STRATEGIC WHITE PAPER. The next step in server virtualization: How containers are changing the cloud and application landscape



Similar documents
STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Use Case Brief NETWORK SECURITY

Use Case Brief CLOUD MANAGEMENT SOFTWARE AUTOMATION

The Virtualization Practice

VIRTUALIZED SERVICES PLATFORM Software Defined Networking for enterprises and service providers

Use Case Brief BUILDING A PRIVATE CLOUD PROVIDING PUBLIC CLOUD FUNCTIONALITY WITHIN THE SAFETY OF YOUR ORGANIZATION

SINGLE-TOUCH ORCHESTRATION FOR PROVISIONING, END-TO-END VISIBILITY AND MORE CONTROL IN THE DATA CENTER

Modern App Architecture for the Enterprise Delivering agility, portability and control with Docker Containers as a Service (CaaS)

Cisco Application-Centric Infrastructure (ACI) and Linux Containers

Branches as Nimble as the Cloud: Unleashing Agility with Nuage Networks Virtualized Network Services EXECUTIVE SUMMARY

Modern Application Architecture for the Enterprise

Use Case Brief BORDERLESS DATACENTERS

Virtualization, SDN and NFV

The Definitive Guide To Docker Containers

Bringing the Cloud to the Enterprise Branch and WAN: Unleashing Agility with Nuage Networks Virtualized Network Services EXECUTIVE SUMMARY

Pluribus Netvisor Solution Brief

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.

Network Virtualization

Business Values of Network and Security Virtualization

Scaling the S in SDN at Azure. Albert Greenberg Distinguished Engineer & Director of Engineering Microsoft Azure Networking

May 13-14, Copyright 2015 Open Networking User Group. All Rights Reserved Not For

Unconstrained Datacenter Networks for the Cloud Era

Global Headquarters: 5 Speen Street Framingham, MA USA P F

SOFTWARE-DEFINED NETWORKING AND OPENFLOW

WHITEPAPER INTRODUCTION TO CONTAINER SECURITY. Introduction to Container Security

Private Cloud Management

Container Clusters on OpenStack

Creating Overlay Networks Using Intel Ethernet Converged Network Adapters

Cisco Network Services Manager 5.0

Microsoft Private Cloud Fast Track

Open Source Networking for Cloud Data Centers

PLUMgrid Open Networking Suite Service Insertion Architecture

VMware vcloud Networking and Security Overview

Building a Continuous Integration Pipeline with Docker

Getting on the Road to SDN. Attacking DMZ Security Issues with Advanced Networking Solutions

Shifting Roles for Security in the Virtualized Data Center: Who Owns What?

Scalable Approaches for Multitenant Cloud Data Centers

Software Defined Everything

Red Hat Cloud Ecosystem

Securing the Virtualized Data Center With Next-Generation Firewalls

How To Build A Software Defined Data Center

TOP 5 REASONS WHY FINANCIAL SERVICES FIRMS SHOULD CONSIDER SDN NOW

DevOps for the Cloud. Achieving agility throughout the application lifecycle. The business imperative of agility

CloudCenter Full Lifecycle Management. An application-defined approach to deploying and managing applications in any datacenter or cloud environment

Virtualized Network Services SDN solution for service providers

Linux A first-class citizen in Windows Azure. Bruno Terkaly bterkaly@microsoft.com Principal Software Engineer Mobile/Cloud/Startup/Enterprise

SOFTWARE-DEFINED NETWORKING AND OPENFLOW

Docker : devops, shared registries, HPC and emerging use cases. François Moreews & Olivier Sallou

White. Paper. The Rise of Network Functions Virtualization. Implications for I/O Strategies in Service Provider Environments.

Networks that know data center virtualization

CoIP (Cloud over IP): The Future of Hybrid Networking

EXTENSIBLE WIDE AREA NETWORKING

Enabling Database-as-a-Service (DBaaS) within Enterprises or Cloud Offerings

WHITE PAPER. Data Center Fabrics. Why the Right Choice is so Important to Your Business

Sacha Dubois RED HAT TRENDS AND TECHNOLOGY PATH TO AN OPEN HYBRID CLOUD AND DEVELOPER AGILITY. Solution Architect Infrastructure

Cloud for Video Processing

RED HAT CONTAINER STRATEGY

VMware vcloud Networking and Security

Building Docker Cloud Services with Virtuozzo

A Cloud WHERE PHYSICAL ARE TOGETHER AT LAST

Simplify IT. With Cisco Application Centric Infrastructure. Roberto Barrera VERSION May, 2015

Testing Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES

Evolution of the Modern Software Supply Chain The Docker Survey, 2016

RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS: COMPETITIVE FEATURES

Network Virtualization: Delivering on the Promises of SDN. Bruce Davie, Principal Engineer

Microsoft Private Cloud

Linstantiation of applications. Docker accelerate

Software-Defined Networks Powered by VellOS

Virtualized Network Services SDN solution for enterprises

Cloud Computing and the Internet. Conferenza GARR 2010

vcloud Suite Architecture Overview and Use Cases

Outline. Why Neutron? What is Neutron? API Abstractions Plugin Architecture

Data Center Network Evolution: Increase the Value of IT in Your Organization

Network Virtualization Solutions

Itex VMware NSX Network Virtualization Presentation

Achieving a High-Performance Virtual Network Infrastructure with PLUMgrid IO Visor & Mellanox ConnectX -3 Pro

ALCATEL-LUCENT ENTERPRISE DATA CENTER SWITCHING SOLUTION Automation for the next-generation data center

Software Defined Network (SDN)

Software Defined Environments

CloudEngine 1800V Virtual Switch

SUSE Cloud 2.0. Pete Chadwick. Douglas Jarvis. Senior Product Manager Product Marketing Manager

TECHNOLOGY WHITE PAPER. Correlating SDN overlays and the physical network with Nuage Networks Virtualized Services Assurance Platform

80% 50x. 30x. CASE STUDY: How WaveMaker Got Faster, Better, More Agile with Docker. Lower Costs. Better Performance. Greater App Density

Extreme Networks: Building Cloud-Scale Networks Using Open Fabric Architectures A SOLUTION WHITE PAPER

Monitor Open stack environments from the bottom up and front to back. Roger Ruttimann VP Engineering, GroundWork OpenSource November 17, 2015

Azul pitches Docker as alternative to virtualization for heavy-duty Java applications

RED HAT CLOUD SUITE FOR APPLICATIONS

7 Ways OpenStack Enables Automation & Agility for KVM Environments

Accelerating Micro-segmentation

HAWAII TECH TALK SDN. Paul Deakin Field Systems Engineer

CLOUD TECH SOLUTION AT INTEL INFORMATION TECHNOLOGY ICApp Platform as a Service

The virtualization of SAP environments to accommodate standardization and easier management is gaining momentum in data centers.

A Coordinated. Enterprise Networks Software Defined. and Application Fluent Programmable Networks

Transcription:

STRATEGIC WHITE PAPER The next step in server virtualization: How containers are changing the cloud and application landscape

Abstract Container-based server virtualization is gaining in popularity, due to its inherent suitability for cloud environments the environment businesses are counting on to deliver their myriad applications quickly and efficiently. However, to take full advantage of containers, the networking environment must be optimized to connect container-based applications. Nuage Networks Virtualized Services Platform, a Software-Defined Networking solution, has been field-tested to integrate fully with Docker, a leading container technology. By choosing Nuage Networks as the virtual networking solution for Docker containers, businesses can ensure that they have a solid foundation for their applications.

CONTENTS 1 Containers come of age 2 Networking requirements for deploying containers in production 3 Docker integration with Nuage Networks Virtualized Services Platform 3 Docker integration details 4 Conclusion

Containers come of age Server virtualization has revolutionized the datacenter and paved the way for cloud architectures, more efficient hardware utilization and vastly greater degrees of IT automation. While virtual machine (VM) technology has matured greatly over the last decade, a new form of server virtualization, called containers is rapidly increasing in popularity. Containers promise to accelerate application deployment cycles and increase cloud agility in fundamental ways. One technology vendor, Docker, has taken the lead on improving earlier container virtualization formats to the point that now Docker and containers are virtually synonymous. Containers allow applications to be isolated from each other using operating system-level virtualization features such as Linux control groups (resource control) and namespaces (resource isolation). Since containers run atop the same operating system they require fewer resources than VMs. For example, containers require fewer CPU cycles and less memory. Container images are also much smaller in comparison to VM images. As a result of these differences and the fact that they don t require an operating system to boot up, containers can be launched very quickly. The smaller footprint of containers means many more application instances can be run on a host compared to VMs. While the container technology itself is not new, there are three key factors that have made containers popular again for cloud deployments. 1. Containers enable developers to write applications with the architecture required for cloud applications Containers provide the right foundational building block for the growing number of applications being developed for the cloud (both private and public). Instead of writing monolithic apps that scale vertically, cloud applications are being implemented using micro-services. This modular architecture allows the application components to be maintained independently. Micro-services can be upgraded independently of each other rather than requiring the entire application to be upgraded. Since containers can be quickly spun up/down based on scaling demand, they are ideal for micro-services. The use of containers also facilitates upgrades. 2. Docker images are a big step forward for DevOps Applications are critical to businesses and, in some cases, the applications are the businesses themselves. Being able to roll out new applications and upgrade them in an agile fashion is a challenge that businesses have been struggling with. In a DevOps environment, the Development and Operations teams come together to achieve those business goals. The Docker image format is a big step forward. Docker images are the basis of Docker containers and the image captures all the application dependencies in the image itself. Docker-based apps run exactly the same on a laptop as they do in production, making the handoffs between Dev and Ops much easier. The small size of Docker images allows for much more rapid deployment of applications than if they were packaged in a VM image. The combination of instant-start and small footprint enables a development process called continuous integration, meaning small incremental changes to applications can be rolled out very quickly to meet immediate business requirements. THE NEXT STEP IN SERVER VIRTUALIZATION NUAGE NETWORKS STRATEGIC WHITE PAPER 1

3. Docker registries enable faster collaboration between developers Docker registries make collaboration among developers much easier than it is when they must rely on open source software. Docker Hub, a public registry maintained by Docker, has over 100,000 public repositories. These reusable building blocks make it easy to get started. Developers can leverage community best practices by stitching together other developers containers. Docker images are composed of multiple layers. So instead of creating images from scratch every time, developers can pull base images and add layers they need. This ultimately means that innovation can happen at a faster pace and applications can be created quickly. In summary, containers are popular because they are a perfect fit for cloud applications and Docker makes using containers easy. Networking requirements for deploying containers in production While some may argue that containers are something that only application developers need to worry about, the truth is that deploying them in production requires a networking infrastructure that can successfully connect container-based applications. The networking requirements for deploying Docker-based applications are described below. Can isolate applications: The most basic requirement for cloud architectures is the ability to isolate applications from each other, and tenants from each other. This is something that needs to be designed for from the beginning. Trying to retrofit this can be challenging and may require a completely new network design. Overlay networks are a way to provide this isolation, since the network extends to the container host. Provides a granular security policy framework: Traditional application deployments involved multiple tiers with security policies in place to control the traffic between those tiers. Using containers to create applications may change the way the applications are architected, but the security requirements still hold. Containerized applications shouldn t be forced to work around these. In fact, since containers share the underlying operating system kernel the attack surface can be larger than that of a VM. Having a strong security framework for containers is extremely important. Integrates with DevOps workflows: Introducing an advanced networking solution should not impose unnecessary changes in the developer workflows and tools. The solution should adapt itself to the containerized environment rather than the other way round. Interconnects containers, VMs and physical servers: While applications are written to run in containerized environments it doesn t mean they won t need to access services running in VMs or on bare metal servers. The overlay networking solution chosen for containers must be able to provide this connectivity without sacrificing security. Scales to meet cloud requirements and greater workload densities: Containers will impose scaling requirements one to two orders of magnitude greater than VMs. Peak container activation/deactivation events will cause a churn in updating networking and security policies, thereby stressing the network control plane. A high performance data plane is equally important to avoid adding unnecessary latency to the application traffic. The networking control and management plane must be capable of supporting these requirements. THE NEXT STEP IN SERVER VIRTUALIZATION NUAGE NETWORKS STRATEGIC WHITE PAPER 2

Docker integration with Nuage Networks Virtualized Services Platform Nuage Networks Virtualized Services Platform (VSP) provides a policy-driven approach to creating VXLAN-based overlay networks. Nuage Networks VSP integrates with Docker by treating Docker containers as first-class citizens along with VMs and bare metal hosts. This means that all the advanced networking capabilities that are available when using Nuage Networks VSP can be leveraged for Docker deployments. Docker deployments get multi-tenancy, security and performance from the underlying Nuage Networks VSP. The Nuage Networks VSP policy component, called the Virtualized Services Directory (VSD), allows users to define and manage network policies for applications. Application network endpoints are then placed in Zones or Policy Groups on-the-fly, and the network policies are automatically pushed from the VSD to distributed virtual switches connected to containers. A Zone is a logical construct in Nuage Networks VSP consisting of one or more subnets. A Policy Group is a collection of virtual ports (vports) that are grouped together for the creation of security policies. Since containers are similar to VMs from a networking perspective, they get the same treatment. Docker containers may also be connected to VMs and bare metal servers that are managed by the Nuage Networks VSP. Docker deployments in the public cloud are becoming increasingly common. Nuage Networks VSP can be easily deployed on cloud VMs (like AWS Amazon Machine Images) to manage containers as well. This approach shows the value of implementing Software-Defined Networking (SDN) in software; some SDN solutions actually require proprietary hardware. FIGURE 1. Nuage Networks VSP: policy-driven networking for all environments Nuage Networks Virtualized Services Platform (VSP) Physical servers Virtual machines Containers Public cloud VMware KVM Docker Swarm Kubernetes Mesos Amazon Web Services Microsoft Azure Docker integration details Nuage Networks has created a plug-in for Docker networking. The Nuage Networks VSP plug-in runs on every Docker host. Each Docker host, whether bare metal or virtual, also has the Nuage Networks VSP s Virtual Routing and Switching (VRS) component installed on it. The VRS is a software agent that is responsible for forwarding traffic from the containers, performing the VXLAN encapsulation of traffic and enforcing security policies. While creating a Docker container the user can specify what Zone or Policy Group it belongs to. All endpoints in a given zone adhere to the same set of security policies. THE NEXT STEP IN SERVER VIRTUALIZATION NUAGE NETWORKS STRATEGIC WHITE PAPER 3

The Nuage Networks VSP plug-in first creates a virtual Ethernet (veth) interface pair to connect the Docker container to the VRS, which is the distributed routing component that runs on each host. The Nuage Networks VSP plug-in then passes the Zone or Policy Group information to the VRS, which uses it to resolve the IP address of the container. The Platform plug-in configures the resolved IP addresses in the container s namespace. This means that every container gets its own IP address. With some other approaches containers are given an address from a subnet that is local to the host and therefore require the use of NAT to reach the container. The VRS also downloads the security policies based on the container s Zone or Policy Group from the VSD. The container can only exchange information with other containers/vms that are authorized by the configured policies. FIGURE 2. Nuage Networks VSP architecture with Docker Docker host OS namespace VRS veth 14 veth 22 eth0 192.168.1.2 VXLAN eth0 Container 1 172.16.1.2 Container 1 namespace eth0 Container 2 172.16.1.3 Container 2 namespace Conclusion Docker containers are gaining rapid adoption for the next generation of cloud applications. By choosing Nuage Networks as the networking solution for Docker containers, businesses can ensure that they have a solid foundation for their applications. The Docker integration for Nuage Networks VSP has been available since July 2015. Integrations with other Docker orchestration platforms like Kubernetes and Mesos are also on the Nuage Networks VSP roadmap. www.nuagenetworks.net Nuage Networks and the Nuage Networks logo are trademarks of Alcatel-Lucent. All other trademarks are the property of their respective owners. The information presented is subject to change without notice. Alcatel-Lucent assumes no responsibility for inaccuracies contained herein. Copyright 2015 Alcatel-Lucent. All rights reserved. PR1512017019EN (December)

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information