ContainerizationThe Future Virtualization

bdNOG92 – 10 August, 2018Dhaka, Bangladesh

SANOG32

What is ?

What is Virtualization ?

What is ?

Virtualization is the process of creating a virtual version ofsomething, such as a server or computer system, using softwareinstead of hardware.

The evolution of virtualization greatly revolves around one pieceof very important software.

The hypervisor.

The hypervisor is a piece of software which allows physicalhardware like ram, cpu, hard disk, network card etc, to sharetheir resource amongst virtual machines running as guests on topof that physical hardware.

What is ?

Virtual Machine ?

What is ?

A Virtual Machine (VM) is an emulation of realcomputer that executes programs like a realcomputer with the help of “Hypervisor”

Type I and Type II hypervisor

Virtual machine can run on top of both hypervisor

What is ?

Type I hypervisor: Sometimes called a bare-metalhypervisor. This type of hypervisor installed directly ontop of the bare-metal physical server. Type I hypervisorhas direct access to the hardware.

Type II hypervisor: Also known as hosted hypervisor,which operates as an application on top of an existingoperating system. This type of hypervisor is installedas a software application on an existing operatingsystem.

What is ?

PhysicalHardware

Memory Processors

NetworkcardsDisks

Hypervisor

VM

OS

APP

VM

OS

APP

Type1hypervisor

PhysicalHardware

Memory Processors

NetworkcardsDisks

Hypervisor

VM

OS

APP

VM

OS

APP

HostOS

Type2hypervisor

What is ?

Containerization ?

What is ?

Containerization also called container-basedvirtualization is an OS-level virtualization method fordeploying and running distributed applications withoutlaunching an entire VM

Containers do not require a hypervisor and thereforeprovide better performance than applications running invirtual machines.

What is ?

They share the host system’s kernel with othercontainers.

That’s the reason you cannot run Linux on windows andwindows on Linux in containers like VMs do.

Image based which is lighter than full operating system.

Images has online repository and you can make your owncustomize image.

What is ?

Hardware

Operatingsystemkernel

Container1 Container2

Operatingsystem

Libraries

Application

Operatingsystem

Libraries

Application

What is ?

HardwareHypervisor

VM1 VM2

VirtualHW

Kernel

OperatingSystem

Libraries

Application

VirtualHW

Kernel

OperatingSystem

Libraries

Application

Hardware

Operatingsystemkernel

Container1 Container2

Operatingsystem

Libraries

Application

Operatingsystem

Libraries

Application

Virtualization Containeraization

What is ?

VM’s are like houseContainers are like

hotel rooms

Who are they ?

Who are they

VMWareVirtualBox

OpenVZ

LXD

Types

Types

VMWare

Hypervisor (Type I and II)

Container

VirtualBox

KVM

Microsoft Hyper-V

LXC

OpenVZ

Docker, LXD (use container technology)

Rocket

And many more..

Types: Container

LXC: The Linux Container

Docker: Is not a container, it’s an application which uses container technology.

LXD: A tool that utilizes LXC featuresAnd many more..

Types: Container

Types: Container

Docker: Is not a container, it’s an application which uses container technology.

Developed by dotCloud, Inc (todays Docker, Inc) to help their PaaS product

An easy tools for containers

Community Edition (ce) and Enterprise Edition (ee)

Types: Container

source: http://nordicapis.com/api-driven-devops-spotlight-on-docker/

Types: Container

Docker Client: End user of Docker

Docker Daemon: is what actually executes commands sent to the Docker Client

Docker Engine: is the layer on which Docker run

Types: Container

Docker File: Is the place (file) where instructions aregiven to build the Docker image.

EXAMPLE

FROM ubuntu:16.04

RUN apt update -yRUN apt upgrade –y

RUN apt install –y apache2

Types: Container

Docker images: Read-only templates that was builtfrom a set of instructions from Dockerfile

Registry: A registry is a storage and contentdelivery system, holding named Docker images,available in different tagged versions.

Docker Hub: Cloud-based registry service

Types: Container

LXD

Types: Container

A tool that utilizes LXC features

LXD

Developed by Canonical.

Types: Container

Hardware

UbuntuOperatingSystem

Container1 Container2

Operatingsystem

Libraries

Application

Operatingsystem

Libraries

Application

LXD

Types: Container

LXD: Storage

zfs, btrfs, dir

Types: Container

LXD: Networking

lxdbr0

Performance

Performance

Container shares the same kernel from its host machine. Hence itboots first, backup and restore is also fast, as a result, deployingapplications on the container is fast.

Virtual machine requires a full set of OS and act like a physicalmachine. it has its own kernel. For this reason, boot time is highon a virtual machine. Because of its isolated nature deploymenttime is relatively slow in the virtual machine.

Migration

Containers can run inside virtual machines, so both technologies can be used simultaneously

Do we really need migration ?

Financial facts

Financial facts

HardwareBoth technologies need hardware resources

so cost is involved in this area.

Financial facts

HypervisorIs a requirement for virtualization but

not for containerization.

Financial facts

Host and Guest OSDepends on licenses or open source

Financial facts

ApplicationDepends on paid or non paid.

Financial facts

Item Virtualization Containerization

Hardware Yes Yes

Hypervisor Yes No

Host OS Yes(Ifnot opensource)

No(Ifnot licensed)

GuestOS Yes(Ifnot opensource) No

Application Yes/No Yes/No

Security

Security: Container

Privileged containers: Any container where the container uid 0Is mapped to the host’s uid 0.

Unprivileged containers: The container uid 0 is mapped to anunprivileged user outside of the container

Security: Container

CGroups: Control resources to groups of process

Namespaces: Separate resources to make them visible only toprocess with the Namespace.

CPU, Memory, I/O, Bandwidth, network, device …..

Network, hostname, Mount, IPC, Process ID, User.

Security: Container

cgroups: limits how mauch you can use

namespaces: limits what you can see

Common Question ?Container or VMs ?

Container or VMs ?

Virtual machine: Multiple application on multiple server

Container: Same application multiple copy

Both can be run in the same infrastructure

Thanks

Questions ??