Joyent Joins Containers Debate - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud // Infrastructure as a Service
10:18 AM
Connect Directly

Joyent Joins Containers Debate

Joyent's SmartDataCenter 7 package offers on-premises provisioning and management of containers and virtual machines. Watch out, OpenStack?

Cloud Contracts: 8 Questions To Ask
Cloud Contracts: 8 Questions To Ask
(Click image for larger view and slideshow.)

If OpenStack has issues, Joyent thinks it's got the answer: the Joyent SmartDataCenter 7, announced Tuesday to run as a complete, ready-to-go package.

Bryan Cantrill, CTO of the San Francisco infrastructure-as-a-service provider, says SmartDataCenter 7 will give enterprise cloud builders a system on which they can run both virtual machines and lightweight containers. Unlike OpenStack, it can be installed in an afternoon, he claims in an interview.

Joyent is a lesser-known public cloud among service providers, with an emphasis on high performance and big-data analytics. Gartner calls it a niche player and a distant possibility as a Microsoft or Amazon challenger. On the other hand, it occupies a niche of potentially growing importance by using as its core operating system an open source descendent of Sun Microsystems Solaris that it calls SmartOS. Like Solaris, SmartOS can spin up and run multiple containers under a single operating system on a cloud host -- hundreds of them at a time, he says.

Joyent recently ran the predecessor to SmartDataCenter 7 on a two-way Xeon server with 96 GB of DRAM. It could host 400 Node.js applications. On a more powerful two-socket, quad-core Xeon server (that would power 32 virtual CPUs because each core is double-threaded) and 256 GB DRAM, it ran 800 containers "and could run thousands," he says. There is a maximum of 8,192 containers that can be assigned to a single host. Cantrill makes no claim that anyone has ever approached such a limit.

[Want to learn more about Joyent's place in the cloud universe? See Amazon, Microsoft Star In Gartner Cloud Magic Quadrant.]

Running containers under one operating system is highly similar to running an application on a bare-metal server because of containerization's low overhead, while virtual machines are often described as having a 1% to 2% overhead, or more.

There's a debate over the role that Linux containers will play in the future of cloud computing, but Linux containers are generally viewed as less secure than Solaris containers. Even Docker, the leading purveyor of a common format for Linux containers, has warned of the possible breakout of malicious code from earlier versions of Docker containers, as it did in a blog post June 18.

The problem has been corrected in the current Docker 1.0, but no one is certain when the next exploit may be found. The viability of Linux container security is the subject of an ongoing debate.

As Cantrill explains it, unlike Solaris containers, Linux containers "were not designed from the ground up as multi-tenant systems." Linux containers were designed with maximum efficiency in mind, leaving the possibility of malicious code in one container being able snoop on server activity and interfere with neighboring containers.

SmartDataCenter 7 can also take virtualized workloads and run them under the KVM open source hypervisor. There's some loss of efficiency, since the virtual machine has to run its own operating system, rather than sharing the host's. But doing so is a further guarantee of the application's security, he says. In effect, the virtual machine itself is considered a safe, logically defined container. If renegade code escapes, it's contained inside the operating system zone surrounding the virtual machine.

An escapee from the virtual machine "can't launch a process, can't access the file system, can't reach storage," he says. Basically, malicious code that makes it past the virtual machine's logical barriers "can't do anything" in its new surroundings.

Tuesday's release of SmartDataCenter 7 marks its launch as an on-premises system, one that Joyent hopes will be able to compete with Eucalyptus Systems, Cloudscaling, and OpenStack. He says, "It's very opinionated software. We've made a whole bunch of decisions for you. 'Here is how we think of storage... Here is how to upgrade the system,'" which eases installation and operations.

Cantrill, a veteran of 12 years of Solaris engineering at Sun Microsystems and the author of Dynamic Tracing (DTrace), the performance analysis tool for Solaris and Linux, was recruited to Joyent three years ago to productize the Joyent cloud system.

SmartDataCenter 7 uses the ZFS file system for storage and operations. It allows easy-to-set-up replication, data compression, deduplication, and other data-management functions.

"I'm wedded to DTrace and ZFS," both part of SmartDataCenter 7, he says. The computing world before they existed "was insufferable, the Dark Ages, where everybody was dying of the plague." SmartDataCenter 7 may mark the dawn of an age of greater system health and reliability, for those who want to turn to a niche player and give it a try.

Private clouds are moving rapidly from concept to production. But some fears about expertise and integration still linger. Also in the Private Clouds Step Up issue of InformationWeek: The public cloud and the steam engine have more in common than you might think. (Free registration required.)

Charles Babcock is an editor-at-large for InformationWeek and author of Management Strategies for the Cloud Revolution, a McGraw-Hill book. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Charlie Babcock
Charlie Babcock,
User Rank: Author
6/26/2014 | 7:46:46 PM
And another thing....
Google probably has the most experience with Linux containers on the planet, having run its speedy search engine and other internal operations inside them. But we can't expect its release to open source of its Kupernetes container code to solve the security issue. Kupernetes takes care of provisioning, doesn't have much to do with security. When it comes to the public cloud part of Google, it's written its own container management system to provide security in a multi-tenant environment. For those hoping it will make that open source too, better not hold your breath. Blue will not become you.
Charlie Babcock
Charlie Babcock,
User Rank: Author
6/25/2014 | 6:16:36 PM
Joyent, our one example of Solaris-style containers?
I think there is wide acceptance of the notion that Solaris containers, on which SmartOS and SmartData Center are based, were designed with security in mind and can be used in a multi-tenant environment. Linux containers, on the other hand, will be presumed leaky until proven otherwise and of uncertain value in multi-tenant environments. That is, you need to know none of the other tenants is hostile to run them in multi-tenant mode. One way to use Linux containers would be for one customer to put many containers on one server, no other tenant allowed. What's intersting about Joyent is it's got both containers and Solaris-style security on the containerized host. Google knows containers, but it's still keeping Linux containers inside a virtual machine, I believe, except in its internal operations.
User Rank: Author
6/25/2014 | 3:42:21 PM
"Niche players"
"Niche" cloud players have surprised us before. Can Joyent win the customer loyalty necessary to make an impact here?
Lorna Garey
Lorna Garey,
User Rank: Author
6/25/2014 | 12:57:38 PM
Some irrational exuberance going around?
Got problems with OpenStack? Not sure the answer is a proprietary system, built on a niche OS, comprising bleeding-edge technology that no one can promise can be secured. But hey, points for a colorful quote.
10 Ways to Transition Traditional IT Talent to Cloud Talent
Lisa Morgan, Freelance Writer,  11/23/2020
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Can Low Code Measure Up to Tomorrow's Programming Demands?
Joao-Pierre S. Ruth, Senior Writer,  11/16/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Flash Poll