SlideShare uma empresa Scribd logo

"Bare-Metal Container" at Meetup Docker Tokyo#11 20170427

Kuniyasu Suzaki
Kuniyasu Suzaki

"Bare-Metal Docker" at Lighting Talk of Meetup Docker Tokyo#11 20170427

Tecnologia
1 de 13
Baixar para ler offline
Bare-Metal Container 1 National Institute of Advanced Industrial Science and Technology(AIST) Kuniyasu Suzaki
Background of BMC 1/3 Drawback of Container • Container technology (Docker) becomes popular. – Docker offers an environment to customize an application easily. – It looks like to be good for an application, but it is a server centric. • It does not allow to change the kernel. – Kernel options passed through /sys are not effective because Docker uses union file system (AUFS or DeviceMapper), which prevents options from reaching to the kernel. • Some applications cannot run on Docker. – DPDK on Docker does not work on some machines, because it depends on “igb_uio” and “rte_kni” kernel modules. • Some provider offers the kernel which can treat DPDK on Docker, but it is case by case solution. It is not fundamental solution. 2
Background of BMC 1/3 Drawback of Container • Container technology (Docker) becomes popular. – Docker offers an environment to customize an application easily. – It looks like to be good for an application, but it is a server centric. • It does not allow to change the kernel. – Kernel options passed through /sys are not effective because Docker uses union file system (AUFS or DeviceMapper), which prevents options from reaching to the kernel. • Some applications cannot run on Docker. – DPDK on Docker does not work on some machines, because it depends on “igb_uio” and “rte_kni” kernel modules. • Some provider offers the kernel which can treat DPDK on Docker, but it is case by case solution. It is not fundamental solution. 3 Container is a jail for a kernel optimizer.
Background of BMC 1/3 Drawback of Container • Container technology (Docker) becomes popular. – Docker offers an environment to customize an application easily. – It looks like to be good for an application, but it is a server centric. • It does not allow to change the kernel. – Kernel options passed through /sys are not effective because Docker uses union file system (AUFS or DeviceMapper), which prevents options from reaching to the kernel. • Some applications cannot run on Docker. – DPDK on Docker does not work on some machines, because it depends on “igb_uio” and “rte_kni” kernel modules. • Some provider offers the kernel which can treat DPDK on Docker, but it is case by case solution. It is not fundamental solution. 4 Container is a jail for a kernel optimizer. HPC users want to optimize the kernel for their applications. Kernel is a servant. Container way is not fit for them.
Background of BMC 2/3 General kernel leads weak performance • Arrakis[OSDI’14] showed that nearly 70% of network latency was spent in the network stack in a Linux kernel. • Many DB applications (e.g., Oracle, MongoDB) reduce the performance by THP (Transparent Huge Pages) which is enabled on most Linux distributions. 5
Background of BMC 2/3 General kernel leads weak performance • Arrakis[OSDI’14] showed that nearly 70% of network latency was spent in the network stack in a Linux kernel. • Many DB applications (e.g., Oracle, MongoDB) reduce the performance by THP (Transparent Huge Pages) which is enabled on most Linux distributions. 6 It is not fundamental solution. HPC users want to optimize the kernel for their applications. Kernel is a servant.
Background of BMC 3/3 Power consumption for each application • Current power measurement is coarse. – PUE only shows usage of data-center scale. – Current power consumption is theme for vender and administrators • Users have no incentive for low power. – Current accounting is based on time consumption 7
Background of BMC 3/3 Power consumption for each application • Current power measurement is coarse. – PUE only shows usage of data-center scale. – Current power consumption is theme for vender and administrators • Users have no incentive for low power. – Current accounting is based on time consumption 8 There is no good method to measure power consumption “for an application”. No accounting which considers power consumption.
What is BMC? • BMC(Bare-Metal Container) runs a container (Docker) image with a suitable Linux kernel on a remote physical machine. – Application on Container can change kernel settings and machine which fit for application and extract the full performance. – It means the power is almost used for an application. 9 Application Centric Architecture
machine kernel container manager Server Centric Architecture Traditional Style (Ex: container) Invoke app. Power always up Admin’s Space User’s Space app container app container app container Comparison Pros: • Multi Tenant •Quick Response (No Rebooting) Cons: • Kernel is not replaced. Pros: • Apps can select a kernel & hardware. • Apps occupy the machine and extract the performance. Cons: • Set up overhead (Rebooting) Boot the kernel & app. BMC machine machine machine kernel app container kernel kernel Application Centric Architecture Select a kernel Select a physical machine BMC manager Remote Machine management (WOL, AMT, IPMI) network bootloader network bootloader network bootloader Power frequently up/down app container app container
Current BMC target • BMC can use Linux kernels for Docker. –CoreOS –RancherOS –Snappy Ubuntu Core –RedHat Project Atomic –Mesosphere DCOS –VMware Photon 11
Related works • vSphere Integrated Containers [VMware’s product] – Integrate vSphere, Linux, and Docker Engine. • Triton [Joyent’s product] acquired by Samsung 2016 – Triton = Docker + SmartOS. • In order to optimize, user needs to customize SmarOS. • LinuxBIOS/BProc Cluster[HPCS’02] – Testbed for kernel test. It is not so easy to implement because it requires to replace BIOS. • Shifter[Cray User Group’15] – Translate Docker image for their environment. – It does not allow to change the kernel. • SLURM[ICDCN’14] – Measure power consumption for an application. It depends on function to measure power (Intel RAPL: Running Average Power Limit, or CRAY machine). 12
• Join Open Source Summit Japan 2017. – May/30 – June/2, Toyo Conference Center Ariake – “Bare Metal Container”, 16:50 June/1 – http://events.linuxfoundation.jp/events/open-source-summit-japan • Official HP: http://www.itri.aist.go.jp/cpc/research/bmc/ • Docker Image for BMC manager: https://hub.docker.com/r/baremetalcontainer/ • Source Code: https://github.com/baremetalcontainer • K.Suzaki, H.Koie, and R.Takano, Bare-Metal Container --- Direct execution of a container image on a remote machine with an optimized kernel ---, the 18th International Conferences on High Performance Computing and Communications (HPCC) December/2016 13

Recomendados

RISC-Vのセキュリティ技術(TEE, Root of Trust, Remote Attestation)
RISC-Vのセキュリティ技術(TEE, Root of Trust, Remote Attestation)RISC-Vのセキュリティ技術(TEE, Root of Trust, Remote Attestation)
RISC-Vのセキュリティ技術(TEE, Root of Trust, Remote Attestation)Kuniyasu Suzaki
 
遠隔デバイスとの信頼を築くための技術とその標準(TEEP RATS)
遠隔デバイスとの信頼を築くための技術とその標準(TEEP RATS)遠隔デバイスとの信頼を築くための技術とその標準(TEEP RATS)
遠隔デバイスとの信頼を築くための技術とその標準(TEEP RATS)Kuniyasu Suzaki
 
IETF111 RATS: Remote Attestation ProcedureS 報告
IETF111 RATS: Remote Attestation ProcedureS 報告IETF111 RATS: Remote Attestation ProcedureS 報告
IETF111 RATS: Remote Attestation ProcedureS 報告Kuniyasu Suzaki
 
Slide presented at FIT 2021 Top Conference (Reboot Oriented IoT, ACSAC2021)
Slide presented at FIT 2021 Top Conference (Reboot Oriented IoT, ACSAC2021)Slide presented at FIT 2021 Top Conference (Reboot Oriented IoT, ACSAC2021)
Slide presented at FIT 2021 Top Conference (Reboot Oriented IoT, ACSAC2021)Kuniyasu Suzaki
 
ACSAC2020 "Return-Oriented IoT" by Kuniyasu Suzaki
ACSAC2020 "Return-Oriented IoT" by Kuniyasu SuzakiACSAC2020 "Return-Oriented IoT" by Kuniyasu Suzaki
ACSAC2020 "Return-Oriented IoT" by Kuniyasu SuzakiKuniyasu Suzaki
 
TEE (Trusted Execution Environment)は第二の仮想化技術になるか?
TEE (Trusted Execution Environment)は第二の仮想化技術になるか?TEE (Trusted Execution Environment)は第二の仮想化技術になるか?
TEE (Trusted Execution Environment)は第二の仮想化技術になるか?Kuniyasu Suzaki
 
3種類のTEE比較(Intel SGX, ARM TrustZone, RISC-V Keystone)
3種類のTEE比較(Intel SGX, ARM TrustZone, RISC-V Keystone)3種類のTEE比較(Intel SGX, ARM TrustZone, RISC-V Keystone)
3種類のTEE比較(Intel SGX, ARM TrustZone, RISC-V Keystone)Kuniyasu Suzaki
 
Hardware-assisted Isolated Execution Environment to run trusted OS and applic...
Hardware-assisted Isolated Execution Environment to run trusted OS and applic...Hardware-assisted Isolated Execution Environment to run trusted OS and applic...
Hardware-assisted Isolated Execution Environment to run trusted OS and applic...Kuniyasu Suzaki
 

Recomendados

RISC-Vのセキュリティ技術(TEE, Root of Trust, Remote Attestation)
RISC-Vのセキュリティ技術(TEE, Root of Trust, Remote Attestation)RISC-Vのセキュリティ技術(TEE, Root of Trust, Remote Attestation)
RISC-Vのセキュリティ技術(TEE, Root of Trust, Remote Attestation)Kuniyasu Suzaki
 
遠隔デバイスとの信頼を築くための技術とその標準(TEEP RATS)
遠隔デバイスとの信頼を築くための技術とその標準(TEEP RATS)遠隔デバイスとの信頼を築くための技術とその標準(TEEP RATS)
遠隔デバイスとの信頼を築くための技術とその標準(TEEP RATS)Kuniyasu Suzaki
 
IETF111 RATS: Remote Attestation ProcedureS 報告
IETF111 RATS: Remote Attestation ProcedureS 報告IETF111 RATS: Remote Attestation ProcedureS 報告
IETF111 RATS: Remote Attestation ProcedureS 報告Kuniyasu Suzaki
 
Slide presented at FIT 2021 Top Conference (Reboot Oriented IoT, ACSAC2021)
Slide presented at FIT 2021 Top Conference (Reboot Oriented IoT, ACSAC2021)Slide presented at FIT 2021 Top Conference (Reboot Oriented IoT, ACSAC2021)
Slide presented at FIT 2021 Top Conference (Reboot Oriented IoT, ACSAC2021)Kuniyasu Suzaki
 
ACSAC2020 "Return-Oriented IoT" by Kuniyasu Suzaki
ACSAC2020 "Return-Oriented IoT" by Kuniyasu SuzakiACSAC2020 "Return-Oriented IoT" by Kuniyasu Suzaki
ACSAC2020 "Return-Oriented IoT" by Kuniyasu SuzakiKuniyasu Suzaki
 
TEE (Trusted Execution Environment)は第二の仮想化技術になるか?
TEE (Trusted Execution Environment)は第二の仮想化技術になるか?TEE (Trusted Execution Environment)は第二の仮想化技術になるか?
TEE (Trusted Execution Environment)は第二の仮想化技術になるか?Kuniyasu Suzaki
 
3種類のTEE比較(Intel SGX, ARM TrustZone, RISC-V Keystone)
3種類のTEE比較(Intel SGX, ARM TrustZone, RISC-V Keystone)3種類のTEE比較(Intel SGX, ARM TrustZone, RISC-V Keystone)
3種類のTEE比較(Intel SGX, ARM TrustZone, RISC-V Keystone)Kuniyasu Suzaki
 
Hardware-assisted Isolated Execution Environment to run trusted OS and applic...
Hardware-assisted Isolated Execution Environment to run trusted OS and applic...Hardware-assisted Isolated Execution Environment to run trusted OS and applic...
Hardware-assisted Isolated Execution Environment to run trusted OS and applic...Kuniyasu Suzaki
 
RISC-V-Day-Tokyo2018-suzaki
RISC-V-Day-Tokyo2018-suzakiRISC-V-Day-Tokyo2018-suzaki
RISC-V-Day-Tokyo2018-suzakiKuniyasu Suzaki
 
BMC: Bare Metal Container @Open Source Summit Japan 2017
BMC: Bare Metal Container @Open Source Summit Japan 2017BMC: Bare Metal Container @Open Source Summit Japan 2017
BMC: Bare Metal Container @Open Source Summit Japan 2017Kuniyasu Suzaki
 
USENIX NSDI17 Memory Disaggregation
USENIX NSDI17 Memory DisaggregationUSENIX NSDI17 Memory Disaggregation
USENIX NSDI17 Memory DisaggregationKuniyasu Suzaki
 
Io t security-suzki-20170224
Io t security-suzki-20170224Io t security-suzki-20170224
Io t security-suzki-20170224Kuniyasu Suzaki
 
”Bare-Metal Container" presented at HPCC2016
”Bare-Metal Container" presented at HPCC2016”Bare-Metal Container" presented at HPCC2016
”Bare-Metal Container" presented at HPCC2016Kuniyasu Suzaki
 
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...Kuniyasu Suzaki
 
Report for S4x14 (SCADA Security Scientific Symposium 2014)
Report for S4x14 (SCADA Security Scientific Symposium 2014)Report for S4x14 (SCADA Security Scientific Symposium 2014)
Report for S4x14 (SCADA Security Scientific Symposium 2014)Kuniyasu Suzaki
 
Slide used at ACM-SAC 2014 by Suzaki
Slide used at ACM-SAC 2014 by SuzakiSlide used at ACM-SAC 2014 by Suzaki
Slide used at ACM-SAC 2014 by SuzakiKuniyasu Suzaki
 
OSセキュリティチュートリアル
OSセキュリティチュートリアルOSセキュリティチュートリアル
OSセキュリティチュートリアルKuniyasu Suzaki
 
Nested Virtual Machines and Proxies
Nested Virtual Machines and Proxies Nested Virtual Machines and Proxies
Nested Virtual Machines and Proxies Kuniyasu Suzaki
 
Bitvisorをベースとした既存Windowsのドライバメモリ保護
Bitvisorをベースとした既存Windowsのドライバメモリ保護Bitvisorをベースとした既存Windowsのドライバメモリ保護
Bitvisorをベースとした既存Windowsのドライバメモリ保護Kuniyasu Suzaki
 
Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)
Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)
Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)Kuniyasu Suzaki
 
仮想化技術によるマルウェア対策とその問題点
仮想化技術によるマルウェア対策とその問題点仮想化技術によるマルウェア対策とその問題点
仮想化技術によるマルウェア対策とその問題点Kuniyasu Suzaki
 
Technology Used in Virtual Machine (Jan 2008)
Technology Used in Virtual Machine (Jan 2008)Technology Used in Virtual Machine (Jan 2008)
Technology Used in Virtual Machine (Jan 2008)Kuniyasu Suzaki
 
EuroSec2012 "Effects of Memory Randomization, Sanitization and Page Cache on ...
EuroSec2012 "Effects of Memory Randomization, Sanitization and Page Cache on ...EuroSec2012 "Effects of Memory Randomization, Sanitization and Page Cache on ...
EuroSec2012 "Effects of Memory Randomization, Sanitization and Page Cache on ...Kuniyasu Suzaki
 
ACM SOSP11 & SOCC11 & PLOS11 Report
ACM SOSP11 & SOCC11 & PLOS11 ReportACM SOSP11 & SOCC11 & PLOS11 Report
ACM SOSP11 & SOCC11 & PLOS11 ReportKuniyasu Suzaki
 
私立大学情報教育協会大学 情報セキュリティ研究講習会
私立大学情報教育協会大学 情報セキュリティ研究講習会私立大学情報教育協会大学 情報セキュリティ研究講習会
私立大学情報教育協会大学 情報セキュリティ研究講習会Kuniyasu Suzaki
 
Linux Symposium 2011 "Analysis of Disk Access Patterns on File Systems for Co...
Linux Symposium 2011 "Analysis of Disk Access Patterns on File Systems for Co...Linux Symposium 2011 "Analysis of Disk Access Patterns on File Systems for Co...
Linux Symposium 2011 "Analysis of Disk Access Patterns on File Systems for Co...Kuniyasu Suzaki
 
EuroSec2011 Slide "Memory Deduplication as a Threat to the Guest OS" by Kuniy...
EuroSec2011 Slide "Memory Deduplication as a Threat to the Guest OS" by Kuniy...EuroSec2011 Slide "Memory Deduplication as a Threat to the Guest OS" by Kuniy...
EuroSec2011 Slide "Memory Deduplication as a Threat to the Guest OS" by Kuniy...Kuniyasu Suzaki
 
ASPLOS2011 workshop RESoLVE "Effect of Disk Prefetching of Guest OS "
ASPLOS2011 workshop RESoLVE "Effect of Disk Prefetching of Guest OS "ASPLOS2011 workshop RESoLVE "Effect of Disk Prefetching of Guest OS "
ASPLOS2011 workshop RESoLVE "Effect of Disk Prefetching of Guest OS "Kuniyasu Suzaki
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

Mais conteúdo relacionado

Mais de Kuniyasu Suzaki

RISC-V-Day-Tokyo2018-suzaki
RISC-V-Day-Tokyo2018-suzakiRISC-V-Day-Tokyo2018-suzaki
RISC-V-Day-Tokyo2018-suzakiKuniyasu Suzaki
 
BMC: Bare Metal Container @Open Source Summit Japan 2017
BMC: Bare Metal Container @Open Source Summit Japan 2017BMC: Bare Metal Container @Open Source Summit Japan 2017
BMC: Bare Metal Container @Open Source Summit Japan 2017Kuniyasu Suzaki
 
USENIX NSDI17 Memory Disaggregation
USENIX NSDI17 Memory DisaggregationUSENIX NSDI17 Memory Disaggregation
USENIX NSDI17 Memory DisaggregationKuniyasu Suzaki
 
Io t security-suzki-20170224
Io t security-suzki-20170224Io t security-suzki-20170224
Io t security-suzki-20170224Kuniyasu Suzaki
 
”Bare-Metal Container" presented at HPCC2016
”Bare-Metal Container" presented at HPCC2016”Bare-Metal Container" presented at HPCC2016
”Bare-Metal Container" presented at HPCC2016Kuniyasu Suzaki
 
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...Kuniyasu Suzaki
 
Report for S4x14 (SCADA Security Scientific Symposium 2014)
Report for S4x14 (SCADA Security Scientific Symposium 2014)Report for S4x14 (SCADA Security Scientific Symposium 2014)
Report for S4x14 (SCADA Security Scientific Symposium 2014)Kuniyasu Suzaki
 
Slide used at ACM-SAC 2014 by Suzaki
Slide used at ACM-SAC 2014 by SuzakiSlide used at ACM-SAC 2014 by Suzaki
Slide used at ACM-SAC 2014 by SuzakiKuniyasu Suzaki
 
OSセキュリティチュートリアル
OSセキュリティチュートリアルOSセキュリティチュートリアル
OSセキュリティチュートリアルKuniyasu Suzaki
 
Nested Virtual Machines and Proxies
Nested Virtual Machines and Proxies Nested Virtual Machines and Proxies
Nested Virtual Machines and Proxies Kuniyasu Suzaki
 
Bitvisorをベースとした既存Windowsのドライバメモリ保護
Bitvisorをベースとした既存Windowsのドライバメモリ保護Bitvisorをベースとした既存Windowsのドライバメモリ保護
Bitvisorをベースとした既存Windowsのドライバメモリ保護Kuniyasu Suzaki
 
Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)
Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)
Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)Kuniyasu Suzaki
 
仮想化技術によるマルウェア対策とその問題点
仮想化技術によるマルウェア対策とその問題点仮想化技術によるマルウェア対策とその問題点
仮想化技術によるマルウェア対策とその問題点Kuniyasu Suzaki
 
Technology Used in Virtual Machine (Jan 2008)
Technology Used in Virtual Machine (Jan 2008)Technology Used in Virtual Machine (Jan 2008)
Technology Used in Virtual Machine (Jan 2008)Kuniyasu Suzaki
 
EuroSec2012 "Effects of Memory Randomization, Sanitization and Page Cache on ...
EuroSec2012 "Effects of Memory Randomization, Sanitization and Page Cache on ...EuroSec2012 "Effects of Memory Randomization, Sanitization and Page Cache on ...
EuroSec2012 "Effects of Memory Randomization, Sanitization and Page Cache on ...Kuniyasu Suzaki
 
ACM SOSP11 & SOCC11 & PLOS11 Report
ACM SOSP11 & SOCC11 & PLOS11 ReportACM SOSP11 & SOCC11 & PLOS11 Report
ACM SOSP11 & SOCC11 & PLOS11 ReportKuniyasu Suzaki
 
私立大学情報教育協会大学 情報セキュリティ研究講習会
私立大学情報教育協会大学 情報セキュリティ研究講習会私立大学情報教育協会大学 情報セキュリティ研究講習会
私立大学情報教育協会大学 情報セキュリティ研究講習会Kuniyasu Suzaki
 
Linux Symposium 2011 "Analysis of Disk Access Patterns on File Systems for Co...
Linux Symposium 2011 "Analysis of Disk Access Patterns on File Systems for Co...Linux Symposium 2011 "Analysis of Disk Access Patterns on File Systems for Co...
Linux Symposium 2011 "Analysis of Disk Access Patterns on File Systems for Co...Kuniyasu Suzaki
 
EuroSec2011 Slide "Memory Deduplication as a Threat to the Guest OS" by Kuniy...
EuroSec2011 Slide "Memory Deduplication as a Threat to the Guest OS" by Kuniy...EuroSec2011 Slide "Memory Deduplication as a Threat to the Guest OS" by Kuniy...
EuroSec2011 Slide "Memory Deduplication as a Threat to the Guest OS" by Kuniy...Kuniyasu Suzaki
 
ASPLOS2011 workshop RESoLVE "Effect of Disk Prefetching of Guest OS "
ASPLOS2011 workshop RESoLVE "Effect of Disk Prefetching of Guest OS "ASPLOS2011 workshop RESoLVE "Effect of Disk Prefetching of Guest OS "
ASPLOS2011 workshop RESoLVE "Effect of Disk Prefetching of Guest OS "Kuniyasu Suzaki
 

Mais de Kuniyasu Suzaki (20)

RISC-V-Day-Tokyo2018-suzaki
RISC-V-Day-Tokyo2018-suzakiRISC-V-Day-Tokyo2018-suzaki
RISC-V-Day-Tokyo2018-suzaki
 
BMC: Bare Metal Container @Open Source Summit Japan 2017
BMC: Bare Metal Container @Open Source Summit Japan 2017BMC: Bare Metal Container @Open Source Summit Japan 2017
BMC: Bare Metal Container @Open Source Summit Japan 2017
 
USENIX NSDI17 Memory Disaggregation
USENIX NSDI17 Memory DisaggregationUSENIX NSDI17 Memory Disaggregation
USENIX NSDI17 Memory Disaggregation
 
Io t security-suzki-20170224
Io t security-suzki-20170224Io t security-suzki-20170224
Io t security-suzki-20170224
 
”Bare-Metal Container" presented at HPCC2016
”Bare-Metal Container" presented at HPCC2016”Bare-Metal Container" presented at HPCC2016
”Bare-Metal Container" presented at HPCC2016
 
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...
 
Report for S4x14 (SCADA Security Scientific Symposium 2014)
Report for S4x14 (SCADA Security Scientific Symposium 2014)Report for S4x14 (SCADA Security Scientific Symposium 2014)
Report for S4x14 (SCADA Security Scientific Symposium 2014)
 
Slide used at ACM-SAC 2014 by Suzaki
Slide used at ACM-SAC 2014 by SuzakiSlide used at ACM-SAC 2014 by Suzaki
Slide used at ACM-SAC 2014 by Suzaki
 
OSセキュリティチュートリアル
OSセキュリティチュートリアルOSセキュリティチュートリアル
OSセキュリティチュートリアル
 
Nested Virtual Machines and Proxies
Nested Virtual Machines and Proxies Nested Virtual Machines and Proxies
Nested Virtual Machines and Proxies
 
Bitvisorをベースとした既存Windowsのドライバメモリ保護
Bitvisorをベースとした既存Windowsのドライバメモリ保護Bitvisorをベースとした既存Windowsのドライバメモリ保護
Bitvisorをベースとした既存Windowsのドライバメモリ保護
 
Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)
Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)
Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)
 
仮想化技術によるマルウェア対策とその問題点
仮想化技術によるマルウェア対策とその問題点仮想化技術によるマルウェア対策とその問題点
仮想化技術によるマルウェア対策とその問題点
 
Technology Used in Virtual Machine (Jan 2008)
Technology Used in Virtual Machine (Jan 2008)Technology Used in Virtual Machine (Jan 2008)
Technology Used in Virtual Machine (Jan 2008)
 
EuroSec2012 "Effects of Memory Randomization, Sanitization and Page Cache on ...
EuroSec2012 "Effects of Memory Randomization, Sanitization and Page Cache on ...EuroSec2012 "Effects of Memory Randomization, Sanitization and Page Cache on ...
EuroSec2012 "Effects of Memory Randomization, Sanitization and Page Cache on ...
 
ACM SOSP11 & SOCC11 & PLOS11 Report
ACM SOSP11 & SOCC11 & PLOS11 ReportACM SOSP11 & SOCC11 & PLOS11 Report
ACM SOSP11 & SOCC11 & PLOS11 Report
 
私立大学情報教育協会大学 情報セキュリティ研究講習会
私立大学情報教育協会大学 情報セキュリティ研究講習会私立大学情報教育協会大学 情報セキュリティ研究講習会
私立大学情報教育協会大学 情報セキュリティ研究講習会
 
Linux Symposium 2011 "Analysis of Disk Access Patterns on File Systems for Co...
Linux Symposium 2011 "Analysis of Disk Access Patterns on File Systems for Co...Linux Symposium 2011 "Analysis of Disk Access Patterns on File Systems for Co...
Linux Symposium 2011 "Analysis of Disk Access Patterns on File Systems for Co...
 
EuroSec2011 Slide "Memory Deduplication as a Threat to the Guest OS" by Kuniy...
EuroSec2011 Slide "Memory Deduplication as a Threat to the Guest OS" by Kuniy...EuroSec2011 Slide "Memory Deduplication as a Threat to the Guest OS" by Kuniy...
EuroSec2011 Slide "Memory Deduplication as a Threat to the Guest OS" by Kuniy...
 
ASPLOS2011 workshop RESoLVE "Effect of Disk Prefetching of Guest OS "
ASPLOS2011 workshop RESoLVE "Effect of Disk Prefetching of Guest OS "ASPLOS2011 workshop RESoLVE "Effect of Disk Prefetching of Guest OS "
ASPLOS2011 workshop RESoLVE "Effect of Disk Prefetching of Guest OS "
 

Último

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 

Último (20)

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 

"Bare-Metal Container" at Meetup Docker Tokyo#11 20170427

  • 1. Bare-Metal Container 1 National Institute of Advanced Industrial Science and Technology(AIST) Kuniyasu Suzaki
  • 2. Background of BMC 1/3 Drawback of Container • Container technology (Docker) becomes popular. – Docker offers an environment to customize an application easily. – It looks like to be good for an application, but it is a server centric. • It does not allow to change the kernel. – Kernel options passed through /sys are not effective because Docker uses union file system (AUFS or DeviceMapper), which prevents options from reaching to the kernel. • Some applications cannot run on Docker. – DPDK on Docker does not work on some machines, because it depends on “igb_uio” and “rte_kni” kernel modules. • Some provider offers the kernel which can treat DPDK on Docker, but it is case by case solution. It is not fundamental solution. 2
  • 3. Background of BMC 1/3 Drawback of Container • Container technology (Docker) becomes popular. – Docker offers an environment to customize an application easily. – It looks like to be good for an application, but it is a server centric. • It does not allow to change the kernel. – Kernel options passed through /sys are not effective because Docker uses union file system (AUFS or DeviceMapper), which prevents options from reaching to the kernel. • Some applications cannot run on Docker. – DPDK on Docker does not work on some machines, because it depends on “igb_uio” and “rte_kni” kernel modules. • Some provider offers the kernel which can treat DPDK on Docker, but it is case by case solution. It is not fundamental solution. 3 Container is a jail for a kernel optimizer.
  • 4. Background of BMC 1/3 Drawback of Container • Container technology (Docker) becomes popular. – Docker offers an environment to customize an application easily. – It looks like to be good for an application, but it is a server centric. • It does not allow to change the kernel. – Kernel options passed through /sys are not effective because Docker uses union file system (AUFS or DeviceMapper), which prevents options from reaching to the kernel. • Some applications cannot run on Docker. – DPDK on Docker does not work on some machines, because it depends on “igb_uio” and “rte_kni” kernel modules. • Some provider offers the kernel which can treat DPDK on Docker, but it is case by case solution. It is not fundamental solution. 4 Container is a jail for a kernel optimizer. HPC users want to optimize the kernel for their applications. Kernel is a servant. Container way is not fit for them.
  • 5. Background of BMC 2/3 General kernel leads weak performance • Arrakis[OSDI’14] showed that nearly 70% of network latency was spent in the network stack in a Linux kernel. • Many DB applications (e.g., Oracle, MongoDB) reduce the performance by THP (Transparent Huge Pages) which is enabled on most Linux distributions. 5
  • 6. Background of BMC 2/3 General kernel leads weak performance • Arrakis[OSDI’14] showed that nearly 70% of network latency was spent in the network stack in a Linux kernel. • Many DB applications (e.g., Oracle, MongoDB) reduce the performance by THP (Transparent Huge Pages) which is enabled on most Linux distributions. 6 It is not fundamental solution. HPC users want to optimize the kernel for their applications. Kernel is a servant.
  • 7. Background of BMC 3/3 Power consumption for each application • Current power measurement is coarse. – PUE only shows usage of data-center scale. – Current power consumption is theme for vender and administrators • Users have no incentive for low power. – Current accounting is based on time consumption 7
  • 8. Background of BMC 3/3 Power consumption for each application • Current power measurement is coarse. – PUE only shows usage of data-center scale. – Current power consumption is theme for vender and administrators • Users have no incentive for low power. – Current accounting is based on time consumption 8 There is no good method to measure power consumption “for an application”. No accounting which considers power consumption.
  • 9. What is BMC? • BMC(Bare-Metal Container) runs a container (Docker) image with a suitable Linux kernel on a remote physical machine. – Application on Container can change kernel settings and machine which fit for application and extract the full performance. – It means the power is almost used for an application. 9 Application Centric Architecture
  • 10. machine kernel container manager Server Centric Architecture Traditional Style (Ex: container) Invoke app. Power always up Admin’s Space User’s Space app container app container app container Comparison Pros: • Multi Tenant •Quick Response (No Rebooting) Cons: • Kernel is not replaced. Pros: • Apps can select a kernel & hardware. • Apps occupy the machine and extract the performance. Cons: • Set up overhead (Rebooting) Boot the kernel & app. BMC machine machine machine kernel app container kernel kernel Application Centric Architecture Select a kernel Select a physical machine BMC manager Remote Machine management (WOL, AMT, IPMI) network bootloader network bootloader network bootloader Power frequently up/down app container app container
  • 11. Current BMC target • BMC can use Linux kernels for Docker. –CoreOS –RancherOS –Snappy Ubuntu Core –RedHat Project Atomic –Mesosphere DCOS –VMware Photon 11
  • 12. Related works • vSphere Integrated Containers [VMware’s product] – Integrate vSphere, Linux, and Docker Engine. • Triton [Joyent’s product] acquired by Samsung 2016 – Triton = Docker + SmartOS. • In order to optimize, user needs to customize SmarOS. • LinuxBIOS/BProc Cluster[HPCS’02] – Testbed for kernel test. It is not so easy to implement because it requires to replace BIOS. • Shifter[Cray User Group’15] – Translate Docker image for their environment. – It does not allow to change the kernel. • SLURM[ICDCN’14] – Measure power consumption for an application. It depends on function to measure power (Intel RAPL: Running Average Power Limit, or CRAY machine). 12
  • 13. • Join Open Source Summit Japan 2017. – May/30 – June/2, Toyo Conference Center Ariake – “Bare Metal Container”, 16:50 June/1 – http://events.linuxfoundation.jp/events/open-source-summit-japan • Official HP: http://www.itri.aist.go.jp/cpc/research/bmc/ • Docker Image for BMC manager: https://hub.docker.com/r/baremetalcontainer/ • Source Code: https://github.com/baremetalcontainer • K.Suzaki, H.Koie, and R.Takano, Bare-Metal Container --- Direct execution of a container image on a remote machine with an optimized kernel ---, the 18th International Conferences on High Performance Computing and Communications (HPCC) December/2016 13