Just recently our technology partner Parallels, the company that propelled the development of isolated containers technology for Linux, celebrated its 15th anniversary. Below is the interview with representatives from Parallels, where they revealed some of the details about the company’s participation in the development process of several open source projects, about the containers technology they provide and their influence on the container market nowadays.
This article was originally published at OpenNet. Here we provide its translation with our own observations and comments, as we are closely acquainted with Parallels containers solution which is used within Jelastic Cloud from the very beginning of our platform creation.
Parallels is one of the founders of the container-based virtualization industry. How did you grow your business and what tasks did you aim to achieve?
Over 15 years we have been doing container-based virtualization of servers on the level of OS, and our company (named SWsoft in those days) became well-known very fast because of this system. In 2001 Parallels released Virtuozzo – a container virtualization solution that gained popularity in the hosting market. The open source version became known as OpenVZ. From 2005 OpenVZ existed as an independent project. In Parallels we tried to make Virtuozzo for FreeBSD, but it was an unpromising attempt, and we closed it. In 2005 Virtuozzo version for Windows was launched.
According to the report of the Linux Foundation, Parallels was in the list of the developing companies that contributed the most in the core Linux kernel. For example, only for OpenVZ project we made approximately 1700 patches in the kernel. From last news, RedHat gave thanks to Vladimir Davidov for reporting some serious issues – CVE-2014-0203 and CVE-2014-4483 in the latest RHEL6 kernel update (the second problem was detected by one of our automatic tests using Linux Test Project). Vasiliy Averin received a commendation for error detection CVE-2014-5045, Dmitriy Monahov – for CVE-2012-4508.
The container project of Parallels still remains the only commercially successful project in the field of virtualization on operating systems. With revealing interest in containers by Google (high density comparing to the hypervisors, high performance and elastic response when you reconfigure the system due to the changed load for mass provisioning of the web services), technology started to appear in the enterprise segment. The OpenVZ project constantly improves and ports to new kernels. The company adds new functionality, improves performance and launches updates, including those connected with security. We are focusing on the stabilization of the kernel based on RHEL7, which is quickly approaching to the status of beta.
It is worth mentioning that OpenVZ received official technical support from Parallels and the opportunity to get financial help.
Today, the task of Parallels is to bring the technology of container virtualization into the mainstream of Linux, so that every Linux server in the world could have an opportunity to create the containers.
Jelastic’s approach to containers
From the very beginning of Jelastic platform development we’ve used the Parallels Virtuozzo Containers solution for container based virtualization. Such implementation allows users to run a large number of applications on a single physical server due to the system-level virtualization. By leveraging containers technology from the beginning, we’re confident our long-term strategy in the PaaS layer is solid.
Currently containers within Jelastic Cloud are used by a wide range of hosting service providers around the world for hosting millions of end users’ applications in a very cost-effective way.
What technologies have been adopted in OpenVZ kernel Linux?
The OpenVZ project as a part of company’s container development, is aimed to transfer all of its functionality in Linux kernel (it is already 2/3 implemented). The kernel has PID, network namespaces, the parts of cgroups resource controllers, NFS-virtualization, and the mass of different fixes. There has been implemented the extension of the opportunities to manage container resources, “freezing” the container’s conditions and resumption of their work with a minimum of kernel modifications, live migration of containers from one physical server to another. This work will be continued.
Why? We have mutually beneficial relationships with the OS-community: we create new technologies, sharpen them with our users, and return to the kernel. Why should we give it to them? Once in a few years, changes have to be moved to a new code base, and this is not the most exciting work and that takes a lot of time.
The second reason is that someone else can add identical functionality, but it won’t be appropriate for our needs. It is important to understand that the promotion of own code in the kernel often creates long discussions with other developers, and, as a result, from the initial patch nothing is left at the end.
Does Parallels have any connection to the development of LXC tool?
We always hear that the developers differentiate LXC and OpenVZ projects. This is unfortunate, because the team that develops OpenVZ, also actively develops LXC, merely in cooperation with other companies. And the contribution of developers from Parallels in LXC is significant – more than half of the code is written by us, and some parts are done only by the Parallels team. As developers, we only win from the fact that containers have been used by other companies, for instance, Google and IBM. That’s why we do not oppose LXC and OpenVZ. Basically, these are interpenetrating things, merely, LXC is under development, and it is not ready for mass consumption, and OpenVZ is a turnkey solution, suspension over LXC.
In 2005 Google was looking for elastic resource scaling. It was necessary that each user had an opportunity to get a qualified web service at any time, regardless if the current loads and remaining resources could be used for business background tasks. Google employees have experimented with traditional visualization, but they abandoned to apply it. At the same time, a group of developers was working with Linux and the concept based on the mechanism of cgroups. In a few months Google has hired this group to work on containerization of their data centers. In January 2008, a part of cgroup technology, used at Google, was transferred into the kernel.
This is how LXC project (LinuX Containers) was born. Close to this time, Parallels launched OpenVZ. In 2011 Google and Parallels agreed for cooperation working with their container technologies. It resulted in the implementation of Linux kernel v.3.8 in 2013, in which all current container technologies for Linux were connected. It helped to prevent the painful division of KVM and Xen kernels.
Can СRIU make live migration for containers?
CRIU is the project that was also born in the process of interaction between Parallels team and a community of Linux kernel developers. This technology can stop the processes on Linux and restore them at another place or at a different time based on received data (checkpoint/restore technology). Moreover, this is the first implementation of the applications’ snapshot technology, which runs on unmodified OS (a kernel + system library) Linux (for example, accessible in Fedora since the 19th version) and supports any state of processes. Projects of this kind have been done before, however, they had some drawbacks, or they needed a special kernel to tighten up system libraries, or there were some limits of maintained states.
The first implementation of checkpoint/restore from Parallels appeared in 2005, and it supported OpenVZ and Virtuozzo containers. The author of it is the legendary Alexey Kuznetsov who is the creator of 90% TCP/IP stack in Linux. We tried to bring it to an upstream kernel already at that time, but we did not succeed. The next attempt was done by Oren Laadan in 2008. He suggested a more versatile version of the kernel implementation, but the community was not excited about such complex code, and the attempt again failed. Then, in 2011, the head of the development team of Parallels Server Virtualization, Pavel Emelyanov, decided to take another road – when most of the logic is implemented in the space of the user, and kernel modifications are minimal. Thus, CRIU (Checkpoint/Restore [mostly] In Userspace) was born. In the fall of 2013, the first major release of CRIU 1.0 was announced, and in September 2014 the version1.3 was launched providing, among others, one very important thing for the whole market – live migration of containers, including Docker and LXC. This we achieved thanks to another project – P. Haul that is built over CRIU and implements live migration.
Why do we need it? There are lots of ways on how to use this technology: in addition to live migration, the acceleration of the large applications start, update of the kernel without rebooting, load balancing, saving the task status in case of system failure. Why does the community need it? There are several scenarios of usage, including network load balancing, behavior analysis of applications on another machine, processes duplication and etc.
Jelastic and live migration of containers
Live migration is one of the key features that is very important for enterprise cloud platforms. Jelastic cloud service providers can easilymigrate containers with applications from one physical server to the other with zero downtime and that is a key requirement to maintain overall performance and quality. This increases operational efficiency, provides better load balancing and data center utilization and allows moving customers to more powerful nodes without service interruption.
In addition, during maintenance or other planned downtime of hardware, the live migration feature can perform automated evacuation of containers from one hardware node to another. This makes the Jelastic platform the right choice for hosting even stateful applications. During live migration, applications keep working without downtime and get the required resources.
Jelastic’s unique automatic vertical scaling uses live migration to ensure that applications can scale within a server without downtime. As an application scales within a server, other applications can be automatically migrated to another server to make room. Live migration allows Jelastic to deliver all the needed resources for applications, without restarting containers and causing application downtime.
What is the relationship of Parallels with Docker project?
Docker is not a competitor but a partner for system libraries. Sometimes we get some strange questions about the competition with Docker that handles containers as well. We consider them strange because the existing container projects are not in the state of the competition on the market. For a long time in the past, various container projects (for instance, OpenVZ, LXC, Docker) coexisted rather than in parallel, offering their users a similar experience in essence, but different in its implementation and detailed technology. But the clouds continue to grow and their popularity increases along with them. And the developers of container virtualization technology unite to solve the problems.
We work together on system library projects that provide an interface to the kernel container components. First of all, the Libcontainer project started by Docker, now involves Parallels, Canonical, Google and RedHat, and they agreed on joint development. Secondly, libctlibrary that was started by our colleague Pavel Yemelyanov, and now is actively developed with a help of Docker, LXC and Google. In particular, we are working on support of Docker in OpenVZ kernel (backend in the libct) and inside OpenVZ container. Both projects have the same objectives, which is to standardize Docker with Linux kernel and lock in to the major programming languages, and, thus, to expand the number of usage scenarios for the containers’ industry.
These libraries are necessary because the kernel does not have such term as “container”. Speaking of containers, the kernel developers mean several different kernel subsystems that, if used properly, let isolate the applications in virtual environments. These are mainly cgroups and namespaces. The direct use of kernel interfaces is possible but rather non-trivial. Libraries designed to simplify the procedure of their use giving programmers the interface that has more typical terms: “container”, “computing resources”, “virtual network” and etc.
Jelastic + Parallels + Docker
Docker, Jelastic and Parallels containers are complementary to each other. Docker addresses application assembly, delivery and portability; Jelastic provides orchestration and management for hosting applications in the cloud and Parallels Cloud Server offers container and storage infrastructure performance and availability.
Docker is a packaging and orchestration system that requires container technology to function. We believe the evolution of Docker is not finished yet and requires more attention on the virtualization layer to finally deliver the promised high density, together with an advanced level of security and live migration of containers on top of bare metal hardware.
It’s obvious that hosting Docker templates inside a VM is not efficient enough and can be improved to deliver the original promise of containers virtualization. Moreover, this point becomes dramatically important if you think about economy, TCO, performance, licensing and management complexity of private cloud and cloud-in-a-box solutions designed for DevOps.
We offer the first industry solution that combines Docker’s application delivery approach and Parallels containers, fully managed via Jelastic PaaS. The collaboration allows service providers to enable continuous application delivery, fully elastic scalability and integrated orchestration and management for hosting applications in the cloud. Jelastic’s solution means that Docker users can now run their containers securely and at high density within Parallels containers.
Does Parallels participate in the development of virtualization technology?
We are involved in the development of libvirt, the cross-platform library for virtualization management, organized by RedHat. There we have added support for the above mentioned Parallels Cloud Server and OpenVZ products.
Congratulations to our partner Parallels on their 15th anniversary and the enormous success they have achieved.
If you would like to discover how Jelastic uses container technology, enabling live migration, full isolation and security, smart distribution of containers, high density, memory de-duplication, full orchestration and more, sign up for your 2-week free trial now!