Joyent Ready To Run Multi-Tenant Containers Without VMs

7 Data Center Disasters You'll Never See Coming

Joyent has opened the doors to all comers to try running containerized workloads on its bare metal infrastructure, managed by its Solaris-derived SmartOS operating system.

Joyent's Triton Elastic Container service became generally available on Tuesday after the completion of an early access program launched last March 24. Other cloud suppliers, including Google, with its extensive container operational experience, insist on running containers in a virtual machine in their multi-tenant cloud infrastructure.

If nothing else, Joyent is conducting an experiment on whether hundreds of containers may be run in close proximity on a host from a wide variety of unknown customers. Docker used to warn on its website against such an approach for users deploying Linux production systems. It still warns that Docker "allows you to share a directory between the Docker host and a guest container; and it allows you to do so without limiting the access rights of the container…This sounds crazy?"

There are ways to architect such a system to maintain the isolation of the containers. At Joyent, CTO Bryan Cantrill and crew are relying on the inherent safeguards built into SmartOS to allow mixed containers to run together safely.

Developer interest in running containers on bare metal has been keen, said Cantrill in an interview. He said 2,500 have signed up to do so via Triton so far.

[ Want to learn more about Triton's launch? See Joyent: Run Docker On SmartOS For Greater Security. ]

Couchbase, a NoSQL system designed for speedy interactions involving unstructured JSON data, is running on Triton in Docker containers. "What our customers really want is scalability and performance," said Perry Krug, manager, solutions engineering, at Couchbase. "Couchbase and Triton have become fast friends," he added.

Krug said Couchbase operation on Triton was faster than Couchbase on Amazon Web Services because the virtual machine has been eliminated as an intermediary. "You don't have that extra layer that adds milliseconds to requests [for data]. It's very compelling."

Input and output operations have long been an area of poor performance in cloud computing, "substandard to local hardware," said Krug, due to the double latencies of network communications and disk operations. Running Couchbase as a containerized system in the cloud reduces the impact of those latencies.

Scaling up a Couchbase system in containers can proceed in seconds, as more containers are launched beneath a host operating system that runs continuously. To scale up a virtual machine-based system requires the launch of an operation system for each VM. Couchbase also has its roots in memcached, the open source, in-memory data caching system. In many cases, it relies on memory-based reads to produce quick results.

When a customer is using Couchbase on AWS, "we have some specific recommendations" of how to deploy the system. When Couchbase is running on Joyent, "we don't have to make recommendations," Krug said.

One reason not to deploy a database system as a container-based system is that a Docker IP address disappears if there's a system shutdown, or even if the Docker daemon stops running and needs to be rebooted. Distributed units of Couchbase in such failed containers would no longer be available for reads or writes, even if they came back online, because other units would possess an out-of-date IP address. SmartOS, however, reassigns the same IP address to a restored container.
 
Cantrill said the warnings to not run containers from different owners on the same host need not apply to the Joyent cloud. SmartOS, like Sun Microsystem's Solaris before it, runs containers in "zones" and provides operating system-based guarantees of isolation. SmartOS can run Linux containers because it's been given a Linux call system table that receives an application's request for operating system services and translates it into a SmartOS request.

The Docker open source project and Linux kernel developers are working security improvements for Linux containers running on Linux. But until they've been finalized and tested, "there's fewer moving parts and fewer road bumps" when running Couchbase in containers on Triton, Krug said.