This document provides an overview of containers and microservices, including what they are, how they work, advantages over virtual machines, security considerations, and relevant use cases. Containers use operating system virtualization to share resources and isolate applications instead of full hardware virtualization. They have benefits like lighter weight and faster deployment compared to virtual machines. The document discusses Docker and microservices architecture and references Cisco projects like Contiv that provide container networking and infrastructure orchestration.
3. What
Container technology uses operating system (OS) virtualization
to share the OS resources among application instances
In contrast to VMs that use hardware virtualization to share
hardware resources among virtual machine instances.
”Official definition: Linux Containers a.k.a ‘Containers’ is an operating system-level or kernel virtualization method
for running multiple isolated Linux systems (containers) on a single control host (LXC host).”
4. How
Hypervisor
VM-1
Guest
OS
Bins/
Libs
Host OS
Server ( Hardware )
App-1
Container Engine*
Bins/
Libs
Host OS
Server ( Hardware )
App-1
Bins/
Libs
App-2
Bins/Libs
App-
3
App-
4
VM : Full Stack ; heavy on
resources
Virtualizes Hardware
Virtualizes Operating System
Container :’ Partial Stack’
;light on resources
Container Container Container
VM-2
Guest
OS
Bins/
Libs
App-1
VM-n
Guest
OS
Bins/
Libs
App-1
Docker
5. Compare / Contrast
Virtual Machines Containers
Resource Usage Heavy Light
Deployment Minutes Seconds
Portability Hard Easy
Scale 10’s to 100’s 100’s to 1,000’s
Security More isolation Less isolation
Note : 1. Should not be viewed as either/or at this time
2. Kernel exploits week point but being overcome
6. Security ( Availability ) & Mitigation
Hypervisor
VM-1
Guest
OS
Bins/
Libs
Host OS
Server ( Hardware )
App-1
Container Engine*
Bins/
Libs
Host OS
Server ( Hardware )
App-1
Bins/
Libs
App-2
Bins/Libs
App-
3
App-
4
Container Container Container
VM-2
Guest
OS
Bins/
Libs
App-1
VM-n
Guest
OS
Bins/
Libs
App-1
Can only exploit
individual VM guest
OS / app . Each VM
separate stack .
Minimal impact on
Hypervisor or Server
Exploiting Kernel can take down all
containers as well as server
Vendors like Redhat are improving security using SE Linux and
other mechanisms to prevent that.
7. Who: A Word about Docker
300
Million times
downloaded
71,000
Dockerized
Applications
+900
Developers
Supported by all major Linux vendors (Redhat, Ubuntu, Suse
etc) as well as Microsoft, VmWare.
8. Why
It’s about getting the right application code built
faster and cheaper that satisfy your customers
requirements.
9. Why : Understanding Connections
Specific types: e.g. webscale
Monolithic vs. distributed
Lifecycle Management : Agile / DevOps
Delivery Models: CI/CD
Deployment Architecture : Microservices
Underlying Infrastructure: Hypervisor to OS Shift
Minutes Seconds Almost Free*
10. A word about Microservices
Cart App
Cart
Fashion Catalog
Catalog
Streaming Movies
Movies
Payment gateway
Shipping calculator
Paypal integration
Store Front
Inventory
Behavior tracking
Similar Item
recommendation
Quality
Bandwidth detection
Geo optimization
Load balancing
11. Microservices and Containers
CartApp
APP
Payment Gateway Service
Service
Shipping Calculator
Service
Paypal Integration Service
Service
Service
DB Container
Credit card auth
Container
Zip code locater
container
Delivery time
container
12. Where : Within Data Center
Payment Gateway Service
Service
Host 1
Shipping Calculator
Service
Service
Host 2
Shipping Calculator
Service
Service
Host n
Payment Gateway Service
Service
Host 3
This means that system functions that might
have historically been resident inside on the
same machine, now have to work across
network connections.
Robust network and underlying compute and
storage infrastructure is a key ingredient in a
microservices architecture leveraging
containers.
Tenant
B
Tenant
A
Compute, Hypervisor and OS
B CA
Network and Services Storage
13. Where : Cisco relevant use cases
Source: Cisco & Redhat container whitepaper
14. Cisco Relevant Projects
Container Development Lifecycle :
Cisco Project Shipped : http://ciscocloud.github.io/shipped/
Manage development by integrating Github, Docker and Vagrant.
Microservices Infrastructure Stack:
Mantl : http://mantl.io
Manage Microservices infrastructure orchestration and workflows.
Container Networking and Storage + Policy :
Cisco Project Contiv: http://www.contiv.io/
15. Cisco Relevant Projects
Containers with Openstack:
Openstack Project Magnum:
https://wiki.openstack.org/wiki/Magnum
Container services for Openstack.
Openstack Project Kolla: https://github.com/openstack/kolla
Deploying OpenStack using Docker.
CVD for network infrastructures that host container-based apps: TBD
16. Other Resources: ( Based on Q&A Session)
Containers Standardization: Standardizing container image format
https://www.opencontainers.org/
https://github.com/opencontainers/specs
Docker/Container HA :
Docker Swarm : https://docs.docker.com/swarm/multi-manager-setup/
CoreOS Fleet: https://coreos.com/fleet/docs/latest/
Intel Container Support:
Clear Linux/ Container Project : https://clearlinux.org/
https://clearlinux.org/features/clear-containers
Editor's Notes
We’re going to talk about What containers represent , what the technology is all about , doing a compare/ contrast with traditional virtualization technologies , how it is achieved , what are the use cases . What are the areas which are relevant for Cisco technologies and finally what Cisco is doing in this space .
So what containers are all about
LXC does not provide a virtual machine, but rather provides a virtual environment that has its own CPU, memory, block I/O, network etc. space.
Lets’ take a detailed look at how its accomplished . If you’re familiar with traditional virtualization , here’s how it works .
Containers are ‘partial stack’ ..in contrast to VM’s stack of course
Heavy Resources –
While Docker application packaging tools revolutionized container technology, and provided the easy button for developers to build, ship, and run containers on single hosts, running multiple containers across multiple hosts remained a challenge . In Dec2014 they announced their multiple host multi container orchestration features so now they support orchestration across multiple platforms hosts and multiple clouds.
Looking at some key metrics such as performance , scale and security here’s how both stack up
Resource usage = each VM is a complete stack as you saw earlier with its own operating system, applications,
How fast are deployment speeds , here’s an example : Nuage Networks recently demonstrated that it could turn up 40 servers in eight minutes running 20,000 VMs in Docker containers.
Heavy Resources –
While Docker application packaging tools revolutionized container technology, and provided the easy button for developers to build, ship, and run containers on single hosts, running multiple containers across multiple hosts remained a challenge . In Dec2014 they announced their multiple host multi container orchestration features so now they support orchestration across multiple platforms hosts and multiple clouds.
Resource usage = each VM is a complete stack as you saw earlier with its own operating system, applications,
How fast are deployment speeds , here’s an example : Nuage Networks recently demonstrated that it could turn up 40 servers in eight minutes running 20,000 VMs in Docker containers.
It does not matter what is under the hood .. Openstack , Vmware, HyperV , Docker , Mesos , CoreOS . What matters is that how fast you can setup development environments, write code , do testing , push out to production, pull back , fix or tweak code , push out again .. Rinse and repeat.
Right means right type of application : Not all applications are suited for containerization isn't for every application -- some have too many dependencies or too many complexities to be neatly packaged up -- especially legacy apps. Specific types of apps like WordPress, MySQL, Redis, and Nginx are better suited for containerization , at least as of now . This may and will change.
And Applications means entire ecosystem of how an app’s lifecycle is managed leveraging devops , how its delivered leveraging CI/CD or deployed leveraging microservices architecture.
Faster: Faster time to design, develop and deploy code . Consider how an application is developed in today’s virtualized environment . A developer would spin up a vm , install os , install right dependencies and then go about coding the application . Contrast this to scenario where a developer can just pull in a container/docker image that already has OS function + libraries and just initiates the container within seconds to start coding . Think Minutes vs Seconds.
Cheaper than proprietary virtualization mechanisms like vmware , even the docker enterprise verion is way cheaper than one host license for vmware.
Microservices is not something new .Its’ SOA re-incarnated .. If you use Amazon , Netflix , Hulu or even Walmart.com you’re already using microservices . Usage of containers with microservices is what’s new and interesting. Each of the orange colored items is an app which in turn consists of further smaller apps or services . E.g. the Storefront consists of Cart , Fashion catalog and movies apps .. Each of these apps uses even more smaller apps
. E.g. cart app uses a ‘shipping calculator’ service , and a paypal integration service .. Each of these services can be considered as a micro service .. These microservices can be deployed in a container. . This is the newer way of developing code .. If we do a back to the future of dot com era , Amazon would be a single monolithic web site with static content , fast forwrad today its all about distributed architecture with independent microservices that when combined together with all create the persona of a single website or web app .
This means that system functions that might have historically been resident inside of the same address space, or run on the same machine, now have to work across network connections with typically two to three orders of magnitude of lower speeds and increased latencies. The degree to which this is important depends on the function and the exact implementation, but it also depends on the ability to use caching layers and other optimizations in the API management layers and other system components. Strong networkarchitecture expertise is a key ingredient in a microservices organization.
Network application containers Run third-party applications in containers on the network operating system. Add new capabilities to the base network operating system.
Microservices Design applications as suites of services, each written in the best language for the task. Scale just the microservices that need more resources, not the entire application. Allow different teams to manage different microservices