This deck was used during Engage User Group to update people on recent Linux developments, as well as the changes coming with Kubernetes and Container based workloads. The target audience was Container newbies

1. Linux, 'Docker' and Kubernetes -
changing the perspective
Christian Holsing
Senior Product Manager – SLES for SAP Applications
Christian.Holsing@suse.com

2. 2
What I do these days
● Product managing SUSE distribution for SAP Applications
(SLES for SAP Applications), owning 75% of all Linux based
SAP installations
– New SAP tooling for clients
– CSP deployments and partners
– Deployment automation through SALT (and Ansible)
● Enablement of new technologies
– Intel Optane DCPMM
● Drive Container technology into SAP deployments
– SAP DataHub
● Worrying about mission critical systems and associated
requirements

3. Enterprise Linux
Yesterday – today – tomorrow

4. 4
In the beginnig ...

5. 5
In the beginning ...
… was „the Box“.
SUSE services
● production („compile“)
● Assemble
● Documentation
● Sales
● Training
● Support

6. 6
Enterprise Linux
● from 1999 – Industry partnerships
● 2000-10-31 first Enterprise Linux
SuSE Linux Enterprise Server for S/390
● 2001
SuSE Linux Enterprise Server for 32bit „PC“
● 2003
64bit „PC“ Architektur (x86-64)
● 2006
Xen Open Source Virtualization
● 2012
Linux Container Support
...
● 2016
support of 64bit ARM Architectur

7. 7
From Unix to Linux (Unix to Linux)
Questions
● Is Linux capable of handling typical UNIX “mission critical” workloads?
● Does Linux scale sufficiently?
● What is missing?
Timing
● In discussion since 2000
● Strong impulse since 2008 / 2009
Today
● Linux is dominating

8. 8
Zero Downtime
High
Availability
& Geo Clustering
RAS
Live
Patching
System
Rollback
Lifecycle: up to 13 years of support

9. 9
SUSE Linux
Enterprise
Server
Monolithic
Past
SUSE Linux
Enterprise
Server
Live
Patch
HA
GEO
Real
Time
Containers
Web/
Script
Public
Cloud
Modular
HA
SAP
Soln
Server
Unified
Installer
Unified
Installer
SUSE
MicroOS
(=SUSE Linux
Enterprise
Server)
SUSE CaaS
Platform
Modular+
Multimodal
Live
Patch
Server
Web/
Script
Unified
Installer
Multimodal OS: one operating system –
Different speeds

10. 10
How big is the largest Enterprise Linux System?
C.
RAM: 1 TiB
Cores:1024
B.
RAM: 64 GiB
Cores: 64
D.
RAM: 64 TiB
Cores: 4096
A.
RAM: 1 GiB
Cores: 4

11. 11
How big is the largest Enterprise Linux System?
C.
RAM: 1 TiB
Cores: 1024
B.
RAM: 64 GiB
Cores: 64
A.
RAM: 1 GiB
Cores: 4
D.
RAM: 64 TiB
Cores: 4096

12. 12
How small is the smallest Enterprise Linux
System?
C.
RAM: 1 TiB
Cores: 1024
B.
RAM: 64 GiB
Cores: 64
D.
RAM: 64 TiB
Cores: 4096
A.
RAM: 1 GiB
Cores: 4

13. 13
How small is the smallest Enterprise Linux
System?
C.
RAM: 1 TiB
Cores: 1024
B.
RAM: 64 GiB
Cores: 64
A.
RAM: 1 GiB
Cores: 4
D.
RAM: 64 TiB
Cores: 4096

14. openSUSE und SUSE

15. 15
openSUSE Leap
Tumbleweed
Shared Core
8000 Packages>
Community
Developed
Rolling Updates
Rolling Base
System
openSUSE
Leap
Over 6000
Packages
Community
Developed
SUSE® Linux
Enterprise
Enterprise
Packages
SUSE Developed
Stable Base
System
Regular Updates
Stable Base
System
Regular Updates
Shared Core

16. 16
Upstream first!?
● Code changes are first shared with the larger open source communities
● Advantages
– Peer-Review
– Seek for best possible outcome
– Faster improvements (collective intelligence)
– Longterm maintainability and stability of interfaces
● challenges
– Differentiation not (only) possible through code and features
→ competition through
– Services
– Reassembly of function

17. 17
YaST
Collaboration, Contribution, Community

18. 18

19. 19
How do Container apply to me?
● Running applications?
● Providing services?
● …?

20. 20
The two brains of IT
Mode 2Mode 1
Agile, DevOpsWaterfall, ITIL
New & Uncertain ProjectsConventional Projects
Short Cycle (days, weeks)
Long-cycle Times
(months)
AgilityReliability

21. 21
45% of organizations claim to have some
form of bimodal capability today.
Traditional IT
Mode 1
Agile IT
Mode 2
Two Worlds of IT Need a Bridge

22. 22
Challenges in Context of Containers
Developers
Frequent releases vs. staged
production schedule.
“It works on my machine.”
• Manage growing services
• Reliability and uptime of new
applications
• Time to market
• Efficiency
New features;
Faster please!
Operations

23. 23
What are containers, really?

24. 24
OS-level or application virtualization with Linux Containers (LXC) and
container engine. Support for Windows Subsystem for Linux (WSL).
Containers

25. 25
What are containers – two views
● Operations
● Components of Linux kernel and OS
● Image format, specific tools
● Isolation
● High density
● Smaller, lighter, faster
● Orchestration, management
● Applications
● Packaging
● Share easily
● Easily extensible
● Scale up/down
● Self-contained
● Micro-services

26. 26
Linux Containers
• System containers
– Full system in the container (no kernel)
– libvirt-lxc
• Application containers
– One process per container
– Docker, podman, ...
– Rich ecosystem

27. 27
Linux Containers
Server
Host OS
Bins/Libs
App
A
Guest OS
Bins/Libs
App
B
Guest OS
Kernel
Hypervisor (Type 2)
Bins/Libs
App
A'
Guest OS
Bins/Libs
App
B'
Application
container
Systemcontainer
Guest OS
Kernel

28. 28
Advantages of Linux Containers
Lightweight virtualization solution
● Isolated from the other processes
● 1 kernel to rule them all
● Normal I/O
● Dynamic changes possible without reboot
● Nested virtualization is not a problem
● No boot time or very short one
Isolate services (e.g. web server, ftp, …)
Much more (see furter)
...

29. 29
Linux Containers – Limitations
They cannot run a different OS/architecture
● Cannot run Windows containers on Linux
Risk of escaping from containers
● Solution: user namespaces
Shared kernel with the host
● Syscall exploits can be exploited from within the container
● Solution: seccomp2
Security measures
● Patch, don’t use root, kernel capabilities, confinement
● Use VMs

30. 30
Containers and orchestration
• Standalone container host
– SLES, container engine, registry (Portus)
• Orchestrated datacenter
– SUSE CaaS Platform (Micro OS, K8s)
– Containerized applications, micro services
• Bi-modal datacenter
– SUSE CaaS Platform + SUSE OpenStack Cloud
– Combination of traditional IT + agile (containers)

31. 31
Bimodal IT –
Challenges &
Opportunities

32. 32

33. 33
Containers are standardized
• OCI runtime specification:
• Defines container runtime (API, data structures, …)
• How to start/stop/... containers
• OCI provides a reference implementation: runC
• OCI image format specification:
• Defines how a container image is structured
• Result:
• Avoid vendor lock-in
• Avoid fragmentation
• Containers are truly portable
• Foster innovation

34. 34
Pre-built images
• Docker HUB
– Community, handle with care!
• SUSE Registry (registry.suse.com)
– Enterprise contents, secure, verified, signed
– SUSE Products (CaaS Platform, Cloud Application Platform, …)
– What used to be in SLES Containers module (e.g.: Portus)

35. 35
New world, old problems
• Pulling images from an external registry can be expensive (time, bandwidth)
• Pulling isn’t even possible in some scenarios (air-gapped environments)
• The same applies to helm charts
• RPM world had the same problems: solved with tools like SMT (more
recently RMT)