GlassFish can be easily packaged and started as a Nanos Unikernel container.
This article was contributed by Angelo Rubini, as a result of his collaboration with the OmniFish team on preparing a demo of GlassFish server running in a Unikernel container. You can preview a running demo and check out the source code and configuration. Read on to find out more…
Why Nanos Unikernel
VMs vs. Containers vs. Unikernels
The Key Point: Cloud hypervisors already have everything you need…
When you use a cloud provider, you are already relying on an advanced hypervisor that provides:
Automatic scheduling
Hardware isolation
VM-level health checks
Auto-scaling groups
Rolling instance replacement
Kubernetes adds a second orchestration layer on top of this, introducing additional complexity and overhead. With Nanos Unikernel, the Java application runs directly on the hypervisor, with no container runtime, no kubelet, and no control plane.
And because a Nanos image does not include Linux, userland, shells, or system processes, all VM resources are dedicated exclusively to the JVM.
This results in:
Higher performance
Lower latency
Higher throughput
Better hardware utilization
More workloads per physical node compared to containers
Glassfish Runtime Stack
Nanos Unikernel Model
With Nanos:
You remove Linux
You remove the container runtime
You remove Kubernetes
You keep scaling, upgrades, and isolation
You gain a runtime lighter, faster, and more efficient than containers
Containers, although considered “lightweight,” still inherit:
A full Linux kernel always in memory
Process scheduling
Virtualized networking
Overlay filesystems
Namespace and cgroup overhead
Nanos eliminates all of this. The GlassFish server runs directly on the hypervisor, with no process context switching and no container runtime. The result:
Faster startup
Lower latency
Higher throughput
Better performance on the same hardware
Take advantage of Eclipse GlassFish, with an active community and leadership by OmniFish. For commercial usage, OmniFish provides first-class Enteprise Support for GlassFish.
Each Nanos build produces a single immutable VM image, versioned and ready to be replaced. Unlike container images, Unikernel images:
Do not include Linux
Do not include userland
Do not include unnecessary libraries
Contain only what the application needs
Have no shell, no users, no SSH
Have a minimal attack surface
Consume less CPU and RAM
Allow the JVM to use all available resources
This not only increases security but also enables higher application density: on the same physical node you can run more Nanos VMs than containers, thanks to the drastically smaller footprint.
CI/CD: GitHub Actions for Building IBM Semeru Runtime 25 + Glassfish 8 on Nanos Images
The CI/CD pipeline plays the same role it would with containers, but the final output is a lightweight, immutable Unikernel Nanos Image.
Build Nanos images with IBM Semeru Runtime JRE and Glassfish8 Full by Github Action Pipeline
Version them
Publish them as artifacts
Prepare them for the cloud provider
Because Nanos images are lighter than containers, the pipeline becomes:
Faster
More predictable
More cost-efficient
Scaling: The Hypervisor Does Kubernetes’ Job
With Kubernetes:
HPA
Scheduler
Pod replacement
Control plane
With Nanos on the cloud:
Auto-scaling groups
Versioned VM images
VM-level health checks
Instance replacement
Nanos VMs have extremely fast boot times, often faster than containers. Since all CPU and RAM are dedicated to the JVM, each instance can handle more traffic, reducing the total number of VMs required.
This means:
faster scaling
fewer instances to maintain
lower cost per unit of load
Application Upgrades: Rolling Just Like Kubernetes
The upgrade pattern is surprisingly similar.
Kubernetes
New image
Rollout
Pod drain
Old pod termination
Nanos on the cloud
New Unikernel image
Auto-scaling group update
New instances start
Old instances terminate
Since Nanos images are smaller and faster, rollouts are:
Faster
More predictable
Less expensive
Security: Stronger Isolation than Containers
Container security is configuration-based (seccomp, AppArmor, SELinux, Kubernetes policies). Nanos security is architectural.
And because there are no system processes, all resources are dedicated to the JVM, increasing performance and reducing costs.
Running GlassFish in Nanos Is a Better Choice if:
You want scaling and rolling upgrades
You want to reduce operational costs
You want to maximize the cloud hypervisor
You want better security, higher density, better performance, and lower costs
Conclusion
By running GlassFish in Nanos Unikernel on the cloud you can:
Leverage hypervisors already included and managed
Achieve scaling, upgrades, and isolation
Drastically reduce complexity and overhead
Maintain an immutable, GitOps-friendly model
Dedicate 100% of resources to the JVM
Achieve superior performance
Increase application density
Significantly reduce infrastructure costs
Nanos shows that cloud-native can exist without adding complexity, and can be secure, faster, lighter, safer, more efficient, and more cost-effective. By running GlassFish in Nanos Unikernel, you get all of those benefits combined with a powerful and reliable runtime, with enterprise support provided by OmniFish.
Having trouble with your enterprise Java stack? Take advantage of OmniFish experts schedule a free consultancy to see how we can help you. OmniFish provides expert Java consultancy and first-class Enteprise Support for GlassFish and other Jakarta EE platforms.
