news

Technology | DOI:10.1145/3005680 Chris Edwards

Containers Push Toward

the Mayfly Server
The container revolution represents a large-scale shift
in thinking about multitasking systems.

T
H E D RI VE FO Refficiency in
servers is changing the way
applications and operating
systems interact. The proc- Container Service Container
ess has accelerated in just
the past five years, as server-farm op-
Container Mounted
erators have moved on from virtual-
machine technology as a way of improv-
ing hardware utilization toward even Container Volume
more streamlined options. The work
has led as far as the operating system
and application being compiled into Host node Host node
one block of software and stripping
out any unused services to reduce both Link
memory footprint and startup times.
Speaking about a project he and
fellow researcher Anil Madhavapeddy Container Container
worked on to pursue more efficient
server software, Richard Mortier, Uni- Container Container
versity Lecturer in the University of
Cambridges Computer Laboratory, Service
says: The original motivation that Anil
and I had was that you should be able Volume
to write software for the cloud, particu-
larly for network-connected services. Host node Host node
But if we were to do that, what would
it look like? Related to that was the
idea that it should be possible to build
Cluster
software without having to worry about A container-based virtualization architecture.
what platform it was targeted for.
To a limited extent, the move to vir- Docker, removes a lot of this overhead ating system running on bare metal.
tualization provided an answer for the by sharing one operating system im- Virtualized installations imposed a
second problem. Virtualization lets age among multiple partitions. Each performance penalty for I/O-intensive
completely different operating systems container only stores the additional applications, although improvements
CHA RT BY CL AUS PAH L, F ROM CONTA INERIZATION A ND T H E PA AS CLO UD

and their associated applications share
the same processors on a server blade.
A hypervisor manages and schedules
the operating systems running within
each virtual machine (VM).
The problem with virtualization is
that each VM partition calls for a com-
plete installation of the operating sys-
tem and its support software, even if
those partitions run the same versions
and differ only terms of the applica-
tions they or the users who own them
utilize. The container, an approach
popularized by companies such as
services and tasks required by the ap-
plications they hold, which can greatly
reduce the memory footprint. Runtime
also improves because full virtualiza-
tion demands multiple context switch-
es whenever I/O calls are made. Not
only does the operating system need to
switch into a supervisor mode to handle
I/O, the hypervisor itself forces a switch
to a more heavily protected mode in
order to service the I/O request.
Studies by Ericsson and IBM have
found containers to have little more
overhead than a conventional oper-
in hardware support for virtualization
have narrowed the performance gap.
Even as the performance gap has re-
duced, the growing base of support soft-
ware that has emerged around Docker
and its competitors has bolstered mar-
ket acceptance of containers. Orches-
tration software, such as Googles Ku-
bernetes or Apaches Mesos, has given
large users of server farms the ability to
quickly start containers and to delete
them just as rapidly. Chris Aniszczyk,
interim executive director of the Cloud
Native Computing Foundation and for-

24 COMM UNICATIO NS O F THE ACM | D EC EM BER 201 6 | VO L . 5 9 | N O. 1 2


mer engineering manager at Twitter,
a major user of Mesos, says the aver-
age container-based workload at the
social-media company ran for just 10
minutes of execution time.
A variety of open source projects
have emerged that build on top of or-
chestration. Services will find the best
mixture of hardware for a given group
of containers and link them to data
stores. Monitoring and logging servic-
es ensure the containers run correctly
and trigger remedial action if things
go wrong. But as the layers of software
around orchestration build up, they
cause a divergence between develop-
ment and deployment.
Casey Bisson, director of product
management at cloud computing
service provider Joyent, says it has
become more difficult for develop-
ers to emulate an orchestration envi-
ronment that can greatly affect how
containerized applications run when
deployed to servers. We have to make
the orchestration software laptop
more friendly, he says.
The unikernel architecture devel-
oped at the University of Cambridge
aims to help solve the problem of
achieving platform independence.
Today, we write software that em-
beds assumptions about the execution
platform. If you need to change the
platform, at best you need to recom-
pile; worst case, it calls for a rewrite,
Mortier says. One of the concepts be-
hind unikernels is that you are pushing
these things into the toolchain.
Mortier says the unikernel borrows
from the library operating system and
exokernel research of the 1990s. It
should be possible to do better than we
are now. If you look at how hardware
resources are handled today, you have
hardware thats abstracted through
a virtual-machine hypervisor. Then it
goes through the operating system ker-
nel, the language runtime, and then
more libraries on top. You have four or
five layers of scheduling all trying to do
the same thing. It seems a bit ridicu-
lous, he argues.
The unikernel bakes the applica-
tion and the operating system into one
executable image, removing most of
the layers between them. To prepare
the unikernel, a compiler analyzes the
application for its dependencies so
only those parts of the operating sys-
Mortier says
the rapid creation
and deletion of
unikernal-based
systems could
enhance security
by moving resources
around the network.
tem that are needed are incorporated
into the image. Mortier says the model
provides better security because the
unikernel has a much smaller attack
surface than a full operating system
and its attendant libraries.
Although in many cases the uniker-
nel will run on directly on the host pro-
cessor with no intervening software,
proponents envision implementations
where multiple unikernels share one
processor using hardware-assisted vir-
tualization. The lack of layering and
software duplication should make the
installation more efficient than tradi-
tional techniques.
Bryan Cantrill, chief technology of-
ficer of Joyent, argues the restrictions
of unikernels are too great to bear,
decrying the idea as a move back to
the days of single-tasking operat-
ing systems such as DOS. The lack of
multitasking within the unikernel
makes it difficult to run standard de-
bug tools, he says. Mortier points out
it is possible to link debug and trace
libraries into the executable, and ad-
ditional tooling is likely to develop to
support unikernels.
A further apparent downside of the
first generation of unikernels is that
they are designed for single languages
that use strong typing, such as Haskell
and OCaml. Yet unikernel projects
such as RumpRun have opened the
field to a wider range of languages and
software by supporting software that
uses the same Posix interfaces as those
provided by operating systems such
as BSD. The Cambridge group favored
OCaml because it made sense to them
to focus on more modern languages
DEC E MB E R 2 0 1 6 | VO L. 59 | N O. 1 2 | C OM M U N IC AT ION S OF T HE ACM
news
for something that potentially can re-
shape how server-based computing is
done. Docker has signaled its willing-
ness to investigate the wider adoption
of unikernels through its purchase of
Unikernel Systems, a spinout from re-
search at the University of Cambridge.
Mortier says unikernels are unlike-
ly to be used in isolation, but will be
aimed at particular jobs where security
or performance are most important.
There is an assumption here that ev-
erything is networked, he adds.
An experimental installation at
the university is divided into micro-
services provided by a group of net-
worked processors. Conventional con-
tainers host services such as Media-
Wiki, with unikernels used to handle
redirection to HTTPS addresses and the
transaction-layer security (TLS) protocol
itself. The relatively low overhead of the
unikernel software makes it possible to
create them for single transactions.
One 2015 experiment on a system
called Jitsu reduced boot time to 20ms
on an Intel server processor, compared
to five seconds for a conventional web-
server running on a VM. Mortier says the
rapid creation and deletion of uniker-
nel-based services could enhance secu-
rity by moving resources around the net-
work. There is no stable machine that
can be targeted, he claims.
The rapid movement of software and
microservices around the network cre-
ates its own problems. Midokura sys-
tems engineer Cynthia Thomas points
to issues such as traffic trombon-
ing, in which traffic between micro-
services and their data stores crisscross
the network many times, making the
connections look like the folded pipes
in a brass instrument.
The tromboning effect not only in-
creases the response time as perceived
by the user, but can cause the address
tables in networking equipment to
run out of space because of the larger
number of live connections they need
to maintain between services that pre-
viously would have been hosted on a
single machine. The support software
for orchestration software is evolving
hand-in-hand with virtual networking
software to create dynamic clusters of
microservices that make better use of
the underlying network hardware.
Although unikernels could be im-
prove security at several levels, one po-
25
news

tential disadvantage of the containers in 2014 monitored contention in the

that continue to run alongside those
unikernels is the weakening of security
compared to traditional VM environ-
ments. Most container platforms today
use only software protection for isola-
tion, and do not have recourse to the
hardware enforcement available with a
hypervisor-based VM environment.
Environments such as Docker use
kernel-provided namespaces to pro-
vide software in each container with
the illusion it is the sole inhabitant
of the Linux system it sees. In princi-
ple, and as long there are no security
vulnerabilities in the underlying con-
tainer software or operating system
to exploit, the containerized applica-
tion has no way to alter data in other
containers running alongside it on the
processor blade. However, researchers
have published proof-of-concept at-
tacks that use side-channel techniques
to eavesdrop on neighboring contain-
ers. An attack published by research-
ers at the University of North Carolina
cache to listen in on applications run-
ning in other containers.
The Cloud Native Computing Foun-
dations Aniszczyk points out that the
rapid creation and deletion of ser-
vices containers encourage makes it
more feasible to run them exclusively
on their target hardware. As a result,
timeslicing moves from being per-
formed on the order of tens of milli-
seconds to that of minutes. It supports
a model where server-farm operators
can dynamically allocate entire blades
to an application for the seconds or
minutes it needs to run.
With availability comes flexibil-
ity and dynamism, says Mortier. You
can scale up and down quickly.
In this way, the container revolu-
tion represents a large-scale shift
in thinking about multitasking sys-
temsone that treats compute as a
resource made abundant by Moores
Law, rather than the traditional view
that processor capacity is scarce. 2016 ACM 0001-0782/16/12 $15.00
Further Reading
Morabito, R.
Power Consumption of Virtualization
Technologies: An Empirical Investigation,
Proceedings of the 8th IEEE/ACM
International Conference on Utility and
Cloud Computing (2015).
Madhavapeddy, A., et al
Jitsu: Just-in-Time Summoning of
Unikernels, 12th USENIX Symposium
of Networked System Design and
Implementation (NSDI15), 559-573
Engler, D.R., Kaashoek, M. F., and OToole, Jr., J.
Exokernel: An Operating System
Architecture for Application-Level Resource
Management, Proceedings of the fifteenth
ACM Symposium on Operating Systems
Principles: 25166 (1995).
Zhang, Y., Juels, A., Reiter, M., and Ristenpart, T.
Cross-Tenant Side-Channel Attacks in PaaS
Clouds, Proceedings of CCS14, 990
Chris Edwards is a Surrey, U.K.-based writer who reports
on electronics, IT, and synthetic biology.

Milestones

Computer Science Awards, Appointments

ACM, IEEE RECOGNIZE
NISAN WITH KNUTH PRIZE
The 2016 Donald E. Knuth Prize
recently was awarded to Noam
Nisan of the Hebrew University
of Jerusalem for fundamental
and lasting contributions
to theoretical computer
science in areas including
communication complexity,
pseudorandom number
generators, interactive proofs,
and algorithmic game theory.
The work of Nisan, a
professor of computer science
in the School of Engineering
and Computer Science of the
Hebrew University of Jerusalem,
has had a fundamental impact
on complexity theory, which
examines which problems
could conceivably be solved
by a computer under limits on
its resources, whether it is on
its computation time, space
used, amount of randomness,
or parallelism. One way in
which computer scientists have
explored complexity limits is
through the use of randomized
algorithms; Nisan has made
major contributions exploring
the power of randomness
in computations. His work
designing pseudorandom
number generators has offered
many insights on whether,
and in what settings, the use
of randomization in efficient
algorithms can be reduced.
Nisan has been a major player
in Algorithmic Game Theory
and laid the foundation of
Algorithmic Mechanism Design
(a mechanism is an algorithm
or protocol designed so rational
participants, motivated purely
by self-interest, will achieve the
designers goals). He designed
some of the most effective
mechanisms by providing the
right incentives to the players,
and has shown that in a variety of
environments, there is a trade-off
between economic efficiency and
algorithmic efficiency.
He is also a leading authority
in communication complexity, an
area of research that examines the
amount of information that needs
to be transferred between parties
for computational problems.
The annual Donald E.
Knuth Prize recognizes
outstanding contributions to
the foundations of computer
science by individuals for
their overall impact in the
field over an extended period,
and includes a $5,000 award.
It is jointly bestowed by
the ACM Special Interest
Group on Algorithms and
Computation Theory (SIGACT)
and the IEEE Computer Society
Technical Committee on the
Mathematical Foundations of
Computing (TCMF).
2 COMPUTER SCIENTISTS
AMONG NEWEST
MACARTHUR GENIUSES
The MacArthur Foundations
recent announcement of its 2016
MacArthur Fellows, commonly
known as the genius grants,
included computer scientists
Subhash Khot and Bill Thies.
All of the Fellows receive a
no-strings-attached $625,000
grant for their exceptional
creativity and potential for future
contributions to their fields.
Thies, a computer scientist
at Microsoft Research India
in Bangalore, India, works to
create innovative solutions
to a host of socioeconomic
challenges facing low-income
communities in the developing
world. Thies has used affordable
mobile phone technology to
connect people in rural India,
giving them a way to consume
and create digital content
through simple phone calls.
His work has had wide-
ranging impacts in areas of
citizen journalism, mobile
health applications, and
higher education.
Khot, Silver Professor
of Computer Science at
the Courant Institute of
Mathematical Sciences of New
York University, is a theoretical
computer scientist and the
architect of the Unique Games
Conjecture, which Khot and
other researchers have used to
make enduring discoveries in
seemingly unrelated areas, such
as electoral stability and the
structure of foams.
The MacArthur Fellows
Program awards unrestricted
fellowships to talented
individuals who have shown
extraordinary originality and
dedication in their creative
pursuits and a marked capacity
for self-direction.

26 COM MUNICATIO NS O F TH E AC M | D EC EM BER 201 6 | VO L . 5 9 | N O. 1 2