Download - Inside Triton, July 2015
Secure, elastic,bare metal infrastructure Tweet questions to @misterbisson
Secure, elastic,bare metal infrastructure
Howruns its
Secure, elastic,bare metal infrastructure And you can too!
Howruns its
Powering modern applicationsYour favorite code
Container-native infrastructure
Your favorite platforms
Our data center or yoursJoyent Public Cloud Joyent Container Service. We run our customer’s mission critical applications on container native infrastructure.
Private DataCenter SmartDataCenter is an on-premise, container run-time environment used by some of the world’s most recognizable companies.
Our data center or yoursJoyent Public Cloud Joyent Container Service. We run our customer’s mission critical applications on container native infrastructure.
Private DataCenter SmartDataCenter is an on-premise, container run-time environment used by some of the world’s most recognizable companies.
…and open source too!Fork me, pull me: https://github.com/joyent/sdc
Node.js enterprise support
Best Practices
PerformanceAnalysis
Core FileAnalysis
Debugging Support
Critical IncidentSupport
⚠
As the corporate steward of Node.js and one of the largest-scale production users, Joyent is uniquely equipped to deliver the highest level of enterprise support for this dynamic runtime.
The best place to run Docker
Portability From laptop to any public or private cloud
Great for DevOps Tools for management, deployment & scale
Productivity Faster code, test and deploy
Elastic Container Infrastructure
SecurityManagement Networking IntrospectionPerformance Utilization
breath for a moment
Our data center or yoursJoyent Public Cloud Joyent Container Service. We run our customer’s mission critical applications on container native infrastructure.
Private DataCenter SmartDataCenter is an on-premise, container run-time environment used by some of the world’s most recognizable companies.
Our data center or yoursJoyent Public Cloud Joyent Container Service. We run our customer’s mission critical applications on container native infrastructure.
Private DataCenter SmartDataCenter is an on-premise, container run-time environment used by some of the world’s most recognizable companies.
anybodyup foralready?
a demo
Container spectrum
Application containers
Bare metal alternatives to hardware VMs
Container spectrum
Docker
Infrastructure containers
Multi-process Docker containers
Linux container security is hard
–Travis CI’s Sven Fuchs
–Docker's Jérôme Petazzoni
Linux + SmartOS
Linux SmartOS
Binary footprint
• Huge community of apps • Many apps are Linux-first or only • Problems are easy to Google
• Most of the same apps • Some apps have quirks • Problems are not easy to Google
Container optimization
• Known vulnerabilities • Poor filesystem • Limited networking support • Not built for containers
• Nearly ten years in production without incident
• Container-optimized filesystem: ZFS • Really sweet networking: Crossbow • Built for containers
Linux + SmartOS
Linux SmartOS
Binary footprint 👍 👎
Container optimization 👎 👍
Linux + SmartOS
Linux SmartOS
Binary footprint 👍 👎
Container optimization 👎 👍
Container-native Linuxrunning in LX-branded zones
• The internet • Native Linux binaries • Linux syscall translation • SmartOS Kernel
it feelslike LinuxSmartOS
and runs like
Container-native infrastructure1. Unit of compute = container
Instead of hardware virtualized machines (HVMs).
2. Containers run on bare metal No HVM in the middle. No performance tax. Containers run at bare metal speeds.
3. Containers are fully isolated and secure Tested and trusted security isolation between containers.
4. Containers are first class citizens on the network No dependance upon a HVM host’s network. Containers have their own IP stack.
5. Simplified orchestration of containers Eliminate proliferation and management of hosts.
6. Container CPU and memory resources are actively managed Infrastructure containers assure fair share of resources.
7. Pay only for containers used (per minute) No charges for container hosts or clusters in the public cloud. Higher utilization in your datacenter.
breath for a moment
SmartDataCenter 7foundation infrastructure
KVM in container Linux, Windows, FreeBSD, etc
CloudAPIInstance management
Infrastructure containers SmartOS on bare metal
SmartOS container hypervisor Fast and secure container runtime
SmartDataCenter infrastructureHyper-converrged data center automation
for compute, network, and storage
Application composition and orchestration Chef, Puppet, Ansible, others
TritonElastic Container Infrastructure
KVM in a container Hardware virtual machinesWindows, FreeBSD, others
CloudAPIInstance management
SmartOS container hypervisor Fast and secure container runtime
Infrastructure containers Persistent, full machine capability
Ubuntu, CentOS, Debian, SmartOS
Docker containers Any Linux or SmartOS image
Docker APIDocker API
and imaging tools
Triton VXLANUser-defined (SDN) networks
Triton infrastructureHyper-converrged data center automation for compute, network, and storage
Trito
n de
vops
por
tal
RBAC
visi
bility
and
con
trol o
ver a
ll all c
usto
mer
ass
ets
and
user
s,
intro
spec
tion
and
debu
gging
of c
onta
iner a
pplic
ation
s
Application composition and orchestrationDocker toolchain, Chef, Puppet, Ansible, others
X is to Y as…
VMware Joyent
Virtualization type Hardware OS
Hypervisor ESXi SmartOS
Whole package vSphere Triton
Containers run… Inside hardware VMs On bare metal
X is to Y as…
OpenStack Joyent
Virtualization type Varies OS
Hypervisor Varies SmartOS
Whole package Varies Triton
Containers run… Varies On bare metal
X is to Y as…OpenStack Purpose Triton public API/service Triton private API/service
Nova VM provisioning CloudAPI machines, sdc-docker vmapi+papi+cnapi
Magnum Container service CloudAPI machines, sdc-docker vmapi+papi+cnapi
Neutron Network CloudAPI networks, NICs, firewall, VXLAN napi+fwapi
Glance Image repo CloudAPI image, Docker imgapi
Keystone Identity RBAC, CloudAPI roles & users ufds+sapi
Cinder Block storage ZFS-managed local storage ZFS-managed local storage
Heat composition Docker Compose, sdc-heat, others workflow
SmartDataCenter 0Human-driven spreadsheets and Perl scripts
SmartDataCenter 0Human-driven spreadsheets and Perl scripts
• Message broker • Scheduler • State • Distributed,
single purpose services(Perl scripts)
SmartDataCenter 6.5• Two monolithic Ruby pieces:
• Machine API • Customer API
• Some edge pieces in Node.js
SmartDataCenter 7
Booter
AMQPbroker
PublicAPI
Customerportal
ZFS-based multi-tenant filesystem
Virtu
al N
IC
Virtu
al N
IC
VirtualSmartOS(OS virt.)
. . .
Virtu
al N
IC
Virtu
al N
ICLinuxGuest
(HW virt.)
. . .
Virtu
al N
IC
Virtu
al N
IC
WindowsGuest
(HW virt.)
. . .
Virtu
al N
IC
Virtu
al N
IC
Virtual OSor Machine
. . .
SmartOS kernel(network booted)
SmartOS kernel(flash booted)
Provisioner
Instrumenter
Heartbeater
DHCP/TFTP
AMQP
AMQP agents
Public HTTP
Head-node
Compute node Tens/hundreds per
head-node
. . .
SDC 7 core services
BinderDNS
Operatorportal
. . .
Firewall
SmartDataCenter 7 core services
Analyticsaggregator
Key/ValueService(Moray)
FirewallAPI
(FWAPI)
VirtualMachine
API(VMAPI)
DirectoryService(UFDS)
DesignationAPI
(DAPI)
WorkflowAPI
NetworkAPI
(NAPI)
Compute-Node API(CNAPI)
ImageAPI
Alerts &Monitoring
(Amon)
PackagingAPI
(PAPI)
ServiceAPI
(SAPI)
DHCP/TFTP
AMQP
DNS
Booter
AMQPbroker
Binder
PublicAPI
Customerportal
Public HTTP
Operatorportal
OperatorServices Manta
Other DCs
Note: Service interdependencies not shown for readability
Head-nodeOther core services
may be provisioned on compute nodes
SDC7 Core Services
TritonElastic Container Infrastructure
KVM in a container Hardware virtual machinesWindows, FreeBSD, others
CloudAPIInstance management
SmartOS container hypervisor Fast and secure container runtime
Infrastructure containers Persistent, full machine capability
Ubuntu, CentOS, Debian, SmartOS
Docker containers Any Linux or SmartOS image
Docker APIDocker API
and imaging tools
Triton VXLANUser-defined (SDN) networks
Triton infrastructureHyper-converrged data center automation for compute, network, and storage
Trito
n de
vops
por
tal
RBAC
visi
bility
and
con
trol o
ver a
ll all c
usto
mer
ass
ets
and
user
s,
intro
spec
tion
and
debu
gging
of c
onta
iner a
pplic
ation
s
Application composition and orchestrationDocker toolchain, Chef, Puppet, Ansible, others
Elastic Container Infrastructure
SecurityManagement Networking IntrospectionPerformance Utilization
opendemo
time
Thank you!
Remember Joyent for…• Proven container security
Run containers securely on bare metal in multi-tenant environments
• Bare metal container performance Eliminate the hardware hypervisor tax
• Simplified container networking Each container has its own IP(s) in a user-defined network (SDN)
• Simplified host management Eliminates Docker host proliferation
• Hybrid: your data center or ours Private cloud, public cloud, hybrid cloud, and open source