惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Jina AI
Jina AI
V
Vulnerabilities – Threatpost
Security Latest
Security Latest
AI
AI
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
量子位
H
Help Net Security
Attack and Defense Labs
Attack and Defense Labs
The GitHub Blog
The GitHub Blog
L
LINUX DO - 最新话题
A
Arctic Wolf
博客园_首页
S
Securelist
S
Secure Thoughts
Google DeepMind News
Google DeepMind News
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
T
Tailwind CSS Blog
Apple Machine Learning Research
Apple Machine Learning Research
酷 壳 – CoolShell
酷 壳 – CoolShell
Stack Overflow Blog
Stack Overflow Blog
N
Netflix TechBlog - Medium
Cyberwarzone
Cyberwarzone
小众软件
小众软件
T
Threatpost
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Blog — PlanetScale
Blog — PlanetScale
N
News and Events Feed by Topic
NISL@THU
NISL@THU
Forbes - Security
Forbes - Security
博客园 - 聂微东
F
Fortinet All Blogs
Simon Willison's Weblog
Simon Willison's Weblog
H
Heimdal Security Blog
罗磊的独立博客
S
Security @ Cisco Blogs
B
Blog
T
Troy Hunt's Blog
Engineering at Meta
Engineering at Meta
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
The Hacker News
The Hacker News
The Last Watchdog
The Last Watchdog
Hacker News - Newest:
Hacker News - Newest: "LLM"
I
Intezer
T
Threat Research - Cisco Blogs
C
Cybersecurity and Infrastructure Security Agency CISA
The Cloudflare Blog
S
Schneier on Security
月光博客
月光博客
L
LINUX DO - 热门话题
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org

Deno

Deno 2.8 | Deno Claw Patrol: an open-source security firewall for agents | Deno Fresh 2.3: Zero JS by default, View Transitions, and Temporal support | Deno Deno 2.7: Temporal API, Windows ARM, and npm overrides | Deno Build a dinosaur runner game with Deno, pt. 6 | Deno Build a dinosaur runner game with Deno, pt. 5 | Deno Deno Deploy is Generally Available | Deno Introducing Deno Sandbox | Deno Build a dinosaur runner game with Deno, pt. 4 | Deno Build a dinosaur runner game with Deno, pt. 3 | Deno Build a dinosaur runner game with Deno, pt. 2 | Deno React / Next.js Denial-of-Service Vulnerability: Deno Deploy users protected | Deno Deno 2.6: dx is the new npx | Deno Build a dinosaur runner game with Deno, pt. 1 | Deno React Server Functions / Next.js Vulnerability: Deno Deploy users protected | Deno My highlights from the new Deno Deploy | Deno Deno's Other Open Source Projects | Deno How Deno protects against npm exploits | Deno Help Us Raise $200k to Free JavaScript from Oracle | Deno Deno 2.5: Permissions in the config file | Deno Fresh 2.0 Graduates to Beta, Adds Vite Support | Deno Deno 2.4: deno bundle is back | Deno JavaScript™ Trademark Update | Deno What's coming to JavaScript | Deno A brief history of JavaScript | Deno Reports of Deno's Demise Have Been Greatly Exaggerated | Deno An Update on Fresh | Deno How Plaid migrated 100 services to a new database platform 5x faster with Deno | Deno Deno 2.3: Improved deno compile, local npm packages, and more | Deno Add JSR packages with pnpm and Yarn | Deno Zero-config Debugging with Deno and OpenTelemetry | Deno Exploring Art with TypeScript, Jupyter, Polars, and Observable Plot | Deno Deno v Oracle Update 3: Fighting the JavaScript Trademark | Deno Build a custom RAG AI agent in TypeScript and Jupyter | Deno How to get deep traces in your Node.js backend with OTel and Deno | Deno toranoana.deno #20 登録受付中(2025年3月14日) | Deno Node just added TypeScript support. What does that mean for Deno? | Deno The Dino 🦕, the Llama 🦙, and the Whale 🐋 | Deno Publish a lint rule, get a prize | Deno Deno 2.2: OpenTelemetry, Lint Plugins, node:sqlite | Deno If you're not using npm specifiers, you're doing it wrong | Deno How Deno's documentation is evolving | Deno Oracle justified its JavaScript trademark with Node.js—now it wants that ignored | Deno Introducing the JSR open governance board | Deno Intro to Wasm in Deno | Deno Announcing OpenAI on JSR | Deno Deno in 2024 | Deno Goodbye WinterCG, welcome WinterTC | Deno Build a SolidJS app with Deno | Deno Run your Next.js SSR app on Deno Deploy | Deno Solve Advent of Code 2024 with Deno and Win Prizes! | Deno Deno v. Oracle: Canceling the JavaScript Trademark | Deno Deno 2.1: Wasm Imports and other enhancements | Deno Build a Typesafe API with tRPC and Deno | Deno Self-contained Executable Programs with Deno Compile | Deno Build a Database App with Drizzle ORM and Deno | Deno Introducing your new JavaScript package manager: Deno | Deno Announcing Growthbook on JSR | Deno Build an Astro site with Deno | Deno How to convert CommonJS to ESM | Deno Announcing Deno 2 | Deno The Final Touches: What’s New In v2.0.0-rc.10 | Deno Announcing Stable V8 Bindings for Rust | Deno Deno 2.0 Release Candidate | Deno Secure, efficient private npm registries with Cloudsmith and Deno | Deno Painting the Plane as We Fly It: Designing JSR | Deno Introducing Web Cache API support on Deno Deploy | Deno Deno 1.46: The Last 1.x Release | Deno Protect your cloud spend with new Deno Deploy spend limits | Deno What we got wrong about HTTP imports | Deno Benchmarking AWS Lambda Cold Starts Across JavaScript Runtimes | Deno Announcing Supabase on JSR | Deno Deno 1.45: Workspace and Monorepo Support | Deno Introducing KV Backup for Deno Subhosting | Deno A Gentle Intro to TypeScript | Deno Announcing Hono on JSR | Deno How We Made the Deno Language Server Ten Times Faster | Deno How the Guardian uses Deno to audit accessibility and performance across their 2.7 million articles | Deno Introducing More Flexible Domain Association for Deno Subhosting | Deno The stabilization process of the Standard Library has begun | Deno Deno 1.44: Private npm registries, improved Node.js compat, and performance boosts | Deno How we built a secure, performant, multi-tenant cloud platform to run untrusted code | Deno The Deno Standard Library is now available on JSR | Deno How to document your JavaScript package | Deno Your Low Code Solution Needs an Escape Hatch | Deno Deno 1.43: Improved Language Server performance | Deno How Slack used Deno to save months of engineering effort in launching their new platform | Deno JSR Is Not Another Package Manager | Deno Announcing the Hookdeck SDK on JSR | Deno Announcing the Neon Serverless Driver on JSR | Deno An intro to TSConfig for JavaScript Developers | Deno How we built JSR | Deno How Netlify used Deno Subhosting to build a successful edge functions product | Deno Introducing Simpler Project Creation in Deno Deploy | Deno Deno 1.42: Better dependency management with JSR | Deno Introducing deployctl, the command line interface for Deno Deploy | Deno Introducing JSR - the JavaScript Registry | Deno How to add Monaco to a Next.js app and securely run untrusted user code | Deno Survey Results and Roadmap | Deno Deno 1.41: smaller deno compile binaries | Deno
The Anatomy of an Isolate Cloud | Deno
Colin J. Ihr · 2022-09-27 · via Deno

If you’ve ever tried Deno Deploy, our multi-tenant distributed JavaScript cloud, you may understand some of these glowing reviews:

these deno deploy times are incredible

deno deploy is the simplest

deno deploys are so fast

deno deploy was so smooth and frictionless

(And if you haven’t, deploy a Fresh site today!)

Achieving this deployment speed was no mistake. Designing Deno Deploy was an opportunity to re-imagine how we want the developer experience of deploying an app to be, and we wanted to focus on speed and security. Instead of deploying VMs or containers, we decided on V8 isolates, which allows us to securely run untrusted code with significantly less overhead.

This blog post explains what V8 isolates are and outlines the major architectural pieces of the Deno Deploy isolate cloud.

Deno Deploy Projects and Deployments

Within Deno Deploy, users and organizations manage their applications as projects. Deploy projects can be linked to GitHub repositories, enabling code to be redeployed on each git push. Projects also allow applications to manage environment variables, provision TLS certificates, and associate domain names. The Deploy dashboard also provides views of logs and analytics out of the box for increased visibility into an application’s behavior.

As previously mentioned, Deploy projects can be linked to GitHub repositories so that running applications are updated each time a change is pushed to the backing repository. In Deploy, each of these updates is known as a deployment. Deployments are immutable snapshots of an application. Each deployment has a unique URL that can be used to test or otherwise interact with the application over the Internet. A project can have many deployments, but only one of the deployments can be tagged as the production environment at any given time.

Figure 1 shows the Deployments dashboard for deno.land. Each deployment shows its unique deno.dev URL, as well as the git commit information that was used to create the deployment. The “Prod” label indicates the deployment that is currently running in production on deno.land.

Deployments dashboard in Deno Deploy
Figure 1. Deployments dashboard in Deno Deploy.

Routing Requests to Deployments

But how do users’ HTTP requests reach a running deployment in the Deno Deploy cloud?

Each deployment is exposed to the Internet via one or more public URLs. During DNS resolution, all of these URLs are mapped to Deno Deploy’s public IPv4 or IPv6 address. This ensures that all deployment traffic is routed to the Deploy servers.

Depending on where the user is in the world, sending all traffic to the same destination can be very inefficient. For example, if a user is located in Australia, but all of the Deploy servers are located on the East coast of the United States, each HTTP request, including all necessary TCP handshaking, would need to travel thousands of miles around the globe.

Because Deno Deploy is intended to run JavaScript at the edge, it is critical that requests are instead intelligently routed to the edge location nearest the user. Deploy leverages anycast routing to share the same IPv4 and IPv6 addresses among the 30+ edge locations around the world, shown in Figure 2.

Deno Deploy's 30+ edge locations around the world
Figure 2. Deno Deploy’s 30+ edge locations around the world.

Once an incoming request is routed to the appropriate edge location, it’s handed off to a runner process. As its name implies, a runner is responsible for running applications, including receiving traffic and routing it to the correct deployment.

Deploy maintains a mapping table between domain names and deployments to serve this purpose. Depending on the protocol in use, the HTTP/1.1 Host header or HTTP/2 :authority pseudo-header is used to determine the domain that the request is intended for. Then, the TLS Server Name Indication (SNI) is used to determine which TLS certificate to use for the connection. Finally, the runner checks the mapping table to determine the correct deployment to send the request to. (As an aside, Deploy HTTP traffic is redirected to HTTPS, so the SNI can be used reliably.)

The Runner as an Isolate Hypervisor

In a traditional cloud, the hypervisor is responsible for creating, running, monitoring, and destroying virtual machines. In Deploy, the runner acts as an isolate hypervisor, serving the same purpose, but working with processes running V8 isolates instead of virtual machines.

Before going any further, we need to understand what an isolate is. V8, the JavaScript engine that powers Deno, Google Chrome, and several other popular runtimes documents an isolate as:

Isolate represents an isolated instance of the V8 engine. V8 isolates have completely separate states. Objects from one isolate must not be used in other isolates.

This means that an isolate is a distinct execution context, including code, variables, and everything needed to run a JavaScript application.

To help understand this, imagine a browser window with multiple tabs. Each tab executes JavaScript for a single webpage, but the JavaScript code from each tab generally cannot interact with the code from other tabs. In this example, each browser tab executes JavaScript code in its own V8 isolate.

The Deno Deploy cloud takes a similar approach. Each deployment executes its own JavaScript code in its own V8 isolate in its own process. After an incoming request has been mapped to a deployment, the runner is responsible for passing the request off to the deployment process. If the requested deployment is not already running, the runner starts a new instance of the deployment first. In order to conserve resources, the runner also terminates deployments that have been running for a while without receiving traffic.

A high level architectural view of a runner process and deployment processes is shown in Figure 3.

Deploy runner and isolate pool architecture.
Figure 3. Deploy runner and isolate pool architecture..

Security Considerations

Allowing many arbitrary users to upload and execute untrusted code is an extremely difficult technical challenge to solve effectively. Layered security is generally considered to be a good practice, but in this case it is a necessity because there is no single security mechanism that solves the Deno Deploy use case.

This section discusses some of the ways in which Deploy improves its security posture.

Using a more restrictive Deno runtime. Deno takes security very seriously. The open source Deno CLI uses its built-in permission system to lock down what a JavaScript application can do. Deno Deploy takes things one step farther by using a custom build of Deno that is even more restrictive. For example, deployments can read their own static assets, but cannot write to the file system.

Relying on V8 sandboxing. V8 was designed to run untrusted JavaScript code in a hostile environment — the browser. While V8 isolates alone do not provide a perfect sandbox, they do a good enough job for many use cases. V8 is also a very high profile public project with corporate backing. This leads to constant auditing, fuzzing, and testing of the codebase to ensure that it is secure. Occasional security exploits are reported, which Google takes very seriously. The Deno team is committed to staying up to date with V8 releases, as well as following the V8 team’s recommendations for running untrusted code.

Running deployments in separate processes. V8 isolates are already… isolated… from one another. Deno Deploy goes a step further and enlists the operating system’s help to improve the isolation of each deployment.

Hypervisor monitoring of resource utilization. The runner continuously tracks the metrics of all running deployments. This is necessary for billing purposes, but also allows the runner to enforce resource utilization quotas. Deployments that consume too many resources are terminated to prevent service degradation.

Restricting network access. Cloud providers and the operating system allow network access to be customized and locked down. Deploy also employs separate networks for internal control plane traffic and end user data plane traffic.

Restricting allowed system calls. As an added layer of security, Deploy uses seccomp filtering to limit the system calls that user code is allowed to execute.

Using Rust as the implementation language. When it comes to Deploy, JavaScript is the language in the cloud, but Rust is the language of the cloud. Rust enforces memory safety, eliminating an entire class of bugs. Conveniently, Rust also provides performance on par with C/C++.

What’s Next?

Everyday, as we’re iterating and improving on Deno Deploy, more developers and businesses choose to run production-ready applications and infrastructure with us. We’re confident that our architectural decisions enable them to focus on building for their users, without having to worry about security or performance.

Check out Deno Deploy and let us know what you think!

Do you find these challenges interesting to solve? We’re hiring!