1. OS Virtualization:
The Twelve Minute Crash Course
Bryan Cantrill
CTO
bryan@joyent.com
@bcantrill
2. Virtualization as cloud catalyst
• In the 1960s — shortly after the dawn of computing! — pundits
foresaw a compute utility that would be public and multi-tenant
• The vision was four decades too early: it took the internet +
commodity computing + virtualization to yield cloud computing
• Virtualization is the essential ingredient for multi-tenant operation
— but where in the stack to virtualize?
• Choices around virtualization capture tensions between elasticity,
tenancy, and performance
• tl;dr: Virtualization choices drive economic tradeoffs
3. Hardware-level virtualization?
• The historical answer to virtualization — since the 1960s — has
been to virtualize the hardware:
• A virtual machine is presented upon which each tenant runs an
operating system that they choose (and must manage)
• There are as many operating systems on a machine as tenants!
• Can run entire legacy stacks unmodified...
• ...but operating systems are heavy and don’t play well with others
with respect to resources like DRAM, CPU, I/O devices, etc.
• Limits elasticity, tenancy and performance!
4. Platform-level virtualization?
• Virtualizing at the application platform layer addresses the
tenancy challenges of hardware virtualization, and presents a
much more nimble (& developer friendly!) abstraction...
• ...but at the cost of dictating abstraction to the developer
• This is the “Google App Engine” problem: developers are in a
straightjacket where toy programs are easy — but sophisticated
applications are impossible
• Virtualizing at the application platform layer poses many other
challenges with respect to security, containment, etc.
5. OS-level virtualization!
• Virtualizing at the operating system hits a sweet spot:
• A single operating system (i.e. a single kernel) allows for efficient use of
hardware resources, maximizing tenancy and performance
• Disjoint instances are securely compartmentalized by the operating system
• Gives tenants what appears to be a virtual machine (albeit a very fast one)
on which to run higher-level software: PaaS ease with IaaS generality
• Also: boots like a bandit!
• Model was pioneered by FreeBSD jails and taken to their logical
extreme by Solaris zones — and then aped by Linux containers
6. OS-level virtualization in the cloud
• Joyent runs OS containers in the cloud via SmartOS — and we
have run containers in multi-tenant production since ~2006
• SmartOS also support hardware-level virtualization, but we have
long advocated OS containers for new build-out
• We emphasized their operational characteristics — performance,
elasticity, tenancy — and for many years, we were a lone voice...
7. Containers as PaaS foundation?
• Some saw the power of OS containers to facilitate up-stack
platform-as-a-service abstractions
• For example, dotCloud — a platform-as-a-service provider — built
their PaaS on OS containers
• Struggling as a PaaS, dotCloud pivoted — and open sourced
their container-based orchestration layer...
8. Docker revolution
• Docker has used the rapid provisioning + shared underlying
filesystem of containers to allow developers to think operationally
• Developers can encode deployment procedures via an image
• Images can be reliably and reproducibly deployed as a container
• This is a huge win for developer productivity...
• Docker will do to apt what apt did to tar
9. Broader OS container revolution
• The Docker model has pointed to the future of containers
• Docker’s challenges today are largely operational: network
virtualization, persistence, security, etc.
• Security concerns are real enough that for multi-tenancy, OS
containers are running in hardware virtual machines (!!)
• The future will consist of Docker’s abstractions mated with
secure, high-performance OS-level virtualization
• The best of all worlds: the developer ease of Docker coupled with
the many operational advantages of OS containers!