2. ABOUT ME
▪ Mohammed Danish Amber
▪ Project Manager (Cognizant)
▪ Security Researcher | IOT Hacker | OSS Contributor
▪ EX NULL HYDERBAD CORE Member/Moderator
▪ www.mohammeddanishamber.com
▪ me@mohammeddanishamber.com
3. WHAT IS CONTAINER
▪ A container is a standard unit of software that packages up
code and all its dependencies, so the application runs
quickly and reliably from one computing environment to
another.
▪ A Docker container image is a lightweight, standalone,
executable package of software that includes everything
needed to run an application: code, runtime, system tools,
system libraries and settings.
▪ Container images become containers at runtime and in the
case of Docker containers – images become containers
when they run on Docker Engine.
▪ Available for both Linux and Windows-based applications,
containerized software will always run the same, regardless
of the infrastructure.
▪ Containers isolate software from its environment and ensure
that it works uniformly despite differences for instance
between development and staging.
4. CONTAINER & VIRTUAL MACHINE
Containers are an abstraction at the app layer that packages code and dependencies
together. Multiple containers can run on the same machine and share the OS kernel with
other containers, each running as isolated processes in user space. Containers take up less
space than VMs (container images are typically tens of MBs in size), can handle more
applications and require fewer VMs and Operating systems.
Virtual machines (VMs) are an abstraction of physical hardware turning one server into
many servers. The hypervisor allows multiple VMs to run on a single machine. Each VM
includes a full copy of an operating system, the application, necessary binaries and
libraries – taking up tens of GBs. VMs can also be slow to boot.
6. UNDERSTANDING
IMMUTABLE DESKTOP
▪ Not changing,or unable to be changed
▪ Formally defined,an immutable Linux OS (also
known as Immutable Infrastructure or Immutable
Deployment) is an operating system designed to
be unchangeable and read-only.
▪ This means that once the operating system has
been installed,the system files and directories
cannot be modified.Any changes made to the
system are temporary and lost when the system
is rebooted.
▪ Immutable systems are particularly useful in
environments where security is a top priority,
such as cloud computing,embedded systems,
kiosks,and container execution
7. ADVANTAGES
▪ SECURITY
▪ It’s not possible to tamper with the runtime OS. Changes, if
accepted, are discarded on the next reboot.
▪ This means that if a hacker or a malicious actor gains access to
the system, they cannot make permanent changes that could
compromise the system’s security.
▪ MAINTENANCE
▪ Immutable systems is easier because they do not require
regular updates or patches at the atomic package level.
▪ Instead, the entire OS is updated, like how updates are
handled on Android phones.
▪ RELIABLE
▪ The system is read-only, it is more reliable and less prone to
failure.
▪ A declarative configuration model is usually tied to it,
simplifying the configuration of the OS when orchestrated with
other tools such as Ansible, Terraform, or similar.
8. IMMUTABLE OS
Solution Based on Update Model Target Environment
CoreOS Gentoo Transactional Updates Cloud
Talos Nothing Container image update Cloud, Containers, General purpose
K3OS Alpine A/B Cloud, Containers
Project Atomic CentOS Layered Packages Containers
Ubuntu Core Ubuntu Transactional Updates IoT, Embedded Systems
RancherOS Linux Docker for System Processes Containers
Flatcar Container Linux CoreOS Transactional Updates Cloud
Red Hat Atomic Host Red Hat Transactional Updates Cloud, optimized for running containers
SLE Micro SUSE Transactional Updates Containers, Cloud, Edge, General purpose
MicroOS openSUSE Transactional Updates Desktop, Containers, Cloud, Edge, General purpose
Fedora Silverblue Fedora Transactional Updates Desktop, Containers
Photon OS Linux Immutable File System Cloud
Kairos Any Linux distribution Immutable File System Cloud, Edge, General purpose
9. IMMUTABLE DESKTOP CONTAINER
▪ KASM WORKSPACES
▪ The Container Streaming Platform
▪ Streaming containerized apps and desktops to end-users.The Workspaces platform
provides enterprise-class orchestration, data loss prevention, and web streaming
technology to enable the delivery of containerized workloads to your browser.
▪ kasmweb.com
▪ Webtop
▪ Alpine, Ubuntu, Fedora, and Arch based containers containing full desktop environments
in officially supported flavors accessible via any modern web browser.
▪ linuxserver.io/
▪ hub.docker.com/r/linuxserver/webtop