BT

Q&A with Bryan Cantrill: Running Containers on Bare Metal with Triton

| by Daniel Bryant Follow 760 Followers on Aug 05, 2015. Estimated reading time: 6 minutes |

InfoQ recently sat down with Bryan Cantrill, CTO of Joyent, and asked about his thoughts on container technology, running Docker on bare metal, and how Joyent is driving technical innovation within this space through the development of their Triton platform.

Cantrill is a regular on the software development and operations-focused conference circuit, and has recently presented "Running Aground: Debugging Docker in Production" at DockerCon 2015, "Building and Scaling Container Driven Cloud Infrastructure" at Container Camp SF 2015, and "The Peril and Promise of Early Adoption: Arriving 10 Years Early to Containers" at the O'Reilly Software Architecture conference 2015.

A frequent topic of these talks is the benefit of running containers on bare metal, the advantages of which may be obvious (i.e. removing any performance overhead of running within a virtual machine), but there are several outstanding security issues. InfoQ asked Cantrill about his thought on these issues, and also recent work he has been doing at Joyent.

InfoQ: We understand that Joyent have been working with container technology for quite some time. Could you tell us more about this please?

Cantrill: Joyent has been using containers as high-performance alternatives to hardware VMs for almost ten years. It was apparent to us early on that their operational and economic benefits far outweighed what VMs could ever provide. Uniquely, we're the only cloud that offers secure, elastic, bare metal containers. The security that makes this possible can be traced back to the Zones technology developed by Sun Microsystems and released as open source in Open Solaris.

Many aspects of containers in Linux are still very new (user namespaces, for example, are not fully supported in all distros to this day), but by building on the mature foundations of Zones in Open Solaris, Joyent's SmartOS container hypervisor can offer strengthened security and enhanced resource isolation that's a decade ahead of other approaches.

With Triton, we bring the maturity and security of Zones to Docker and Linux. You can easily fire up containers on Triton from the Docker client. Or, for those that want the benefits of OS virtualization without having to Dockerize their workloads, we offer certified Ubuntu, with the support of Canonical, as well as CentOS, Debian, and other container-native Linux options.

InfoQ: The Joyent website states that users of your 'Triton Elastic Container Infrastructure' can expect bare metal performance at the scale of a virtual machine. What exactly does this mean - are containers actually being run on bare metal?

Cantrill: Both infrastructure containers and Docker containers really do run on bare metal on Triton, offering both higher performance and better utilization of the hardware. For I/O intensive workloads the performance benefits can be dramatic. And, the combination of better performance and higher utilization reduces costs for both the customer and the provider -- an especially interesting prospect for our customers operating private clouds. Again, we can run containers on bare metal because our compute infrastructure is built on the secure foundations of Zones, which frees us from the dependency other vendors have on VMs.

InfoQ: How do your offerings compare to the likes of IBM SoftLayer or Packet, both of which offer bare metal server management through an API?

Cantrill: There are a number of bare metal providers that will allow you to provision a whole server, but Triton's container infrastructure offers bare metal performance with elasticity that can't be matched by those providers. From containers as small as 128 megabytes and scaling up to 64 gigabytes or even up to 224 gigabytes, you have the flexibility to use a container that offers exactly the performance and price you need.

Triton also offers a rich, integrated set of infrastructure automation tools that streamline provisioning the container, including all the networking and storage, as well as imaging it with exactly the software you need. In the public cloud, this means you get bare metal performance with all the elasticity and security you expect of hardware virtual machines, and in the private cloud this means you can get newly racked compute nodes serving real workloads in as little as 60 seconds.

The bottom line here is that bare metal gets you just that, bare metal. You still need to fill the gap between the metal and the application, to create a platform for running and managing containers. That is what Triton does.

InfoQ: The Joyent website states the key differentiators for Triton are security, networking and introspection/debugging. Is there anything else you would like to mention?

Cantrill: Simplicity. Triton delivers operational robustness in the areas of security, networking and debugging, but the real trick is that we do it in a way that makes deploying and operating a container-based architecture simple. Additionally, we are the only solution that is 100% open source and available on-premise as enterprise-supported software, and in the cloud as a service.

InfoQ: How does Triton relate to (or work with) other container orchestration and scheduling platforms, such as Mesos, Kubernetes or the Docker suite of Engine/Compose/Swarm etc?

Cantrill: Mesos and Kubernetes both offer great tools to help manage application lifecycle and composition, and I think Docker's suite will grow to offer similar capabilities, but they don't solve infrastructure problems. Scaling and load balancing containers or swapping new versions for old are important problems, but where do those containers run? How do you manage the underlying compute nodes? How do you deliver storage, network, and compute to those applications?

We draw a clear line between the infrastructure and the application framework. Our goal is to provide the best infrastructure underneath your application orchestration tool of choice. Today we offer the best production environment for Docker containers and the Docker suite of tools, and we're working fast to do the same for Kubernetes and Mesos.

InfoQ: What would you expect the typical workflow (and tooling) to be from development to production with Docker and Triton?

Cantrill: One of the reasons we fell in love with Docker, along with so many other devs, is that it makes development on our laptops easy. That's why we've worked so hard to make sure deploying applications in our cloud is as easy as doing "docker run" on your laptop. Adding Docker Compose and Swarm makes this even easier.

Take a look at the screencast in our blueprint for building apps based on Couchbase. The sophisticated networking and host management features of our cloud make deployments easy and scaling easier. But remember: you don't have to Dockerize an app to enjoy bare metal container performance. See our alternative example for how to deploy Couchbase in infrastructure containers as well.

InfoQ: The Cloud Native Computing Foundation (CNCF), in combination with the Open Container Initiative (OCI), seems quite interesting. As a founding member of both, and one of three initial ToC members for the CNCF, what is your ambition for these organizations?

Cantrill: We think that broad adoption of container-native architectures will accelerate if the key vendors and open source projects in the space can work together to articulate an opinionated reference architecture, and that the CNCF can provide a forum for creating that kind of collaboration. For example, Triton can be combined with the CNCF management software components to deliver a vendor neutral, 100% open source, 100% container-native, "complete stack" for demos, POCs, and on premise production deployments of container-native solutions. Because Triton natively supports the standard API set of the CNCF management software components, choice is preserved for users that may want to substitute a proprietary run time environment, while providing an easy on ramp to "cloud native" for the majority of the market that values, more than anything else, speed and simplicity.

InfoQ: Many thanks for taking the time to answer these questions. Is there anything else you would like to add?

Cantrill: To sum it all up, Triton software turns commodity hardware into "hyper-converged" infrastructure, optimized to securely run container-native architectures with bare metal speed. Triton is easy to deploy on a laptop, server, or racks of servers, and can scale to support the demands of a multi-region public cloud. Or, you can leverage Triton in the Joyent public cloud as a service.

Additional information about Joyent's Triton can be found on the developer FAQ pages within the Joyent website.

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT