SlideShare ist ein Scribd-Unternehmen logo

virtualization-vs-containerization-paas

rajdeep
rajdeep

This is the talk i gave at Future of Paas Workshop which is part of IC2E IEEE conference 2014 at Boston University on March 11 2014

Technologie
1 von 30
IEEEFutureofPaas2014 Virtualization vs Containerization to support PaaS RajdeepDua VMWare Email:rajdeepd@vmware.com AReddyRaja IIITHyderabad,India DharmeshKakadia IIITEmail:dharmesh.kakadia@research.iiit.ac.in
IEEEFutureofPaas2014 About Myself • Working on Distributed Systems / Server side platforms for more than 15 years • Some companies I worked for VMware Google Microsoft Amdocs • vSphere, OpenStack, Cloud Foundry, Google App Engine… • Twitter : @rajdeepdua
IEEEFutureofPaas2014 Agenda • Introduction • Definition : VMs and Containers • Paas Requirements • Understanding Containment Principles • Existing Container Implementation and Comparison • Choosing the right container for a Paas • Conclusion
IEEEFutureofPaas2014 Introduction • Platform as a Service has brought developer productivity to the forefront • Infrastructure as a Service is masked from a developer • Opportunity for more efficient use of resources • In this paper, we explore various container technologies and how they are used by Paas Implementation
IEEEFutureofPaas2014 Comparing VMs and Containers
IEEEFutureofPaas2014 Virtual Machine and Containers • Virtual Machine • Allow Multiple Guest OS to run together on a single machine. • Each Guest OS abstracts Compute, Storage and Network Components. • Hypervisor itself could run on bare-metal (ESXi) or be part of an OS (KVM). • Guest ISA is translated to Host ISA using multiple techniques like Hardware Virtualization or Binary Translation.
IEEEFutureofPaas2014 Virtual Machine and Containers Container • light weight containment system running • Runs instructions native to the core CPU : • Container shares the Kernel and Process scheduler with the Host OS • No Binary Translation or VM exits • Containers can be run either directly on the Host OS or in a Guest VM :
IEEEFutureofPaas2014 Virtual Machine and Containers Parameter Virtual Machines Containers Guest OS Each VM runs on a hypervisor and Kernel is loaded into in its own memory region All the guests share same OS and Kernel. Kernel image is loaded into the physical memory Networking Can be linked to virtual or Physical switches. Hypervisors have buffers for IO performance improvement, NIC bonding etc Leverages standard IPC mechanisms like Signals, pipes, sockets etc. Advanced features like NIC bonding etc still not available. Security Complete Isolation Isolation using techniques like namespaces
IEEEFutureofPaas2014 Virtual Machine and Containers Parameter Virtual Machines Containers Performance Suffer from a small overhead as the Machine instructions are translated from Guest to Host OS. Provide near native performance as compared to the underlying Host OS. Isolation Higher level of Isolation –Need special techniques for file sharing Subdirectories can be transparently mounted and can be shared Startup time VMs take a few minutes to boot up Containers can be booted up in a few seconds as compared to VMs Storage VMs take much more storage as the whole OS kernel and its associated programs have to installed and run Containers take lower amount of storage as the base OS is shared
IEEEFutureofPaas2014 Paas Requirements
IEEEFutureofPaas2014 Paas Requirements • Paas focusses on developer productivity and abstracts outs the underlying infrastructure • 3 Key requirements of Paas from Underlying Infrastructure are • [1] Provision and manage lifecycle of Networking, compute and storage programatically • [2] Provide Highly reliable infrastructure which can be efficicently used • [3] Ability to add applications/services and bind them to external routers/ dns servers
IEEEFutureofPaas2014 Paas Requirements : VM • VMs are very suitable for requirements [1] and [2] • Applications could be hosted either directly in VMs or on Containers inside VMs. • Containers are more efficient for [3] as they are light weight and allow better leverage of the hardware and resources
IEEEFutureofPaas2014 Container Overview • Containers leverage the underlying features in the Linux Kernel to implement Containment • chroot : Unix command which changes the root directory for the existing process and its child • Control Groups (cgroup) : • cgroup is a method to put processes into groups. • Implemented as pseudo filesystem. • Grouping can be done by a unit of thread. • Many functions are implemented as “subsystem” • e.g CPU Sets , Fake NUMA, Freezer, device
IEEEFutureofPaas2014 Container Overview : Kernel Namespaces • The purpose of each namespace is to wrap a particular global system resource in an abstraction • Makes it appear to the processes within the namespace that they have their own isolated instance of the global resource • Namespaces and cgroups are used in conjunction Pic reference : http://www.linuxfoundation.jp/jp_uploads/seminar20081119/CgroupMemcgMaster.pdf
IEEEFutureofPaas2014 Namespaces Implemented in Linux • Mount namespace : Isolate the set of file system mount points seen by a group of processes • PID namespace : Isolate the process ID number space. In other words, processes in different PID namespaces can have the same PID • UTS namespace : Isolate two system identifiers—node- name and domain-name • Network namespace : Each network namespace has its own network devices, IP addresses, IP routing tables, /proc/net directory, port numbers,
IEEEFutureofPaas2014 Containers Current State
IEEEFutureofPaas2014 Linux Containers • Linux Containers (LXC) are light weight kernel containment implementation • Use cgroups for resource allocation and namespaces for isolation • Key Characteristics of the Linux Containers are, • Resource Allocation Uses cgroups for CPU, Memory and Device allocation • Process and Network Isolation Using namespaces : PID and net • File System Isolation Each container gets a private file system by leveraging chroot
IEEEFutureofPaas2014 Linux Containers
IEEEFutureofPaas2014 Warden Container • Warden container provides a kernel independent containment implementation on top of LXC • Used by Cloud Foundry project to host applications. • Key attributes of Warden container : • Uses namespaces for isolation of Process Ids and Network namespaces • Uses cgroups concept from Linux to allocate resources • Each container is managed by a Warden Daemon
IEEEFutureofPaas2014 Docker • Docker is a daemon which provides ability to manage Linux containers as self contained images. • Utilizes LXC (Linux Containers) for the container implementation and adds image management and Union File System capability to it. • Key attribute of Docker Containers are • Resource Isolation - Same as LXC • Network and Process Isolation - Leverages LXC functionality • File System Isolation Leverages LXC functionality • Container Lifecycle - Managed using a daemon and command line tool • Container State - Docker allows ability to store and retrieve container state
IEEEFutureofPaas2014 Docker – Improving Security • High level Goals of Docker project to improve security (which are limitations of Linux Containers) • Map root user of the container to non-root user of docker • Make docker daemon run as a non root user
IEEEFutureofPaas2014 Google lmctfy • Google lmctfy provides a resource configuration API which simplifies container management as compared to LXC • Provides intent based configuration without the need to understand cgroups and removes the difficulties of unstable LXC APIs. • Improves the resource sharing and can support performance guarantees. • Key attribute of lmctfy Containers are Uses only cgroups and customer kernel patches for resource isolation • Resource Isolation - Resources isolation using cgroups. • Network Isolation - Plan to use net namespace in next version CL2 • File System Isolation - Plan to use mnt namespace in next version CL2 • Container Lifecycle - Plan to support freeze, chck- point/restore and disk import/export. • Monitoring - To be supported through higher level c APIs
IEEEFutureofPaas2014 Open VZ • OpenVZ uses a modified Linux Kernel with a set of extensions. • very similar conceptually, its functionality is not part of the core Linux Kernel • It additionally provides templates that help in pre- created Virtual environments. • Resource Management - Manages resource sharing using Bean Counters, Fair Share CPU Scheduler .. • Network Isolation - Uses net namespace File System Isolation - Provides isolation to Application Files, System Libraries etc • Container Lifecycle – managed using vzctl tool • Container State - Provides Check pointing feature for storing and recovering the last known state.
IEEEFutureofPaas2014 Container Comparison
IEEEFutureofPaas2014 Container Comparison Parameter LXC Warden Docker OpenVZ Process Iso- lation Uses pid names- pace Uses pid names- pace Uses pid names- pace Uses pid names- pace Resource Isolation Uses cgroups Uses cgroups Uses cgroups Uses cgroups Network Isolation Uses net names- pace Uses net names- pace Uses net names- pace Uses net names- pace Filesystem Isolation Using chroot Overlay File system using overlayfs Using chroot Using chroot Container Lifecycle Tools lxc-create, lxc-stop, lxc-start to create, start, stop a container Containers are managed by running com- mands on a warden client which talks to warden server Uses Docker daemon and a client to manage the containers uses vzctl to manage container lifecycle
IEEEFutureofPaas2014 Container usage in a Paas Example
IEEEFutureofPaas2014 Container adoption in a Open Source Paas : Cloud Foundry • Cloud Foundry uses Warden Container to isolate each application. • Multiple containers are run on a single VM for efficient Resource usage • Currently tested on on Ubuntu. Supports AWS, vSphere and OpenStack Clouds
IEEEFutureofPaas2014 Choosing the Right Container for your Paas • Choosing the right container for most of the PaaS implementations will be based on the following factors: • Ecosystem for prebuilt containers • Hardened layer for isolation of Process, Network, CPU and File system • Tools to manage lifecycle of a container • Ability to migrate containers between hosts • Support for multiple OS and kernels
IEEEFutureofPaas2014 Next Generation Paas Support • Some of the features listed below would help improve adoption of containers in PaaS platforms • Standardization : • Need for a standard container file format – similar to OVF • Security : • Containers need to be more secure both from the perspective of file system, network and memory isolation. • Most popular container implementations like LXC and Docker seem to be lacking in this regard. • OS Independence • Containers should have abstraction layer so that they are not tied to a particular Kernel or its user space. • Warden Container seems to be in the right direction in this regard, but we doubt it will get wide adoption beyond Cloud Foundry.
IEEEFutureofPaas2014 Conclusion • Containers have an inherent advantage over VMs for PAAS use case • Multiple flavors of container implementations available, all of them open source. • Common Linux containment principles like chroot, cgroups or namespaces are being used by all of them. • Containers have a bright future specially in the PaaS use case provided there is more standardization and abstraction from the underlying kernel and Host OS.

Empfohlen

Virtualization Vs. Containers
Virtualization Vs. ContainersVirtualization Vs. Containers
Virtualization Vs. Containersactualtechmedia
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker IntroductionMANAOUIL Karim
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to dockerInstruqt
 
Docker
DockerDocker
DockerSangtongPeesing
 
Docker vs VM | | Containerization or Virtualization - The Differences | DevOp...
Docker vs VM | | Containerization or Virtualization - The Differences | DevOp...Docker vs VM | | Containerization or Virtualization - The Differences | DevOp...
Docker vs VM | | Containerization or Virtualization - The Differences | DevOp...Edureka!
 
Introduction to Docker storage, volume and image
Introduction to Docker storage, volume and imageIntroduction to Docker storage, volume and image
Introduction to Docker storage, volume and imageejlp12
 
Introduction to Docker Compose
Introduction to Docker ComposeIntroduction to Docker Compose
Introduction to Docker ComposeAjeet Singh Raina
 
Introduction to virtualization
Introduction to virtualizationIntroduction to virtualization
Introduction to virtualizationAhmad Hafeezi
 

Empfohlen

Virtualization Vs. Containers
Virtualization Vs. ContainersVirtualization Vs. Containers
Virtualization Vs. Containersactualtechmedia
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker IntroductionMANAOUIL Karim
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to dockerInstruqt
 
Docker
DockerDocker
DockerSangtongPeesing
 
Docker vs VM | | Containerization or Virtualization - The Differences | DevOp...
Docker vs VM | | Containerization or Virtualization - The Differences | DevOp...Docker vs VM | | Containerization or Virtualization - The Differences | DevOp...
Docker vs VM | | Containerization or Virtualization - The Differences | DevOp...Edureka!
 
Introduction to Docker storage, volume and image
Introduction to Docker storage, volume and imageIntroduction to Docker storage, volume and image
Introduction to Docker storage, volume and imageejlp12
 
Introduction to Docker Compose
Introduction to Docker ComposeIntroduction to Docker Compose
Introduction to Docker ComposeAjeet Singh Raina
 
Introduction to virtualization
Introduction to virtualizationIntroduction to virtualization
Introduction to virtualizationAhmad Hafeezi
 
Intro to containerization
Intro to containerizationIntro to containerization
Intro to containerizationBalint Pato
 
Software Containerization
Software ContainerizationSoftware Containerization
Software ContainerizationRoshan Deniyage
 
Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker, Inc.
 
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...Simplilearn
 
Container orchestration overview
Container orchestration overviewContainer orchestration overview
Container orchestration overviewWyn B. Van Devanter
 
1. Docker Introduction.pdf
1. Docker Introduction.pdf1. Docker Introduction.pdf
1. Docker Introduction.pdfAmarGautam15
 
What is Virtualization
What is VirtualizationWhat is Virtualization
What is VirtualizationDhrupesh Kotadiya
 
Docker introduction
Docker introductionDocker introduction
Docker introductiondotCloud
 
Virtualization
VirtualizationVirtualization
VirtualizationKingston Smiler
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker IntroductionPeng Xiao
 
Lecture5 virtualization
Lecture5 virtualizationLecture5 virtualization
Lecture5 virtualizationhktripathy
 
Networking in Docker
Networking in DockerNetworking in Docker
Networking in DockerKnoldus Inc.
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes IntroductionPeng Xiao
 
Docker introduction
Docker introductionDocker introduction
Docker introductionPhuc Nguyen
 
Containers 101
Containers 101Containers 101
Containers 101Black Duck by Synopsys
 
Getting Started With Docker | Docker Tutorial | Docker Training | Edureka
Getting Started With Docker | Docker Tutorial | Docker Training | EdurekaGetting Started With Docker | Docker Tutorial | Docker Training | Edureka
Getting Started With Docker | Docker Tutorial | Docker Training | EdurekaEdureka!
 
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVM
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVMHypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVM
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVMvwchu
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to DockerLuong Vo
 
Dockers and kubernetes
Dockers and kubernetesDockers and kubernetes
Dockers and kubernetesDr Ganesh Iyer
 
Docker 101 : Introduction to Docker and Containers
Docker 101 : Introduction to Docker and ContainersDocker 101 : Introduction to Docker and Containers
Docker 101 : Introduction to Docker and ContainersYajushi Srivastava
 
Aura Framework Overview
Aura Framework OverviewAura Framework Overview
Aura Framework Overviewrajdeep
 
Docker 1.5
Docker 1.5Docker 1.5
Docker 1.5rajdeep
 

Weitere ähnliche Inhalte

Was ist angesagt?

Intro to containerization
Intro to containerizationIntro to containerization
Intro to containerizationBalint Pato
 
Software Containerization
Software ContainerizationSoftware Containerization
Software ContainerizationRoshan Deniyage
 
Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker, Inc.
 
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...Simplilearn
 
Container orchestration overview
Container orchestration overviewContainer orchestration overview
Container orchestration overviewWyn B. Van Devanter
 
1. Docker Introduction.pdf
1. Docker Introduction.pdf1. Docker Introduction.pdf
1. Docker Introduction.pdfAmarGautam15
 
Docker introduction
Docker introductionDocker introduction
Docker introductiondotCloud
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker IntroductionPeng Xiao
 
Lecture5 virtualization
Lecture5 virtualizationLecture5 virtualization
Lecture5 virtualizationhktripathy
 
Networking in Docker
Networking in DockerNetworking in Docker
Networking in DockerKnoldus Inc.
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes IntroductionPeng Xiao
 
Docker introduction
Docker introductionDocker introduction
Docker introductionPhuc Nguyen
 
Getting Started With Docker | Docker Tutorial | Docker Training | Edureka
Getting Started With Docker | Docker Tutorial | Docker Training | EdurekaGetting Started With Docker | Docker Tutorial | Docker Training | Edureka
Getting Started With Docker | Docker Tutorial | Docker Training | EdurekaEdureka!
 
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVM
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVMHypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVM
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVMvwchu
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to DockerLuong Vo
 
Dockers and kubernetes
Dockers and kubernetesDockers and kubernetes
Dockers and kubernetesDr Ganesh Iyer
 
Docker 101 : Introduction to Docker and Containers
Docker 101 : Introduction to Docker and ContainersDocker 101 : Introduction to Docker and Containers
Docker 101 : Introduction to Docker and ContainersYajushi Srivastava
 

Was ist angesagt? (20)

Intro to containerization
Intro to containerizationIntro to containerization
Intro to containerization
 
Software Containerization
Software ContainerizationSoftware Containerization
Software Containerization
 
Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker 101 - Nov 2016
Docker 101 - Nov 2016
 
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
 
Container orchestration overview
Container orchestration overviewContainer orchestration overview
Container orchestration overview
 
1. Docker Introduction.pdf
1. Docker Introduction.pdf1. Docker Introduction.pdf
1. Docker Introduction.pdf
 
What is Virtualization
What is VirtualizationWhat is Virtualization
What is Virtualization
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 
Virtualization
VirtualizationVirtualization
Virtualization
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
 
Lecture5 virtualization
Lecture5 virtualizationLecture5 virtualization
Lecture5 virtualization
 
Networking in Docker
Networking in DockerNetworking in Docker
Networking in Docker
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 
Containers 101
Containers 101Containers 101
Containers 101
 
Getting Started With Docker | Docker Tutorial | Docker Training | Edureka
Getting Started With Docker | Docker Tutorial | Docker Training | EdurekaGetting Started With Docker | Docker Tutorial | Docker Training | Edureka
Getting Started With Docker | Docker Tutorial | Docker Training | Edureka
 
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVM
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVMHypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVM
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVM
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
 
Dockers and kubernetes
Dockers and kubernetesDockers and kubernetes
Dockers and kubernetes
 
Docker 101 : Introduction to Docker and Containers
Docker 101 : Introduction to Docker and ContainersDocker 101 : Introduction to Docker and Containers
Docker 101 : Introduction to Docker and Containers
 

Andere mochten auch

Aura Framework Overview
Aura Framework OverviewAura Framework Overview
Aura Framework Overviewrajdeep
 
Docker 1.5
Docker 1.5Docker 1.5
Docker 1.5rajdeep
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetesrajdeep
 
Comparing IaaS :VMware vs OpenStack vs Google’s Ganeti
Comparing IaaS :VMware vs OpenStack vs Google’s GanetiComparing IaaS :VMware vs OpenStack vs Google’s Ganeti
Comparing IaaS :VMware vs OpenStack vs Google’s GanetiGARL
 
Docker Architecture (v1.3)
Docker Architecture (v1.3)Docker Architecture (v1.3)
Docker Architecture (v1.3)rajdeep
 
Docker Swarm Introduction
Docker Swarm IntroductionDocker Swarm Introduction
Docker Swarm Introductionrajdeep
 
server to cloud: converting a legacy platform to an open source paas
server to cloud: converting a legacy platform to an open source paasserver to cloud: converting a legacy platform to an open source paas
server to cloud: converting a legacy platform to an open source paasTodd Fritz
 
Real World Example of Orchestrating Docker, Node JS, NFV on OpenStack
Real World Example of Orchestrating Docker, Node JS, NFV on OpenStackReal World Example of Orchestrating Docker, Node JS, NFV on OpenStack
Real World Example of Orchestrating Docker, Node JS, NFV on OpenStackNati Shalom
 
A use case with cloud foundry deployment
A use case with cloud foundry deploymentA use case with cloud foundry deployment
A use case with cloud foundry deploymentKrishna-Kumar
 
Introduction to MidoNet
Introduction to MidoNetIntroduction to MidoNet
Introduction to MidoNetTaku Fukushima
 
Cloud Foundry Open Tour India 2012 , Keynote
Cloud Foundry Open Tour India 2012 , KeynoteCloud Foundry Open Tour India 2012 , Keynote
Cloud Foundry Open Tour India 2012 , Keynoterajdeep
 
Code Signing with CPK
Code Signing with CPKCode Signing with CPK
Code Signing with CPKZhi Guan
 
Openstack meetup-pune-aug22-overview
Openstack meetup-pune-aug22-overviewOpenstack meetup-pune-aug22-overview
Openstack meetup-pune-aug22-overviewrajdeep
 
RubyKaigi2014レポート
RubyKaigi2014レポートRubyKaigi2014レポート
RubyKaigi2014レポートgree_tech
 
Evoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationEvoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationImesh Gunaratne
 
Cloudfoundry Overview
Cloudfoundry OverviewCloudfoundry Overview
Cloudfoundry Overviewrajdeep
 

Andere mochten auch (20)

Aura Framework Overview
Aura Framework OverviewAura Framework Overview
Aura Framework Overview
 
Docker 1.5
Docker 1.5Docker 1.5
Docker 1.5
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
 
Comparing IaaS :VMware vs OpenStack vs Google’s Ganeti
Comparing IaaS :VMware vs OpenStack vs Google’s GanetiComparing IaaS :VMware vs OpenStack vs Google’s Ganeti
Comparing IaaS :VMware vs OpenStack vs Google’s Ganeti
 
Docker Architecture (v1.3)
Docker Architecture (v1.3)Docker Architecture (v1.3)
Docker Architecture (v1.3)
 
Docker Swarm Introduction
Docker Swarm IntroductionDocker Swarm Introduction
Docker Swarm Introduction
 
server to cloud: converting a legacy platform to an open source paas
server to cloud: converting a legacy platform to an open source paasserver to cloud: converting a legacy platform to an open source paas
server to cloud: converting a legacy platform to an open source paas
 
Real World Example of Orchestrating Docker, Node JS, NFV on OpenStack
Real World Example of Orchestrating Docker, Node JS, NFV on OpenStackReal World Example of Orchestrating Docker, Node JS, NFV on OpenStack
Real World Example of Orchestrating Docker, Node JS, NFV on OpenStack
 
A use case with cloud foundry deployment
A use case with cloud foundry deploymentA use case with cloud foundry deployment
A use case with cloud foundry deployment
 
Introduction to MidoNet
Introduction to MidoNetIntroduction to MidoNet
Introduction to MidoNet
 
Cloud Foundry Open Tour India 2012 , Keynote
Cloud Foundry Open Tour India 2012 , KeynoteCloud Foundry Open Tour India 2012 , Keynote
Cloud Foundry Open Tour India 2012 , Keynote
 
MidoNet deep dive
MidoNet deep diveMidoNet deep dive
MidoNet deep dive
 
Code Signing with CPK
Code Signing with CPKCode Signing with CPK
Code Signing with CPK
 
Openstack meetup-pune-aug22-overview
Openstack meetup-pune-aug22-overviewOpenstack meetup-pune-aug22-overview
Openstack meetup-pune-aug22-overview
 
Gunosy.go #4 go
Gunosy.go #4 goGunosy.go #4 go
Gunosy.go #4 go
 
RubyKaigi2014レポート
RubyKaigi2014レポートRubyKaigi2014レポート
RubyKaigi2014レポート
 
Evoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationEvoluation of Linux Container Virtualization
Evoluation of Linux Container Virtualization
 
Om
OmOm
Om
 
Cloudfoundry Overview
Cloudfoundry OverviewCloudfoundry Overview
Cloudfoundry Overview
 
rtnetlink
rtnetlinkrtnetlink
rtnetlink
 

Ähnlich wie virtualization-vs-containerization-paas

Docker and kubernetes
Docker and kubernetesDocker and kubernetes
Docker and kubernetesDongwon Kim
 
An Updated Performance Comparison of Virtual Machines and Linux Containers
An Updated Performance Comparison of Virtual Machines and Linux ContainersAn Updated Performance Comparison of Virtual Machines and Linux Containers
An Updated Performance Comparison of Virtual Machines and Linux ContainersKento Aoyama
 
Containers in depth – Understanding how containers work to better work with c...
Containers in depth – Understanding how containers work to better work with c...Containers in depth – Understanding how containers work to better work with c...
Containers in depth – Understanding how containers work to better work with c...All Things Open
 
Open shift and docker - october,2014
Open shift and docker - october,2014Open shift and docker - october,2014
Open shift and docker - october,2014Hojoong Kim
 
Docker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup SlidesDocker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup SlidesDocker, Inc.
 
컨테이너 기술 소개 - Warden, Garden, Docker
컨테이너 기술 소개 - Warden, Garden, Docker컨테이너 기술 소개 - Warden, Garden, Docker
컨테이너 기술 소개 - Warden, Garden, Dockerseungdon Choi
 
State of the Container Ecosystem
State of the Container EcosystemState of the Container Ecosystem
State of the Container EcosystemVinay Rao
 
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...Cynthia Thomas
 
The ABC of Docker: The Absolute Best Compendium of Docker
The ABC of Docker: The Absolute Best Compendium of DockerThe ABC of Docker: The Absolute Best Compendium of Docker
The ABC of Docker: The Absolute Best Compendium of DockerAniekan Akpaffiong
 
Best Practices for Running Kafka on Docker Containers
Best Practices for Running Kafka on Docker ContainersBest Practices for Running Kafka on Docker Containers
Best Practices for Running Kafka on Docker ContainersBlueData, Inc.
 
Docker - Ankara JUG, Nisan 2015
Docker - Ankara JUG, Nisan 2015Docker - Ankara JUG, Nisan 2015
Docker - Ankara JUG, Nisan 2015Mustafa AKIN
 
AWS re:Invent 2016: Netflix: Container Scheduling, Execution, and Integration...
AWS re:Invent 2016: Netflix: Container Scheduling, Execution, and Integration...AWS re:Invent 2016: Netflix: Container Scheduling, Execution, and Integration...
AWS re:Invent 2016: Netflix: Container Scheduling, Execution, and Integration...Amazon Web Services
 
Kubernetes presentation
Kubernetes presentationKubernetes presentation
Kubernetes presentationGauranG Bajpai
 
Sanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticiansSanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticiansPeter Clapham
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to KubernetesVishal Biyani
 
Latest (storage IO) patterns for cloud-native applications
Latest (storage IO) patterns for cloud-native applications Latest (storage IO) patterns for cloud-native applications
Latest (storage IO) patterns for cloud-native applications OpenEBS
 
Intro to Docker October 2013
Intro to Docker October 2013Intro to Docker October 2013
Intro to Docker October 2013Docker, Inc.
 
Docker for the enterprise
Docker for the enterpriseDocker for the enterprise
Docker for the enterpriseBert Poller
 
Rami Sayar - Node microservices with Docker
Rami Sayar - Node microservices with DockerRami Sayar - Node microservices with Docker
Rami Sayar - Node microservices with DockerWeb à Québec
 

Ähnlich wie virtualization-vs-containerization-paas (20)

Docker and kubernetes
Docker and kubernetesDocker and kubernetes
Docker and kubernetes
 
An Updated Performance Comparison of Virtual Machines and Linux Containers
An Updated Performance Comparison of Virtual Machines and Linux ContainersAn Updated Performance Comparison of Virtual Machines and Linux Containers
An Updated Performance Comparison of Virtual Machines and Linux Containers
 
Containers in depth – Understanding how containers work to better work with c...
Containers in depth – Understanding how containers work to better work with c...Containers in depth – Understanding how containers work to better work with c...
Containers in depth – Understanding how containers work to better work with c...
 
Open shift and docker - october,2014
Open shift and docker - october,2014Open shift and docker - october,2014
Open shift and docker - october,2014
 
Docker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup SlidesDocker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup Slides
 
컨테이너 기술 소개 - Warden, Garden, Docker
컨테이너 기술 소개 - Warden, Garden, Docker컨테이너 기술 소개 - Warden, Garden, Docker
컨테이너 기술 소개 - Warden, Garden, Docker
 
State of the Container Ecosystem
State of the Container EcosystemState of the Container Ecosystem
State of the Container Ecosystem
 
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
 
The ABC of Docker: The Absolute Best Compendium of Docker
The ABC of Docker: The Absolute Best Compendium of DockerThe ABC of Docker: The Absolute Best Compendium of Docker
The ABC of Docker: The Absolute Best Compendium of Docker
 
Best Practices for Running Kafka on Docker Containers
Best Practices for Running Kafka on Docker ContainersBest Practices for Running Kafka on Docker Containers
Best Practices for Running Kafka on Docker Containers
 
Docker - Ankara JUG, Nisan 2015
Docker - Ankara JUG, Nisan 2015Docker - Ankara JUG, Nisan 2015
Docker - Ankara JUG, Nisan 2015
 
AWS re:Invent 2016: Netflix: Container Scheduling, Execution, and Integration...
AWS re:Invent 2016: Netflix: Container Scheduling, Execution, and Integration...AWS re:Invent 2016: Netflix: Container Scheduling, Execution, and Integration...
AWS re:Invent 2016: Netflix: Container Scheduling, Execution, and Integration...
 
Kubernetes presentation
Kubernetes presentationKubernetes presentation
Kubernetes presentation
 
Sanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticiansSanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticians
 
Flexible compute
Flexible computeFlexible compute
Flexible compute
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
 
Latest (storage IO) patterns for cloud-native applications
Latest (storage IO) patterns for cloud-native applications Latest (storage IO) patterns for cloud-native applications
Latest (storage IO) patterns for cloud-native applications
 
Intro to Docker October 2013
Intro to Docker October 2013Intro to Docker October 2013
Intro to Docker October 2013
 
Docker for the enterprise
Docker for the enterpriseDocker for the enterprise
Docker for the enterprise
 
Rami Sayar - Node microservices with Docker
Rami Sayar - Node microservices with DockerRami Sayar - Node microservices with Docker
Rami Sayar - Node microservices with Docker
 

Mehr von rajdeep

Openstack Overview
Openstack OverviewOpenstack Overview
Openstack Overviewrajdeep
 
VMware Hybrid Cloud Service - Overview
VMware Hybrid Cloud Service - OverviewVMware Hybrid Cloud Service - Overview
VMware Hybrid Cloud Service - Overviewrajdeep
 
OpenvSwitch Deep Dive
OpenvSwitch Deep DiveOpenvSwitch Deep Dive
OpenvSwitch Deep Diverajdeep
 
Deploy Cloud Foundry using bosh_bootstrap
Deploy Cloud Foundry using bosh_bootstrapDeploy Cloud Foundry using bosh_bootstrap
Deploy Cloud Foundry using bosh_bootstraprajdeep
 
Managing Activity Backstack
Managing Activity BackstackManaging Activity Backstack
Managing Activity Backstackrajdeep
 
Cloud Foundry Architecture and Overview
Cloud Foundry Architecture and OverviewCloud Foundry Architecture and Overview
Cloud Foundry Architecture and Overviewrajdeep
 
Play Support in Cloud Foundry
Play Support in Cloud FoundryPlay Support in Cloud Foundry
Play Support in Cloud Foundryrajdeep
 
Google cloud platform
Google cloud platformGoogle cloud platform
Google cloud platformrajdeep
 
Introduction to Google App Engine
Introduction to Google App EngineIntroduction to Google App Engine
Introduction to Google App Enginerajdeep
 

Mehr von rajdeep (9)

Openstack Overview
Openstack OverviewOpenstack Overview
Openstack Overview
 
VMware Hybrid Cloud Service - Overview
VMware Hybrid Cloud Service - OverviewVMware Hybrid Cloud Service - Overview
VMware Hybrid Cloud Service - Overview
 
OpenvSwitch Deep Dive
OpenvSwitch Deep DiveOpenvSwitch Deep Dive
OpenvSwitch Deep Dive
 
Deploy Cloud Foundry using bosh_bootstrap
Deploy Cloud Foundry using bosh_bootstrapDeploy Cloud Foundry using bosh_bootstrap
Deploy Cloud Foundry using bosh_bootstrap
 
Managing Activity Backstack
Managing Activity BackstackManaging Activity Backstack
Managing Activity Backstack
 
Cloud Foundry Architecture and Overview
Cloud Foundry Architecture and OverviewCloud Foundry Architecture and Overview
Cloud Foundry Architecture and Overview
 
Play Support in Cloud Foundry
Play Support in Cloud FoundryPlay Support in Cloud Foundry
Play Support in Cloud Foundry
 
Google cloud platform
Google cloud platformGoogle cloud platform
Google cloud platform
 
Introduction to Google App Engine
Introduction to Google App EngineIntroduction to Google App Engine
Introduction to Google App Engine
 

Kürzlich hochgeladen

So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 

Kürzlich hochgeladen (20)

So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 

virtualization-vs-containerization-paas

  • 1. IEEEFutureofPaas2014 Virtualization vs Containerization to support PaaS RajdeepDua VMWare Email:rajdeepd@vmware.com AReddyRaja IIITHyderabad,India DharmeshKakadia IIITEmail:dharmesh.kakadia@research.iiit.ac.in
  • 2. IEEEFutureofPaas2014 About Myself • Working on Distributed Systems / Server side platforms for more than 15 years • Some companies I worked for VMware Google Microsoft Amdocs • vSphere, OpenStack, Cloud Foundry, Google App Engine… • Twitter : @rajdeepdua
  • 3. IEEEFutureofPaas2014 Agenda • Introduction • Definition : VMs and Containers • Paas Requirements • Understanding Containment Principles • Existing Container Implementation and Comparison • Choosing the right container for a Paas • Conclusion
  • 4. IEEEFutureofPaas2014 Introduction • Platform as a Service has brought developer productivity to the forefront • Infrastructure as a Service is masked from a developer • Opportunity for more efficient use of resources • In this paper, we explore various container technologies and how they are used by Paas Implementation
  • 6. IEEEFutureofPaas2014 Virtual Machine and Containers • Virtual Machine • Allow Multiple Guest OS to run together on a single machine. • Each Guest OS abstracts Compute, Storage and Network Components. • Hypervisor itself could run on bare-metal (ESXi) or be part of an OS (KVM). • Guest ISA is translated to Host ISA using multiple techniques like Hardware Virtualization or Binary Translation.
  • 7. IEEEFutureofPaas2014 Virtual Machine and Containers Container • light weight containment system running • Runs instructions native to the core CPU : • Container shares the Kernel and Process scheduler with the Host OS • No Binary Translation or VM exits • Containers can be run either directly on the Host OS or in a Guest VM :
  • 8. IEEEFutureofPaas2014 Virtual Machine and Containers Parameter Virtual Machines Containers Guest OS Each VM runs on a hypervisor and Kernel is loaded into in its own memory region All the guests share same OS and Kernel. Kernel image is loaded into the physical memory Networking Can be linked to virtual or Physical switches. Hypervisors have buffers for IO performance improvement, NIC bonding etc Leverages standard IPC mechanisms like Signals, pipes, sockets etc. Advanced features like NIC bonding etc still not available. Security Complete Isolation Isolation using techniques like namespaces
  • 9. IEEEFutureofPaas2014 Virtual Machine and Containers Parameter Virtual Machines Containers Performance Suffer from a small overhead as the Machine instructions are translated from Guest to Host OS. Provide near native performance as compared to the underlying Host OS. Isolation Higher level of Isolation –Need special techniques for file sharing Subdirectories can be transparently mounted and can be shared Startup time VMs take a few minutes to boot up Containers can be booted up in a few seconds as compared to VMs Storage VMs take much more storage as the whole OS kernel and its associated programs have to installed and run Containers take lower amount of storage as the base OS is shared
  • 11. IEEEFutureofPaas2014 Paas Requirements • Paas focusses on developer productivity and abstracts outs the underlying infrastructure • 3 Key requirements of Paas from Underlying Infrastructure are • [1] Provision and manage lifecycle of Networking, compute and storage programatically • [2] Provide Highly reliable infrastructure which can be efficicently used • [3] Ability to add applications/services and bind them to external routers/ dns servers
  • 12. IEEEFutureofPaas2014 Paas Requirements : VM • VMs are very suitable for requirements [1] and [2] • Applications could be hosted either directly in VMs or on Containers inside VMs. • Containers are more efficient for [3] as they are light weight and allow better leverage of the hardware and resources
  • 13. IEEEFutureofPaas2014 Container Overview • Containers leverage the underlying features in the Linux Kernel to implement Containment • chroot : Unix command which changes the root directory for the existing process and its child • Control Groups (cgroup) : • cgroup is a method to put processes into groups. • Implemented as pseudo filesystem. • Grouping can be done by a unit of thread. • Many functions are implemented as “subsystem” • e.g CPU Sets , Fake NUMA, Freezer, device
  • 14. IEEEFutureofPaas2014 Container Overview : Kernel Namespaces • The purpose of each namespace is to wrap a particular global system resource in an abstraction • Makes it appear to the processes within the namespace that they have their own isolated instance of the global resource • Namespaces and cgroups are used in conjunction Pic reference : http://www.linuxfoundation.jp/jp_uploads/seminar20081119/CgroupMemcgMaster.pdf
  • 15. IEEEFutureofPaas2014 Namespaces Implemented in Linux • Mount namespace : Isolate the set of file system mount points seen by a group of processes • PID namespace : Isolate the process ID number space. In other words, processes in different PID namespaces can have the same PID • UTS namespace : Isolate two system identifiers—node- name and domain-name • Network namespace : Each network namespace has its own network devices, IP addresses, IP routing tables, /proc/net directory, port numbers,
  • 17. IEEEFutureofPaas2014 Linux Containers • Linux Containers (LXC) are light weight kernel containment implementation • Use cgroups for resource allocation and namespaces for isolation • Key Characteristics of the Linux Containers are, • Resource Allocation Uses cgroups for CPU, Memory and Device allocation • Process and Network Isolation Using namespaces : PID and net • File System Isolation Each container gets a private file system by leveraging chroot
  • 19. IEEEFutureofPaas2014 Warden Container • Warden container provides a kernel independent containment implementation on top of LXC • Used by Cloud Foundry project to host applications. • Key attributes of Warden container : • Uses namespaces for isolation of Process Ids and Network namespaces • Uses cgroups concept from Linux to allocate resources • Each container is managed by a Warden Daemon
  • 20. IEEEFutureofPaas2014 Docker • Docker is a daemon which provides ability to manage Linux containers as self contained images. • Utilizes LXC (Linux Containers) for the container implementation and adds image management and Union File System capability to it. • Key attribute of Docker Containers are • Resource Isolation - Same as LXC • Network and Process Isolation - Leverages LXC functionality • File System Isolation Leverages LXC functionality • Container Lifecycle - Managed using a daemon and command line tool • Container State - Docker allows ability to store and retrieve container state
  • 21. IEEEFutureofPaas2014 Docker – Improving Security • High level Goals of Docker project to improve security (which are limitations of Linux Containers) • Map root user of the container to non-root user of docker • Make docker daemon run as a non root user
  • 22. IEEEFutureofPaas2014 Google lmctfy • Google lmctfy provides a resource configuration API which simplifies container management as compared to LXC • Provides intent based configuration without the need to understand cgroups and removes the difficulties of unstable LXC APIs. • Improves the resource sharing and can support performance guarantees. • Key attribute of lmctfy Containers are Uses only cgroups and customer kernel patches for resource isolation • Resource Isolation - Resources isolation using cgroups. • Network Isolation - Plan to use net namespace in next version CL2 • File System Isolation - Plan to use mnt namespace in next version CL2 • Container Lifecycle - Plan to support freeze, chck- point/restore and disk import/export. • Monitoring - To be supported through higher level c APIs
  • 23. IEEEFutureofPaas2014 Open VZ • OpenVZ uses a modified Linux Kernel with a set of extensions. • very similar conceptually, its functionality is not part of the core Linux Kernel • It additionally provides templates that help in pre- created Virtual environments. • Resource Management - Manages resource sharing using Bean Counters, Fair Share CPU Scheduler .. • Network Isolation - Uses net namespace File System Isolation - Provides isolation to Application Files, System Libraries etc • Container Lifecycle – managed using vzctl tool • Container State - Provides Check pointing feature for storing and recovering the last known state.
  • 25. IEEEFutureofPaas2014 Container Comparison Parameter LXC Warden Docker OpenVZ Process Iso- lation Uses pid names- pace Uses pid names- pace Uses pid names- pace Uses pid names- pace Resource Isolation Uses cgroups Uses cgroups Uses cgroups Uses cgroups Network Isolation Uses net names- pace Uses net names- pace Uses net names- pace Uses net names- pace Filesystem Isolation Using chroot Overlay File system using overlayfs Using chroot Using chroot Container Lifecycle Tools lxc-create, lxc-stop, lxc-start to create, start, stop a container Containers are managed by running com- mands on a warden client which talks to warden server Uses Docker daemon and a client to manage the containers uses vzctl to manage container lifecycle
  • 27. IEEEFutureofPaas2014 Container adoption in a Open Source Paas : Cloud Foundry • Cloud Foundry uses Warden Container to isolate each application. • Multiple containers are run on a single VM for efficient Resource usage • Currently tested on on Ubuntu. Supports AWS, vSphere and OpenStack Clouds
  • 28. IEEEFutureofPaas2014 Choosing the Right Container for your Paas • Choosing the right container for most of the PaaS implementations will be based on the following factors: • Ecosystem for prebuilt containers • Hardened layer for isolation of Process, Network, CPU and File system • Tools to manage lifecycle of a container • Ability to migrate containers between hosts • Support for multiple OS and kernels
  • 29. IEEEFutureofPaas2014 Next Generation Paas Support • Some of the features listed below would help improve adoption of containers in PaaS platforms • Standardization : • Need for a standard container file format – similar to OVF • Security : • Containers need to be more secure both from the perspective of file system, network and memory isolation. • Most popular container implementations like LXC and Docker seem to be lacking in this regard. • OS Independence • Containers should have abstraction layer so that they are not tied to a particular Kernel or its user space. • Warden Container seems to be in the right direction in this regard, but we doubt it will get wide adoption beyond Cloud Foundry.
  • 30. IEEEFutureofPaas2014 Conclusion • Containers have an inherent advantage over VMs for PAAS use case • Multiple flavors of container implementations available, all of them open source. • Common Linux containment principles like chroot, cgroups or namespaces are being used by all of them. • Containers have a bright future specially in the PaaS use case provided there is more standardization and abstraction from the underlying kernel and Host OS.