Cisco Application-Centric Infrastructure (ACI) and Linux Containers

Similar documents
Cisco and Red Hat: Application Centric Infrastructure Integration with OpenStack

Use Cases for Docker in Enterprise Linux Environment CloudOpen North America, 2014 Linda Wang Sr. Software Engineering Manager Red Hat, Inc.

Docker : devops, shared registries, HPC and emerging use cases. François Moreews & Olivier Sallou

STRATEGIC WHITE PAPER. The next step in server virtualization: How containers are changing the cloud and application landscape

The Virtualization Practice

Private Cloud Management

RED HAT CONTAINER STRATEGY

Do Containers fully 'contain' security issues? A closer look at Docker and Warden. By Farshad Abasi,

Virtualization for Cloud Computing

Azul pitches Docker as alternative to virtualization for heavy-duty Java applications

IOS110. Virtualization 5/27/2014 1

Full and Para Virtualization

RED HAT CLOUD SUITE FOR APPLICATIONS

Building a cloud with Openstack. Iqbal Mohomed iqbal@us.ibm.com March 25 th 2015

Virtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University

Building Docker Cloud Services with Virtuozzo

Sacha Dubois RED HAT TRENDS AND TECHNOLOGY PATH TO AN OPEN HYBRID CLOUD AND DEVELOPER AGILITY. Solution Architect Infrastructure

Developing a dynamic, real-time IT infrastructure with Red Hat integrated virtualization

Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies

Network Virtualization Tools in Linux PRESENTED BY: QUAMAR NIYAZ & AHMAD JAVAID

EXECUTIVE GUIDE WHY THE MODERN DATA CENTER NEEDS AN OPERATING SYSTEM

COS 318: Operating Systems. Virtual Machine Monitors

White Paper on NETWORK VIRTUALIZATION

The evolving IT environment: Maximizing potential of open hybrid clouds

Using SUSE Cloud to Orchestrate Multiple Hypervisors and Storage at ADP

An Analysis of Container-based Platforms for NFV

OPEN CLOUD INFRASTRUCTURE BUILT FOR THE ENTERPRISE

An Application-Centric Infrastructure Will Enable Business Agility

Optimize Server Virtualization with QLogic s 10GbE Secure SR-IOV

Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure

Building Storage as a Service with OpenStack. Greg Elkinbard Senior Technical Director

Solution Guide Parallels Virtualization for Linux

An Introduction to Service Containers

SUSE Cloud 2.0. Pete Chadwick. Douglas Jarvis. Senior Product Manager Product Marketing Manager

Develop a process for applying updates to systems, including verifying properties of the update. Create File Systems

The Xen of Virtualization

Containerization and the PaaS Cloud

Mobile Cloud Computing T Open Source IaaS

An Intro to OpenStack. Ian Lawson Senior Solution Architect, Red Hat

Virtual Machine Manager Domains

Cloud Orchestration. Mario Cho. Open Frontier Lab.

How To Make A Virtual Machine Aware Of A Network On A Physical Server

With Red Hat Enterprise Virtualization, you can: Take advantage of existing people skills and investments

Cisco Cloud Architecture for the Microsoft Cloud Platform

The State of Containers and the Docker Ecosystem: Anna Gerber

What is virtualization

OpenStack Networking: Where to Next?

WHITEPAPER INTRODUCTION TO CONTAINER SECURITY. Introduction to Container Security

Networking for Caribbean Development

Distributed and Cloud Computing

The Software Container pattern

Distributed Scheduling with Apache Mesos in the Cloud. PhillyETE - April, 2015 Diptanu Gon

OPEN SOURCE VIRTUALIZATION TRENDS. SYAMSUL ANUAR ABD NASIR Warix Technologies / Fedora Community Malaysia

The Benefits of Virtualizing Citrix XenApp with Citrix XenServer

The virtualization of SAP environments to accommodate standardization and easier management is gaining momentum in data centers.

Enabling Technologies for Distributed Computing

Solving I/O Bottlenecks to Enable Superior Cloud Efficiency

VIRTUALIZED SERVICES PLATFORM Software Defined Networking for enterprises and service providers

Paravirtualization Figure 1.

COS 318: Operating Systems. Virtual Machine Monitors

Programmable Networking with Open vswitch

Infrastructure as a Service (IaaS)

Enhancing Hypervisor and Cloud Solutions Using Embedded Linux Iisko Lappalainen MontaVista

Container-based operating system virtualization: a scalable, high-performance alternative to hypervisors

Lightweight Virtualization with Linux Containers (LXC)

Cloud Security with Stackato

Virtualization. Michael Tsai 2015/06/08

SUSE Cloud 5 Private Cloud based on OpenStack

MontaVista Linux Carrier Grade Edition

nanohub.org An Overview of Virtualization Techniques

Windows Server Virtualization An Overview

KVM, OpenStack, and the Open Cloud

Virtualization Overview

Servervirualisierung mit Citrix XenServer

Microkernels, virtualization, exokernels. Tutorial 1 CSC469

Performance Comparison Analysis of Linux Container and Virtual Machine for Building Cloud

Why Choose VMware vsphere for Desktop Virtualization? WHITE PAPER

Cloud Simulator for Scalability Testing

The path to the cloud training

KVM: A Hypervisor for All Seasons. Avi Kivity avi@qumranet.com

How To Create A Cloud Based System For Aaas (Networking)

Building a Kubernetes Cluster with Ansible. Patrick Galbraith, ATG Cloud Computing Expo, NYC, May 2016

Enabling Technologies for Distributed and Cloud Computing

May 13-14, Copyright 2015 Open Networking User Group. All Rights Reserved Not For

Build & Manage Clouds with Red Hat Cloud Infrastructure Products. TONI WILLBERG Solution Architect Red Hat toni@redhat.com

Ubuntu OpenStack on VMware vsphere: A reference architecture for deploying OpenStack while limiting changes to existing infrastructure

CoIP (Cloud over IP): The Future of Hybrid Networking

Copyright. Robert Sandoval

Virtualization. Types of Interfaces

FLOSSK: FLOSSTalk OpenStack 22 nd February, Arturo Suarez: Founder, COO&BizDev StackOps 21/02/12 1

Cloud Computing #8 - Datacenter OS. Johan Eker

Containerisation and the PaaS Cloud

GUEST OPERATING SYSTEM BASED PERFORMANCE COMPARISON OF VMWARE AND XEN HYPERVISOR

Virtualizing Exchange

Intro to Virtualization

Ryu SDN Framework What weʼ ve learned Where weʼ ll go

Sistemi Operativi e Reti. Cloud Computing

Rackspace Cloud Databases and Container-based Virtualization

Software Defined Everything

Assessing the Performance of Virtualization Technologies for NFV: a Preliminary Benchmarking

Transcription:

White Paper Cisco Application-Centric Infrastructure (ACI) and Linux Containers What You Will Learn Linux containers are quickly gaining traction as a new way of building, deploying, and managing applications in the cloud-enabled data center. Containers couple lightweight, high-performance isolation with security and make it easy to package services and deploy them in a flexible and scalable way. Cisco Application-Centric Infrastructure (ACI) was designed around the same goal of accelerating application deployment with security and scale. It provides a foundation for connecting physical and virtual environments without compromise. Cisco ACI can also be used to accelerate the transition to an environment that brings together applications across virtual machines, and bare-metal servers, and containers Introduction to Linux Containers Over the past decade, hypervisor-based virtualization has become a dominant data center technology. The concept is simple: Create a virtual implementation of the hardware of a physical computer so that it can run an entire, unmodified operating system within it. The result, a virtual machine monitor, provided a powerful tool through which to consolidate multiple servers and take better advantage of additional physical computing resources. Hypervisors, however, introduce additional workload-dependent overhead as they faithfully replicate true hardware behaviors. In addition, hypervisors also bring portability considerations as to where the application(s) can run: on premises, public cloud, private cloud, bare metal, mixed environment, etc. For many workloads, the potential savings in capital and operational expenses are often enough to justify the use of a virtual rather than dedicated physical environment, though. Over the past few years, several developments in the Linux kernel have enabled a new form of virtualization called containers. Containers do not introduce a layer of virtual hardware and do not support running alternative kernel code. However, they provide self-contained execution environments, effectively isolating applications that rely on the same kernel in the Linux operating system. Containers are built around two core mature Linux technologies: Namespaces: Kernel namespaces isolate containers. Namespaces main outcomes are avoiding visibility between containers and containing faults. Some of the domains of isolation provided by Namespaces are: pid (processes) net (network interfaces, routing) ipc (System V interprocess communication [IPC]) mnt (mount points, file systems) uts (host name) user (user IDs [UIDs]) Control groups (cgroups): Control groups offer mechanisms for measuring and limiting resource usage for groups of processes, such as CPU, memory, and I/O. This helps containers stay within the resource footprint allocated to them. 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 5

While a handful of other components are involved as well, these primitive technologies allow you to run multiple environments on a Linux host with strong isolation between them, while bringing efficiency and flexibility. Figure 1. Hypervisor-Based Virtualization Compared with Container-Based Virtualization One of the key technologies supporting the rise of containers is Docker. Docker is a popular open-source platform for building and running containers and offers several important features: Portable deployment across machines: Container images can be run on any Linux host. Versioning and reuse: Docker offers Git-style capabilities for tracking versions and creates layers as additional software is added to it. For example, you can create a base image for a container and build multiple different images from it. Sharing: Docker offers a searchable public registry for container images. Comparing Containers and Virtual Machines Containers and virtual machines are different technologies. Each has its strengths and weaknesses. One of the key advantages of containers is performance because containers introduce much lower overhead than a virtual machine. Using containers, you won t need to virtualize hardware or boot a new "guest" operating system. A container is only isolating processes running inside the Linux OS. Containers can boot in milliseconds and offer stable, near-native performance across workloads. Virtual machines, conversely, may take seconds to minutes to boot and performance can vary widely based on the software that is run. Another key differentiator between containers and virtual machines is the amount of required storage. In a virtual machine environment each application requires a unique installation of the guest OS. In a container environment, only one Linux OS is required (Figure 1). This could translate in running 10 to 100 virtual machines compared with 100 to 1000 containers on the same physical server. Containers make applications easily portable in any environment, making them very attractive and useful for companies embracing the Developer/Operator (DevOps) model (Figure 2 [see also a recent Cisco blog post]). 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 5

Figure 2. Developer/Operator Model Containers do have one limitation when compared with virtual machines. They do not allow a user to run different operating systems, such as Microsoft Windows or legacy DOS applications. They run all containers on a single operating system kernel, so all applications and software running within these containers must be supported by that kernel. Container Lifecycle Management As container technology becomes popular, more customers are asking how to manage a large number of containers at scale. For example, deciding how and where to schedule new containers, scale services, and manage physical resources all become important issues. Some of the key open-source solutions in this space include: OpenStack OpenStack offers extensions to launch and manage containers, as it does for virtual machines. In particular, there is a nova compute-driver for Docker just as there is for KVM or Xen. This allows OpenStack nova to launch Docker images that have been imported into Glance. Docker images can also be launched via the nova CLI as well as through Heat or Horizon. Mesos Apache Mesos is a cluster management tool used by several web-scale companies, including AirBnB and Twitter. Mesos was designed to offer an extremely flexible platform for scheduling and managing containers in a cluster. Kubernetes Kubernetes, a project started by Google, offers a system for managing containerized applications across multiple hosts, providing basic mechanisms for deployment, maintenance, and scaling of applications. Kubernetes offers a number of abstractions for grouping containers and mapping them to sets of tasks. Cisco is working with the open-source community to continue to develop these tools and to help ensure their integration with ACI. 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 3 of 5

ACI and Linux Containers Cisco Application-Centric Infrastructure (ACI) was designed to offer a common policy model for managing IT operations that can span across the entire infrastructure. ACI is agnostic to the form factor on which applications are deployed, which allows it to support any environment, including bare metal, virtual machines, and containers. ACI portability is native and part of its nature, which is a natural fit with container technology. When you use ACI, you will gain access to a unified policy language that offers a clear security model regardless of how an application is deployed. You will also have a clear path to migrate existing workloads towards container-based environments without any changes to network policy. Two key technologies make this possible: ACI Policy Model and OpFlex + Open vswitch (OVS). Application-Centric Policy between Containers An application-centric model describes how components of an application interact, including their requirements for connectivity, security, quality of service, and network services. By looking closely at this model (Figure 3), you can see that it was designed to support virtualization via hypervisors or containers. The model enforces policy across an abstraction called an endpoint group (EPG), which is a collection of network endpoints. Network endpoints can be represented by a broad range of entities, including bare-metal servers, virtual machines, and containers. They are agnostic to the underlying technology. As a result of this flexibility, ACI is already in a position to define application-centric policies across a diverse infrastructure, which may include Linux containers. Figure 3. ACI Policy Example OpFlex and OVS Enforce Policy between Containers Cisco has also announced the OpFlex protocol. We are working with the open-source community to build OpFlex support for Open vswitch (OVS). OpFlex offers a distributed policy protocol that allows application-centric policies to be distributed and enforced within a virtual switch such as OVS. With an OpFlex-enabled OVS connected to ACI, you can enforce policy across both virtual machines and containers uniformly. Each container attaches to an OVS bridge, just as a virtual machine would, and an OpFlex agent helps ensure that the appropriate policy is established within OVS. The result is a complete infrastructure that can span across physical, virtual, and container-based environments. Cisco plans to release support of OpFlex, OVS, and containers in the second calendar quarter of 2015 (2Q2015). 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 4 of 5

Figure 4. Policy Enforcement across Virtual, Physical, and Container-Based Environments Summary Built on mature Linux kernel technology, containers are gaining adoption in the cloud-enabled data center. ACI is designed to help facilitate this transition and support an environment that spans across physical machines, virtual machines, and Linux containers through a unified policy model. For more information about Cisco solutions for Linux Containers with RedHat, read this white paper. Contributors: Michael Cohen, Director of Product Management, and Carlos Pereira, Distinguished Systems Engineer. Printed in USA C11-732697-00 09/14 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 5 of 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information