Docker in SUSE® LinuxEnterprise Server 12

White PaperServer

Table of Contents page

Executive Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2

Challenges in Development and Operations Today. . . . . . . . .2

Docker and Containers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2

Enterprise Use Cases for Docker. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Docker in SUSE Linux Enterprise Server 12. . . . . . . . . . . . . . . . . . . . . . 4

What’s Coming. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Next Steps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

2

Server White PaperDocker in SUSE Linux Enterprise Server 12

Docker.from.SUSE.provides.customers.with.enterprise-focused.features.and.easy-to-use.tools.that.improve.operational.effi-ciency.and.allow.you.to.more.easily.and.fully.use.innovations.in.the.Docker.space .

Challenges in Development and Operations TodayGiven.constant.requests.for.newer.features.and.faster.delivery.from.end.users,.both.enterprise.application.development.and.data.center.operation.teams.are.facing.more.and.more.chal-lenges.in.improving.their.collaboration .

Their.first.challenge.is.how.to.reconcile.the.conflict.between.frequent.releases.versus.staged.production.schedules ..On.the.one.hand,.developers.want.to.release.new.revisions.of.codes.frequently,.in.days,.to.the.operations.team ..On.the.other.hand,.to.maintain.data.center.stability.and.uptime,.the.operations.team.normally.uses.staged.deployment,.e .g .,.to.include.new.codes.once.a.month .

Second,.the.development.environment.and.production.environ-ment,.although.managed.to.be.identical,.in.reality.have.some.differences ..There.may.be.some.minor.differences.in.the.libraries.or.the.runtime.that.could.create.incompatibility.issues.and.cause.downtime ..What’s.worse,.these.issues.are.hard.to.find.before.the.application.is.actually.running ..And.this.causes.conflict.be-tween.the.teams:.for.example,.“It.works.on.my.dev.machine,.so.it’s.operations’.problem .”

Finally,.operations.teams.are.facing.time-to-market.pressure.and.need.more.options.for.efficiency.and.utilization ..Virtualization.is.helping.in.some.aspects ..But.if.customers.need.a.more.dense.solution,.traditional.virtualization.cannot.do.more,.due.to.the.resource.isolation.nature.among.virtual.machines.(VMs) ..For.example,.you.cannot.optimize.the.disk.utilization.among.VMs.because.each.VM’s.images.are.fully.independent .

Docker,.as.an.innovative.framework.based.on.Linux.Containers,.provides.an.efficient.way.to.address.all.these.challenges .

Docker and ContainersContainers.have.a.long.history.in.computing ..They.were.ini-tially.introduced.in.the.UNIX.age.and.can.still.be.seen.in.some.UNIX.platforms.today ..Unlike.hypervisor.virtualization,.where.one.or.more.independent.machines.run.virtually.on.physical.hardware.via.an.intermediation.layer,.containers.instead.run.in.user.space.on.top.of.an.operating.system’s.kernel ..As.a.result,.container.virtualization.is.often.called.“operating.system.(OS)-level.virtualization .”

SUSE.has.been.supporting.Linux.Containers.since.SUSE.Linux.Enterprise.Server.11.SP2.was.introduced.in.2012 ..This.technol-ogy.provides.customers.with.highly.efficient.and.low.overhead.OS-level.virtualization ..Also,.it’s.designed.to.work.well.with.other.virtualization.technologies.supported.by.the.distribution .

Executive SummaryBefore virtualization, to bring up a new server took days; virtualization reduced the time to minutes; and, now, with containers and Docker, it takes just seconds. SUSE® Linux Enterprise Server 12 includes support for Docker, an open source technology that automates the deployment of applications inside Linux Containers.

3www.suse.com

Docker,.an.open-source.engine.that.automates.the.deployment.of.applications.into.containers,.adds.an.application.deployment.engine.on.top.of.a.virtualized.container.execution.environment ..It’s.designed.to.provide.a.lightweight.and.fast.environment.in.which.to.run.your.code.as.well.as.an.efficient.workflow.to.get.that.code.from.your.laptop.to.your.test.environment.and.then.into.production,.minimizing.incompatibility.issues ..On.a.very.high.level,.Docker.is:

Lightweight and easy.Dockerisfast.Youcanquicklycreatecontainersrunningyourapplications.MostDockercontainerstakelessthanasecondtolaunch.Andasrecentresearch*shows,containershavenearnativeperformance.Thisisthankstotheremovaloftheoverheadofthehyper­visor.Moreover,Dockeroffersanadvancedmulti­layeredunificationfilesystem(AUFS)thatallowsefficientdiskutilizationandeasyOSresourcesharing.

Application-centric.Dockerfocusesonapplicationoutputwithoutworryingaboutvirtualsystemdetails,soit’sahighlydeveloper­friendlymethodology.Dockerisdesignedtoenhanceconsistencybyensuringtheenvironmentinwhichyourdeveloperswritecodematchestheenvironmentsintowhichyourapplicationsaredeployed.

Fast, efficient deployment life cycle.Dockeraimstoreducethecycletimebetweencodebeingwrittenandcodebeingtested,deployedandused.Itaimstomakeyourapplicationsportable,easytobuildandeasytocollaborateon.

Enterprise Use Cases for DockerAs.a.new.technology,.Docker.is.evolving ..And.its.use.cases.in.en.terprises.are.evolving,.too ..Here.are.some.typical.cases:

Devops.Dockerisidealforquicklysettingupdevelopmentandtestenvironmentsaswellassandboxes.ComparedtoaVM,it’smoreefficientwithlessoverhead.Inaddition,Dockeroffersbettersegregationofdutiesfordevopstoimproveefficiency;developersneedtofocusonlyontheirapplicationsrunninginsidecontainerswhileoperationsfocusesonmanagingthecontainers.Finally,DockercanbeeasilyintegratedintoadevopstoolstacksuchasJenkinstoachievebetterworkflowautomationandcontinuousintegration.

Server consolidation.ThelowoverheadandlayeredimagesystemofDockercontainersimprovetheserverconsoli­dationratio.ByremovingaguestOS,Dockercontainerscanhavetwotothreetimesthedensity(numberofvirtualenvironments)ofaregularVM.Thisprovidesmanybenefitstocustomers,e.g.,hostingcompaniesthatwanttoreducetheircostsbyrunningmorevirtualenvironmentsonexistinghardwareplatforms.

Table 1—Comparison of a Virtual Machine (VM) and a Container

VM Container

OS environment Full.OS.is.needed.for.each.VM Containers.share.the.same.kernel

Virtualization mechanism Emulation.of.a.physical.computing.environment. .No.hypervisors,.no.hardware.emulation ..Rely.on.kernel.namespace.and.cgroups

Virtualization type Full.virtualization.or.para-virtualization OS-level.virtualization

OS-supported Any.OS.is.supported Must.be.an.instance.of.Linux

Resource sharing High-level.resource.management.policies Access.to.resource.over.normal.user.space/IPC.facilities

Start/boot speed Slow.(OS.boot) Fast

Overhead High Low

Virtualization level Hardware Software

Sharing with the host Complex.due.to.isolation.between.host.and.VM Easy:.host.sees.everything;.containers.see.their.own

Security Secure.isolation.yet.larger.attack.surface.(VM.OS.and.hypervisor)

Less.secure.than.VMs.

__________

* http://domino.research.ibm.com/library/cyberdig.nsf/papers/ 0929052195DD819C85257D2300681E7B/$File/rc25482.pdf

4

Server White PaperDocker in SUSE Linux Enterprise Server 12

Platform-as-a-Service (PaaS) and managed services.Dockercanbeusedtobuildamulti­tenantPaaSinfrastruc­turebecauseitiseasyandinexpensivetocreateisolatedenvironmentsforrunningmultipleinstancesofapptiersforeachtenant.Thisispossiblegiventhespin­upspeedofDockerenvironmentsandeffectivetools.Also,Dockerhelpstorunstand­aloneservicesandapplicationsconsistentlyacrossmultipleenvironments,acapabilityespeciallyusefulinservice­orientedarchitectures(SOA)anddeploymentsthatrelyheavilyonmicro­services.

Docker in SUSE Linux Enterprise Server 12SUSE.Linux.Enterprise.Server.is.designed.to.provide.better.op-erational.efficiencies.to.enterprise.customers.by.including.best-of-breed.open.source.technologies ..Just.like.its.support.of.Linux.Containers.and.dual.hypervisors,.namely.Xen.and.KVM,.SUSE.Linux.Enterprise.Server.12,.the.latest.major.version,.includes.support.for.Docker.as.a.complementary.virtualization.option.for.customers.with.the.following.advantages:

Enterprise-ready.FullysupportedwithaSUSELinuxEnterpriseServer12subscription,DockerfromSUSEisenterprise­ready.Itprovidespre­builtimagesfromastandardrepository,atrustedsourcethatisverifiedanddistributedbySUSE.What’smore,youcansetupanon­premiseregistrybehindtheenterprisefirewall,minimizingexposuretomaliciousattacks,andhavebettercontrolofyourIP.Portus,anopensourcefront­endforanon­premiseDockerregistry,isincludedasatechnologypreview.WithPortus,youcanhaveauthorization,aswellasauserinterfaceandsearchfunctions,foryouron­premiseDockerregistry,improvingsecurityandproductivity.Theauthori­zationfunctionofPortusallowsenterpriseuserstocontroltheaccesstoDockerimagesandenhancesdatasecurity.

Figure 1—Portus Graphical User Interface

Improves operational efficiency. DockerandcontainersfromSUSEallowyoutocomplementexistingvirtualizationtechnologiestoimproveoperationalefficiency.SUSELinuxEnterpriseServerhasalreadyincludedXenandKVMsup­portashypervisoroptions.Itisaperfectguesttoruninvir­tualandcloudenvironment,too.WithDockerinSUSELinuxEnterpriseServer,youmaybuild,shipandruncontainerizedapplicationsinphysical,virtualorcloudenvironments,wher­everitmakessenseforyouintermsofcostandefficiency.

Easy-to-use tools.SUSEofferseasy­to­usetoolstobuild,deployandmanageDocker.YaST®hasbeenthemostef­ficientmanagementframeworkforSUSELinuxEnterprise.NowyoucanusetheYaSTinterfacetogetasimpleover­viewoftheavailableDockerimages,runDockercontainersandeasilycontrolrunningcontainers.BesidesthebuildtoolsincludedinDocker,youcangetKIWI,aflexiblegolden­imagebuildingtoolthatallowsyoutoconfigureonceandcreateoutputformatsincludingDocker.SUSEalsooffersaconveniencetoolcalled“sle2docker”thatcanbeusedtoactivatepre­builtimagesdeliveredbySUSE.

5www.suse.com

Figure 2—YaST Interface for Containers

Figure 3—Diagram of Docker in SUSE Linux Enterprise Server 12

What’s ComingSUSE.has.a.dedicated.team.working.on.the.latest.Docker.proj-ects.to.make.them.a.better.fit.for.enterprise.uses.in.the.follow-ing.areas:

Better security, compliance and life cycle management..The.integration.with.SUSE.Manager,.a.comprehensive.tool.for.Linux.management,.will.make.it.possible.to.patch.and.update.Docker.images.in.the.registry ..With.this..feature,...customers.will.have.better.control.of.the.security,..compliance.and.life.cycle.of.Docker.images .

Docker is planned to be available on more hardware architectures.such.as.IBM.POWER.and.IBM.zSystem ...The.current.Docker.offering.is.based.on.x86_64.only .

Docker containers’ integration with SUSE OpenStack Cloud..With.this.integration,.you.can.leverage.the.SUSE.OpenStack.Cloud.functions.of.automation.and.self-service.to.manipulate.containers.just.like.you.manipulate.“regular”.VMs .

Increased integration with the Open Build Service,.an.open.system.for.building.and.distributing.Linux.images,.including.Docker,.in.an.automatic,.consistent.and.productive.way ...The.integration.aims.to.provide.an.easy.image.building..environment.that.can.be.used.to.provide.always.up-to-.date.images .

Next StepsTo.learn.more.about.Docker:

Watch.the.Docker.mini-course.from.SUSE.at:.www.suse.com/promo/docker.html

Try.a.60-day.free.trial.of.SUSE.Linux.Enterprise.Server.12.at:.www.suse.com/products/server/download/

ViewtheSUSEDockerQuickStartDocumentationat:www.suse.com/documentation/sles-12/singlehtml/ dockerquick/dockerquick.html

www.suse.com

Contact your local SUSE Solutions Provider, or call SUSE at:

1.800.796.3700.U .S ./Canada1.801.861.4500.Worldwide

SUSEMaxfeldstrasse.590409.NurembergGermany

262-002517-002 | 06/15 | © 2015 SUSE LLC. All rights reserved. SUSE, the SUSE logo and YaST are registered trademarks of SUSE LLC in the

United States and other countries. All third-party trademarks are the property of their respective owners.