Cloud // Infrastructure as a Service
News
6/25/2014
10:18 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Joyent Joins Containers Debate

Joyent's SmartDataCenter 7 package offers on-premises provisioning and management of containers and virtual machines. Watch out, OpenStack?

Cloud Contracts: 8 Questions To Ask
Cloud Contracts: 8 Questions To Ask
(Click image for larger view and slideshow.)

If OpenStack has issues, Joyent thinks it's got the answer: the Joyent SmartDataCenter 7, announced Tuesday to run as a complete, ready-to-go package.

Bryan Cantrill, CTO of the San Francisco infrastructure-as-a-service provider, says SmartDataCenter 7 will give enterprise cloud builders a system on which they can run both virtual machines and lightweight containers. Unlike OpenStack, it can be installed in an afternoon, he claims in an interview.

Joyent is a lesser-known public cloud among service providers, with an emphasis on high performance and big-data analytics. Gartner calls it a niche player and a distant possibility as a Microsoft or Amazon challenger. On the other hand, it occupies a niche of potentially growing importance by using as its core operating system an open source descendent of Sun Microsystems Solaris that it calls SmartOS. Like Solaris, SmartOS can spin up and run multiple containers under a single operating system on a cloud host -- hundreds of them at a time, he says.

Joyent recently ran the predecessor to SmartDataCenter 7 on a two-way Xeon server with 96 GB of DRAM. It could host 400 Node.js applications. On a more powerful two-socket, quad-core Xeon server (that would power 32 virtual CPUs because each core is double-threaded) and 256 GB DRAM, it ran 800 containers "and could run thousands," he says. There is a maximum of 8,192 containers that can be assigned to a single host. Cantrill makes no claim that anyone has ever approached such a limit.

[Want to learn more about Joyent's place in the cloud universe? See Amazon, Microsoft Star In Gartner Cloud Magic Quadrant.]

Running containers under one operating system is highly similar to running an application on a bare-metal server because of containerization's low overhead, while virtual machines are often described as having a 1% to 2% overhead, or more.

There's a debate over the role that Linux containers will play in the future of cloud computing, but Linux containers are generally viewed as less secure than Solaris containers. Even Docker, the leading purveyor of a common format for Linux containers, has warned of the possible breakout of malicious code from earlier versions of Docker containers, as it did in a blog post June 18.

The problem has been corrected in the current Docker 1.0, but no one is certain when the next exploit may be found. The viability of Linux container security is the subject of an ongoing debate.

As Cantrill explains it, unlike Solaris containers, Linux containers "were not designed from the ground up as multi-tenant systems." Linux containers were designed with maximum efficiency in mind, leaving the possibility of malicious code in one container being able snoop on server activity and interfere with neighboring containers.

SmartDataCenter 7 can also take virtualized workloads and run them under the KVM open source hypervisor. There's some loss of efficiency, since the virtual machine has to run its own operating system, rather than sharing the host's. But doing so is a further guarantee of the application's security, he says. In effect, the virtual machine itself is considered a safe, logically defined container. If renegade code escapes, it's contained inside the operating system zone surrounding the virtual machine.

An escapee from the virtual machine "can't launch a process, can't access the file system, can't reach storage," he says. Basically, malicious code that makes it past the virtual machine's logical barriers "can't do anything" in its new surroundings.

Tuesday's release of SmartDataCenter 7 marks its launch as an on-premises system, one that Joyent hopes will be able to compete with Eucalyptus Systems, Cloudscaling, and OpenStack. He says, "It's very opinionated software. We've made a whole bunch of decisions for you. 'Here is how we think of storage... Here is how to upgrade the system,'" which eases installation and operations.

Cantrill, a veteran of 12 years of Solaris engineering at Sun Microsystems and the author of Dynamic Tracing (DTrace), the performance analysis tool for Solaris and Linux, was recruited to Joyent three years ago to productize the Joyent cloud system.

SmartDataCenter 7 uses the ZFS file system for storage and operations. It allows easy-to-set-up replication, data compression, deduplication, and other data-management functions.

"I'm wedded to DTrace and ZFS," both part of SmartDataCenter 7, he says. The computing world before they existed "was insufferable, the Dark Ages, where everybody was dying of the plague." SmartDataCenter 7 may mark the dawn of an age of greater system health and reliability, for those who want to turn to a niche player and give it a try.

Private clouds are moving rapidly from concept to production. But some fears about expertise and integration still linger. Also in the Private Clouds Step Up issue of InformationWeek: The public cloud and the steam engine have more in common than you might think. (Free registration required.)

Charles Babcock is an editor-at-large for InformationWeek, having joined the publication in 2003. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive Week. He is a graduate of Syracuse ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
6/26/2014 | 7:46:46 PM
And another thing....
Google probably has the most experience with Linux containers on the planet, having run its speedy search engine and other internal operations inside them. But we can't expect its release to open source of its Kupernetes container code to solve the security issue. Kupernetes takes care of provisioning, doesn't have much to do with security. When it comes to the public cloud part of Google, it's written its own container management system to provide security in a multi-tenant environment. For those hoping it will make that open source too, better not hold your breath. Blue will not become you.
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
6/25/2014 | 6:16:36 PM
Joyent, our one example of Solaris-style containers?
I think there is wide acceptance of the notion that Solaris containers, on which SmartOS and SmartData Center are based, were designed with security in mind and can be used in a multi-tenant environment. Linux containers, on the other hand, will be presumed leaky until proven otherwise and of uncertain value in multi-tenant environments. That is, you need to know none of the other tenants is hostile to run them in multi-tenant mode. One way to use Linux containers would be for one customer to put many containers on one server, no other tenant allowed. What's intersting about Joyent is it's got both containers and Solaris-style security on the containerized host. Google knows containers, but it's still keeping Linux containers inside a virtual machine, I believe, except in its internal operations.
Laurianne
50%
50%
Laurianne,
User Rank: Author
6/25/2014 | 3:42:21 PM
"Niche players"
"Niche" cloud players have surprised us before. Can Joyent win the customer loyalty necessary to make an impact here?
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
6/25/2014 | 12:57:38 PM
Some irrational exuberance going around?
Got problems with OpenStack? Not sure the answer is a proprietary system, built on a niche OS, comprising bleeding-edge technology that no one can promise can be secured. But hey, points for a colorful quote.
Multicloud Infrastructure & Application Management
Multicloud Infrastructure & Application Management
Enterprise cloud adoption has evolved to the point where hybrid public/private cloud designs and use of multiple providers is common. Who among us has mastered provisioning resources in different clouds; allocating the right resources to each application; assigning applications to the "best" cloud provider based on performance or reliability requirements.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.