1. NGDC Summer 2009 cyberstalk : irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09 irving + andy Virtualize or Containerize?

2. NGDC Summer 2009 Hello San Francisco!

3. irving + andy NGDC Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09 Virtualize or Containerize?

4. Virtualize or Containerize? Agenda 1. Why we're here 2. Act I - Virtualize or Containerize (aka "So, you're a provider...") 1. Define and Differentiate 2. State of the Art -> dealbreakers + dealmakers 3. Act II - The Trouble with Clouds (aka "So you're looking to buy?") 1. A Market for Lemons 2. How it's hurting consumers 3. Wouldn't it be cool if... 4. Further resources 5. Get in touch... NGDC Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

6. Amazon EC2, Xen, Vmware... Perhaps you've heard of them?

8. NGDC Summer 2009 Virtualize or Containerize? Why we're here Irving said blasphemous things about virtualization in IRC. irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

9. NGDC Summer 2009 Virtualize or Containerize? Containerization: Is that even a thing? irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

10. NGDC Summer 2009 Virtualize or Containerize? Rollcall Virtualization users and their admirers irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

11. NGDC Summer 2009 Virtualize or Containerize? Rollcall Containerization users and their admirers irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

12. NGDC Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09 Virtualize or Containerize? Act I Virtualize vs. Containerize: Define + Differentiate So, you're a provider...

13. NGDC Summer 2009 Virtualize or Containerize? Before we begin, assumptions Our focus: x86 Server Market Open Source Operating Systems Open Source & Web Application stacks Yes, we know that: Virtualization actually kicked off in the 1970s Mainframe world. Things are different when you bring Windows into the picture. If you want to discuss Windows, Mainframes, etc, you may be at the wrong talk. irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

15. The virtualization "host" presents a complete set of hardware (CPU, memory, disk, devices) to the "guest", fooling the guest into thinking it is running on real hardware

16. Analogy: The Matrix

18. Xen (Paravirtualization)

19. KVM (Paravirtualization)

20. Virtualbox (Full Virtualization)

23. System Protection

25. Memory Performance

26. IO Performance

27. Noticing a trend? Expensive translation Scheduler Contention irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

28. NGDC Summer 2009 Virtualize or Containerize? Containerization: The Difference is found in the Translation Virtualization (much must be translated) Containerization (It's all native) irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

29. NGDC Summer 2009 Virtualize or Containerize? The Alien is the Guest, the Human is the Host *Except when you containerize, then a Human is both the Guest and Host irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

30. NGDC Summer 2009 Virtualize or Containerize? Containerization: Tools like OpenVZ are already packaged with or for your favorite distro irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

32. Essentially, virtualization in user-land

33. Single kernel provides greater control of guests, yet thinner separation between guests

35. Linux-Vserver

36. FreeBSD Jails

37. Solaris Containers irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

39. IO and Memory Performance levels similar to native operation

40. CPU Scalability - no "virtual SMP" limits

42. “ Enterprise Functionality” is a mixed bag irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

44. Easily Access the Filesystem of Guests from the Host

45. Share identical memory between Guests and the Host

46. Super-easy Template usage and creation

47. Very fine grained resource limits irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

48. NGDC Summer 2009 Virtualize or Containerize? Command-Line Examples List vzlist -a CTID NPROC STATUS IP_ADDR HOSTNAME 1 35 running 10.101.60.79 localhost 101 8 running 10.101.66.1 ct101.swsoft.com 102 7 running 10.101.66.159 ct102.swsoft.com 103 - stopped 10.101.66.103 ct103.swsoft.com Enter container:~# vzctl enter 100 entered into VE 100 root@www:/# Change User Password vzctl set 100 --save --userpassword apache:secretpassword! Change DNS Server vzctl set 100 --save --nameserver 192.168.0.2 irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

49. ONBOOT="yes" VE_ROOT="/var/lib/vz/root/$VEID" VE_PRIVATE="/var/lib/vz/private/$VEID" OSTEMPLATE="ubuntu-8.04-amd64-minimal" ORIGIN_SAMPLE="vps.basic" HOSTNAME="www.example.com" IP_ADDRESS="192.168.0.220" NAMESERVER="192.168.0.10" NOATIME="yes" DISKSPACE="10485760:11530240" DISKINODES="200000:220000" QUOTATIME="0" CPUUNITS="1000" OpenVZ Config Example VITALS QUOTAS Virtualize or Containerize? NGDC Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

50. KMEMSIZE LOCKEDPAGES PRIVVMPAGES SHMPAGES NUMPROC PHYSPAGES VMGUARPAGES OOMGUARPAGES NUMTCPSOCK NUMFLOCK You Want Fine Grained Resource Limits? NUMPTY NUMSIGINFO TCPSNDBUF TCPRCVBUF OTHERSOCKBUF DGRAMRCVBUF NUMOTHERSOCK DCACHESIZE NUMFILE AVNUMPROC NUMIPTENT You got em. Hard and Soft limits for all. Virtualize or Containerize? NGDC Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

51. Virtualize or Containerize? Who were Popek and Goldberg? Published a famous paper in 1974 called "Formal Requirements for Virtualizable Third Generation Architectures". The fundamentals are still relevant today. Equivalence A program running under the VMM should exhibit a behavior essentially identical to that demonstrated when running on an equivalent machine directly. Resource control The VMM must be in complete control of the virtualized resources. Efficiency A statistically dominant fraction of machine instructions must be executed without VMM intervention. NGDC Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

52. Virtualize or Containerize? Convergent Evolution (Or something...) NGDC Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

53. Virtualize or Containerize? Convergent Evolution... Or Common Management Layer libvirt? NGDC Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

54. Virtualize or Containerize? What's best for you? It depends on who you are. NGDC Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

56. sellers?

57. administrators?

58. administrator and user?!?!

59. providers?

60. users?

61. developers?

62. just need to run a dang app? NGDC Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

64. Providing infrastructure, or applications on top of an infrastructure, within your organization/company

66. using an app that needs infrastructure

68. Providing infrastructure, or applications on top of an infrastructure, within your organization/company

70. using an app that needs infrastructure

71. Virtualize or Containerize? Let's help you choose You care about: "Enterprise" functionality, support, clustering, pretty dashboards. Virtualize! NGDC Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

72. Virtualize or Containerize? Let's help you choose You care about: Running many, many different x86 OSes. And a wide array of virtual appliances. Virtualize! NGDC Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

73. Virtualize or Containerize? Let's help you choose You're an Infrastructure provider, and you need to run many, many instances of Linux as efficiently as possible. You understand that fitting more guests on a host is free money. Containerize! NGDC Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

74. Virtualize or Containerize? Let's help you choose You're a startup or indie developer on Linux, and you need to stretch every dollar. However, you want to easily add Staging/Dev environments, regression test on a wide variety of distributions, etc. People keep telling you to "Get a VM for that project." What do you do? Containerize! NGDC Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

75. Virtualize or Containerize? Act II The Trouble with Clouds So, you're a consumer of infrastructure... NGDC Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

76. Virtualize or Containerize? The market for lemons Much of what you just heard doesn't matter if you are a buyer of Infrastructure services (IaaS, Cloud Computing, etc.) Building any large-scale high performance virtualization infrastructure can be very tricky (variance in technical solutions) Vendors are forced to compete primarily on Price, not Quality. See famous paper "The Market for Lemons" by economist George Akerlof. NGDC Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

77. Virtualize or Containerize? (interrupting record scratch sound) NGDC Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

79. API

80. Pricing and Features

82. Install smart Caching mechanisms by default (WP-Super-Cache, memcached, Boost, mod_cache)

83. Don't fool buyers into thinking that they can get by without a proper sysadmin.

84. Don't instantly upsell more widgets when the customer's performance goes south. NGDC Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

86. Compare real-world task response times

88. Discussion forums

89. How-to articles Encourage vendors to be more transparent and describe their offerings in a more meaningful way. NGDC Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

90. Virtualize or Containerize? Okay, Now take a deep breath NGDC Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

92. VMware whitepaper: Understanding Paravirtualization http://www.vmware.com/files/pdf/VMware_paravirtualization.pdf

93. Intel whitepaper: Hybrid Virtualization http://www.vmware.com/files/pdf/VMware_paravirtualization.pdf

94. Troubleshooting hosted Xen story: http://wiki.xen.prgmr.com/xenophilia/2009/06/see-this-is-why-i-dont-assume.html

95. Popek and Goldberg Virtualization Requirements http://en.wikipedia.org/wiki/Popek_and_Goldberg_virtualization_requirements NGDC Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

96. Virtualize or Containerize? Get in touch Andy (Andrea) Sysadmin in Portland, OR Cries when make fails. twitter/identica: thesethings Blog: http://www.thesethingsmattertome.com/ Irving Popovetsky Independent consultant from Portland, OR Unabashed OSS nerd for nearly 15 years twitter/identica: irvingpop Blog: http://www.cloudest.com/blog/ NGDC Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

97. Virtualize or Containerize? Questions?? NGDC Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09

98. Virtualize or Containerize? Thanks for coming! NGDC Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: http://bit.ly/ngdc09