Joyent Joins Containers Debate
(Click image for larger view and slideshow.)
If OpenStack has issues, Joyent thinks it's got the answer: the Joyent SmartDataCenter 7, announced Tuesday to run as a complete, ready-to-go package.
Bryan Cantrill, CTO of the San Francisco infrastructure-as-a-service provider, says SmartDataCenter 7 will give enterprise cloud builders a system on which they can run both virtual machines and lightweight containers. Unlike OpenStack, it can be installed in an afternoon, he claims in an interview.
Joyent is a lesser-known public cloud among service providers, with an emphasis on high performance and big-data analytics. Gartner calls it a niche player and a distant possibility as a Microsoft or Amazon challenger. On the other hand, it occupies a niche of potentially growing importance by using as its core operating system an open source descendent of Sun Microsystems Solaris that it calls SmartOS. Like Solaris, SmartOS can spin up and run multiple containers under a single operating system on a cloud host -- hundreds of them at a time, he says.
[Want to learn more about Joyent's place in the cloud universe? See Amazon, Microsoft Star In Gartner Cloud Magic Quadrant.]
Joyent recently ran the predecessor to SmartDataCenter 7 on a two-way Xeon server with 96 GB of DRAM. It could host 400 Node.js applications. On a more powerful two-socket, quad-core Xeon server (that would power 32 virtual CPUs because each core is double-threaded) and 256 GB DRAM, it ran 800 containers 'and could run thousands,' he says. There is a maximum of 8,192 containers that can be assigned to a single host. Cantrill makes no claim that anyone has ever approached such a limit.
Running containers under one operating system is highly similar to running an application on a bare-metal server because of containerization's low overhead, while virtual machines are often described as having a 1% to 2% overhead, or more.
There's a debate over the role that Linux containers will play in the future of cloud computing, but Linux containers are generally viewed as less secure than Solaris containers. Even Docker, the leading purveyor of a common format for Linux containers, has warned of the possible breakout of malicious code from earlier versions of Docker containers, as it did in a blog post June 18.
The problem has been corrected in the current Docker 1.0, but no one is certain when the next exploit may be found. The viability of Linux container security is the subject of an ongoing debate.
As Cantrill explains it, unlike Solaris containers, Linux containers 'were not designed from the ground up as multi-tenant systems.' Linux containers were designed with maximum efficiency in mind, leaving the possibility of malicious code in one container being able snoop on server activity and interfere with neighboring containers.
SmartDataCenter 7 can also take virtualized workloads and run them under the KVM open source hypervisor. There's some loss of efficiency, since the virtual machine has to run its own operating system, rather than sharing the host's. But doing so is a further guarantee of the application's security, he says. In effect, the virtual machine itself is considered a safe, logically defined container. If renegade code escapes, it's contained inside the operating system zone surrounding the virtual machine.
An escapee from the virtual machine 'can't launch a process, can't access the file system, can't reach storage,' he says. Basically, malicious code that makes it past the virtual machine's logical barriers 'can't do anything' in its new surroundings.
Tuesday's release of SmartDataCenter 7 marks its launch as an on-premises system, one that Joyent hopes will be able to compete with Eucalyptus Systems, Cloudscaling, and OpenStack. He says, 'It's very opinionated software. We've made a whole bunch of decisions for you. 'Here is how we think of storage... Here is how to upgrade the system,'' which eases installation and operations.
Cantrill, a veteran of 12 years of Solaris engineering at Sun Microsystems and the author of Dynamic Tracing (DTrace), the performance analysis tool for Solaris and Linux, was recruited to Joyent three years ago to productize the Joyent cloud system.
SmartDataCenter 7 uses the ZFS file system for storage and operations. It allows easy-to-set-up replication, data compression, deduplication, and other data-management functions.
Private clouds are moving rapidly from concept to production. But some fears about expertise and integration still linger. Also in the Private Clouds Step Up issue of InformationWeek: The public cloud and the steam engine have more in common than you might think. (Free registration required.)
'I'm wedded to DTrace and ZFS,' both part of SmartDataCenter 7, he says. The computing world before they existed 'was insufferable, the Dark Ages, where everybody was dying of the plague.' SmartDataCenter 7 may mark the dawn of an age of greater system health and reliability, for those who want to turn to a niche player and give it a try.
Charles Babcock is an editor-at-large for InformationWeek, having joined the publication in 2003. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive Week. He is a graduate of Syracuse ... View Full Bio
Comments
Post a Comment