microservices unikernels portland state university cs
play

Microservices, Unikernels Portland State University CS 430P/530 - PowerPoint PPT Presentation

May 11, 2023 •360 likes •917 views

Virtual machines, Containers, Microservices, Unikernels Portland State University CS 430P/530 Internet, Web & Cloud Systems When en disks sks wer ere e flopp ppy.. .. WTH? Portland State University CS 430P/530 Internet, Web &

  1. Virtual machines, Containers, Microservices, Unikernels

  2. Portland State University CS 430P/530 Internet, Web & Cloud Systems

  3. When en disks sks wer ere e flopp ppy.. ..  WTH? Portland State University CS 430P/530 Internet, Web & Cloud Systems

  4. Sing ngle le pr process cess sy syst stem ems  Apple II, TRS-80  Single memory address space using real memory  Single CPU not shared  OS disk loads OS onto computer  OS loads program from another disk that takes over entire machine  Repeat entire sequence when you want to run another program Portland State University CS 430P/530 Internet, Web & Cloud Systems

  5.  How did it differ architecturally? Portland State University CS 430P/530 Internet, Web & Cloud Systems

  6. Mul ultipr tiprocess ocess shared red mem emory  Original Macintosh  Multiple processes and OS share CPU/memory  Explicit switching between processes  Still have a single, shared, real-memory address space Portland State University CS 430P/530 Internet, Web & Cloud Systems

  7. Issue…  Provides no isolation between apps and OS  Memory errors in one process can corrupt both the OS and other processes Portland State University CS 430P/530 Internet, Web & Cloud Systems

  8. How w did d th thes ese e sy syst stem ems s differ? er? Portland State University CS 430P/530 Internet, Web & Cloud Systems

  9. Mul ultipr tiprocess ocess virtual tual mem emory  IBM System 370 (1972), Windows NT (1993)  Operating system and hardware coordinate to provide virtual memory abstraction  Each process believes it owns all of real memory  OS implements a namespace for memory using PID  e.g. real addr = f(process ID, virtual addr)  Each process believes it owns the CPU  OS scheduler virtualizes CPU using process ID and stored CPU state  Transparent time-slicing of underlying CPU  All share underlying hardware through OS  Provides a “virtual computer” -ish abstraction Portland State University CS 430P/530 Internet, Web & Cloud Systems

  10. Multiprocess shared memory Multiprocess virtual memory (Real shared CPU/RAM/OS) (Virtual CPU/RAM, Real OS) Single process machines (Real CPU/RAM/OS) What resources are not virtualized in the OS? Portland State University CS 430P/530 Internet, Web & Cloud Systems

  11. Mul ultipr tiprocess ocess virtual tual mem emory y issue ues  Processes still share some operating system resources explicitly  File system  Networking ports  Users/groups  e.g. only memory has a name space (PID:VirtualAddress)  Security break in one application breaks others  Motivates… Portland State University CS 430P/530 Internet, Web & Cloud Systems

  12. Virtual tual Machin chine e (VMs) s)  Virtualize hardware to allow multiple operating systems to run  Like a name space for hardware resources  VM contains entire OS and application state  Virtualization layer multiplexes them onto underlying hardware  Virtualization (Hypervisor) Layer  Decouples OS from hardware  Enforces machine isolation and resource allocation between VMs  Each VM sees its own CPU, memory, network components, operating systems, and storage isolated from others (in theory… Spectre)  Hardware support via additions to x86 with Intel VT-x and AMD-V (2005) Portland State University CS 430P/530 Internet, Web & Cloud Systems

  13. Virtual tual ma machines hines  Ancient idea  Takes until 1999 before x86 gets its first hypervisor via VMware From IBM VM/370 product announcement, ca . 1972 2015 Portland State University CS 430P/530 Internet, Web & Cloud Systems

  14. Why virtu tualize alize?  Mail server, Database server, Web server all running different software stacks  Typically use a small percentage of resources on a single machine  Can get isolation of domains and better resource usage if multiplexed onto the same hardware using VMs  Prevent a compromise of one leading to a compromise of the other  On client…idea behind per-application VMs in QubesOS, Bromium Portland State University CS 430P/530 Internet, Web & Cloud Systems

  15. Types pes of hype pervis visor ors  Type-2 hypervisor  Host OS runs hypervisor (virtual machine monitor, virtualization layer)  Hypervisor runs independent guest VMs  Hypervisor traps privileged calls made by guest VMs and forwards them to host OS  Guest OSes must be hardware- compatible (e.g. can’t run an IBM AIX VM on your x86 laptop)  Examples: VMware Player, Virtual PC, VirtualBox, Parallels Portland State University CS 430P/530 Internet, Web & Cloud Systems

  16. Types pes of hype pervis visor ors  Type-1 (bare-metal) hypervisor  Removes underlying host OS  Hypervisor runs natively on hardware  Commonly used in data centers  Examples: KVM (used by GCP), Xen (used by AWS), Hyper-V (used by Azure), VMware ESXi Portland State University CS 430P/530 Internet, Web & Cloud Systems

  17. Multiprocess shared memory Multiprocess virtual memory (Real shared CPU/RAM/OS) (Virtual CPU/RAM, Real OS) Single process machines (Real CPU/RAM/OS) Virtual Machines (Virtual hardware, Real OS) Portland State University CS 430P/530 Internet, Web & Cloud Systems

  18. Iss ssue ues s wi with th VMs  Start-up time  Bringing VMs up and down requires OS boot process  Size  Entire OS and libraries replicated in memory and file system  Requires large amounts of resources (i.e. RAM) to multiplex guest OSes  Want isolation VMs provide without full replication of software stack  Not quite portable  VMs running on one cloud provider under one hypervisor can not be run on another cloud provider under a different one without modification  e.g. Moving an AWS EC2 instance to Google Compute Engine  Motivates… Portland State University CS 430P/530 Internet, Web & Cloud Systems

  19. Container tainers  Virtualize the operating system  So far  Traditional operating systems virtualize CPU and memory (e.g. processes)  Leave file-system and network shared amongst applications  Virtual machines virtualize hardware  Allows many types of guest OSes to run on a single machine (Windows, Linux) with complete separation  But, VM includes application, all of its libraries, and an entire operating system (10s of GB) Portland State University CS 430P/530 Internet, Web & Cloud Systems

  20. Container tainers  Virtualize the operating system  Container provides only application and its libraries running all in user-space  Operating system not replicated, but rather shared by containers  Each container sees its own virtual operating system  How? Portland State University CS 430P/530 Internet, Web & Cloud Systems

  21. Container tainer-enable enabled d OS OS (Linux nux 2008)  Provide name-spaces within kernel to isolate containers  Similar to PIDs providing namespace for virtual memory  But, virtualizes most of the rest (file system, network resources, etc).  Enforces isolation and performs resource allocation between containers  However, only compatible containers can run on top  e.g. only Linux containers can run on an underlying Linux OS Portland State University CS 430P/530 Internet, Web & Cloud Systems

  22. VMs s vs C s Cont ntainer ainers VM Container Container-enabled Portland State University CS 430P/530 Internet, Web & Cloud Systems

  23. Impl plementat ementation ion  Linux kernel provides “control groups” ( cgroups )  Introduced in 2008 (kernel 2.6.24)  Provide limits and prioritization of resources within OS per group  CPU, memory, block I/O, network, etc.  Done within OS instead of hypervisor  Namespace isolation via cgroups allows complete isolation of an applications' view of the operating environment  Separate process trees and PIDs  Separate networking system and sockets  Separate user IDs  Separate file systems (similar to chroot and BSD jails 2000)  Each associated with cgroup of container  Minimal replication costs in space/memory due to shared OS code Portland State University CS 430P/530 Internet, Web & Cloud Systems

  24. Be Benef efits its  Provides similar isolation and protection, but with lower overhead than VMs  Fast starting (better for autoscaling than VMs)  Memory footprint much smaller than a VM (can support 4-6x more)  Portable  Images contain all files and libraries needed to run  Runs the same on any compatible underlying OS  Repeatable  Runs the same regardless of where they are run  Runs on any cloud provider the same way  Solves the “works on my machine” problem (especially in courses!) Portland State University CS 430P/530 Internet, Web & Cloud Systems

  25.  Unify Dev and Production environments  Can go straight from one to the other without modification  Trivial to on-board new developers docker run company/dev_environment Developers IT , Cloud Operations SHIP RUN BUILD Create & Store Deploy, Manage, Development Images Scale Environments Portland State University CS 430P/530 Internet, Web & Cloud Systems

Recommend

Bitcoin Portland State University CS 410/510 Blockchain Development & Security Pecursor #1:

Bitcoin Portland State University CS 410/510 Blockchain Development & Security Pecursor #1:

Bitcoin Portland State University CS 410/510 Blockchain Development & Security Pecursor #1: Ledgers Portland State University CS 410/510 Blockchain Development & Security Led edger gers At the beginning of written history (~3000

1.19k views • 61 slides
Blockchain overview Why? To avoid this Portland State University CS 410/510 Blockchain

Blockchain overview Why? To avoid this Portland State University CS 410/510 Blockchain

Blockchain overview Why? To avoid this Portland State University CS 410/510 Blockchain Development & Security and maybe take advantage of this? (circa 2017 -2018) Portland State University CS 410/510 Blockchain Development

474 views • 35 slides
Beyond Microservices: Streams, State and Scalability Gwen Shapira, Engineering Manager @gwenshap

Beyond Microservices: Streams, State and Scalability Gwen Shapira, Engineering Manager @gwenshap

1 Beyond Microservices: Streams, State and Scalability Gwen Shapira, Engineering Manager @gwenshap 2 In the beginning 3 We Have Microservices 3 4 We Microservices 4 5 They need to communicate 5 I know! Ill use REST APIs 6

751 views • 64 slides
Evaluation of a Shared Space Alternative in Morgantown, WV Avinash Unnikrishnan Portland State

Evaluation of a Shared Space Alternative in Morgantown, WV Avinash Unnikrishnan Portland State

Portland State University PDXScholar Transportation Research and Education Center TREC Friday Seminar Series (TREC) 10-2-2015 Evaluation of a Shared Space Alternative in Morgantown, WV Avinash Unnikrishnan Portland State University Let us

382 views • 21 slides
Invariants and State in Testing and Formal Methods Dick Hamlet Portland State University

Invariants and State in Testing and Formal Methods Dick Hamlet Portland State University

Invariants and State in Testing and Formal Methods Dick Hamlet Portland State University Supported by NSF CCR-0112654 and SFI E.T.S. Walton Fellowship 1/10 The Simplest Context Meaning of a program with persistent state:

315 views • 28 slides
Measuring and Modeling Cyclists Comfort and Stress Levels Miguel Figliozzi Portland State

Measuring and Modeling Cyclists Comfort and Stress Levels Miguel Figliozzi Portland State

Portland State University PDXScholar Transportation Research and Education Center TREC Friday Seminar Series (TREC) 3-11-2016 Measuring and Modeling Cyclists Comfort and Stress Levels Miguel Figliozzi Portland State University ,

779 views • 37 slides
Exploring post-secondary experiences for adult learners of color in Oregon Dr. Roberta Hunte,

Exploring post-secondary experiences for adult learners of color in Oregon Dr. Roberta Hunte,

Exploring post-secondary experiences for adult learners of color in Oregon Dr. Roberta Hunte, Portland State University Dr. Miranda Mosier, Portland State University Dr. Gita Mehrotra, Portland State University Dr. Eva Skuratowicz, Southern

466 views • 29 slides
A priori and a posteriori analyses of the DPG method Jay Gopalakrishnan Portland State University

A priori and a posteriori analyses of the DPG method Jay Gopalakrishnan Portland State University

A priori and a posteriori analyses of the DPG method Jay Gopalakrishnan Portland State University ICERM Workshop on Robust Discretization and Fast Solvers for Computable Multi-Physics Models Brown University, May 2013 AFOSR, NSF Thanks: Jay

856 views • 70 slides
If you cannot read the line above, consider moving closer to the screen October 30, 2011

If you cannot read the line above, consider moving closer to the screen October 30, 2011

10/28/11 Self-Timed Circuits Ivan Sutherland Portland State University ivans@cecs.pdx.edu Asynchronous Research Center Portland State University October 2011 Offering freedom from the tyranny of the clock FMCAD tutorial Asynchronous Research

167 views • 14 slides
We are Portland State University Presented by the GEU Bargaining Team PSU Mission Statement We

We are Portland State University Presented by the GEU Bargaining Team PSU Mission Statement We

We are Portland State University Presented by the GEU Bargaining Team PSU Mission Statement We serve and sustain a vibrant urban region through our creativity, collective knowledge and expertise.

446 views • 43 slides
Western Oregon State Forests HCP Update Meeting Open to the Public October 15, 2019 Portland

Western Oregon State Forests HCP Update Meeting Open to the Public October 15, 2019 Portland

Western Oregon State Forests HCP Update Meeting Open to the Public October 15, 2019 Portland State University, Portland, OR 1. Welcome and Agenda Overview 2. Updates on the Western Oregon HCP 3. Review and Seek Input on the Conceptual

313 views • 27 slides
in ourmon Jim Binkley, Divya Parekh jrb@cs.pdx.edu, divyap@pdx.edu Portland State University

in ourmon Jim Binkley, Divya Parekh jrb@cs.pdx.edu, divyap@pdx.edu Portland State University

Traffic Analysis of UDP-based Flows in ourmon Jim Binkley, Divya Parekh jrb@cs.pdx.edu, divyap@pdx.edu Portland State University Computer Science Courtesy of John McHugh Outline problem space - and short ourmon intro UDP flow tuple

434 views • 22 slides
Set Functions for FLP Sergio Antoy Portland State University PPDP09 Coimbra, Portugal,

Set Functions for FLP Sergio Antoy Portland State University PPDP09 Coimbra, Portugal,

Set Functions for FLP Sergio Antoy Portland State University PPDP09 Coimbra, Portugal, Sept 79, 2009 Joint work with Michael Hanus , CAU Kiel Partial support by DFG Ha 2457/5-2 and DAAD D/06/29439 and D/08/11852 Introduction

466 views • 20 slides
On the Correctness of Bubbling Sergio Antoy Portland State University RTA06, Seattle, WA,

On the Correctness of Bubbling Sergio Antoy Portland State University RTA06, Seattle, WA,

On the Correctness of Bubbling Sergio Antoy Portland State University RTA06, Seattle, WA, August 11, 2006 Joint work with Daniel Brown and Su-Hui Chiang Partially supported by the NSF grant CCR-0218224 Introduction Non-determinism

545 views • 19 slides
A DPG method for the Schr odinger equation Jay Gopalakrishnan Portland State University

A DPG method for the Schr odinger equation Jay Gopalakrishnan Portland State University

A DPG method for the Schr odinger equation Jay Gopalakrishnan Portland State University Collaborators: L. Demkowicz, S. Nagaraj, P. Sep ulveda RICAM Workshop on spacetime methods November 2016 AFOSR, NSF, RICAM Thanks: Jay

595 views • 45 slides
Portland Vancouver ULTRA-Ex* Overview Alan Yeakley + many

Portland Vancouver ULTRA-Ex* Overview Alan Yeakley + many

Portland Vancouver ULTRA-Ex* Overview Alan Yeakley + many others School of the Environment Portland State University *Urban Long-Term

541 views • 29 slides
WHAT COMES AFTER MICROSERVICES? MATT RANNEY WHAT COMES AFTER MICROSERVICES? MATT RANNEY We

WHAT COMES AFTER MICROSERVICES? MATT RANNEY WHAT COMES AFTER MICROSERVICES? MATT RANNEY We

WHAT COMES AFTER MICROSERVICES? MATT RANNEY WHAT COMES AFTER MICROSERVICES? MATT RANNEY We hired lots of engineers. They wrote lots of software. This causes lots of problems. Why use microservices at all? Easier releases? Ef fj ciency

709 views • 55 slides
uniprof: Transparent Unikernel Performance Profiling & Debugging Florian Schmidt, Research

uniprof: Transparent Unikernel Performance Profiling & Debugging Florian Schmidt, Research

uniprof: Transparent Unikernel Performance Profiling & Debugging Florian Schmidt, Research Scientist, NEC Europe Ltd. Unikernels? Faster, smaller, better! 2 Unikernels? Faster, smaller, better! clip arts: clipproject.info Unikernels

1.14k views • 71 slides
Solo5: A sandboxed, re-targetable execution environment for unikernels Dan Williams (IBM

Solo5: A sandboxed, re-targetable execution environment for unikernels Dan Williams (IBM

03/02/2019 Solo5: A sandboxed, re-targetable execution environment for unikernels Solo5: A sandboxed, re-targetable execution environment for unikernels Dan Williams (IBM Research), djwillia@us.ibm.com Martin Lucina (robur.io / CCT),

679 views • 32 slides
Microservices Security Fundamentals MICROSERVICES SECURITY CHALLENGES Wojciech Lesniak PRINCIPAL

Microservices Security Fundamentals MICROSERVICES SECURITY CHALLENGES Wojciech Lesniak PRINCIPAL

Microservices Security Fundamentals MICROSERVICES SECURITY CHALLENGES Wojciech Lesniak PRINCIPAL DEVELOPER / TECH LEAD @voit3k Microservices International Data Corporation (IDC) predicts that by: 2019 Q1 Microservices International Data

641 views • 39 slides
Compiling Collapsing Rules in Certain Constructor Systems Sergio Antoy Portland State University

Compiling Collapsing Rules in Certain Constructor Systems Sergio Antoy Portland State University

Compiling Collapsing Rules in Certain Constructor Systems Sergio Antoy Portland State University Joint work with Andy Jost LOPSTR 2015 Siena, Italy Thanks NSF CCF-1317249 Outline The virtues of FLP Graph Rewriting The Problem

201 views • 19 slides
Why Portland? Portland CRE Trends and Regional Market Overview Portland Why all the hype?

Why Portland? Portland CRE Trends and Regional Market Overview Portland Why all the hype?

Why Portland? Portland CRE Trends and Regional Market Overview Portland Why all the hype? Healthiest Economy Best Place to Live in US #1 #1 Bloomberg - Economic Evaluation of Money magazine 2015 States 2016 Top Moving US City for

318 views • 21 slides
State of the Art in Microservices Adrian Cockcroft @adrianco Technology Fellow - Battery

State of the Art in Microservices Adrian Cockcroft @adrianco Technology Fellow - Battery

State of the Art in Microservices Adrian Cockcroft @adrianco Technology Fellow - Battery Ventures Microxchg Berlin - February 2015 Speeding up Development Microservice Architectures Whats Next Why am I here? %*&! By Simon Wardley

1.12k views • 98 slides
Numerical Integration Gerald Recktenwald Portland State University Mechanical Engineering

Numerical Integration Gerald Recktenwald Portland State University Mechanical Engineering

Numerical Integration Gerald Recktenwald Portland State University Mechanical Engineering Department gerry@me.pdx.edu These slides are a supplement to the book Numerical Methods with Matlab : Implementations and Applications , by Gerald W.

401 views • 18 slides

More recommend