Tag Archives: LXC

Will Docker Replace Virtual Machines?

Docker is certainly the most influential open source project of the moment. Why is Docker so successful? Is it going to replace Virtual Machines? Will there be a big switch? If so, when?

Let’s look at the past to understand the present and predict the future. Before virtual machines, system administrators used to provision physical boxes to their users. The process was cumbersome, not completely automated, and it took hours if not days. When something went wrong, they had to run to the server room to replace the physical box.

With the advent of virtual machines, DevOps could install any hypervisor on all their boxes, then they could simply provision new virtual machines upon request from their users. Provisioning a VM took minutes instead of hours and could be automated. The underlying hardware made less of a difference and was mostly commoditized. If one needed more resources, it would just create a new VM. If a physical machine broke, the admin just migrated or resumed her VMs onto a different host.

Finer-grained deployment models became viable and convenient. Users were not forced to run all their applications on the same box anymore, to exploit the underlying hardware capabilities to the fullest. One could run a VM with the database, another with middleware and a third with the webserver without worrying about hardware utilization. The people buying the hardware and the people architecting the software stack could work independently in the same company, without interference. The new interface between the two teams had become the virtual machine. Solution architects could cheaply deploy each application on a different VM, reducing their maintenance costs significantly. Software engineers loved it. This might have been the biggest innovation introduced by hypervisors.

A few years passed and everybody in the business got accustomed to working with virtual machines. Startups don’t even buy server hardware anymore, they just shop on Amazon AWS. One virtual machine per application is the standard way to deploy software stacks.

Application deployment hasn’t changed much since the ’90s though. Up until then, it still involved installing a Linux distro, mostly built for physical hardware, installing the required deb or rpm packages, and finally installing and configuring the application that one actually wanted to run.

In 2013 Docker came out with a simple, yet effective tool to create, distribute and deploy applications wrapped in a nice format to run in independent Linux containers. It comes with a registry that is like an app store for these applications, which I’ll call “cloud apps” for clarity. Deploying the Nginx webserver had just become one “docker pull nginx” away. This is much quicker and simpler than installing the latest Ubuntu LTS. Docker cloud apps come preconfigured and without any unnecessary packages that are unavoidably installed by Linux distros. In fact the Nginx Docker cloud app is produced and distributed by the Nginx community directly, rather than Canonical or Red Hat.

Docker’s outstanding innovations are the introduction of a standard format for cloud applications, including the registry. Instead of using VMs to run cloud apps, Linux containers are used instead. Containers had been available for years, but they weren’t quite popular outside Google and few other circles. Although they offer very good performance, they have fewer features and weaker isolation compared to virtual machines. As a rising star, Docker made Linux containers suddenly popular, but containers were not the reason behind Docker’s success. It was incidental.

What is the problem with containers? Their live-migration support is still very green and they cannot run non-native workloads (Windows on Linux or Linux on Windows). Furthermore, the primary challenge with containers is security: the surface of attack is far larger compared to virtual machines. In fact, multi-tenant container deployments are strongly discouraged by Docker, CoreOS, and anybody else in the industry. With virtual machines you don’t have to worry about who is going to use it or how it will be used. On the other hand, only containers that belong to the same user should be run on the same host. Amazon and Google offer container hosting, but they both run each container on top of a separate virtual machine for isolation and security. Maybe inefficient but certainly simple and effective.

People are starting to notice this. At the beginning of the year a few high profile projects launched to bring the benefits of virtual machines to Docker, in particular Clear Linux by Intel and Hyper. Both of them use conventional virtual machines to run Docker cloud applications directly (no Linux containers are involved). We did a few tests with Xen: tuning the hypervisor for this use case allowed us to reach the same startup times offered by Linux containers, retaining all the other features. A similar effort by Intel for Xen is being presented at the Xen Developer Summit and Hyper is also presenting their work.

This new direction has the potential to deliver the best of both worlds to our users: the convenience of Docker with the security of virtual machines. Soon Docker might not be fighting virtual machines at all, Docker could be the one deploying them.

A Chinese translation of the article is available here: http://dockone.io/article/598

Citrix Project Satori Announced

Citrix Project Satori is the result of a collaborative agreement between XenSource and Microsoft, and was carried forward after XenSource was acquired by Citrix Systems. The base Satori components are released by Microsoft as the Linux Integration Components for Hyper-V, and provide support for paravirtualized XenLinux guests running on Hyper-V. The Linux Integration Components can be downloaded here.

The complete source code and license information (GPL version 2) on this project is now availalbe at http://www.xen.org/download/satori.html.

Citrix Open Sources VHD Support

From Simon Crosby’s Citrix blog posting We’ve Open Sourced Our Optimized VHD Support:

Today Dutch Meyer of UBC, and Jake Wires of the Citrix XenServer storage team in Vancouver submitted our implementation of the Microsoft VHD virtual hard disk format to the Xen community for inclusion in the open source code base.    So, if you want to write applications that read/write and process VMs in VHDs, you now have everything you need.   The software is licensed under the BSD license.

More at Simon’s Blog Posting…

The patches for this source code is detailed at http://markmail.org/thread/dqcil5uyigwlk2sr.

Open Source Business Conference 2008 Update

I am back from the OSBC 2008 event in San Francisco and wanted to share my notes from the sessions I attended as well as some thoughts on the overall event. Feel free to add any comments on the material and I will answer your questions.

Notes from Day 1 and Day 2: infoworld-open-source-business-conference.pdf

Overall thoughts:

  • Dress – Wow, when did an open source event look like a meeting for lawyers and bankers with everyone in suits? This was the most “dressed-up” event I have been to since an event in Germany I was at a few years back. I guess open source must be real if everyone wears suits?
  • Is Open Source Business Model any different than Proprietary Software Business Model? More thoughts on this in another blog entry but I am beginning to think that there is less difference b/w the models than most people think
  • Microsoft – Brad Smith the SVP and General Counsel at MSFT came to talk about licensing issues b/w MSFT and the Open Source Community (See Notes) and I was impressed that he was willing to spend 90 minutes and take open questions on a variety of topics. It seems to me that MSFT has decided to only have discussions with “Cathedrals” and not “Bazaars” and that this decision is creating the fundamental problem with trying to solve a variety of legal and licensing issues.
  • Open Source Projects – the new companies in Open Source are doing an amazing job of building solutions by taking a variety of open source projects and bundling them into a solution for the enterprise; I do wonder if the emphasis on building solutions for CRM, databases, and other common technology areas is limiting. Open Source should be looking for new areas to innovate such as social networking products for the enterprise (see notes) rather than established computing areas.

Comments on Matt Asay’s blog posting (http://www.cnet.com/8301-13505_1-9904446-16.html) about the event. He was the event chair.

Comments on the Microsoft presentation (http://jeremy.linuxquestions.org/2008/03/26/osbc-footnote-with-brad-smith/)

Amusing blog link (go back in time via arrows to read history) – did like the comment on the expensive breakfast but the direct link is on the MSFT pitch (http://blog.generationjava.com/roller/bayard/entry/ms-keynotepanel)

Great blog link to people who wonder why Microsoft sponsors open source events and if it has an impact: http://boycottnovell.com/2008/02/25/ms-open-source-business-conference/.