Containers & Docker: Emerging Roles & Future of Cloud ... - IEEE Xplore

Containers & Docker: Emerging Roles & Future of Cloud Technology Sachchidanand Singh

Nirmala Singh

IBM Software Lab Pune, India - 411 057 Email: [email protected]

Tech Mahindra Pune, India - 411 057 Email: [email protected]

Abstract— Container-based virtualization uses single kernel to run multiple instances on an operating system and virtualization layer runs as an application within the operating system. It is also called operating system virtualization and in this approach, the kernel of operating system runs on the hardware node with different isolated guest virtual machines (VMs) called containers.

The container-based virtualization doesn't require each guest to run a completely installed operating system. This virtualization approach also helps to improve performance since there is a single operating system taking care of all hardware calls. The disadvantage of container-based virtualization is that each guest must use the same operating system the host uses. In hypervisor-based virtualization the virtual machine is not a complete operating system instance but its partial instance of the operating system and hypervisor allows multiple operating systems to share a single hardware host. However in container-based virtualization, a kernel is run with several different virtual machines installed on top of it. The container-based virtualization is used in Linux environments like Parallels Virtuozzo and open source OpenVZ project. This paper highlights the role of Container based virtualization and Docker in shaping the future of Cloud technology. The adoption of containers will continue to grow and majority of Microservice applications will be built on the containers in the future. Keywords—Containers, Cloud, Docker, Hypervisor, Virtualization, Windows Server Containers, Hyper-V Containers, Bluemix, CoreOS, Kubernetes, Cloud Foundry, Carina.

I. INTRODUCTION Hypervisor based virtualization uses a thin kernel called base layer which route instructions coming from virtual machines to the underlying hardware layer. The Windows Hyper-V uses a Microsoft kernel and Linux kernel is used by VMware ESX Server. The virtual machines (VMs) are created on top of the hypervisor in the hypervisor based virtualization. Here virtual machines (VMs) are completely installed Operating

c 978-1-5090-2399-8/16/$31.00 2016 IEEE

System(OS). The biggest challenge in this model is to access hardware without virtualizing all drivers for the hardware beforehand but we can still uses paravirtualization as a workaround. In full virtualization scenario, all hardware should be virtualized before it can be assigned to a VM which will run a complete copy of the operating system. The Container-based virtualization uses a different approach, here standard host operating system is at the base and can be a Windows or Linux host when using Parallels Virtuozzo virtualization. The virtualization layer is on top of it and runs as an application within the operating system. The virtualization layer offers a file system and kernel service abstraction layer which isolates resources among all virtual machines called "Containers" and it ensures that each container appears as a standalone server.[3] II. OS-LEVEL VIRTUALIZATION AND HYPERVISOR-BASED VIRTUALIZATION

The container-based virtualization does not use complete virtual machines and hence no overhead of running a completely installed operating system. The advantage of this approach is that there is no need to duplicate functionality like hardware calls since there is just one operating system to take care of all hardware access.[1][10] The performance problems related to hardware access by means of driver virtualization can be avoided using Containerbased virtualization. But one limitation using containers is that there is no flexibility to virtualize different operating systems. The container-based virtualization is also called OS level virtualization. In hypervisor-based virtualization every virtual machine (VM) needs a complete operating-system installation including a kernel which makes it massive but very flexible. Every virtual machine has its own kernel and hypervisor coordinates access to hardware. Therefore we can install any operating system and these Operating Systems run in completely isolated environments.[2] In container-based virtualization all virtual machines uses the same kernel and doesn't need a hypervisor. The containerbased virtualization are used in Windows and Linux. The container based virtualization is suitable choice if optimal efficiency is priority and operating systems preference is less important.[5] The hosting provider tries to use the same operating system for every virtual machine in order to simplify VM

804

maintenance since it's easy to update hundreds of virtual machines on a physical server with one Linux kernel patch. III. BENEFITS OF CONTAINER-BASED VIRTUALIZATION Container-based virtualization improves performance and efficiency compared to conventional hypervisor since additional resources needed for each OS is eliminated. In scenario when single operating system is required, the container-based virtualization is best fit. The Container-based virtualization uses a single kernel to run multiple instances of an operating system and it does not duplicate functionality. Each container instance runs in a completely isolated secure environment. Container-based virtualization is more resource efficient since all applications runs on top of the same kernel and instances are smaller and faster to create or migrate. It means a single system can potentially host more containers than VMs but it limits the flexibility and choice of your operating systems. And single OS creates situation of single point of failure for all of the containers. For ex- a virus attack or crash of host OS can impact all of the containers. Containers are regarded as more resource efficient compared to VMs because the additional resources needed for each OS is eliminated and instances are smaller and faster to create or migrate. Cloud service providers are more interested in containers because far more container instances can be deployed on same hardware investment. IV. BENEFITS OF DOCKER CONTAINERS Docker is a container technology which makes it easy to package and distribute software along with its other dependencies. It makes shipping of software code easy to staging or production or any other environment. Docker is written in Go, an open source programming language created in 2007 at Google by Robert Griesemer, Rob Pike, and Ken Thompson. Developer community is working aggressively on Docker API which have 15 revisions made so far in the past 1.5 years. IBM is founding member of Open Container Platform (OCP) formed by partners and users to create industry standards around container formats and runtime. IBM Containers are built on Bluemix which is a Platform-as-aService(PaaS) which provides efficient environment to enable faster integration and access to big data, analytics and security services. A. Application Portability Docker puts all application dependencies in container which is portable on different platforms. The distributed applications can be built, move and run using containers. The application developers and administrators can run same application on laptops, VMs or cloud by automating deployment inside containers.[14],[20] B. Docker is lightweight and fast Containers are lightweight and fast compared to Virtual Machine(VM) since VMs boot an entire operating system to start and consume resource as each VM has to run a full OS instance. However starting a container is just like starting a process.[7],[16]

C. Optimal resource utilization Docker allows to allocate and limit CPU, memory, network and disk resources to all the process using Linux's Control Groups. It ensures that one process is not taking over all of the computer resources and starving the other processes.[20] D. Docker is growing Docker depends on Linux Containers (LXC), cgroups and namespaces capabilities which don't exist in Windows. Microsoft have its own container technology on Windows but they are working on hooks to enable Docker containers to run on Windows Server.[6],[13],[15],[17] E. Best fit for Microservices architecture The Microservice architecture is supported by containers as each microservice can be deployed without interfering with other micro services. Containers provide suitable environment for service deployment in terms of speed, isolation and ease of deployment of new versions.[20] F. Resource Utilization The containers are lightweight, portable, efficient and can run on physical servers. We can run more containers on a physical servers than virtual machines which results in higher resource utilization. Containers consists of application code along with its dependencies and runs as an isolated process sharing the kernel with other containers in the user space on the host operating system.[20] V. DOCKER CONTAINER ARCHITECTURE The Docker architecture currently leverage Linux Containers(LXC) which have features like cgroups and namespaces for resource control and strong process isolation etc. In addition Docker architecture could leverage Kernelbased Virtual Machine(KVM) to do the same things.[6] Linux Containers(LXC) is OS level virtualization to run multiple isolated Linux systems on a single Linux control host and it works as userspace interface for the Linux kernel containment features. Linux Containers(LXC) are based on chroot which contains binaries, libraries and configuration file therefore called chroot jail and this approach allows for an isolated environment on top of the kernel.[12] Cgroups are groups of resources which can be created at the Linux kernel level and can be assigned priorities therefore it can be ensured that each virtual machine have exactly only those resources which are actually required. It makes container based virtualization an efficient environment. Container platforms from Cloud Foundry, Kubernetes and CoreOS offer feasible virtualization alternatives but Docker containers have gained a lot of momentum and achieved hype status. Companies like VMware, IBM and Microsoft are working on to develop their container strategy on cloud.[4] Docker provides feasible and cheaper alternative to hypervisor based virtual machines. It have two major components- the open source containerization platform called Docker and Docker Hub which is a Software-as-aService(SaaS) platform to share and manage Docker

2nd International Conference on Applied and Theoretical Computing and Communication Technology (iCATccT)

805

containers. Docker uses a client server architecture model. The Docker client can talk to the Docker daemon which creates, run and distribute Docker containers. The Docker client and daemon can run on the same system or a Docker client can ccommunicate through sockets or RESTful API to a remote Docker daemon.[21]

of APIs which can be built from templates or commands. It's possible to create container based systems on any OS which supports container like partitioning however Docker uses Linux container tools. Hence Linux specific applications and components are run by Docker containers. Although Docker can run in a VM hosted by a different OS but it requires a Linux guest OS within the VM to serve the containers. Although Docker containers can run on a non-Linux host OS but they are still limited to Linux applications and use of Docker outside Linux hosts is complex. The Docker containers hosted on Windows' servers can be valuable to users having large Windows server requirements and wants to add Linux-based applications. Enterprises can host containers on public cloud VMs in the data centers and available Docker tools can help to deploy container-based components, support workflows and can facilitate hybrid cloud use with easy failover support. The VM based virtualization have the advantages of isolation which is useful for public clouds. VIII. CONTAINER TECHNOLOGY AND ROAD AHEAD

Fig. 1. Docker Architecture[21] Docker daemon runs on a host machine and users interact with daemon through Docker client. Docker client is primary user interface and its in the form of Docker binary. The role of Docker client is to accept commands from users and communicate bidirectional communication with Docker daemon. Docker images are read-only templates and Docker registries hold these images. And Docker containers are created from Docker image and it holds things needed to run an application. We can perform activities of run, start, stop, move or delete on Docker containers and each container is an isolated and secure application platform.[21] VI. MONOLITHIC VERSUS MICROSERVICES ARCHITECTURE In Monolithic architecture application is deployed as a single file or collection of files rooted at the same directory and all the application code runs in the same process. Here we need to deploy multiple copies of the same application code to multiple servers in order to achieve scaling. The services defined in Monolithic architecture are decomposed into individual services in the Microservices architecture and are deployed individually on separate hosts. In Monolithic architecture gradually new features and services are added to the application and over time the code base becomes huge and complex. The Microservices architecture is designed to address this type of challenges. Each Microservice is meant for a specific business function and it defines the operations necessary for that business function. A microservices architecture approach makes web based development agile in the nature and easier to maintain the code base. Docker is an enabler for a Microservices architecture and container based application deployment. VII. HOW CONTAINER TECHNOLOGY FITS IN THE CLOUD AND CHALLENGES Docker is a container management system which automates the process of creating containers to run applications or components. Containers are managed by a set

806

The growing user interest and widespread adoption of Docker and container technology have forced legacy vendors to deliver their at least first container products but it needs to be seen in long run how these technologies can smoothly integrate and meet the technical requirements of legacy systems.[19] VMware unveiled two open source offerings in 2015 named -'Project Lightwave' and 'Project Photon'. The Project Lightwave focuses on identity and access management and Project Photon to manage containers and VMs on a single platform.[8] Bluemix is a cloud Platform as a Service (PaaS) offering developed by IBM. Bluemix is a hybrid cloud development platform based on Cloud Foundry open technology and runs on SoftLayer. Microsoft has promised to introduce Windows Server Containers and Hyper-V Containers in upcoming Windows Server 2016. The Azure Container Service release by Microsoft helps larger IT shops to deploy and set up Apache Mesos to cluster & schedule Docker applications across multiple virtual hosts. There are several alternatives to VMware container platform like Docker, Kubernetes, CoreOS and Cloud Foundry. The Project Photon of VMware will be shipped with the Pivotal Cloud Foundry. The Open Container Project (OCP) will go a long way toward driving the IT industry to top one or two container deployment methodologies which will functionally merge rest of all competing approaches.[11] Already OCP is signed by VMware, Amazon Web Services, HP, IBM, Microsoft, Google, EMC and Red Hat etc.[9] The Google's Kubernetes open source project, CoreOS's open source Rocket project and Docker Platform will contribute to future container administration and management.[18] Containers provide a mechanism to improve efficiency through sharing of operating system binaries. This approach helps to improve host capacity and makes patch management easier since there are fewer operating systems to patch. A


container keeps the application binaries and configuration files and stores the OS components which application modifies. Rackspace rolled out Carina in beta for free on the Rackspace Public Cloud in 2015. Carina is a container service used to simplify and speed deployments on cloud. It allows users to provision Docker Swarm clusters with native Docker APIs and create and deploy containerized applications. Intel is supporting container as a service with its Cloud Integrity Technology 3.0. The leading cloud providers like Amazon, Microsoft, IBM and Google are adopting container and supporting container as a service technology.

[6]

[7]

[8]

[9]

[10]

Containers as a service (CaaS) is a form of container-based virtualization in which container engines, orchestration & underlying compute resources are provided to users as a service. Most of the public cloud providers like Amazon Web Services (AWS), IBM, Google, Rackspace and Joyent have some type of CaaS offering.

[11]

The adoption of containers is expected to grow and majority of Microservice applications will be built on the containers in the future. And existing cloud platforms will either switch to a new container stack or at least start supporting containers.

[14]

[12] [13]

[15] [16]

[17]

References [1]

[2]

[3]

[4]

[5]

container-based virtualization (operating system-level virtualization) http://searchservervirtualization.techtarget.com/definition/containerbased-virtualization-operating-system-level-virtualization Making the case for container-based virtualization over hypervisorshttp://searchservervirtualization.techtarget.com/tip/Making-the-case-forcontainer-based-virtualization-over-hypervisors Virtualization performance and container-based virtualizationhttp://searchservervirtualization.techtarget.com/tip/Virtualizationperformance-and-container-based-virtualization Virtualization Without The Hypervisorhttp://docs.media.bitpipe.com/io_12x/io_128710/item_1261181/Virtuali zation%20Without%20The%20Hypervisor_hb_final.pdf Containers vs. VMs: What's the difference? http://searchservervirtualization.techtarget.com/answer/Containers-vsVMs-Whats-the-difference

[18]

[19]

[20]

[21]

Why systemd Linux containers make sensehttp://searchservervirtualization.techtarget.com/tip/Why-systemd-Linuxcontainers-make-sense Docker leads the container technology charge in cloudhttp://searchcloudcomputing.techtarget.com/feature/Docker-leads-thecontainer-technology-charge-in-cloud VMware container platforms offer increased flexibilityhttp://searchvmware.techtarget.com/tip/VMware-container-platformsoffer-increased-flexibility IBM hitches a ride on the Docker bandwagonhttp://searchcloudcomputing.techtarget.com/news/2240236168/IBMhitches-a-ride-on-the-Docker-bandwagon Containers: Fundamental to the cloud's evolutionhttp://www.zdnet.com/article/containers-fundamental-to-the-evolutionof-the-cloud/ Docker 1.11 adopts Open Container Project components http://www.infoworld.com/article/3055966/open-source-tools/docker111-adopts-open-container-project-components.html Jails- http://www.freebsd.org/doc/en/books/handbook/jails.html Virtual Machines Vs. Containers: A Matter Of Scopehttp://www.networkcomputing.com/cloud-infrastructure/virtualmachines-vs-containers-matter-scope/2039932943 Can’t Contain(erize) the Hype – is Docker real or a bubble? http://robhirschfeld.com/2014/04/18/docker-real-or-hype/ Infrastructure for container projects- https://linuxcontainers.org/ Containers- Not Virtual Machine- Are the Future Cloud http://www.linuxjournal.com/content/containers%E2%80%94notvirtual-machines%E2%80%94are-future-cloud?page=0,1 Containers Will Penetrate Large Cloud Platforms https://dzone.com/articles/cloud-computing-the-sky-is-the-limit Gartner Gives Thumbs Up To Docker Securityhttp://www.informationweek.com/cloud/infrastructure-as-aservice/gartner-gives-thumbs-up-to-docker-security/d/d-id/1318612 Amazon's Container Strategy, Examinedhttp://www.informationweek.com/cloud/infrastructure-as-aservice/amazons-container-strategy-examined/a/did/1317515?itc=edit_in_body_cross Microservices Architecture, Containers and Docker, https://www.ibm.com/developerworks/community/blogs/1ba56fe3-efad432f-a1ab58ba3910b073/entry/microservices_architecture_containers_and_docker ?lang=en Understand the architecturehttps://docs.docker.com/engine/understanding-docker/


807