Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Containers demystified webinar detailed

You have heard about containers? You want to know what’s hiding behind the hype? What are the benefits for embedded systems projects?

After looking at an example illustrating how containers can be used to solve the problem of application lifecycle and atomic update, we will discuss how containers work on Linux and how they can be secured. Finally, the audience will learn about how to take advantage of Yocto to generate containers on their own embedded devices.

You can watch the full Webinar on our blog page : https://witekio.com/blog/containers-embedded-systems-webinar

  • Be the first to comment

  • Be the first to like this

Containers demystified webinar detailed

  1. 1. 1 Before We Get Started YES! This session is being recorded Questions and comments • You can access the video anytime on Youtube • Enter into the Q&A window • We will answer at the end of the session
  2. 2. Containers Demystified Embedded Systems September 2017 Cedric Vincent cvincent@witekio.com Director of technology
  3. 3. 3 Containers Demystified Life cycle of your applications and security Phone System librairiesUI framework Host System Navigation Dashboard New version of your Dashboard using Altia?
  4. 4. 4 Containers Demystified Life cycle of your applications and security Phone System librairiesUI framework Host System Navigation Dashboard Dashboard Altia Containers come packaged up with everything they need.
  5. 5. 5 Containers Demystified Life cycle of your applications and security Phone System librairiesUI framework Host System Navigation Atomic update of your container! Dashboard Altia
  6. 6. 6 Containers Demystified Life cycle of your applications and security Phone System librairiesUI framework Host System Navigation Dashboard Altia The new container is not working properly? Just Rollback to the former version! Dashboard
  7. 7. 7 Containers Demystified What is a container? Container Isolation Source: Freedom Penguin File system container File system host system Libraries Application 1 Libraries Linux Kernel Hardware
  8. 8. 8 Containers Demystified Virtual Machine versus Container Container Isolation Libraries Application 1 Linux kernel Libraries Application 1 Hypervisor Libraries Linux Kernel Hardware • Performance: • Size: • Security: Container VM Container VM Container VM
  9. 9. 9 Containers Demystified Namespace Container 1 Network interface Process ID Cgroup Namespace1 Wrap a particular global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own isolated instance of the global resource. Source: https://lwn.net/Articles/531114/ Container 2 Container 3
  10. 10. 10 Containers Demystified Control Groups Container 1 < 20% Process scheduler Memory manager Network interface < 100MB < 10MB/s Fine-grained control over allocating, prioritizing, denying and managing system resources Control Groups
  11. 11. 11 Containers Demystified Control Groups Container 1 < 20% Process scheduler Memory manager Network interface < 100MB < 10MB/s Control Groups > 100MB Out Of Memory from Cgroups will kill your container. One container equal one application!
  12. 12. 12 Rootless Containers Demystified Security Source: pixabay.com/ Container 1 Host system CGroups MAC Seccomp Namespace • Cgroups limit resource access • Namespace virtualize access to resource • Seccomp limit access to system calls. • Mandatory Access Control policy • Rootless containers
  13. 13. 13 Containers Demystified Open Container Initiative Source: DockerCon 2016 + wikipedia ✓ RUNC (used by docker) ✓ RailCar (developed by Oracle) • More than 13 different implementations of container runtimes! • Open industry standards around container format and runtime • 2 independent implementations
  14. 14. 14 Containers Demystified Containers on Embedded System Container Runtime App1 App2 Shared Libraries 1 Shared Libraries 2 Container Runtime Shared Libraries 1 App2 Shared Libraries 2 Filesystem App1 Shared Libraries 1 Shared Libraries 2 Filesystem Filesystem
  15. 15. 15 Containers Demystified Containers on Embedded System Container Runtime Shared Libraries 1 App2 Shared Libraries 2 Filesystem App1 Shared Libraries 1 Shared Libraries 2 Filesystem Filesystem One file system including the minimum necessary to run your container runtime Your containers
  16. 16. 16 Containers Demystified How can we help? Source: pixabay.com/ • Generate your containers. • Secure your containers • Sign your containers • Transfer your containers • Roll back your containers
  17. 17. 17 Follow us on our blog www.witek.io
  18. 18. ©2017 Witekio & Subsidiaries. All Rights Reserved. This document and the information it contains is confidential and remains the property of our company. It may not be copied or communicated to a third party or used for any purpose other than that for which it is supplied without the prior written consent of our company. Thank you

×