Container Cloud Operating System - overview
Have you heard about Docker? Who hasn't?
Docker builds upon well known Linux container capabilities to provide an easy to use management API and a packaging format. This ease of use made container technologies immensely popular with the development community. With Docker, containers become accessible to mortals.
For a cloud provider, Docker opens an opportunity to reconsider the existing model of a cloud based on virtual machines as primary means of workload virtualization. Containers are light-weight, pack more densely, start faster, and give us almost bare metal performance. With containers, cloud provider takes responsibility for managing the operating system kernel, allowing the developer to focus on what they care about - their application. And Docker gives the developer easy to use tools to manage their applications.
Containers have another fantastic property - they are transparent. A privileged process rcan inspect the content and behavior of containers running on the same host. This gives a cloud provider insight into what packages, and configurations are installed inside a container, and what container behavior is, based on the system calls its making. The implications of this capability are profound - they enable cloud provider to create application-centric (as opposed to infrastructure-centric) services to help users manage their applications.
We believe that the new cloud operating environment will be built using containers as a foundation. No virtual machines. Containers will serve as the primary means of workload virtualization and isolation and will run directly on the host operating system. Efficient packaging formats, like Docker, will enable unprecedented workload portability across a hybrid cloud, while light-weight container design will lead to high resource utilization and much improved DevOps agility. The container-based cloud operating system will provide built in visibility into the cloud runtime environment and its workloads allowing a cloud provider to offer a variety of value-add workload-centric services. The most critical area that will be transformed by these services is the area of security and compliance.
This will not happen overnight. Before we reach the nirvana we need to come up with high-performance and large scale container management technologies, sort out container security and performance isolation, build resource management for container based workloads, and work out container orchestration for cloud native workloads. This is where we come in. Here are some goals of our project:
Container management and orchestration on provider-managed hosts
- Enterprise grade cloud runtime built around Docker as a foundation - we use Docker and Kubernetes as a starting point
- Workload deployment models using containers and container topologies - we are extending state-of-the art container management with better handling of stateful applications and batch computations
- Platform security - secure operating systems, container security, and container platform hardening
- Multi-tenancy - securely supporting multiple untrusted parties on the same platform
- Workload-centric resource management system for a diverse set of container-based workloads
- Market-based resource prioritization
- Intelligently collocating multiple types of workloads on the same infrastructure
- Advanced policy support for diverse workloads
- Resource sharing and isolation policies for multi-tenant deployments
- Supporting GPUs and accelerators
Check out our initial results in IBM Containers in Bluemix!