Applying Container Technology to the Virtualized Ground System

Similar documents
IBM Bluemix compute capabilities IBM Corporation

Cloud-Native Applications. Copyright 2017 Pivotal Software, Inc. All rights Reserved. Version 1.0

FIVE REASONS YOU SHOULD RUN CONTAINERS ON BARE METAL, NOT VMS

Securing your Virtualized Datacenter. Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008

12 (15) Factor App Workshop

Spring 2017 :: CSE 506. Introduction to. Virtual Machines. Nima Honarmand

Deployment Patterns using Docker and Chef

gcp / gke / k8s microservices

The vsphere 6.0 Advantages Over Hyper- V

Microservices a security nightmare? GOTO Nights Zürich - March 3, 2016 Maximilian Container Solutions Switzerland

[Docker] Containerization

Delivering Nexenta Software-Based File Services to Cisco HyperFlex

Container Adoption for NFV Challenges & Opportunities. Sriram Natarajan, T-Labs Silicon Valley Innovation Center

Virtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC

Building Microservices with the 12 Factor App Pattern

ISLET: Jon Schipp, AIDE jonschipp.com. An Attempt to Improve Linux-based Software Training

Table of Contents 1.1. Introduction. Overview of vsphere Integrated Containers 1.2

Logging, Monitoring, and Alerting

Heroku. Rimantas Kybartas

Copyright 2016 Pivotal. All rights reserved. Cloud Native Design. Includes 12 Factor Apps

Think Small to Scale Big

Exam C Foundations of IBM Cloud Reference Architecture V5

Engineering Robust Server Software

64-bit ARM Unikernels on ukvm


The 12-Factor app and IBM Bluemix IBM Corporation

Contrail Networking: Evolve your cloud with Containers

Zhang Tianfei. Rosen Xu

Industry-leading Application PaaS Platform

Introduction to containers

Securing the Data Center against

Windows Azure Services - At Different Levels

2018 Cisco and/or its affiliates. All rights reserved.

The threat landscape is constantly

SQL Server inside a docker container. Christophe LAPORTE SQL Server MVP/MCM SQL Saturday 735 Helsinki 2018

Build Cloud like Rackspace with OpenStack Ansible

Introduction to Virtualization. From NDG In partnership with VMware IT Academy

Top five Docker performance tips

VMware vsphere 5.5 Professional Bootcamp

PSOACI Tetration Overview. Mike Herbert

Containerizing GPU Applications with Docker for Scaling to the Cloud

A10 HARMONY CONTROLLER

Docker containers and/or/vs virtualization Overview. Tomasz Jordan Kruk, Ph.D. Warsaw University of Technology

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Travis Cardwell Technical Meeting

COPYRIGHTED MATERIAL. Introducing VMware Infrastructure 3. Chapter 1

Micro VMMs and Nested Virtualization

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Oracle Solaris Virtualization: From DevOps to Enterprise

Microservice Deployment. Software Engineering II Sharif University of Technology MohammadAmin Fazli

Cisco Tetration Analytics

Red Hat Atomic Details Dockah, Dockah, Dockah! Containerization as a shift of paradigm for the GNU/Linux OS

DOCS


Transforming Management for Modern Scale-Out Infrastructure

Automating the Software-Defined Data Center with vcloud Automation Center

Improving Blade Economics with Virtualization

Cloud Computing design patterns blueprints

Better Security with Virtual Machines

Acano solution. White Paper on Virtualized Deployments. Simon Evans, Acano Chief Scientist. March B

Reimagining OpenStack*

Pluribus Adaptive Cloud Fabric

Oracle Solaris 11: No-Compromise Virtualization

Docker Security. Mika Vatanen

CSC 5930/9010 Cloud S & P: Virtualization

An introduction to Docker

Code: Slides:

Pluribus Adaptive Cloud Fabric Powering the Software-Defined Enterprise

DESIGNING APPLICATIONS FOR CONTAINERIZATION AND THE CLOUD THE 12 FACTOR APPLICATION MANIFESTO

Lecture 09: VMs and VCS head in the clouds

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Seven Decision Points When Considering Containers

Table of Contents 1.1. Overview. Containers, Docker, Registries vsphere Integrated Containers Engine

Virtualizaton: One Size Does Not Fit All. Nedeljko Miljevic Product Manager, Automotive Solutions MontaVista Software

what's in it for me? Ian Truslove :: Boulder Linux User Group ::

How it can help your organisation

Certeon s acelera Virtual Appliance for Acceleration

Red Hat OpenStack Platform 10 Product Guide

Pluribus UNUM Platform

DELL EMC TECHNICAL SOLUTION BRIEF. ARCHITECTING A DELL EMC HYPERCONVERGED SOLUTION WITH VMware vsan. Version 1.0. Author: VICTOR LAMA

Automating the Software-Defined Data Center with vcloud Automation Center

WHITE PAPER SEPTEMBER 2017 VSPHERE INTEGRATED CONTAINERS 1.2. Architecture Overview

CS 470 Spring Virtualization and Cloud Computing. Mike Lam, Professor. Content taken from the following:

TALK THUNDER SOFTWARE FOR BARE METAL HIGH-PERFORMANCE SOFTWARE FOR THE MODERN DATA CENTER WITH A10 DATASHEET YOUR CHOICE OF HARDWARE

Cauldron: A Framework to Defend Against Cache-based Side-channel Attacks in Clouds

ODP Relationship to NFV. Bill Fischofer, LNG 31 October 2013

Xen and CloudStack. Ewan Mellor. Director, Engineering, Open-source Cloud Platforms Citrix Systems

Docker on VDS. Aurelijus Banelis

Deploying and Operating Cloud Native.NET apps

Performance Considerations of Network Functions Virtualization using Containers

Docker Universal Control Plane Deploy and Manage On-Premises, Your Dockerized Distributed Applications

Docker and Splunk Development

Implementing the Twelve-Factor App Methodology for Developing Cloud- Native Applications

What s New in VMware vsphere 5.1 Platform

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

CLOUD COMPUTING. Rajesh Kumar. DevOps Architect.

Privilege Escalation

CNA1699BU Running Docker on your Existing Infrastructure with vsphere Integrated Containers Martijn Baecke Patrick Daigle VMworld 2017 Content: Not fo

Next-Generation Data Center Interconnect Powered by the Adaptive Cloud Fabric

Intel Clear Containers. Amy Leeland Program Manager Clear Linux, Clear Containers And Ciao

Transcription:

Applying Container Technology to the Virtualized Ground System GSAW 2017 Looking Beyond the Horizon Richard Monteleone 2017 by RT LOGIC Inc. Published by The Aerospace Corporation with permission All brands and trademarks mentioned in this presentation which are possibly registered or protected by third parties are solely subject to the trademark and ownership rights of the registered owner(s) Colorado Springs, CO (719) 598 2801 Denver, CO (303) 703 3834 Chantilly, VA (703) 488 2500 http://www.rtlogic.com

Introduction RT Logic Virtualized Ground System (VGS) The Big Picture vfep (Virtual Front-End Processor) Application Using hardware (H/W) virtualization with virtual machines (VM s) Comparing H/W Virtualization (VM s) to Containers Applying a container technology Its Go Time! Making the transition into containers Building/deploying/running Docker containers Automation Container isolation and monitoring How isolated are containers? Monitoring the Docker Engine and containers Summary Questions? 2

The Big Picture Virtualized Ground System 3

vfep Taking a look inside Publish/Subscribe message bus architecture (loosely-coupled components, independently versioned) Highly configurable, extensible, scalable, secure and efficient Auto-created user interface and auto-generated documentation Extensive API Support (GEMS, REST XML/JSON, SNMP) 4

Hardware Virtualization Virtual Machines Virtual Machine Virtual Machine Virtual Machine Virtual Machine Ground System/ Vehicle Sim vfep KS252 Crypto Sim vgateway Hardened Dedicated OS Hardened Dedicated OS Hardened Dedicated OS Hardened Dedicated OS Hypervisor (Type 1 VMware ESXi) Hypervisor (Type 2) Host OS Bare Metal Server Hardware Quick look at VGS VM s and how we use them Applications installed and configured on individual VMs Dedicated OS Application ISO images mounted and installed Command and telemetry channels interactively user configured Firewall (iptables) and service configuration (lifetime management) Things are really good now but could they be even better? Hardware sharing, Snapshots, vmotion, VM templates, Application isolation, OVA s, Secure, Stable, Scalable 5

Containers App1 App2 App3 App4 App5 Docker Engine Shared OS Bare Metal Hardware Quick look at containers. How do they differ from VM s? Shared OS across containers Containers are more resource efficient (only use what they need when they need it) More containers running on less Bare Metal Hardware Extremely fast to start Extremely lightweight Docker Engine OS (kernel) and container compatibility required Failures/cycling of the Docker Engine-OS-H/W can be more impactful Capable of running directly on Bare Metal Hardware 6

Transitioning into Containers Containers (SaaS) and the 12 Factor App Methodology leveraged to produce good containers https://12factor.net/ I. Codebase (single purpose, one code base/application versioned independently) II. Dependencies (be explicit) III. Configuration and code separation IV. Backing services (think resources) V. Build/release/run (separation) VI. Processes (stateless, non-sharing) VII.Port binding VIII.Concurrency IX. Disposability (lightweight, fast startup, graceful shutdown) X. Dev/prod parity (keep as similar as possible) XI. Logs XII.Admin processes 7

Transitioning into Containers cont d VGS changes related to how we install/configure/run applications GSVeh Simulator Multiple applications (Ground System and Vehicle Simulation) Don t store data within a container vfep Recording/Playback of command and telemetry data Storing configuration and log files Application lifetime Lifetime management no longer controlled internally Interactive application configuration and deployment Eliminate ISO mounts for application installation Need to automate the building of images and the deployment of containers 8

Transitioning into Containers cont d Ground Sim vfep KS252 Crypto Sim vgateway Vehicle Sim Docker Engine Hardened Shared OS Hypervisor (Optional) Bare Metal Hardware VGS deployment with Docker containers Split the GSVeh Simulator into two containers Same configuration as before One command channel and two telemetry channels Configured Docker version 1.12 and 1.13 environments Optionally running our Docker Engines in VM s 9

Docker Files for Docker Image Builds Creating Docker images, what needed to be done? Images are used to create immutable container instances Dockerfiles contain the instructions needed to build each image Build images FROM a (lightweight) initial image Extensive use of LABELs to support image/container traceability COPY/RUN used to install and configure each application Explicit EXPOSE for container to container communication Defined VOLUMEs as storage for record/playback of command and telemetry data, configuration files, and logs. Defined a (single) ENTRYPOINT to execute each container Removal of internal service lifetime configuration Now managed with the container lifetime 10

Docker Compose Build/Deploy/Run Automation Initially images are built and containers are run manually Built images from instructions in Dockerfile(s) docker build -t="gsaw/vfep:1.0.1". Create the VGS network docker network create --driver bridge vgs_network Run a container from an image as a daemon on the docker host docker run -d -p 30010:30001 --net=vgs_network --name vfepa gsaw/vfep:1.0.1 Equivalent using Docker Compose Define a single docker-compose.yml service definition file Single command: docker-compose up Builds images if necessary, creates a container network, deploys and runs all containers Virtual Ground System Operational!!! 11

Build/Deploy/Test Automation (A) Nightly Product Builds (B) Nightly Docker/Compose Builds (C) Virtualized Ground System Operational!!! 12

Container Isolation Ground Sim vfep KS252 Crypto Sim vgateway Vehicle Sim CPU Stress Memory Test Docker Engine Shared Hardened OS Hypervisor (Optional) Bare Metal Hardware Running bad potentially disruptive containers in the VGS CPU Stress container example run: docker run -it --rm --network=vsc_network --name=cpu_stress gsaw/cpu_stress:1.0.0 Memory Test (limit memory_test container to 50meg) Verify the VGS maintains the normal operational state Undisturbed by bad containers sharing same Docker Engine/OS Can I see what s really going on in this container environment? 13

Monitoring Docker with cadvisor View/monitor the Docker Engine and images/containers Insight into resource limitations/utilization and performance docker run --publish=8080:8080 --detach=true --name=cadvisor google/cadvisor:latest 14

CPU Monitoring with cadvisor 15

Summary Container Benefits Application scalability Lightweight Very fast startup, smaller size, easy to distribute Cost reductions Increase of workloads running on less H/W Less OS s to license/manage/patch/update Containers are properly isolated from one another Perfect mechanism to support end-user/customer extensibility Facilitates troubleshooting/debugging More opportunities for automation in dev/test environments Container Security Smaller footprints (fewer OS s) means a smaller attack surface Vulnerabilities are inevitable Visible image/container metadata be careful Image manipulation/injection concerns 16

Container History and Maturity Containers date back prior to 2009 - Linux Containers (LXC) https://content.pivotal.io/infographics/moments-in-containerhistory Transitioning from Docker 1.12 to 1.13 was seamless Windows containers Competition coming from rkt on CoreOS https://coreos.com/rkt Container Standards https://www.opencontainers.org/ Summary 17

Thanks for Attending GSAW 2017 Richard Monteleone Sr. Systems Engineer Satellite Ground Systems 12515 Academy Ridge View Colorado Springs, CO 80921 rmonteleone@rtlogic.com Colorado Springs, CO (719) 598 2801 Denver, CO (303) 703 3834 Chantilly, VA (703) 488 2500 http://www.rtlogic.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback