Secure, elastic,bare metal infrastructure Tweet questions to @misterbisson

Secure, elastic,bare metal infrastructure

Howruns its

Secure, elastic,bare metal infrastructure And you can too!

Howruns its

Powering modern applicationsYour favorite code

Container-native infrastructure

Your favorite platforms

Our data center or yoursJoyent Public Cloud Joyent Container Service. We run our customer’s mission critical applications on container native infrastructure.

Private DataCenter SmartDataCenter is an on-premise, container run-time environment used by some of the world’s most recognizable companies.

Our data center or yoursJoyent Public Cloud Joyent Container Service. We run our customer’s mission critical applications on container native infrastructure.

Private DataCenter SmartDataCenter is an on-premise, container run-time environment used by some of the world’s most recognizable companies.

…and open source too!Fork me, pull me: https://github.com/joyent/sdc

Node.js enterprise support

Best Practices

PerformanceAnalysis

Core FileAnalysis

Debugging Support

Critical IncidentSupport

⚠

As the corporate steward of Node.js and one of the largest-scale production users, Joyent is uniquely equipped to deliver the highest level of enterprise support for this dynamic runtime.

The best place to run Docker

Portability From laptop to any public or private cloud

Great for DevOps Tools for management, deployment & scale

Productivity Faster code, test and deploy

Elastic Container Infrastructure

SecurityManagement Networking IntrospectionPerformance Utilization

breath for a moment

Our data center or yoursJoyent Public Cloud Joyent Container Service. We run our customer’s mission critical applications on container native infrastructure.

Private DataCenter SmartDataCenter is an on-premise, container run-time environment used by some of the world’s most recognizable companies.

Our data center or yoursJoyent Public Cloud Joyent Container Service. We run our customer’s mission critical applications on container native infrastructure.

Private DataCenter SmartDataCenter is an on-premise, container run-time environment used by some of the world’s most recognizable companies.

anybodyup foralready?

a demo

Container spectrum

Application containers

Bare metal alternatives to hardware VMs

Container spectrum

Docker

Infrastructure containers

Multi-process Docker containers

Linux container security is hard

–Travis CI’s Sven Fuchs

–Docker's Jérôme Petazzoni

Linux + SmartOS

Linux SmartOS

Binary footprint

• Huge community of apps • Many apps are Linux-first or only • Problems are easy to Google

• Most of the same apps • Some apps have quirks • Problems are not easy to Google

Container optimization

• Known vulnerabilities • Poor filesystem • Limited networking support • Not built for containers

• Nearly ten years in production without incident

• Container-optimized filesystem: ZFS • Really sweet networking: Crossbow • Built for containers

Linux + SmartOS

Linux SmartOS

Binary footprint 👍 👎

Container optimization 👎 👍

Linux + SmartOS

Linux SmartOS

Binary footprint 👍 👎

Container optimization 👎 👍

Container-native Linuxrunning in LX-branded zones

• The internet • Native Linux binaries • Linux syscall translation • SmartOS Kernel

it feelslike LinuxSmartOS

and runs like

https://twitter.com/blakeirvin/status/563770948823031809

Container-native infrastructure1. Unit of compute = container

Instead of hardware virtualized machines (HVMs).

2. Containers run on bare metal No HVM in the middle. No performance tax. Containers run at bare metal speeds.

3. Containers are fully isolated and secure Tested and trusted security isolation between containers.

4. Containers are first class citizens on the network No dependance upon a HVM host’s network. Containers have their own IP stack.

5. Simplified orchestration of containers Eliminate proliferation and management of hosts.

6. Container CPU and memory resources are actively managed Infrastructure containers assure fair share of resources.

7. Pay only for containers used (per minute) No charges for container hosts or clusters in the public cloud. Higher utilization in your datacenter.

breath for a moment

SmartDataCenter 7foundation infrastructure

KVM in container Linux, Windows, FreeBSD, etc

CloudAPIInstance management

Infrastructure containers SmartOS on bare metal

SmartOS container hypervisor Fast and secure container runtime

SmartDataCenter infrastructureHyper-converrged data center automation

for compute, network, and storage

Application composition and orchestration Chef, Puppet, Ansible, others

TritonElastic Container Infrastructure

KVM in a container Hardware virtual machinesWindows, FreeBSD, others

CloudAPIInstance management

SmartOS container hypervisor Fast and secure container runtime

Infrastructure containers Persistent, full machine capability

Ubuntu, CentOS, Debian, SmartOS

Docker containers Any Linux or SmartOS image

Docker APIDocker API

and imaging tools

Triton VXLANUser-defined (SDN) networks

Triton infrastructureHyper-converrged data center automation for compute, network, and storage

Trito

n de

vops

por

tal

RBAC

visi

bility

and

con

trol o

ver a

ll all c

usto

mer

ass

ets

and

user

s,

intro

spec

tion

and

debu

gging

of c

onta

iner a

pplic

ation

s

Application composition and orchestrationDocker toolchain, Chef, Puppet, Ansible, others

X is to Y as…

VMware Joyent

Virtualization type Hardware OS

Hypervisor ESXi SmartOS

Whole package vSphere Triton

Containers run… Inside hardware VMs On bare metal

X is to Y as…

OpenStack Joyent

Virtualization type Varies OS

Hypervisor Varies SmartOS

Whole package Varies Triton

Containers run… Varies On bare metal

X is to Y as…OpenStack Purpose Triton public API/service Triton private API/service

Nova VM provisioning CloudAPI machines, sdc-docker vmapi+papi+cnapi

Magnum Container service CloudAPI machines, sdc-docker vmapi+papi+cnapi

Neutron Network CloudAPI networks, NICs, firewall, VXLAN napi+fwapi

Glance Image repo CloudAPI image, Docker imgapi

Keystone Identity RBAC, CloudAPI roles & users ufds+sapi

Cinder Block storage ZFS-managed local storage ZFS-managed local storage

Heat composition Docker Compose, sdc-heat, others workflow

SmartDataCenter 0Human-driven spreadsheets and Perl scripts

SmartDataCenter 0Human-driven spreadsheets and Perl scripts

• Message broker • Scheduler • State • Distributed,

single purpose services(Perl scripts)

SmartDataCenter 6.5• Two monolithic Ruby pieces:

• Machine API • Customer API

• Some edge pieces in Node.js

SmartDataCenter 7

Booter

AMQPbroker

PublicAPI

Customerportal

ZFS-based multi-tenant filesystem

Virtu

al N

IC

Virtu

al N

IC

VirtualSmartOS(OS virt.)

. . .

Virtu

al N

IC

Virtu

al N

ICLinuxGuest

(HW virt.)

. . .

Virtu

al N

IC

Virtu

al N

IC

WindowsGuest

(HW virt.)

. . .

Virtu

al N

IC

Virtu

al N

IC

Virtual OSor Machine

. . .

SmartOS kernel(network booted)

SmartOS kernel(flash booted)

Provisioner

Instrumenter

Heartbeater

DHCP/TFTP

AMQP

AMQP agents

Public HTTP

Head-node

Compute node Tens/hundreds per

head-node

. . .

SDC 7 core services

BinderDNS

Operatorportal

. . .

Firewall

SmartDataCenter 7 core services

Analyticsaggregator

Key/ValueService(Moray)

FirewallAPI

(FWAPI)

VirtualMachine

API(VMAPI)

DirectoryService(UFDS)

DesignationAPI

(DAPI)

WorkflowAPI

NetworkAPI

(NAPI)

Compute-Node API(CNAPI)

ImageAPI

Alerts &Monitoring

(Amon)

PackagingAPI

(PAPI)

ServiceAPI

(SAPI)

DHCP/TFTP

AMQP

DNS

Booter

AMQPbroker

Binder

PublicAPI

Customerportal

Public HTTP

Operatorportal

OperatorServices Manta

Other DCs

Note: Service interdependencies not shown for readability

Head-nodeOther core services

may be provisioned on compute nodes

SDC7 Core Services

TritonElastic Container Infrastructure

KVM in a container Hardware virtual machinesWindows, FreeBSD, others

CloudAPIInstance management

SmartOS container hypervisor Fast and secure container runtime

Infrastructure containers Persistent, full machine capability

Ubuntu, CentOS, Debian, SmartOS

Docker containers Any Linux or SmartOS image

Docker APIDocker API

and imaging tools

Triton VXLANUser-defined (SDN) networks

Triton infrastructureHyper-converrged data center automation for compute, network, and storage

Trito

n de

vops

por

tal

RBAC

visi

bility

and

con

trol o

ver a

ll all c

usto

mer

ass

ets

and

user

s,

intro

spec

tion

and

debu

gging

of c

onta

iner a

pplic

ation

s

Application composition and orchestrationDocker toolchain, Chef, Puppet, Ansible, others

Elastic Container Infrastructure

SecurityManagement Networking IntrospectionPerformance Utilization

opendemo

time

Thank you!

Remember Joyent for…• Proven container security

Run containers securely on bare metal in multi-tenant environments

• Bare metal container performance Eliminate the hardware hypervisor tax

• Simplified container networking Each container has its own IP(s) in a user-defined network (SDN)

• Simplified host management Eliminates Docker host proliferation

• Hybrid: your data center or ours Private cloud, public cloud, hybrid cloud, and open source