1. OSCON Summer 2009 cyberstalk : irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/osconirving + andy Virtualize or Containerize?

2. OSCON Summer 2009 Hello Portland! 3. OSCON Summer 2009 Hello San Jose! 4. OSCON Summer 2009 cyberstalk : irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/osconirving + andy Virtualize or Containerize? 5. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/osconVirtualize or Containerize? Agenda 1. Why we're here 2. Act I - Virtualize or Containerize (aka "So, you're a provider...") 1. Define and Differentiate 2. State of the Art -> dealbreakers + dealmakers 3. Act II - The Trouble with Clouds (aka "So you'relooking to buy?") 1. A Market for Lemons2. How it's hurting consumers 3. Wouldn't it be cool if... 4. Further resources 5. Get in touch... 6. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/osconVirtualize or Containerize? Containerization: Now you can handle the truth Now that we all know + love virtualization, it's easier to wrap our brains around containerization

• Reminder: Virtualization is everywhere, even when you don't know it.

7. Amazon EC2, Xen, Vmware... Perhaps you've heard of them?

8. Containerization branding chaos.

Mediatemple, Dreamhost, Dotster... Perhaps you've heard ofthem?

9. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/oscon Virtualize or Containerize? Why we're here Irving said blasphemous things about virtualization in IRC. 10. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/oscon Virtualize or Containerize? Containerization: Is that even a thing? 11. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/oscon Virtualize or Containerize? Rollcall Virtualization users and their admirers 12. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/oscon Virtualize or Containerize? Rollcall Containerization users and their admirers 13. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/oscon Virtualize or Containerize? Act I Virtualize vs. Containerize: Define + Differentiate So, you're a provider... 14. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/osconVirtualize or Containerize? Before we begin, assumptions Our focus: x86 Server Market Open Source Operating Systems Open Source & Web Application stacks Yes, we know that: Virtualization actually kicked off in the 1970s Mainframe world. Things are different when you bring Windows into the picture. If you want to discuss Windows, Mainframes, etc, you may be at the wrong talk. 15. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/osconVirtualize or Containerize? Virtualization Explained Virtualization in a Nutshell:

• A software technique used to separate an Operating System from Physical Resources

16. The virtualization "host" presents a complete set of hardware (CPU, memory, disk, devices) to the "guest", fooling the guest into thinking it is running on real hardware

17. Analogy: The Matrix 18. Examples

• VMware (Full Virtualization)

19. Xen (Paravirtualization)

20. KVM (Paravirtualization) 21. Virtualbox (Full Virtualization) 22.

23. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/oscon Virtualize or Containerize? Virtualization Explained (cont.) Advantages:

• System Consolidation

24. System Protection

25. Simplicity - Run any x86 OS! Disadvantage:

• CPU Performance

26. Memory Performance

27. IO Performance 28. Noticing a trend?Expensive translation Scheduler Contention 29. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/oscon Virtualize or Containerize? Containerization: The Difference is foundin the Translation Virtualization (much must be translated) Containerization (It's all native) 30. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/osconVirtualize or Containerize? The Alien is the Guest, the Human is the Host *Except when you containerize, then a Human is both the Guest and Host 31. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/osconVirtualize or Containerize? Containerization: Tools like OpenVZ are already packaged with or for your favorite distro 32. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/osconVirtualize or Containerize? Containerization Explained Containerization in a Nutshell

• Also called Operating System-level virtualization, thehost and guests all share a single kernel

33. Essentially, virtualization in user-land

34. Single kernel provides greater control of guests, yetthinner separation between guests 35. Some ability to run different OS distributions Popular Ones

• OpenVZ (Linux)

36. Linux-Vserver

37. FreeBSD Jails 38. Solaris Containers 39. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/osconVirtualize or Containerize? Containerization Explained (cont.) Advantages

• Fat-free Virtualization

40. IO and Memory Performance levels similar to native operation

41. CPU Scalability - no "virtual SMP" limits 42. Resource Control and Constraints Disadvantages

• Guests must be same Kernel rev/arch as Host

43. Enterprise Functionality is a mixed bag

44. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/osconVirtualize or Containerize? Neat Containerization Tricks Tighter relationship between Host and Guest allows you to:

Easily Administer Guests from the Host (Change IP, Change Passwords, etc)

45. Easily Access the Filesystem of Guests from the Host 46. Share identical memory between Guests and the Host 47. Super-easy Template usage and creation 48. Very fine grained resource limits 49. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/osconVirtualize or Containerize? Command-Line Examples List vzlist -a CTID NPROC STATUS IP_ADDR HOSTNAME 1 35 running 10.101.60.79 localhost 101 8 running 10.101.66.1 ct101.swsoft.com 102 7 running 10.101.66.159 ct102.swsoft.com 103 - stopped 10.101.66.103 ct103.swsoft.com Enter container:~# vzctl enter 100 entered into VE 100 root@www:/#Change User Password vzctl set 100 --save --userpassword apache:secretpassword! Change DNS Server vzctl set 100 --save --nameserver 192.168.0.2 50. irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/osconONBOOT="yes" VE_ROOT="/var/lib/vz/root/$VEID" VE_PRIVATE="/var/lib/vz/private/$VEID" OSTEMPLATE="ubuntu-8.04-amd64-minimal" ORIGIN_SAMPLE="vps.basic" HOSTNAME="www.example.com" IP_ADDRESS="192.168.0.220" NAMESERVER="192.168.0.10" NOATIME="yes" DISKSPACE="10485760:11530240" DISKINODES="200000:220000" QUOTATIME="0" CPUUNITS="1000" OpenVZ Config Example VITALS QUOTAS Virtualize or Containerize? 51. irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/osconKMEMSIZE LOCKEDPAGES PRIVVMPAGES SHMPAGES NUMPROC PHYSPAGES VMGUARPAGES OOMGUARPAGES NUMTCPSOCK NUMFLOCK You Want Fine Grained Resource Limits? NUMPTY NUMSIGINFO TCPSNDBUF TCPRCVBUF OTHERSOCKBUF DGRAMRCVBUF NUMOTHERSOCK DCACHESIZE NUMFILE AVNUMPROC NUMIPTENT You got em.Hard and Soft limits for all. Virtualize or Containerize? 52. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/oscon Virtualize or Containerize? Who were Popek and Goldberg? Published a famous paper in 1974 called "Formal Requirements for Virtualizable Third Generation Architectures".The fundamentals are still relevant today. Equivalence A program running under the VMM should exhibit a behavior essentially identical to that demonstrated when running on an equivalent machine directly. Resource control The VMM must be in complete control of the virtualized resources. Efficiency A statistically dominant fraction of machine instructions must be executed without VMM intervention. 53. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/osconVirtualize or Containerize? Convergent Evolution (Or something...) 54. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/osconVirtualize or Containerize? Convergent Evolution... Or Common Management Layer libvirt? 55. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/oscon Virtualize or Containerize? What's best for you? It depends on who you are. 56. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/oscon Virtualize or Containerize? How the heck do we describe ourselves?

• buyers?

57. sellers?

58. administrators? 59. administrator and user?!?! 60. providers? 61. users? 62. developers? 63. just need to run a dang app? 64. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/oscon Virtualize or Containerize? The big buckets

• Selling infrastructure or applicationson top of infrastructure to peopleoutsideyour organization

65. Providing infrastructure, or applicationson top of an infrastructure,withinyour organization/company

66. Your own customer

• • a dev/groups of devs managing your own production/dev/QA server
• 67. using an app that needs infrastructure

68. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/osconVirtualize or Containerize? Rollcall Need help?Let's help you choose...

• Selling infrastructure or applicationson top of infrastructure to peopleoutsideyour organization

69. Providing infrastructure, or applicationson top of an infrastructure,withinyour organization/company

70. Your own customer

• • a dev/groups of devs managing your own production/dev/QA server
• 71. using an app that needs infrastructure

72. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/oscon Virtualize or Containerize? Let's help you choose You care about: "Enterprise" functionality, support, clustering, pretty dashboards. Virtualize! 73. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/oscon Virtualize or Containerize? Let's help you choose You care about: Running many, many different x86 OSes. And a wide array of virtual appliances. Virtualize! 74. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/osconVirtualize or Containerize? Let's help you choose You're an Infrastructure provider, and you need to run many, many instances of Linux as efficiently as possible. You understand that fitting more guests on a host is free money. Containerize! 75. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/oscon Virtualize or Containerize? Let's help you choose You're a startup or indie developer on Linux, and you need to stretch every dollar. However, you want to easily add Staging/Dev environments, regression test on a wide variety of distributions, etc. People keep telling you to "Get a VM for that project." What do you do? Containerize! 76. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/osconVirtualize or Containerize? Act II The Trouble with Clouds So, you're a consumer of infrastructure... 77. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/oscon Virtualize or Containerize? The market for lemons Much of what you just heard doesn't matter if you are abuyer ofInfrastructure services (IaaS, Cloud Computing, etc.) Building any large-scale high performance virtualization infrastructure can be very tricky (variance in technical solutions) Vendors are forced to compete primarily on Price, not Quality. See famous paper "The Market for Lemons" by economist George Akerlof. 78. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/osconVirtualize or Containerize? (interrupting record scratch sound) 79. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/oscon Virtualize or Containerize? Cloud Providers, we love you, here's some valuable observations Shopping for IaaS services makes no sense, the comparison criteria has nothing to do with theQuality of the Infrastructure

• User Interface

80. API

81. Pricing and Features 82. Oh yeah, and user reviews (subjective) How about you help out the users a little bit?

Build smarter baseline configs based on Memory Size, CPU power purchased, etc.

83. Install smart Caching mechanisms by default (WP-Super-Cache, memcached, Boost, mod_cache) 84. Don't fool buyers into thinking that they can get by without a proper sysadmin. 85. Don't instantly upsell more widgets when the customer's performance goes south. 86. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/oscon Virtualize or Containerize? Wouldn't it be cool if... There were independent measurements and ratings for IaaS providers:

• Compare CPU, Memory, Disk, and network performance

87. Compare real-world task response times

88. Compare end-to-end performance of real application stacks A critical mass of communities talking about cloud stuffwith these new criteria in mind :

• Wikis

89. Discussion forums

90. How-to articles Encourage vendors to be more transparent and describe their offerings in a more meaningful way. 91. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/oscon Virtualize or Containerize? Okay, Now take a deep breath 92. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/oscon Virtualize or Containerize? Further Resources

• Wikipedia "Virtualization" article: http://en.wikipedia.org/wiki/Virtualization

93. VMware whitepaper: Understanding Paravirtualization http://www.vmware.com/files/pdf/VMware_paravirtualization.pdf

94. Intel whitepaper: HybridVirtualization http://www.vmware.com/files/pdf/VMware_paravirtualization.pdf 95. Troubleshooting hosted Xen story: http://wiki.xen.prgmr.com/xenophilia/2009/06/see-this-is-why-i-dont-assume.html 96. Popek and Goldberg Virtualization Requirements http://en.wikipedia.org/wiki/Popek_and_Goldberg_virtualization_requirements 97. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/oscon Virtualize or Containerize? Get in touch Andy (Andrea) Sysadmin in Portland, OR Cries when make fails. twitter/identica: thesethings Blog: http://www.thesethingsmattertome.com/ Irving Popovetsky Independent consultant from Portland, OR Unabashed OSS nerd for nearly 15 years twitter/identica: irvingpop Blog: http://www.cloudest.com/blog/ 98. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/oscon Virtualize or Containerize? Questions?? 99. OSCON Summer 2009 irc / twitter/ identica:irvingpop, thesethingsweb:cloudest.com/oscon Virtualize or Containerize? Thanks for coming!