Inside Triton, July 2015

Secure, elastic, 
bare metal infrastructure
Tweet questions to @misterbisson

Secure, elastic, 
How
runs its

Secure, elastic, 
And you can too!
How
runs its

Powering modern applications
Your favorite code
Container-native infrastructure
Your favorite platforms

Our data center or yours
Joyent Public Cloud
Joyent Container Service. We run our
customer’s mission critical applications on
container native infrastructure.
Private DataCenter
SmartDataCenter is an on-premise, container
run-time environment used by some of the
world’s most recognizable companies.

Our data center or yours
Joyent Public Cloud
Joyent Container Service. We run our
customer’s mission critical applications on
container native infrastructure.
Private DataCenter
…and open source too!
Fork me, pull me: https://github.com/joyent/sdc

Node.js enterprise support
Best
Practices
Performance 
Analysis
Core File 
Analysis
Debugging  
Support
Critical  
Incident 
Support
⚠
As the corporate steward of Node.js and
one of the largest-scale production users,
Joyent is uniquely equipped to deliver the
highest level of enterprise support for this
dynamic runtime.

The best place to run Docker
Portability 
From laptop to any
public or private cloud
Great for DevOps  
Tools for management,
deployment & scale
Productivity 
Faster code, test  
and deploy

Elastic Container Infrastructure
SecurityManagement Networking IntrospectionPerformance Utilization

Private DataCenter

anybody
up for
already?
a demo

Container spectrum
Application containers
Bare metal alternatives
to hardware VMs

Container spectrum
Docker
Infrastructure containers
Multi-process  
Docker containers

Linux container security is hard
–Travis CI’s Sven Fuchs
–Docker's Jérôme Petazzoni

Linux + SmartOS
Linux SmartOS
Binary
footprint
• Huge community of apps
• Many apps are Linux-first or only
• Problems are easy to Google
• Most of the same apps
• Some apps have quirks
• Problems are not easy to Google
Container
optimization
• Known vulnerabilities
• Poor filesystem
• Limited networking support
• Not built for containers
• Nearly ten years in production
without incident
• Container-optimized filesystem: ZFS
• Really sweet networking: Crossbow
• Built for containers

Linux + SmartOS
Linux SmartOS
Binary
footprint 👍 👎
Container
optimization 👎 👍

Container-native Linux 
running in LX-branded zones
• The internet
• Native Linux binaries
• Linux syscall translation
• SmartOS Kernel

it feels
like Linux
SmartOS
and runs like

Container-native infrastructure
1. Unit of compute = container
Instead of hardware virtualized machines (HVMs).
2. Containers run on bare metal
No HVM in the middle. No performance tax. Containers run at bare metal speeds.
3. Containers are fully isolated and secure
Tested and trusted security isolation between containers.
4. Containers are ﬁrst class citizens on the network
No dependance upon a HVM host’s network. Containers have their own IP stack.
5. Simpliﬁed orchestration of containers
Eliminate proliferation and management of hosts.
6. Container CPU and memory resources are actively managed
Infrastructure containers assure fair share of resources.
7. Pay only for containers used (per minute)
No charges for container hosts or clusters in the public cloud. Higher utilization in your datacenter.

SmartDataCenter 7 
foundation infrastructure
KVM in container
Linux, Windows, FreeBSD, etc
CloudAPI 
Instance management
SmartOS on bare metal
SmartOS container hypervisor 
Fast and secure container runtime
SmartDataCenter infrastructure 
Hyper-converrged data center automation
for compute, network, and storage
Application composition and orchestration 
Chef, Puppet, Ansible, others

Triton 
Elastic Container Infrastructure
KVM in a container
Hardware virtual machines 
Windows, FreeBSD, others
CloudAPI 
Instance management
SmartOS container hypervisor 
Fast and secure container runtime
Persistent, full machine capability
Ubuntu, CentOS, Debian, SmartOS
Docker containers
Any Linux or SmartOS image
Docker API 
Docker API 
and imaging tools
Triton VXLAN 
User-deﬁned (SDN) networks
Triton infrastructure 
Hyper-converrged data center automation for compute, network, and storage
Tritondevopsportal 
RBACvisibilityandcontroloverallallcustomerassetsandusers, 
introspectionanddebuggingofcontainerapplications
Application composition and orchestration 
Docker toolchain, Chef, Puppet, Ansible, others

X is to Y as…
VMware Joyent
Virtualization type Hardware OS
Hypervisor ESXi SmartOS
Whole package vSphere Triton
Containers run… Inside hardware VMs On bare metal

X is to Y as…
OpenStack Joyent
Virtualization type Varies OS
Hypervisor Varies SmartOS
Whole package Varies Triton
Containers run… Varies On bare metal

X is to Y as…
OpenStack Purpose Triton public API/service Triton private API/service
Nova VM provisioning CloudAPI machines, sdc-docker vmapi+papi+cnapi
Magnum Container service CloudAPI machines, sdc-docker vmapi+papi+cnapi
Neutron Network
CloudAPI networks,  
NICs, ﬁrewall, VXLAN
napi+fwapi
Glance Image repo CloudAPI image, Docker imgapi
Keystone Identity RBAC, CloudAPI roles & users ufds+sapi
Cinder Block storage ZFS-managed local storage ZFS-managed local storage
Heat composition Docker Compose, sdc-heat, others workﬂow

SmartDataCenter 0
Human-driven spreadsheets and Perl scripts

SmartDataCenter 0
Human-driven spreadsheets and Perl scripts
• Message broker
• Scheduler
• State
• Distributed, 
single purpose services 
(Perl scripts)

SmartDataCenter 6.5
• Two monolithic Ruby pieces:
• Machine API
• Customer API
• Some edge pieces in Node.js

SmartDataCenter 7
Booter
AMQP
broker
Public
API
Customer
portal
ZFS-based multi-tenant ﬁlesystem
VirtualNIC
VirtualNIC
Virtual
SmartOS
(OS virt.)
...
VirtualNIC
VirtualNIC
Linux
Guest
(HW virt.)
...
VirtualNIC
VirtualNIC
Windows
Guest
(HW virt.)
...
VirtualNIC
VirtualNIC
Virtual OS
or Machine
...
SmartOS kernel
(network booted)
SmartOS kernel
(ﬂash booted)
Provisioner
Instrumenter
Heartbeater
DHCP/TFTP
AMQP
AMQP agents
Public HTTP
Head-node
Compute node
Tens/hundreds per
head-node
. . .
SDC 7 core services
BinderDNS
Operator
portal
. . .
Firewall

SmartDataCenter 7 core services
Analytics
aggregator
Key/Value
Service
(Moray)
Firewall
API
(FWAPI)
Virtual
Machine
API
(VMAPI)
Directory
Service
(UFDS)
Designation
API
(DAPI)
Workﬂow
API
Network
API
(NAPI)
Compute-
Node API
(CNAPI)
Image
API
Alerts &
Monitoring
(Amon)
Packaging
API
(PAPI)
Service
API
(SAPI)
DHCP/
TFTP
AMQP
DNS
Booter
AMQP
broker
Binder
Public
API
Customer
portal
Public HTTP
Operator
portal
Operator
Services Manta
Other DCs
Note: Service
interdependencies not
shown for readability
Head-node
Other core services
may be provisioned on
compute nodes
SDC7 Core Services

Remember Joyent for…
• Proven container security
Run containers securely on bare metal in multi-tenant environments
• Bare metal container performance
Eliminate the hardware hypervisor tax
• Simplified container networking
Each container has its own IP(s) in a user-defined network (SDN)
• Simplified host management
Eliminates Docker host proliferation
• Hybrid: your data center or ours
Private cloud, public cloud, hybrid cloud, and open source

Inside Triton, July 2015

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Inside Triton, July 2015

Similar to Inside Triton, July 2015 (20)

More from Casey Bisson

More from Casey Bisson (6)

Recently uploaded

Recently uploaded (20)

Inside Triton, July 2015