These slides accompanied a live install of Triton Elastic Container Infrastructure as described in the following blog post:
https://www.joyent.com/blog/spin-up-a-docker-dev-test-environment-in-60-minutes-or-less
Presentation abstract:
Hardware hypervisors were a first generation approach to the challenges of resource and security isolation, but they’re unnecessarily shackling operations and developers with limitations that are no longer relevant to containerized deployments.
We need bare metal performance, but how can we get the security isolation and elasticity that we need without VMs? Container -- truly secure, bare metal containers -- offer an alternative that improve performance while reducing costs (and CO2 emissions too!).
What are they, how do they work, and how does containerization affect my apps??
These slides were presented at:
http://www.meetup.com/austin-devops/events/223284754/
http://www.meetup.com/PhillyDevOps/events/223197735/
http://www.meetup.com/DevOpsandAutomationNJ/events/223432942/
6. Our data center or yours
Joyent Public Cloud
Joyent Container Service. We run our
customer’s mission critical applications on
container native infrastructure.
Private DataCenter
SmartDataCenter is an on-premise, container
run-time environment used by some of the
world’s most recognizable companies.
7. Our data center or yours
Joyent Public Cloud
Joyent Container Service. We run our
customer’s mission critical applications on
container native infrastructure.
Private DataCenter
SmartDataCenter is an on-premise, container
run-time environment used by some of the
world’s most recognizable companies.
…and open source too!
Fork me, pull me: https://github.com/joyent/sdc
8. Node.js enterprise support
Best
Practices
Performance
Analysis
Core File
Analysis
Debugging
Support
Critical
Incident
Support
⚠
As the corporate steward of Node.js and
one of the largest-scale production users,
Joyent is uniquely equipped to deliver the
highest level of enterprise support for this
dynamic runtime.
9. The best place to run Docker
Portability
From laptop to any
public or private cloud
Great for DevOps
Tools for management,
deployment & scale
Productivity
Faster code, test
and deploy
12. Our data center or yours
Joyent Public Cloud
Joyent Container Service. We run our
customer’s mission critical applications on
container native infrastructure.
Private DataCenter
SmartDataCenter is an on-premise, container
run-time environment used by some of the
world’s most recognizable companies.
25. Linux + SmartOS
Linux SmartOS
Binary
footprint
• Huge community of apps
• Many apps are Linux-first or only
• Problems are easy to Google
• Most of the same apps
• Some apps have quirks
• Problems are not easy to Google
Container
optimization
• Known vulnerabilities
• Poor filesystem
• Limited networking support
• Not built for containers
• Nearly ten years in production
without incident
• Container-optimized filesystem: ZFS
• Really sweet networking: Crossbow
• Built for containers
32. Container-native infrastructure
1. Unit of compute = container
Instead of hardware virtualized machines (HVMs).
2. Containers run on bare metal
No HVM in the middle. No performance tax. Containers run at bare metal speeds.
3. Containers are fully isolated and secure
Tested and trusted security isolation between containers.
4. Containers are first class citizens on the network
No dependance upon a HVM host’s network. Containers have their own IP stack.
5. Simplified orchestration of containers
Eliminate proliferation and management of hosts.
6. Container CPU and memory resources are actively managed
Infrastructure containers assure fair share of resources.
7. Pay only for containers used (per minute)
No charges for container hosts or clusters in the public cloud. Higher utilization in your datacenter.
34. SmartDataCenter 7
foundation infrastructure
KVM in container
Linux, Windows, FreeBSD, etc
CloudAPI
Instance management
Infrastructure containers
SmartOS on bare metal
SmartOS container hypervisor
Fast and secure container runtime
SmartDataCenter infrastructure
Hyper-converrged data center automation
for compute, network, and storage
Application composition and orchestration
Chef, Puppet, Ansible, others
35. Triton
Elastic Container Infrastructure
KVM in a container
Hardware virtual machines
Windows, FreeBSD, others
CloudAPI
Instance management
SmartOS container hypervisor
Fast and secure container runtime
Infrastructure containers
Persistent, full machine capability
Ubuntu, CentOS, Debian, SmartOS
Docker containers
Any Linux or SmartOS image
Docker API
Docker API
and imaging tools
Triton VXLAN
User-defined (SDN) networks
Triton infrastructure
Hyper-converrged data center automation for compute, network, and storage
Tritondevopsportal
RBACvisibilityandcontroloverallallcustomerassetsandusers,
introspectionanddebuggingofcontainerapplications
Application composition and orchestration
Docker toolchain, Chef, Puppet, Ansible, others
36. X is to Y as…
VMware Joyent
Virtualization type Hardware OS
Hypervisor ESXi SmartOS
Whole package vSphere Triton
Containers run… Inside hardware VMs On bare metal
37. X is to Y as…
OpenStack Joyent
Virtualization type Varies OS
Hypervisor Varies SmartOS
Whole package Varies Triton
Containers run… Varies On bare metal
38. X is to Y as…
OpenStack Purpose Triton public API/service Triton private API/service
Nova VM provisioning CloudAPI machines, sdc-docker vmapi+papi+cnapi
Magnum Container service CloudAPI machines, sdc-docker vmapi+papi+cnapi
Neutron Network
CloudAPI networks,
NICs, firewall, VXLAN
napi+fwapi
Glance Image repo CloudAPI image, Docker imgapi
Keystone Identity RBAC, CloudAPI roles & users ufds+sapi
Cinder Block storage ZFS-managed local storage ZFS-managed local storage
Heat composition Docker Compose, sdc-heat, others workflow
42. SmartDataCenter 6.5
• Two monolithic Ruby pieces:
• Machine API
• Customer API
• Some edge pieces in Node.js
43. SmartDataCenter 7
Booter
AMQP
broker
Public
API
Customer
portal
ZFS-based multi-tenant filesystem
VirtualNIC
VirtualNIC
Virtual
SmartOS
(OS virt.)
...
VirtualNIC
VirtualNIC
Linux
Guest
(HW virt.)
...
VirtualNIC
VirtualNIC
Windows
Guest
(HW virt.)
...
VirtualNIC
VirtualNIC
Virtual OS
or Machine
...
SmartOS kernel
(network booted)
SmartOS kernel
(flash booted)
Provisioner
Instrumenter
Heartbeater
DHCP/TFTP
AMQP
AMQP agents
Public HTTP
Head-node
Compute node
Tens/hundreds per
head-node
. . .
SDC 7 core services
BinderDNS
Operator
portal
. . .
Firewall
44. SmartDataCenter 7 core services
Analytics
aggregator
Key/Value
Service
(Moray)
Firewall
API
(FWAPI)
Virtual
Machine
API
(VMAPI)
Directory
Service
(UFDS)
Designation
API
(DAPI)
Workflow
API
Network
API
(NAPI)
Compute-
Node API
(CNAPI)
Image
API
Alerts &
Monitoring
(Amon)
Packaging
API
(PAPI)
Service
API
(SAPI)
DHCP/
TFTP
AMQP
DNS
Booter
AMQP
broker
Binder
Public
API
Customer
portal
Public HTTP
Operator
portal
Operator
Services Manta
Other DCs
Note: Service
interdependencies not
shown for readability
Head-node
Other core services
may be provisioned on
compute nodes
SDC7 Core Services
45. Triton
Elastic Container Infrastructure
KVM in a container
Hardware virtual machines
Windows, FreeBSD, others
CloudAPI
Instance management
SmartOS container hypervisor
Fast and secure container runtime
Infrastructure containers
Persistent, full machine capability
Ubuntu, CentOS, Debian, SmartOS
Docker containers
Any Linux or SmartOS image
Docker API
Docker API
and imaging tools
Triton VXLAN
User-defined (SDN) networks
Triton infrastructure
Hyper-converrged data center automation for compute, network, and storage
Tritondevopsportal
RBACvisibilityandcontroloverallallcustomerassetsandusers,
introspectionanddebuggingofcontainerapplications
Application composition and orchestration
Docker toolchain, Chef, Puppet, Ansible, others
49. Remember Joyent for…
• Proven container security
Run containers securely on bare metal in multi-tenant environments
• Bare metal container performance
Eliminate the hardware hypervisor tax
• Simplified container networking
Each container has its own IP(s) in a user-defined network (SDN)
• Simplified host management
Eliminates Docker host proliferation
• Hybrid: your data center or ours
Private cloud, public cloud, hybrid cloud, and open source