Embed Size (px)
Citation preview
Tweet questions to @misterbisson
Powering modern applicationsYour favorite code
Container-native infrastructure
Your favorite platforms
Our data center or yoursJoyent Public Cloud Joyent Container Service. We run our customer’s mission critical applications on container native infrastructure.
Private DataCenter SmartDataCenter is an on-premise, container run-time environment used by some of the world’s most recognizable companies.
Our data center or yoursJoyent Public Cloud Joyent Container Service. We run our customer’s mission critical applications on container native infrastructure.
Private DataCenter SmartDataCenter is an on-premise, container run-time environment used by some of the world’s most recognizable companies.
…and open source too!Fork me, pull me: https://github.com/joyent/sdc
Node.js enterprise support
Best Practices
PerformanceAnalysis
Core FileAnalysis
Debugging Support
Critical IncidentSupport
⚠
As the corporate steward of Node.js and one of the largest-scale production users, Joyent is uniquely equipped to deliver the highest level of enterprise support for this dynamic runtime.
The best place to run Docker
Portability From laptop to any public or private cloud
Great for DevOps Tools for management, deployment & scale
Productivity Faster code, test and deploy
Docker + Joyent
Docker Joyent
Images• Application centric • Sharable, re-usable, versioned • Growing tool ecosystem
• Machine centric • Limited tool ecosystem
Infrastructure
• Laptop-centric • Known, complicated security • Networking challenges • Hampered by base OS limitations
• Data center-centric • Proven security • Fantastic networking • Optimized for containers at scale
Docker + Joyent
Docker Joyent
Images 👍 👎
Infrastructure 👎 👍
Docker + Joyent
Docker Joyent
Images 👍 👎
Infrastructure 👎 👍
Docker on a laptop is easy• Single host simplifies container communication
• Networking focused on localhost access
• Development focus often ignores security risks
• Management costs are hidden in development time
• Performance expectations limited by development context, traded for convenience
Docker security is hard
–Travis CI’s Sven Fuchs
–Docker's Jérôme Petazzoni
Proprietary & Confidential Information © 2015 Joyent, Inc ‹#›.
:5432
:7711
:80
:443
:81
:80 :3306:80
:11311
:81
:85
Docker networking is hardNetwork implementation is host-centric, requiring port mapping, and port collision avoidance, making it difficult to connect containers on different hosts
10.0.9.25 10.0.9.2 10.0.9.77
Proprietary & Confidential Information © 2015 Joyent, Inc ‹#›.
Docker host proliferation sucksTraditional Docker cloud deployments require managing multiple containers and hosts (hardware or VMs)
Whatcan wedo?
Proprietary & Confidential Information © 2015 Joyent, Inc ‹#›.
The future is nowFor me, the next step in containerization is treating the datacenter, with all its containers, like one giant computer or server. Many applications today are really just distributed systems: Applications aren’t necessarily confined to just one container. We might have an application that consists of ten containers running together. We could have 1,000 applications running across 10,000 containers. Or we might have a single big data job that involves multiple, interdependent applications.
– Andreessen Horowitz’s Peter Levine
“
”a16z.com/2015/01/22/containers/
We werethinking the exact
same thing
We werethinking the exact
same thinglast year
breath for a moment
Container anatomy
Applicationpackage
Runtimeenvironment
Container anatomy
Applicationpackage
Executiondriver
Container anatomy
Applicationpackage
LXC }Dock
er
Container anatomy
Applicationpackage
libcontainer }Dock
er
Container anatomy
Applicationpackage
appc }Rock
et
Container anatomy
Applicationpackage
runC }O
pen
Cont
ainer
Fou
ndat
ion
Container anatomy
Applicationpackage
SmartOSZone
}Dock
er o
n Tri
ton
Whoadid he just saySmartOS?
Yes
Yesbut…
Linux + SmartOS
Linux SmartOS
Binary footprint
• Huge community of apps • Many apps are Linux-first or only • Problems are easy to Google
• Most of the same apps • Some apps have quirks • Problems are not easy to Google
Container optimization
• Known vulnerabilities • Poor filesystem • Limited networking support • Not built for containers
• Nearly ten years in production without incident
• Container-optimized filesystem: ZFS • Really sweet networking: Crossbow • Built for containers
Linux + SmartOS
Linux SmartOS
Binary footprint 👍 👎
Container optimization 👎 👍
Linux + SmartOS
Linux SmartOS
Binary footprint 👍 👎
Container optimization 👎 👍
LX branded zones
• The internet • Native Linux binaries • Linux syscall translation • SmartOS Kernel
it feelslike LinuxSmartOS
and runs like
container-nativepromised land
This is the
native?Container-
containerUnit of compute
containersProvision
VMs…not
bare metalContainers run on
VMs…not in
containersPay for
VMs…not
Our simple app
Nginx
PostgreSQL
Node
audiofprint
Deploy that app
Nginx
PostgreSQL
Node
audiofprint
Nginx
PostgreSQL
Node
audiofprint
VM: 2 vCPU / 7.5GB RAM
VM-native Container-Native
Now scale it
PostgreSQLPostgreSQL
Nginx Node
audiofprint
Nginx Node
audiofprint
VM: 2 vCPU / 7.5GB RAMVM: 2 vCPU / 7.5GB RAM
VM: 2 vCPU / 7.5GB RAMVM: 2 vCPU / 7.5GB RAM
VM-native Container-Native
Nginx
PostgreSQL
Node audiofprint
Nginx
PostgreSQL
Node audiofprint
What’s that bill?
VM-native 4 VMs
8 containers
$0.560/hour $403.20/month
Container-native 0 VMs
8 containers
$0.315/hour $226.66/month
The best place to run containers. Making Ops simple and scalable.
SecurityManagement Networking IntrospectionPerformance Utilization
Introducing
Demotime
Proprietary & Confidential Information © 2015 Joyent, Inc ‹#›.
Docker + Triton advantagesProduction grade security • Uncomplicated, proven secure environment for Docker
containers
High-speed, sophisticated networking • Wire-speed, user-defined VxLAN SDN overlay • Unique IP for each Docker container eliminates port
mapping and collisions • Virtualized on the server, no additional hardware required
Simplified management and debugging • Focus on containers, rather than infrastructure, with
single, elastic Docker host
Bare metal performance at cloud scale • OS-virtualized performance in secure containers • High density container packing enables unmatched
utilization • Elastic resource usage allows bursting workloads and
vertical scaling without reboots
SecurityManagement Networking IntrospectionPerformance Utilization
+
Container spectrum
Application containers
Bare metal alternatives to hardware VMs
Container spectrum
Docker
Infrastructure containers
Multi-process Docker containers
Thank you!
Remember Joyent for…• Proven container security
Run containers securely on bare metal in multi-tenant environments
• Bare metal container performance Eliminate the hardware hypervisor tax
• Simplified container networking Each container has its own IP(s) in a user-defined network (SDN)
• Simplified host management Eliminates Docker host proliferation
• Hybrid: your data center or ours Private cloud, public cloud, hybrid cloud, and open source
