I’ll look at a different “tidbit” of technology that I
consider unique or eye-catching, and of particular
interest to the IEEE Cloud Computing readers.
Containers and
Today’s tidbit focuses on container technology
and how it’s emerging as an important part of the
cloud computing infrastructure.
Cloud: From
Cloud Computing’s Multiple OS Capability
Many formal definitions of cloud computing exist.
The National Institute of Standards and Technol-
ogy’s internationally accepted definition calls for
LXC to Docker
“resource pooling,” where the “provider’s computing
resources are pooled to serve multiple consumers
using a multitenant model, with different physical
and virtual resources dynamically assigned and
to Kubernetes
reassigned according to consumer demand.”1 It also
calls for “rapid elasticity,” where “capabilities can be
elastically provisioned and released, in some cases
automatically, to scale rapidly outward and inward Cloud Systems with Hypervisors and
commensurate with demand.” Containers
Most agree that the definition implies some kind Most commercial cloud computing systems—both ser-
of technology that provides an isolation and mult- vices and cloud operating system software products—
itenancy layer, and where computing resources are use hypervisors. Enterprise VMware installations,
split up and dynamically shared using an operating which can rightly be called early private clouds, use
technique that implements the specified multiten- the ESXi Hypervisor (
ant model. Two technologies are commonly used xi-and-esx/overview). Some public clouds (Terremark,
here: the hypervisor and the container. You might Savvis, and Bluelock, for example) use ESXi as well.
be familiar with how a hypervisor provides for vir- Both Rackspace and Amazon Web Services (AWS) use
tual machines (VMs). You might be less familiar the XEN Hypervisor (
with containers, the most common of which rely on teams/hypervisor.html), which gained tremendous
Linux kernel containment features, more commonly popularity because of its early open source inclusion
known as LXC ( Both with Linux. Because Linux has now shifted to sup-
technologies support isolation and multitenancy. port KVM (, another open source
Not all agree that a hypervisor or container is re-
quired to call a given system a cloud; several special-
ized service providers offer what is generally called
a bare metal cloud, where they apply the referenced
elasticity and automation to the rapid provisioning
and assignment of physical servers, eliminating the
overhead of a hypervisor or container altogether.
Although interesting for the most demanding appli-
cations, the somewhat oxymoron term “bare metal
cloud” is something perhaps Tidbits will look at in BERNSTEIN
more detail in a later column.
Thus, we’re left with the working definition that Cloud Strategy Partners,
cloud computing, at its core, has hypervisors or con-
tainers as a fundamental technology.

2325- 6095/14/$31 .0 0 © 2014 IEEE SEP T EMBER 2014 I EEE CLO U D CO M P U T I N G 81

of Unix version 7 in 1979. Debian Linux. Ubuntu Linux. with librar- alternative. 82 I EEE CLO U D CO M P U T I N G W W W. Google. The abstrac- tion must be at the VM level to provide this capabil- Host OS Host OS ity of running different OS versions. Of course. applications share an operating doesn’t mean restarting or rebooting the OS. replacing these earlier variations. Therefore. cation stack ready for launch. Windows 2008. Windows 2012). Because on the same cloud require different operating systems or different OS containers use the host OS. and Docker Containers Nebula). Cloudscaling. system. memory. in container-based systems. it’s practical to have one container pack- and Orange). Microsoft uses its Hyper-V hy. As the figure shows. HP-UX con. providing a systematic way to automate the faster soft Private Cloud (www. and Joyent are all examples of extremely successful and so on. Windows Hypervisor Container engine 2000. sion of chroot was implemented in FreeBSD and called A Docker image can include just the OS fundamen- is an open source project pervisor underneath both Microsoft Azure and Micro. not VMs. containers. Basically. Comcast. the technol- ogy found its way into the standard distribution in the form of LXC. so these deployments can be significantly smaller in size. pletely isolate an application’s view of the underly- Some trace inspiration for containers back to the ing operating environment. network. A B C the hypervisor-based deployment is ideal when ap- Libs Libs Libs plications on the same cloud require different op- erating systems or OS versions (for example. restarting a container versions. the capability was improved and released tals. which was introduced as part network. Commands can be executed tainers and IBM AIX workload partitions. applications share an OS (and. including process trees. OpenStack project and is used in most OpenStack dis- tributions (such as RedHat. not all well-known public clouds use kernel-and application-level API that together run hypervisors. manually or automatically using Dockerfiles. each action taken (that is. and file systems. In 1998. or it can consist of a sophisticated prebuilt appli- with Solaris 10 as zones. Docker containers are created using base images. Unix chroot command. With containers. When building images pability based on zones was completed and called con. ies occasionally required to complete the deployment of Linux applications inside portable -cloud/solutions/virtualization. For example. Those familiar with Linux implementations know that there’s a great degree of binary applica- tion portability among Linux variants. KVM has found its way into more recent. Docker also uses namespaces to com- public cloud platforms using containers.aspx). making it possible Figure 1. an extended ver. KVM is also a favorite hypervisor of the age that will run on almost all Linux-based clouds. other proprietary Unix vendors ecuted. with Docker. command ex- tainers. IBM/Softlayer. top of the previous one.docker. such as apt-get install) forms a new layer on offered similar capabilities—for example. Docker extends LXC with a However. I/O.O RG /CLO U D CO M P U T I N G . a full-blown ca.CO M P U T ER . Comparison of (a) hypervisor and (b) container-based to store hundreds of containers on a physical host deployments. APP APP APP Figure 1 compares application deployment using OS OS OS A B C a hypervisor and a container. Piston. By Solaris 11. CLOUD TIDBITS APP APP APP A B C As Linux emerged as the dominant open plat- Libs Libs Libs form. Server Server where appropriate. binaries and libraries). and as a re- (a) (b) sult these deployments will be significantly smaller in size than hypervisor deployments. In 2004. RHEL Linux. By that time. Docker (www. processes in isolation: CPU. user IDs. ly constructed clouds (such as AT&T. A hypervisor-based deployment is ideal when applications (versus a strictly limited number of VMs).

Rightscale create a portable software such as Virtu. geted precisely for the container engine containers would eventually catch up to you can run any OS that runs on the and Linux OS on the cloud. when compared to hypervisor-based tifacts and simplify the deployment pro. Developers often build on this ing on the OS’s capabilities. present an operating system interface to ployment. one Docker per VM. Readers will tainer on a VM. both that it uses container technology for de. which will use a container if stack can be placed on a VM and run just OS. the PaaS will run a con- Abstractions on Top of VMs and a-service (PaaS) runtimes. and like the VMs from a security standpoint. as PaaS Containers remember that last issue I discussed gains in popularity. more portable constructs. Basically.4 one of Dock- the developer. and mentioned However. Application PaaS PaaS Virtual Virtual Virtual Virtual appliance appliance PaaS PaaS PaaS appliance appliance Container Container Container Container Container Container VM VM VM VM VM VM VM OS OS OS OS OS OS OS OS OS OS OS Figure 2. using containers for secu- er low-level construct. Possible layering combinations for application runtimes. ployment by introducing a VM to obtain machine or a bare OS. Each Dockerfile is a script composed Appliance. tioned earlier. apples-to-apples comparison. ment/portability strategy. Both VMs and containers provide a rath. on top of a VM or a container (native Amazon AWS using a hypervisor. vendors can claim improved performance They’re used to organize deployment ar. but on an appli. manufacturers who wanted to provide data” NewSQL system claimed that in an Containers can run on VMs the performance of a pure-container de- don’t feel like they’re running on a bare How does one choose? As men. the same engineer said that the only ning. network load balancer. If high security is level of abstraction to provide more ap. especially desired by application available for its runtime. WAN optimizer. tions with the least infrastructure will arguments listed successively to auto. and OS For even more isolation from the using PaaS. The container gives you a virtual appliance can also run on top of a presentation given in January 2014. face for applications with higher-level. Cloud Foundry PaaS. approach is a favorite vehicle used by any other technology. running on cloud has the right native container run. If a a vehicle for distributing software ver. As with cation runtime of some kind.2 and Bitnami (https://bitnami Those who want to deploy applica- of various commands (instructions) and . vironments that shield the application choose the simple container-to-OS ap- matically perform actions on a base from the bare OS by providing an inter. the deploy.virtualbox. If not. er’s engineers expressed optimism that a complete implementation of the OS. or the OS. But in bare metal. you need to know Virtual appliances. It’s for precisely this reason In an August 2013 blog. so do containers. Virtual appli. it might be worth sacrificing plication runtime constructs. This is why container-based cloud image to create (or form) a new image. a VM. A recent benchmark of a “fast cess from start to finish. the virtual appliance more tried and true isolation. You access OS constructs as if you As Figure 2 shows. Software developers tend to prefer entire application. and make appropriate decisions. application runtimes can formance as well as to manage application be reconfigured into total platform-as. depend. clustering. programmers. it’s they do so—the distribution can be tar. there are many way to have real isolation with Docker were running an application directly on possible layering combinations. provide application runtime en.5 “view” or a “slice” of an OS already run. If the cloud only supports hyper. sions of an appliance—for example. proach. SEP T EMBER 2014 I EEE CLO U D CO M P U T I N G 83 . so users PaaS is used. network equipment manufacturers to the deployment’s security requirements. alBox (www. a IBM Softlayer using containers resulted time (such as some of the clouds men. is to either run one Docker per host. rity isolation might not be a good idea. to maximize per- like any other application to the OS stack. Virtual appliances can run over the same benchmark running on the VM. and whether a needed.3 visor-based VMs. ances gained popularity with equipment clouds. there’s no problem—the LXC-based or running on top of a VM). in a fivefold performance improvement tioned) a container can run directly on or firewall. container. In the case of the VM. Consequently.

O RG /CLO U D CO M P U T I N G .com. and it also simplifies pany) and Kubernetes (still controlled bernetes and VMware. SAL CLOUD APPLICATION AND tionally. -vms-kubernetes-and-vmware. . J. tributed systems. CONTAINERS. w w w.6 According to Google. www. 25 Aug. an open • Microsoft (for Microsoft Azure).” honors BS degrees in both mathemat- Shortly after Google’s announcements. This decoupling speculation is that once a more neutral linux-containers-l xc-docker-a nd simplifies application development since governance/collaboration structure is put -security. • IBM (for Softlayer and OpenStack). http://googlecloudplatform Google goes on to describe network. • Red Hat (its OpenStack distribution).com/blog/enterprise-cloud-strategies/ cloudstrategypartners. MesoSphere. one place where this has broken DEPLOYMENT TECHNOLOGY. Platform provides a homogenous set of Although HP. nications. common packaging and deployment ap. DOCKER. . Tradi. -claims-ibm-5-faster. B. tercloud Testbed Project. Docker. and in space are “Docker friendly. www. Kubernetes supporters include: IBM Is Five Times  Faster.” Standards and Technology. 2014. benkepes/2014/08/06/voltdb-puts the June 2014 Google Developer Forum. The NIST Def. it! founder of the IEEE Cloud Computing we’ve taken an alternative approach: that Initiative. 84 I EEE CLO U D CO M P U T I N G W W W. netes is the decoupling of application and 21 Aug. from implementing distributed systems. and Security. Google Cloud -how-secure-are-they. http://blog. www. 3 Sept. Answering this need. In Kubernetes. “Containers & Dock- tainers. to Kubernetes. one of containers’ In addition to a host of start-ups (such 3. Contact him at david@ several players endorsed Kubernetes— . How. unique IP address that’s 1.rightscale ics and physics. users only ask for abstract resources like together around Docker (a start-up tems on which they run.” blog. you don’t just need any network. -the-boot-into-amazon-web-services Google announced Kubernetes. where containers are that. “Containers: Buzzword du containers is sufficient for some use centric deployment improvements in proach—and here we have practically ev. AWS. California Regents Scholar with highest Kubernetes Scale Cloud Appliance for vSphere. source cluster manager for Docker con. C. self-contained unit of computation. 2011. whether they’re co-located on the mendations of the National Institute of interests include cloud computing. dis- same physical machine or not. data center operations. my friends.slideshare. Petazzoni. turn. His research ter. er: How Secure Are They?” blog. at • Google (for Google Cloud Engine.docker containers from the details of the sys. NIST Spe. Claims aged specifically for application clus. I’m not 7. tering. Mell and T. Petazzoni. • VMware. AND -party-vmware-microsoft-cisco-and Containers provide end users with an KUBERNETES SEEM TO HAVE -red-hat-all-get-in-on-app-hoopla abstraction that makes each container a SPARKED THE HOPE OF A UNIVER. organizations will agree on a 2014. Canonical. tor and chief architect of the IEEE In- reachable from any other Pod in the clus. 5.forbes.7 /article/ and to do this you need a network. . as CoreOS. “Linux Containers raw resources . aware of any cloud project with this level Jour. Kubernetes: “While running individual eryone already thinking about it. And down is networking. qualified it to be this DAVID BERNSTEIN is the managing exposed on the network via the shared issue’s Cloud Tidbit. co- host machine’s address. Bernstein was a University of Industry Movement around 2.CO M P U T ER . into Amazon Web Services. Butler. . 4. and converged commu- cial Publication 800-145. 10 Dec.networkworld. Ku- cores and memory. “VoltDB Puts the Boot nicest features is that they can be man. 2014.html. Mcluckie.” 31 Jan. 2601925/cloud-computing/container ever. P. As mentioned earlier. 2013. I hope you enjoyed director of Cloud Strategy Partners.” by Google).net/jpetazzo/ to use those environment. and origina- deserves its own. Kubernetes schedules containers explicitly endorsed Kubernetes. founding chair of the IEEE each group of containers (called a Pod) References P2302 Working Group. or Game-Changing Technol- es.html. blog. Thakrar. J. CLOUD TIDBITS Open Source Cluster Manager for and therefore Docker and containers— introducing-rightscale-cloud-appliance Docker Containers as a core cloud deployment technology. . “Introducing Right. and Salt. Kepes. GCE). the real power of containers comes of alignment on anything! ogy?” NetworkWorld. and Rack. Industry 2014. U.” they haven’t (LXC). inition of Cloud Computing: Recom. Stack). VMs.blogspot. especially when used in a PaaS 6 Aug. 2013.” Forbes. “Containers. “Kuber. B. Grance. 6.