Presentation is loading. Please wait.

Presentation is loading. Please wait.

Virtualization Redefined: Embedded virtualization through CGE7 and Docker. Paul Farmer Technical Solutions Engineering Manager MontaVista Software

Published byAnis Reeves Modified over 8 years ago

Similar presentations

Presentation on theme: "Virtualization Redefined: Embedded virtualization through CGE7 and Docker. Paul Farmer Technical Solutions Engineering Manager MontaVista Software"— Presentation transcript:

1

2 Virtualization Redefined: Embedded virtualization through CGE7 and Docker. Paul Farmer Technical Solutions Engineering Manager MontaVista Software pfarmer@mvista.com

3 Setting the Stage Docker is a new leading container based technology that offers a more efficient and lightweight approach to application deployment. Using this technology together with CGE7 creates a powerful solution for key use-cases in the datacenter and networking in general. This presentation focuses on introducing Docker interoperation with CGE7.

4 Agenda Virtualization Technologies Performance Benchmarks Use Cases Docker Advantages CGE7 Advantages Summary Q&A

5 Virtualization Technologies

6 History of Virtualization Technologies Hypervisor on CP-40 and CP-67 from IBM chroot Virtualization with bare metal performance from MontaVista VMware workstation ESX server from VMware Virtual Server from Microsoft OpenVZ Solaris Containers LXC KVM CGE & Virtual Resource Manager from MontaVista Deterministic KVM from MontaVista Docker CGE7 from MontaVista 1960 1982 1995 1999 2001 2003 2004 2005 2007 2008 2009 2010 2013 2014 Xen & QEMU Hypervisor on UNIX from IBM Java

7 Complexity of Virtualization Technologies Complexity Time OS Emulation HW Emulation HW Simulation Application Protection (MMU) CPU Virtualization (VT-x) Device Virtualization (VT-d ) Containers

8 Virtualization Technologies Containers are lightweight: – share the host OS kernel – share the host OS root filesystem wherever appropriate

9 Virtualization Technologies Docker provides a unified access to – Linux container technology (cgroups, namespaces) – Various container implementations (lxc, libvirt, libcontainer, etc.) ‘libcontainer’ is Docker’s implementation of container technology

10 Virtualization Technologies Docker – Underlying Technology

11 Performance Benchmarks

12 I/O Performance

13 IBM Research Report July, 2014

14 Real-time Latency Cyclictest Intel Ivy bridge based 4 core with hyper-threading (8 logical cores) each running @ 2.2 GHz. 8 GB RAM

15 Math Performance IBM Research Report July, 2014

16 Random Access Performance IBM Research Report July, 2014

17 Security of Docker Containers

18 How secure are Docker containers? Intrinsic security of containers – Depends on kernel namespaces and cgroups feature – The code base has been around for more than 6 years Attack surface of the Docker daemon – currently Docker daemon requires root privileges, and you should therefore be careful – Solution: Two additional security improvements – Map the root user of a container to a non-root user of the Docker host, to mitigate the effects of a container-to-host privilege escalation; – Allow the Docker daemon to run without root privileges "Hardening" security features of the kernel – Linux Kernel Capabilities – Kernel with grsecurity and PaX – Linux Security Modules

19 Security in CGE7 Standards Conformance – CGL 5.0, STIG 2.0, USGv6, OSPP “Hardening” security features of the kernel – PaX, Linux capabilities, SELinux, etc. CVE - Common Vulnerabilities and Exposures Wide Deployment

20 Use Cases

21 Platform-as-a-Service (PaaS) Cloud

22 Containers-Based Multi-Tenancy in the Cloud

23 Bundling/Consolidating HW+SW Configurations in Network Servers Consolidate certain legacy applications all on the same platform Bundle HW plugin and SW plugin components with automatic configuration: – Launch Docker image automatically based on hot plugging of certain HW

24 Migration Between Legacy Virtualization and Containers Move applications dynamically to and from KVM Hypervisor-based applications to Docker-based application contained in either virtual machines or containers domains.

25 Cloud RAN

26 Docker Advantages

27 Portability across machines – A containers-based virtualization solution suitable for dynamic multi- node cloud deployments. – Live Migration capabilities. Security and Isolation of services and applications – Comply with legal or contractual obligations to isolate an application. – Prevent flawed applications from compromising the rest of the system. Limit resource usage – Get higher density and run more workloads. Application-centric, easy and fast removal and addition

28 Docker Advantages Copy-on-write mechanism – Every instance of your Docker image uses the same files until one of them needs to change a file. – Better utilization of system memory. – Higher density of containers for a given resource than other container implementations. Version control Container Repository Component reuse – Reducing the cycle time of development, testing and deployment – Easy to deploy PaaS-type solutions Active Community

29 Docker Security If you really have to give root, give looks-like-root If that’s not enough, give root but build another wall Don’t run regular applications as root – Remove SUID binaries, SUID bit, mount file system with nosuid – Limit available syscalls (seccomp-bpf = whitelist/blacklist syscalls) – SELinux (assign different security contexts to containers) System services do not all have to be run as root – whitelist/blacklist devices – Prevent unauthorized access control (AppArmor, SELinux)

30 CGE7 Advantages

31 Virtualization in CGE7 Virtualization in CGE7 offers the best combination of flexibility, performance and ease of application development 1. KVM Hypervisor Full virtualization with Paravirtualization options 2. Linux Containers Operating system resource virtualization (lxc, Docker) 3. Core Isolation

32 Multicore I/O Symmetry Intel Multiprocessor Specification Version 1.4

33 “Carrier Grade Docker” Advantages Combining Docker with an embedded, Carrier Grade distributions, such as CGE7, offers several advantages over plain desktop distributions: 100% native Linux with real-time performance features including hrtimers, core isolation and other enhancements Support for various virtualization technologies – You can choose the right virtualization technology for the right problem. Long term commercial support options with customizable models for different use-cases The same advantages can be extended to Cloud components like OpenStack – Full use-case support using a single baseline.

34 Multi-Architecture support for Docker True multi-architecture platform with support for ARM64 exists today in Embedded Baselines (like MV CGE7) – Enables Docker on all these architectures Best approach is align with community development – Linaro Networking Group (LNG) – GNU GCC (4.9+) with Go support (gccgo) Support on a single Carrier-Grade Baseline provides the best stability and deployability on the field

35 Summary

36 Which Virtualization Solution Do You Choose? Performance Requirements? Functionality and ease of use? How much legacy content do you want to preserve?

37 Questions?

38 Backup / rough slides

39 Performance Benchmarks Host v/s Docker v/s KVM Real-time Latency Network Performance Process related latency File-system Performance

40 1. Real-time Latency Cyclictest

41 2. Network Performance netperf

42 3. Process Creation lat_proc (lmbench)

43 4. Page Fault lat_pagefault (lmbench)

44 4. File-system Read Performance IOzone

45 4. File-system Write Performance IOzone

Download ppt "Virtualization Redefined: Embedded virtualization through CGE7 and Docker. Paul Farmer Technical Solutions Engineering Manager MontaVista Software"

Similar presentations

Virtualization Dr. Michael L. Collard

Virtualization Dr. Michael L. Collard
Virtual Machine Technology Dr. Gregor von Laszewski Dr. Lizhe Wang.

Virtual Machine Technology Dr. Gregor von Laszewski Dr. Lizhe Wang.
Virtualisation From the Bottom Up From storage to application.

Virtualisation From the Bottom Up From storage to application.
虛擬化技術 Virtualization Techniques

虛擬化技術 Virtualization Techniques
Profit from the cloud TM Parallels Dynamic Infrastructure AndOpenStack.

Profit from the cloud TM Parallels Dynamic Infrastructure AndOpenStack.
Introduction to Virtualization

Introduction to Virtualization
CS-3013 & CS-502, Summer 2006 Virtual Machine Systems1 CS-502 Operating Systems Slides excerpted from Silbershatz, Ch. 2.

CS-3013 & CS-502, Summer 2006 Virtual Machine Systems1 CS-502 Operating Systems Slides excerpted from Silbershatz, Ch. 2.
Network Implementation for Xen and KVM Class project for E6998-01: Network System Design and Implantation 12 Apr 2010 Kangkook Jee (kj2181)

Network Implementation for Xen and KVM Class project for E : Network System Design and Implantation 12 Apr 2010 Kangkook Jee (kj2181)
Virtualization and the Cloud

Virtualization and the Cloud
Virtual Machines. Virtualization Virtualization deals with “extending or replacing an existing interface so as to mimic the behavior of another system”

Virtual Machines. Virtualization Virtualization deals with “extending or replacing an existing interface so as to mimic the behavior of another system”
European Organization for Nuclear Research Virtualization Review and Discussion Omer Khalid 17 th June 2010.

European Organization for Nuclear Research Virtualization Review and Discussion Omer Khalid 17 th June 2010.
Virtualization B. Ramamurthy. References Practical Virtualization Solutions: Virtualization from the Trenches by K. Hess and A. Newman, Prentice-Hall.

Virtualization B. Ramamurthy. References Practical Virtualization Solutions: Virtualization from the Trenches by K. Hess and A. Newman, Prentice-Hall.
Virtualization for Cloud Computing

Virtualization for Cloud Computing
A Brief Introduction To Virtualization Technologies Yin Yunqiao 2007-08-31 HP.

A Brief Introduction To Virtualization Technologies Yin Yunqiao HP.
LINUX Virtualization Running other code under LINUX.

LINUX Virtualization Running other code under LINUX.
5205 – IT Service Delivery and Support

5205 – IT Service Delivery and Support
Tanenbaum 8.3 See references

Tanenbaum 8.3 See references
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Operating System Virtualization

Operating System Virtualization
Virtualization Virtualization is the creation of substitutes for real resources – abstraction of real resources Users/Applications are typically unaware.

Virtualization Virtualization is the creation of substitutes for real resources – abstraction of real resources Users/Applications are typically unaware.

Similar presentations

Ads by Google