?

Carina C. Zona!ZeroVM

What is

Lightweight execution!

for the cloud

open source sponsored by

Rackspace

Safely execute arbitrary code from untrusted users in

multi-tenant environments

open source sponsored by

Rackspace

VMsFat

• Shared resources -> exposure vector!

• Slow spin-up!

• Resource hog, so horizontal scaling is expensive!

• Excessive resources

ContainersLeaner.

However...!

• Shares even more resources than VMs -> increasing contamination risk!

• Excessive resources

ZeroVM

75 KB SIZE!5 MS OVERHEAD

Optimized for multi-tenancy

ZeroVM : Egg Crates!::!

Container : Shipping Crates

Horizontal Scaling

Illustration by Pierre-Yves Ritschard http://spootnik.org/presentations/scalability-softshake-2013

ZeroVM Containers

Inherent Complicated

Massively scalableFew containers

per host

Secure isolation based on proven technology

NaCL!

Processes can't jump, communicate,

or coordinate

No sys calls!!

Connect to host or nodes only via declared I/O channels

Oh noesssss!

Do massively scalable compute operations inside the datastore.

Deterministic

• run operations in parallel!

• easy to debug!

"The definition of insanity is doing something over and over again, and expecting different results"

Hah!!!

Repeatability is the feature.!It doesn't drive you crazy.

not

what • run isolated processes, securely!• execution environment

• run isolated apps, conveniently !• infrastructure manager

isolation • NaCL • Linux namespacing (similar to LXC)

main uses • compute intensive operations!• run arbitrary code within datastore!• sandboxing

• devops!• deployment!• testing

strengths • executables run the same every time!• 5 ms spinup!• fine-grained (ms) metering!• embeddable!• multi-tenant!• massive horizontal scaling!• easy to debug!• no kernel access!• true isolation

• server templates run the same every time!• portability!• mature!• large community!• lots of templates & plugins available

weaknesses • X86 64 only!• bleeding edge!• no plugins (yet)!• executables must be cross-compiled &

single-threaded

• shares kernel & other resources!• exposes even more than VMs

zerovm.org!docs.zerovm.org!github/zeromv

Image Credits• "Ketchup" designed by Tom Glass, Jr.

from the thenounproject.com!

• "Infinite Box" photo by rumo_der_wolperdinger, on Flickr!

• "Pink Balloon" photo by Alan, on Flickr!

• "Carroll House Shipping Container Home" photo by Inhabit Blog, on Flickr!

• "10,000 Shipping Containers Lost At Sea Each Year" photo by Paul Townsend, on Flickr!

• "A-salt-ed!" by JD Hancock, on Flickr!

• "Eggs" photo by Pietro Izzo, on Flickr!

• Chromium logo by Logonoid!

• "The dark side in a whole new light: Evil Star Wars Stormtrooper photographed in tender scenes with young son" by Kristina Alexanderson, in the Daily Mail!

• "debug version 2" photo by Franz & P, on Flickr

Resource Credits

• "Zerovm background" by Prosunjit Biswas http://www.slideshare.net/prosunjit/zerovm-background!

• "Docker & Containerization: "Milliseconds Matter" by Ben Golub http://cloudcomputing.sys-con.com/node/3073584

• ZeroVM documentation http://zerovm.org & http://docs.zerovm.org/!

• "Cluster-wide Java/Scala application deployments with Docker, Chef and Amazon OpsWorks" by Adam Warski http://www.warski.org/blog/2014/06/cluster-wide-javascala-application-deployments-with-docker-chef-and-amazon-opsworks/