vendredi, août 08, 2014

Docker vs kvm = containers vs virtualization (IBM research paper). The next big thing in datacenters ?

At Eranea, our current architecture for the Cobol application that we transcode away from mainframe to Java running on Linux is the private cloud like CloudStack or Openstack (see why  here).

Thanks to many advances over the years in hardware assistance for virtualization, kvm is now fine from a performance standpoint (in most cases), so we usually run our migrations over this hypervisor especially as it is favored by Redhat (the OSS "brand" favored by customers) in its RHEV product. Basically, we split the migrated mainframe into many Linux instances  with specialized functions (HA proxies, load balancers via Apache, processing instance via Java AS, database engines, etc.)

But, we're always monitoring the trends to find other ways of doing things. So, we monitor the huge buzz around Docker very extensively : (Linux) containers seems to be the "next big thing" in IT infrastructure and datacenters. Wikipedia introduces to Docker here)

Rather, than running it a full OS under the control of an hypervisor, you isolate the applicative function in a container and run it on a single instance of Linux in parallel (see this ZDNet article) with many other workloads themselves also isolated in their own container.

For us, the interest at this point is not yet production : we will continue to run applications as a cluster of kvm instances. But, for tests, Docker may prove the right solution to run, on a single OS, together all the various kinds of instances that we need in a productive cloud with all functional effects of networking across instances reproduced by networking across containers.

We do start those tests now.

In doing our initial homework, we found this very recent research paper by IBM comparing virtualization (kvm) to containers (Docker). I deeply recommend its detailled reading :
  • it very well explains the core motivation of both for isolation : resource control, functional and security isolation (parag #1)
  • it details in full length the basics of Docker (cgroups, namespaces, etc.) (parag #1 and #2.3)
  • it finally compares both across various benchmarks (parag #3) to conclude that Docker has always negligible overhead when compared to native runs and consequently outperforms kvm for I/O intensive workloads (storage, network). This comes of course at the expense of a less "sealing" isolation when compared to standard virtualization.
By the way, there is a question to which this excellent paper doesn't answer. It is asked by the very recent article of Forbes around Docker, the eponymous mother company of this white-hot container technilogy : how come can a company having no revenue yet (and not even knowing either how to generate some...) be raising 40-75 millions dollars at a valuation of $400 millions ?

Container technology is clearly a key building block of cloud computing for the years to come. But, will this brick really become THE cornerstone of the edifice as this stellar valuation seems to assert it ?

Your opinions are welcome !

Source: blog Media and Tech (par didier durand)

Aucun commentaire: