Xen project Mailing List

Re: [Publicity] Docker Open Source Container Virtualization on the Rise

To: Glauber Costa <glommer@xxxxxxxxxxxxxxxxxxxx>, Tzach Livyatan <tzach@xxxxxxxxxxxxxxxxxxxx>

From: Lars Kurth <lars.kurth@xxxxxxx>

Date: Mon, 17 Feb 2014 02:46:44 -0800

Cc: "publicity@xxxxxxxxxxxxxxxxxxxx" <publicity@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Mon, 17 Feb 2014 10:46:53 +0000

List-id: "List for Xen Publicity, PR and events" <publicity.lists.xenproject.org>

On 12/02/2014 00:29, Glauber Costa wrote:

Hi

Glauber,

sorry your mail was stuck in the moderator queue for a week. I was travelling and forgot my little notebook of passwords.

So that talk I gave was not really an HV vs containers, it was more a containers overview when I was working in the containers side.

When I joined Cloudius, I have published the following text:
https://plus.google.com/107787008629542080430/posts/fgzsepcScTa

My main message was that an OS like OSv changes the game, because it bridges the duplication gap without giving up the rest. When I

published, it reached a small audience because we had very little followers. If you have a broader channel, it would be good to broadcast
or link to it.

@Sarah, can you outline what you were planning to do and roughly when? Also, you mentioned you needed a spokesperson. As I will be out hiking in the Australian outback for a few weeks and I don't have the technical depth, it may make sense for someone else to step up.

I am also wondering whether it makes sense to coordinate a response to containers with (or at least coordinated) with the OVA. I don't know who handles press and PR matters at the OVA though. Just a thought.

Other aspects for consideration: It depends really which audience we want to reach.

-For more sophisticated audiences, it is worthwhile to point out (although obvious) that using containers will restrict your ability to be in control of your kernel (even talking cross-OS), and once you start using it, it's harder to maintain an heterogeneous environment. This makes it a no-go for whoever is selling IaaS.

- The performance thing with containers is *not* true. They use cgroups, which are expensive. As much as I have succeeded to make that cost go down, it is still expensive. We are doing benchmarks against Linux as a guest, maybe we should start looking at doing benchmarks against a container environment?

That is a good point.

- I am following the follow up of my work closely (kmemcg shrinking), and this is not yet complete in Linux. What it means is that it is still impossible to properly control kernel memory used by each container. It is still trivial for a malicious containers to destroy everything. There are many other holes to gap, and while they are there containers are particularly insecure.

The advantage of containers that we do need to be aware of, is that it allows for greater flexibility of resource sharing. For instance, you can leave all processes to use the disk cpu freely, while they are restricted for memory only. This can be handy in some cases, but it is probably not that broadly relevant.

Tzach

-George

On 02/11/2014 07:08 PM, Sarah Conway wrote:

FYI,

Below is VARGuy coverage of the latest Docker release. (1.0 version is
expected in April.) With these new releases, supposedly Docker can now
"meet the demands of cloud computing and PaaS solutions." They are
positioning it as the next logical step for PaaS, pigeon-holing
hypervisors as only beneficial to IaaS.

The article goes on to say: "Unlike the virtualization hypervisors that
power most virtual servers today, Docker doesn't virtualize an entire
operating system. Instead, it provides virtualized application
containers that run on top of a "bare-metal" host operating system. By
virtualizing at the application level, Docker can offer greater
portability, efficiency and security."

http://thevarguy.com/virtualization-applications-and-technologies/021014/docker-open-source-container-virtualization-rise?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheVarGuy+%28The+VAR+Guy%29

An article from Dec. 2013:

http://www.networkworld.com/community/blog/containers-new-hypervisors

Some additional messaging from their web site:

Seven months after launching, the Docker ecosystem is expanding rapidly:
Docker has been downloaded over 200,000 times, has received over 7,500
Github stars, and is receiving contributions from more than 200
community developers. Over 2,500 "Dockerized" applications are now
available at the Docker public index, and third party projects and
partnerships built on top of Docker span PaaS, operating systems,
hosting services, CI platforms, and more. Over 50 user-created case
studies are available from companies such as eBay, Cloudflare,
Rackspace/Mailgun, Yandex, Cambridge Health Care, and RelateIQ.

I suggest we finesse our messaging against container technologies like
Docker, which are gaining traction in the press right now. Feedback from
the AB on this point would be appreciated. It will likely be a question
that comes up in the near future. We could also try to piggy-back any
Docker 1.0 coverage that might be coming out in the April timeframe,
offering reporters a counter opinion/view on containers vs.
virtualization, etc.

_______________________________________________
Publicity mailing list
Publicity@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity
_______________________________________________
Publicity mailing list
Publicity@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity

_______________________________________________ Publicity mailing list Publicity@xxxxxxxxxxxxxxxxxxxx http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity