DynamicInfraDays, profile picture
Uploaded byDynamicInfraDays
1,098 views

ContainerDays Boston 2015: "A Brief History of Containers" (Jeff Victor & Kir Kolyshkin)

The document discusses the history and evolution of virtualization, including key concepts, types of virtualization such as containers and zones, and their advantages and disadvantages. It outlines the development timeline from the early days of virtualization in the 1960s to the advancements in container management by 2015. It also details the Oracle Solaris zones, emphasizing their resource control, security features, and networking capabilities.

Embed presentation

• Jeff Victor • Principal Author, “Oracle Solaris 10 System Virtualization Essentials” • Kir Kolyshkin • OpenVZ Containers Lead History of Containers Copyright 2015 Oracle Corp.
• Origin of Virtualization • Timelines • Concepts • OSV vs. VMs • Shallow Dives Agenda Copyright 2015 Oracle Corp.
The Mists of Antiquity 1960 19751965 1970 MIT CTSS CP-40 CP-67 VM/370 Batch
The Three (4? 5?) “Laws” of Virtualization • Initial • Equivalence • Resource Control • Efficiency • Later • Security • Administrative Observability Copyright 2015 Oracle Corp.
The Dark Ages 1975 19991980 chroot Unix V7* 4BSD 1990 “jail” Sun Dynamic Domains *And thereafter: Sun3 w/s Xenix/8086 Unix/32V (Vax) JVM Copyright 2015 Oracle Corp.
The System Virtualization Spectrum More Flexibility OS CPU RAM I/O Partition OS CPU RAM I/O Partition OS CPU RAM I/O Partition Partitions Interconnect OS Virtual Machine OS Virtual Machine OS Virtual Machine Virtual Machines Hypervisor Hardware Zone Operating System Zone Zone OS Virtualization Hardware More Isolation Copyright 2015 Oracle Corp.
Container / Zone A collection of software processes unified by one namespace, with access to an operating system kernel that it shares with other containers, and little to no access between containers. Copyright 2015 Oracle Corp.
Container Advantages • Leverage mature OS • Lightweight • Fewer resources: shared kernel, optional shared text pages • Faster to provision, boot, shutdown • “Zero” overhead: faster, better scalability, more predictable consolidation • Better resource sharing • Faster context switch • Direct path to I/O • More sophisticated “Control Program”: one control point • Better Observability • More flexible access to hardware Copyright 2015 Oracle Corp.
Container Disadvantages • Homogeneity • Most require all containers to run at the same kernel patch level • Heterogenous guest OS is uncommon • Must sacrifice performance to run heterogeneous guests • Less isolation • More sophisticated Control Program: more code to fail • Slightly greater chance for downtime for multiple workloads • Can be mitigated… Copyright 2015 Oracle Corp.
The Virtual Renaissance 1999 20152005 2010 VMware W/S HP nPars FreeBSD jails VMware ESX Virtuozzo Power LPARs Linux VServers Solaris Zones OpenVZ HP vPars Integrity VM HP-UX SRP Sun LDoms HP Dynamic nPars AIX WPars LXC HP-UX System Containers, HP 9000 Containers Solaris Kernel Zones VirtualBox Xen HyperV VMs OSV KVM Solaris “Containers” All dates are approximate, v1.0/stable.Copyright 2015 Oracle Corp.
The Virtual Renaissance (non-Unix) 1999 20152005 2010 VMware W/S VMware ESX Virtuozzo Linux VServers OpenVZ LXC VirtualBox Xen HyperV VMs OSV KVM All dates are approximate, v1.0/stable.Copyright 2015 Oracle Corp.
The Virtual Renaissance (Unix) 1999 20152005 2010 HP nPars FreeBSD jails Power LPARs Solaris Zones HP vPars Integrity VM HP-UX SRPv2 Sun LDoms HP Dynamic nPars AIX WPars HP-UX System Containers, HP 9000 Containers Solaris Kernel Zones VirtualBox VMs OSV Solaris “Containers” All dates are approximate, v1.0/stable.Copyright 2015 Oracle Corp.
The “Three” “Laws” of V12N: Oracle Solaris Zones • Initial • Equivalence: very difficult to tell you're in a Zone • Resource Control: controls for CPU, RAM, VM, BW • Efficiency: no software layer… no perf overhead • Later • Security: fine-grained, configurable privileges • Administrative Observability • Global Zone can “see” into all native zones, but they can't see back into GZ, or into each other. Copyright 2015 Oracle Corp.
Solaris Zones • Privileges • Namespace • File system • Networking • Resource Controls (aka “Solaris Containers” 2007-2011) Copyright 2015 Oracle Corp.
Solaris Zones • Privileges • Fine-grained abilities (e.g. SYS_TIME, SYS_SMB) • Define the security boundary • Cannot be changed while the zone runs • Configurable • Tighten or loosen security boundary from defaults • Tight for web-facing, loose for well-protected, specialty • Trusted Extensions • DoD-grade features: compartmentalization, etc. Copyright 2015 Oracle Corp.
Solaris Zones • Namespace • Naming service, users/groups • Network services • Configuration choices Copyright 2015 Oracle Corp.
Solaris Zones • File system • Entirely separate storage pool, or just a file system • GZ can add other mounts (ZFS, UFS, VxFS, lofs, ...) • Zone can mount or share NFS shares • Zone can use LUNs configured into it • Mandatory Access Control (“Immutable Zones”) • Can choose from 4 levels of hardening • Most secure: can't modify any Solaris files • Great for web-facing environments Copyright 2015 Oracle Corp.
Solaris Zones • Networking • By default, Zones use Solaris vNICs • Individual routing, firewall config • Solaris network v12n also includes vSwitches, vRouters • Elastic Virtual Switch - spans computers • Plumbing via VLAN or VXLAN (routable) • Can build: • an arbitrary network structure in one Solaris instance • ...with multiple subnets, per-zone routing, firewall rules, NAT • ...and bandwidth controls and load-balancing • Great for prototyping networks • IP, MAC address spoof prevention, ... Copyright 2015 Oracle Corp.
Solaris Zones • Resource Controls • CPU • Pools: assign a zone to specific cores, strands • CPU Cap: accounting cap on CPU time • FSS: Fair Share Scheduler • RAM Cap, VM cap: accounting cap: RAM, Virtual Memory • Max-Processes cap • Shared-memory cap, ... • Network bandwidth controls Copyright 2015 Oracle Corp.
Solaris Zones • Non-native Zones • Solaris 11 Kernel Zones • Separate kernel and patch level, more like a VM • Solaris 10 Zone in Solaris 11 system • System-call translation layer • Takes advantage of underlying Solaris 11 features • Network virtualization, transparent encryption, … Copyright 2015 Oracle Corp.
The Future: Container Management 2010 2015 Docker OpenStack ? 2005 Ops Center SolarWinds VirtualCenter Joyent Triton Copyright 2015 Oracle Corp.
The End

More Related Content

PPTX
Nested Virtualization Update from Intel
byThe Linux Foundation
 
PPTX
HVX: Virtualizing the Cloud
byAlex Fishman
 
PPTX
VIO on Cisco UCS and Network
byYousef Morcos
 
PDF
VMware Nova Compute Driver
bySean Chen
 
PPTX
Deploying Efficient OpenStack Clouds, Yaron Haviv
byCloud Native Day Tel Aviv
 
PDF
Gerenciando Nuvens privadas com o Xen Cloud Platform - XCP 1.5
byLorscheider Santiago
 
PDF
Windsor: Domain 0 Disaggregation for XenServer and XCP
byThe Linux Foundation
 
PDF
You Call that Micro, Mr. Docker? How OSv and Unikernels Help Micro-services S...
byrhatr
 
Nested Virtualization Update from Intel
byThe Linux Foundation
 
HVX: Virtualizing the Cloud
byAlex Fishman
 
VIO on Cisco UCS and Network
byYousef Morcos
 
VMware Nova Compute Driver
bySean Chen
 
Deploying Efficient OpenStack Clouds, Yaron Haviv
byCloud Native Day Tel Aviv
 
Gerenciando Nuvens privadas com o Xen Cloud Platform - XCP 1.5
byLorscheider Santiago
 
Windsor: Domain 0 Disaggregation for XenServer and XCP
byThe Linux Foundation
 
You Call that Micro, Mr. Docker? How OSv and Unikernels Help Micro-services S...
byrhatr
 

What's hot

PDF
Status of Embedded Linux
byLinuxCon ContainerCon CloudOpen China
 
PDF
XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...
byThe Linux Foundation
 
PDF
OpenNebulaConf 2016 - OpenNebula, a story about flexibility and technological...
byOpenNebula Project
 
PPTX
Multi-HV OpenStack - It's 2015 already, are we there yet?
byDmitriy Novakovskiy
 
PPTX
20150531 virtualizatino station 2.0 partner's day
byqnapivan
 
PPTX
Getting Started with XenServer and OpenStack.pptx
byOpenStack Foundation
 
PDF
Introduction to OpenNetwork and SDN
byHungWei Chiu
 
PDF
VMware vSphere in an OpenStack Environment
byScott Lowe
 
PPTX
Bringing ESX Deployments into native OpenStack OVSvApp
byRomil Gupta
 
PDF
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)
byThe Linux Foundation
 
PDF
Aplura virtualization slides
byThe Linux Foundation
 
PDF
Unikernelized Linux
byLinuxCon ContainerCon CloudOpen China
 
PDF
OpenStack on AArch64
byLinuxCon ContainerCon CloudOpen China
 
PPTX
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
byThe Linux Foundation
 
PPTX
Openstack Xen and XCP
byThe Linux Foundation
 
PDF
64-bit ARM Unikernels on uKVM
byLinuxCon ContainerCon CloudOpen China
 
PDF
oVirt Introduction
byRoozbeh Shafiee
 
PDF
IITCC15: The Bare-Metal Hypervisor as a Platform for Innovation
byThe Linux Foundation
 
PDF
IITCC15: Xen Project 4.6 Update
byThe Linux Foundation
 
PDF
CIF16: Knock, Knock: Unikernels Calling! (Richard Mortier, Cambridge University)
byThe Linux Foundation
 
Status of Embedded Linux
byLinuxCon ContainerCon CloudOpen China
 
XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...
byThe Linux Foundation
 
OpenNebulaConf 2016 - OpenNebula, a story about flexibility and technological...
byOpenNebula Project
 
Multi-HV OpenStack - It's 2015 already, are we there yet?
byDmitriy Novakovskiy
 
20150531 virtualizatino station 2.0 partner's day
byqnapivan
 
Getting Started with XenServer and OpenStack.pptx
byOpenStack Foundation
 
Introduction to OpenNetwork and SDN
byHungWei Chiu
 
VMware vSphere in an OpenStack Environment
byScott Lowe
 
Bringing ESX Deployments into native OpenStack OVSvApp
byRomil Gupta
 
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)
byThe Linux Foundation
 
Aplura virtualization slides
byThe Linux Foundation
 
Unikernelized Linux
byLinuxCon ContainerCon CloudOpen China
 
OpenStack on AArch64
byLinuxCon ContainerCon CloudOpen China
 
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
byThe Linux Foundation
 
Openstack Xen and XCP
byThe Linux Foundation
 
64-bit ARM Unikernels on uKVM
byLinuxCon ContainerCon CloudOpen China
 
oVirt Introduction
byRoozbeh Shafiee
 
IITCC15: The Bare-Metal Hypervisor as a Platform for Innovation
byThe Linux Foundation
 
IITCC15: Xen Project 4.6 Update
byThe Linux Foundation
 
CIF16: Knock, Knock: Unikernels Calling! (Richard Mortier, Cambridge University)
byThe Linux Foundation
 

Viewers also liked

PDF
ContainerDays NYC 2015: "Container Orchestration Compared: Kubernetes and Doc...
byDynamicInfraDays
 
PDF
Illinois State University
byJoe Trsar
 
PDF
Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...
byDebra Robertson
 
PDF
What You Always Wanted to Know About Container Orchestration and Never Dared ...
byAll Things Open
 
PDF
Container Security via Monitoring and Orchestration - Container Security Summit
byDavid Timothy Strauss
 
PDF
Kubernetes - #gdglimasummit
byAngel Nuñez
 
PDF
Clarity About Container Orchestration for a Developing Market
byThe New Stack
 
PDF
Container orchestration
byspringworksab
 
PPTX
Intro to Docker Swarm
byEverett Toews
 
PDF
AtlasCamp 2015: The age of orchestration: From Docker basics to cluster manag...
byAtlassian
 
PPT
Docker and CloudStack
bySebastien Goasguen
 
PDF
Kubernetes Introduction
byPeng Xiao
 
PDF
新しいOpenShiftのしくみを調べてみた
byKazuto Kusama
 
PDF
Container (Docker) Orchestration Tools
byDhilipsiva DS
 
PPTX
Container Orchestration
bydfilppi
 
PPTX
Docker Networking
byKingston Smiler
 
PDF
Octo talk : docker multi-host networking
byHervé Leclerc
 
PPTX
Using machine learning to determine drivers of bounce and conversion
byTammy Everts
 
PDF
Docker-OVS
bysnrism
 
PDF
Oracle Solaris Overview
byOTN Systems Hub
 
ContainerDays NYC 2015: "Container Orchestration Compared: Kubernetes and Doc...
byDynamicInfraDays
 
Illinois State University
byJoe Trsar
 
Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...
byDebra Robertson
 
What You Always Wanted to Know About Container Orchestration and Never Dared ...
byAll Things Open
 
Container Security via Monitoring and Orchestration - Container Security Summit
byDavid Timothy Strauss
 
Kubernetes - #gdglimasummit
byAngel Nuñez
 
Clarity About Container Orchestration for a Developing Market
byThe New Stack
 
Container orchestration
byspringworksab
 
Intro to Docker Swarm
byEverett Toews
 
AtlasCamp 2015: The age of orchestration: From Docker basics to cluster manag...
byAtlassian
 
Docker and CloudStack
bySebastien Goasguen
 
Kubernetes Introduction
byPeng Xiao
 
新しいOpenShiftのしくみを調べてみた
byKazuto Kusama
 
Container (Docker) Orchestration Tools
byDhilipsiva DS
 
Container Orchestration
bydfilppi
 
Docker Networking
byKingston Smiler
 
Octo talk : docker multi-host networking
byHervé Leclerc
 
Using machine learning to determine drivers of bounce and conversion
byTammy Everts
 
Docker-OVS
bysnrism
 
Oracle Solaris Overview
byOTN Systems Hub
 

Similar to ContainerDays Boston 2015: "A Brief History of Containers" (Jeff Victor & Kir Kolyshkin)

PPT
Oracle Solaris 11 Built for Clouds
byOrgad Kimchi
 
PDF
OpenVZ Linux containers
byOpenVZ
 
PDF
OpenVZ Linux Containers
byKirill Kolyshkin
 
ODP
Sun xVM Virtualization Uni Parthenope
byEmanuela Giannetta
 
PPT
SUN Solaris Zones WebSphere Portal licensing
byChris Sparshott
 
ODP
OpenSolaris Introduction
bysatyajit_t
 
PDF
Solaris 11.2 What's New
byOrgad Kimchi
 
ODP
open source virtualization
byKris Buytaert
 
PDF
ASZ-3034 Build a WebSphere Linux Cloud on System z: From Roll-Your-Own to Pre...
byWASdev Community
 
ODP
Not so brief history of Linux Containers
byKirill Kolyshkin
 
ODP
Not so brief history of Linux Containers - Kir Kolyshkin
byOpenVZ
 
PPT
Focus Group Open Source 09.05.2011 Massimiliano Belardi
byRoberto Galoppini
 
ODP
OpenVZ, Virtuozzo and Docker
byKirill Kolyshkin
 
PPTX
Advanced resource management and scalability features for cloud environment u...
byGrigale LTD
 
PDF
Solaris Internals TM Solaris 10 and OpenSolaris Kernel Architecture 2nd Editi...
bytrykafawkia
 
PPTX
Linux Container Basics
byMichael Kehoe
 
PDF
Oracle Solaris 11 platform for ECI Telecom private cloud infrastructure
byOrgad Kimchi
 
PDF
2. Vagin. Linux containers. June 01, 2013
byru-fedora-moscow-2013
 
ODP
Openvz booth
byOpenVZ
 
PPT
Linux Virtualization
byOpenVZ
 
Oracle Solaris 11 Built for Clouds
byOrgad Kimchi
 
OpenVZ Linux containers
byOpenVZ
 
OpenVZ Linux Containers
byKirill Kolyshkin
 
Sun xVM Virtualization Uni Parthenope
byEmanuela Giannetta
 
SUN Solaris Zones WebSphere Portal licensing
byChris Sparshott
 
OpenSolaris Introduction
bysatyajit_t
 
Solaris 11.2 What's New
byOrgad Kimchi
 
open source virtualization
byKris Buytaert
 
ASZ-3034 Build a WebSphere Linux Cloud on System z: From Roll-Your-Own to Pre...
byWASdev Community
 
Not so brief history of Linux Containers
byKirill Kolyshkin
 
Not so brief history of Linux Containers - Kir Kolyshkin
byOpenVZ
 
Focus Group Open Source 09.05.2011 Massimiliano Belardi
byRoberto Galoppini
 
OpenVZ, Virtuozzo and Docker
byKirill Kolyshkin
 
Advanced resource management and scalability features for cloud environment u...
byGrigale LTD
 
Solaris Internals TM Solaris 10 and OpenSolaris Kernel Architecture 2nd Editi...
bytrykafawkia
 
Linux Container Basics
byMichael Kehoe
 
Oracle Solaris 11 platform for ECI Telecom private cloud infrastructure
byOrgad Kimchi
 
2. Vagin. Linux containers. June 01, 2013
byru-fedora-moscow-2013
 
Openvz booth
byOpenVZ
 
Linux Virtualization
byOpenVZ
 

More from DynamicInfraDays

PDF
ContainerDays NYC 2016: "From Hello World to Real World: Building a Productio...
byDynamicInfraDays
 
PDF
ContainerDays NYC 2016: "Securing Your Docker Image Registry for Production" ...
byDynamicInfraDays
 
PDF
ContainerDays NYC 2016: "OpenWhisk: A Serverless Computing Platform" (Rodric ...
byDynamicInfraDays
 
PDF
ContainerDays NYC 2016: "State of the Persistence Art: Present Best Practices...
byDynamicInfraDays
 
PDF
ContainerDays NYC 2016: "Observability and Manageability in a Container Envir...
byDynamicInfraDays
 
PDF
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...
byDynamicInfraDays
 
PDF
ContainerDays NYC 2016: "Containers in Azure: Understanding the Microsoft Con...
byDynamicInfraDays
 
PDF
ContainerDays NYC 2016: "Introduction to Application Automation with Habitat"...
byDynamicInfraDays
 
PDF
ContainerDays Boston 2016: "Docker For the Developer" (Borja Burgos)
byDynamicInfraDays
 
PDF
ContainerDays Boston 2016: "Hiding in Plain Sight: Managing Secrets in a Cont...
byDynamicInfraDays
 
PDF
ContainerDays Boston 2016: "Autopilot: Running Real-world Applications in Con...
byDynamicInfraDays
 
PDF
ContainerDays NYC 2015: "What It Really Takes to Build a Container Platform" ...
byDynamicInfraDays
 
PDF
ContainerDays NYC 2015: "How Yodle Cleaned Up the Mess Using Containers and M...
byDynamicInfraDays
 
PDF
ContainerDays NYC 2015: "Easing Your Way Into Docker: Lessons From a Journey ...
byDynamicInfraDays
 
PDF
ContainerDays Boston 2015: "CoreOS: Building the Layers of the Scalable Clust...
byDynamicInfraDays
 
PDF
ContainerDays Boston 2015: "Continuous Delivery with Containers" (Nick Gauthier)
byDynamicInfraDays
 
ContainerDays NYC 2016: "From Hello World to Real World: Building a Productio...
byDynamicInfraDays
 
ContainerDays NYC 2016: "Securing Your Docker Image Registry for Production" ...
byDynamicInfraDays
 
ContainerDays NYC 2016: "OpenWhisk: A Serverless Computing Platform" (Rodric ...
byDynamicInfraDays
 
ContainerDays NYC 2016: "State of the Persistence Art: Present Best Practices...
byDynamicInfraDays
 
ContainerDays NYC 2016: "Observability and Manageability in a Container Envir...
byDynamicInfraDays
 
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...
byDynamicInfraDays
 
ContainerDays NYC 2016: "Containers in Azure: Understanding the Microsoft Con...
byDynamicInfraDays
 
ContainerDays NYC 2016: "Introduction to Application Automation with Habitat"...
byDynamicInfraDays
 
ContainerDays Boston 2016: "Docker For the Developer" (Borja Burgos)
byDynamicInfraDays
 
ContainerDays Boston 2016: "Hiding in Plain Sight: Managing Secrets in a Cont...
byDynamicInfraDays
 
ContainerDays Boston 2016: "Autopilot: Running Real-world Applications in Con...
byDynamicInfraDays
 
ContainerDays NYC 2015: "What It Really Takes to Build a Container Platform" ...
byDynamicInfraDays
 
ContainerDays NYC 2015: "How Yodle Cleaned Up the Mess Using Containers and M...
byDynamicInfraDays
 
ContainerDays NYC 2015: "Easing Your Way Into Docker: Lessons From a Journey ...
byDynamicInfraDays
 
ContainerDays Boston 2015: "CoreOS: Building the Layers of the Scalable Clust...
byDynamicInfraDays
 
ContainerDays Boston 2015: "Continuous Delivery with Containers" (Nick Gauthier)
byDynamicInfraDays
 

Recently uploaded

PPTX
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
PDF
Traditional-Security-Models-No-Longer-Work.pptx (1).pdf
byOhhproJunction
 
PDF
Antminer S23Hyd-580_Manual-V1.1-oneminers.pdf
byFranzhLawrenceBataan1
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PPTX
TravelTech Paris 2025 | Beyond the pipes: Why Channel Management isn’t really...
byapidays
 
PDF
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
PDF
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
PDF
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
PDF
final.pdf
byomarbishtawi04
 
PPTX
Critique Prompting: The Secret to High-Quality AI Outputs
bySemantic SEO BD
 
PDF
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
PDF
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
PDF
Poročilo odbora CIS (CH08873) za leto 2025 na letni skupščini IEEE Slovenija ...
byUniversity of Maribor
 
PDF
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
PDF
TravelTech Paris 2025 | The EU Digital Identity Wallet and it’s impact on Tra...
byapidays
 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
PDF
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
PDF
How to Install XRDP on CentOS 10 .pdf
byGreen Webpage
 
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
Traditional-Security-Models-No-Longer-Work.pptx (1).pdf
byOhhproJunction
 
Antminer S23Hyd-580_Manual-V1.1-oneminers.pdf
byFranzhLawrenceBataan1
 
Workflow and decision Automation with Flowable
bychakib ch
 
TravelTech Paris 2025 | Beyond the pipes: Why Channel Management isn’t really...
byapidays
 
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
final.pdf
byomarbishtawi04
 
Critique Prompting: The Secret to High-Quality AI Outputs
bySemantic SEO BD
 
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
Poročilo odbora CIS (CH08873) za leto 2025 na letni skupščini IEEE Slovenija ...
byUniversity of Maribor
 
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
TravelTech Paris 2025 | The EU Digital Identity Wallet and it’s impact on Tra...
byapidays
 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
How to Install XRDP on CentOS 10 .pdf
byGreen Webpage
 

ContainerDays Boston 2015: "A Brief History of Containers" (Jeff Victor & Kir Kolyshkin)

  • 1.
    • Jeff Victor •Principal Author, “Oracle Solaris 10 System Virtualization Essentials” • Kir Kolyshkin • OpenVZ Containers Lead History of Containers Copyright 2015 Oracle Corp.
  • 2.
    • Origin ofVirtualization • Timelines • Concepts • OSV vs. VMs • Shallow Dives Agenda Copyright 2015 Oracle Corp.
  • 3.
    The Mists ofAntiquity 1960 19751965 1970 MIT CTSS CP-40 CP-67 VM/370 Batch
  • 4.
    The Three (4?5?) “Laws” of Virtualization • Initial • Equivalence • Resource Control • Efficiency • Later • Security • Administrative Observability Copyright 2015 Oracle Corp.
  • 5.
    The Dark Ages 197519991980 chroot Unix V7* 4BSD 1990 “jail” Sun Dynamic Domains *And thereafter: Sun3 w/s Xenix/8086 Unix/32V (Vax) JVM Copyright 2015 Oracle Corp.
  • 6.
    The System VirtualizationSpectrum More Flexibility OS CPU RAM I/O Partition OS CPU RAM I/O Partition OS CPU RAM I/O Partition Partitions Interconnect OS Virtual Machine OS Virtual Machine OS Virtual Machine Virtual Machines Hypervisor Hardware Zone Operating System Zone Zone OS Virtualization Hardware More Isolation Copyright 2015 Oracle Corp.
  • 7.
    Container / Zone Acollection of software processes unified by one namespace, with access to an operating system kernel that it shares with other containers, and little to no access between containers. Copyright 2015 Oracle Corp.
  • 8.
    Container Advantages • Leveragemature OS • Lightweight • Fewer resources: shared kernel, optional shared text pages • Faster to provision, boot, shutdown • “Zero” overhead: faster, better scalability, more predictable consolidation • Better resource sharing • Faster context switch • Direct path to I/O • More sophisticated “Control Program”: one control point • Better Observability • More flexible access to hardware Copyright 2015 Oracle Corp.
  • 9.
    Container Disadvantages • Homogeneity •Most require all containers to run at the same kernel patch level • Heterogenous guest OS is uncommon • Must sacrifice performance to run heterogeneous guests • Less isolation • More sophisticated Control Program: more code to fail • Slightly greater chance for downtime for multiple workloads • Can be mitigated… Copyright 2015 Oracle Corp.
  • 10.
    The Virtual Renaissance 199920152005 2010 VMware W/S HP nPars FreeBSD jails VMware ESX Virtuozzo Power LPARs Linux VServers Solaris Zones OpenVZ HP vPars Integrity VM HP-UX SRP Sun LDoms HP Dynamic nPars AIX WPars LXC HP-UX System Containers, HP 9000 Containers Solaris Kernel Zones VirtualBox Xen HyperV VMs OSV KVM Solaris “Containers” All dates are approximate, v1.0/stable.Copyright 2015 Oracle Corp.
  • 11.
    The Virtual Renaissance (non-Unix) 199920152005 2010 VMware W/S VMware ESX Virtuozzo Linux VServers OpenVZ LXC VirtualBox Xen HyperV VMs OSV KVM All dates are approximate, v1.0/stable.Copyright 2015 Oracle Corp.
  • 12.
    The Virtual Renaissance (Unix) 199920152005 2010 HP nPars FreeBSD jails Power LPARs Solaris Zones HP vPars Integrity VM HP-UX SRPv2 Sun LDoms HP Dynamic nPars AIX WPars HP-UX System Containers, HP 9000 Containers Solaris Kernel Zones VirtualBox VMs OSV Solaris “Containers” All dates are approximate, v1.0/stable.Copyright 2015 Oracle Corp.
  • 13.
    The “Three” “Laws”of V12N: Oracle Solaris Zones • Initial • Equivalence: very difficult to tell you're in a Zone • Resource Control: controls for CPU, RAM, VM, BW • Efficiency: no software layer… no perf overhead • Later • Security: fine-grained, configurable privileges • Administrative Observability • Global Zone can “see” into all native zones, but they can't see back into GZ, or into each other. Copyright 2015 Oracle Corp.
  • 14.
    Solaris Zones • Privileges •Namespace • File system • Networking • Resource Controls (aka “Solaris Containers” 2007-2011) Copyright 2015 Oracle Corp.
  • 15.
    Solaris Zones • Privileges •Fine-grained abilities (e.g. SYS_TIME, SYS_SMB) • Define the security boundary • Cannot be changed while the zone runs • Configurable • Tighten or loosen security boundary from defaults • Tight for web-facing, loose for well-protected, specialty • Trusted Extensions • DoD-grade features: compartmentalization, etc. Copyright 2015 Oracle Corp.
  • 16.
    Solaris Zones • Namespace •Naming service, users/groups • Network services • Configuration choices Copyright 2015 Oracle Corp.
  • 17.
    Solaris Zones • Filesystem • Entirely separate storage pool, or just a file system • GZ can add other mounts (ZFS, UFS, VxFS, lofs, ...) • Zone can mount or share NFS shares • Zone can use LUNs configured into it • Mandatory Access Control (“Immutable Zones”) • Can choose from 4 levels of hardening • Most secure: can't modify any Solaris files • Great for web-facing environments Copyright 2015 Oracle Corp.
  • 18.
    Solaris Zones • Networking •By default, Zones use Solaris vNICs • Individual routing, firewall config • Solaris network v12n also includes vSwitches, vRouters • Elastic Virtual Switch - spans computers • Plumbing via VLAN or VXLAN (routable) • Can build: • an arbitrary network structure in one Solaris instance • ...with multiple subnets, per-zone routing, firewall rules, NAT • ...and bandwidth controls and load-balancing • Great for prototyping networks • IP, MAC address spoof prevention, ... Copyright 2015 Oracle Corp.
  • 19.
    Solaris Zones • ResourceControls • CPU • Pools: assign a zone to specific cores, strands • CPU Cap: accounting cap on CPU time • FSS: Fair Share Scheduler • RAM Cap, VM cap: accounting cap: RAM, Virtual Memory • Max-Processes cap • Shared-memory cap, ... • Network bandwidth controls Copyright 2015 Oracle Corp.
  • 20.
    Solaris Zones • Non-nativeZones • Solaris 11 Kernel Zones • Separate kernel and patch level, more like a VM • Solaris 10 Zone in Solaris 11 system • System-call translation layer • Takes advantage of underlying Solaris 11 features • Network virtualization, transparent encryption, … Copyright 2015 Oracle Corp.
  • 21.
    The Future: ContainerManagement 2010 2015 Docker OpenStack ? 2005 Ops Center SolarWinds VirtualCenter Joyent Triton Copyright 2015 Oracle Corp.
  • 22.