DOCSLIB.ORG

Linux on IBM Z: What's

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Linux on IBM Z: What's Linux on IBM Z: What’s New — Stefan Raspl IBM Research & De elop!ent "er!an# $anuar# %&' %(%( IBM Z / © 2019 IBM Corporation )ra*emarks The following are trademarks of the International Business Machines Corporation in the United States and/or other countries. AIX* DB2* HiperSockets* MQSeries* PowerHA* RMF System z* zEnterprise* z/VM* BladeCenter* DFSMS HyperSwap NetView* PR/SM Smarter Planet* System z10* z10 z/VSE* CICS* EASY Tier IMS OMEGAMON* PureSystems Storwize* Tivoli* z10 EC Cognos* FICON* InfiniBand* Parallel Sysplex* Rational* System Storage* WebSphere* z/OS* DataPower* GDPS* Lotus* POWER7* RACF* System x* XIV* * Registered trademarks of IBM Corporation The following are trademarks or registered trademarks of other companies. Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the United States, other countries, or both and is used under license therefrom. Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. IT Infrastructure Library is a registered trademark of the Central Computer and Telecommunications Agency which is now part of the Office of Government Commerce. ITIL is a registered trademark, and a registered community trademark of the Office of Government Commerce, and is registered in the U.S. Patent and Trademark Office. Java and all Java based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates. Linear Tape-Open, LTO, the LTO Logo, Ultrium, and the Ultrium logo are trademarks of HP, IBM Corp. and Quantum in the U.S. and Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. OpenStack is a trademark of OpenStack LLC. The OpenStack trademark policy is available on the OpenStack website. TEALEAF is a registered trademark of Tealeaf, an IBM Company. Windows Server and the Windows logo are trademarks of the Microsoft group of countries. Worklight is a trademark or registered trademark of Worklight, an IBM Company. UNIX is a registered trademark of The Open Group in the United States and other countries. * Other product and service names might be trademarks of IBM or other companies. Notes: Performance is in Internal Throughput Rate (ITR) ratio based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput that any user will experience will vary depending upon considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve throughput improvements equivalent to the performance ratios stated here. IBM hardware products are manufactured from new parts, or new and serviceable used parts. Regardless, our warranty terms apply. All customer examples cited or described in this presentation are presented as illustrations of the manner in which some customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics will vary depending on individual customer configurations and conditions. This publication was produced in the United States. IBM may not offer the products, services or features discussed in this document in other countries, and the information may be subject to change without notice. Consult your local IBM business contact for information on the product or services available in your area. All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only. Information about non-IBM products is obtained from the manufacturers of those products or their published announcements. IBM has not tested those products and cannot confirm the performance, compatibility, or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. Prices subject to change without notice. Contact your IBM representative or Business Partner for the most current pricing in your geography. This information provides only general descriptions of the types and portions of workloads that are eligible for execution on Specialty Engines (e.g, zIIPs, zAAPs, and IFLs) ("SEs"). IBM authorizes customers to use IBM SE only to execute the processing of Eligible Workloads of specific Programs expressly authorized by IBM as specified in the “Authorized Use Table for IBM Machines” provided at www.ibm.com/systems/support/machine_warranties/machine_code/aut.html (“AUT”). No other workload processing is authorized for execution on an SE. IBM offers SE at a lower price than General Processors/Central Processors because customers are authorized to use SEs only to process certain types and/or amounts of workloads as specified by IBM in the AUT. IBM Z / © 2019 IBM Corporation 2 Linux on IBM Z ,-en*a ● Linux on IBM Z Distributions ● IBM /15 and Linux2N3 III ● 4ernel & 2ther 5ac+ages ● 6ontainers ● 4VM IBM Z / © 2019 IBM Corporation 3 Linux on IBM Z Supported Linux Distributions See www.ibm.com/systems/z/os/linux/resources/testedplatforms.html for latest updates and details. IBM Z / © 2019 IBM Corporation 4 Linux on IBM Z Linux on IBM Z Distributions: SUS3 ● SUSE Linux Enterprise Server 11 – (9:%((& SLES00 G,: Kernel 2;<;%=' G6C 4;9;9 – (=:%(01 SLES00 S5>: Kernel 3;(' G6C 4;9;> ● 32S 30 Mar; 2(0&? L)SS: 30 Mar; 2(%% ● SUSE Linux Enterprise Server 12 – 0(:%(0> SLES0% G,: Kernel 3;0%' G6C 4;@ – 0%:%(0& SLES0% S51: 4ernel 4;0%' G6C 4;@ ● 32S 30 2ct; 2(%>? L)SS: 30 Oct; 2(%= ● SUSE Linux Enterprise Server 15 – (=:%(0@ SLES 11 G,: Kernel 4;0%' G6C 7;0 / 7;9 – (<:%(0& SLES01 S50: Kernel 4;0%; G6C 7;9 / 8;% – EOS 30 Jul# 2(%@? L)SS: 30 Jul# 2(90 IBM Z / © 2019 IBM Corporation 5 Linux on IBM Z Linux on IBM Z Distributions: Re* Aat ● Red Hat Enterprise Linux 5 ● Red Hat Enterprise Linux 8 – (9:%((= RA3L 5 G,: Kernel 2;<;0@' G6C 4;0;( – (1:2019 RA3L 8 ",: Kernel >;0@' G6C @;%;0 – (&:%(0> RA3L 5 Up*ate 10 – 00:2019 RA3L 8 8p*ate 0 – EOS 30 Mar; 2(0=? ELS: 9( No ; 2(%( – 32S: May 2029; ELS: t.* ● Red Hat Enterprise Linux 6 ● Bor further details on RA3L Life Cycle' see – 00:%(0( RA3L 6 G,: Kernel 2;<;9%' G6C 4;>;( https:/:access;re*hat;co!:support:polic#:up*ates:er rata – (<:%(0@ RA3L 6 Up*ate 1( – EOS 3( No ; 2(%(? ELS: 3( June 2(%> ● Red Hat Enterprise Linux 7 – (<:%(0> RA3L 7 G,: Kernel 3;0(' G6C 4;@ – (@:%(0& RA3L 7 Up*ate 7 – EOS 3( Jun; %(%>? ELS: t.* IBM Z / © 2019 IBM Corporation 6 Linux on IBM Z Linux on IBM Z Distributions: Canonical ● Ubuntu 16.04 (Xenia Xerus! ● Li%ec&$ e – (>:2016 Ubuntu 16.(> – Regular releases every 6 months an* supported for 9 ",: Kernel >;>' G6C 1;9;0+ L)SDRelease !onths – (%:2019 Ubuntu 16.(>;06 L)S – L)S releases e ery 2 #ears an* supported for 5 years – 32S: ,pril 2021; 3SM: ,pr %(%> – L)S ena.lement stac+ will pro ide newer +ernels within L)S releases ● Ubuntu 18.04 ("i#ni$ "eaver! – http:/:www;u.untu;co!:info:releaseDen*Dof-life – (>:2018 Ubuntu 18.(> ",: Kernel >;01' G6C =;%;0 L)SDRelease – (@:2019 Ubuntu 18.(>;9 4ernel 4.01:>;18 "66 7.%;( – 32S: ,pril 2023; 3SM: ,pr %(%@ IBM Z / © 2019 IBM Corporation 7 'BM z15 * LinuxONE ''' IBM Z / © 2019 IBM Corporation 8 IBM z15 O erview ● 0&E in*ustr# stan*ar* for! factor ● New onDchip co!pression acceleration • 14n! S2I technolo-# • 17 la#ers of metal as IBM z14 • 1;2 GA/ • 12 $ores per -./$0ip 1 core • 'n$reased $a$0e sizes1 – 2x L2 #n/$0ip – 1.4x L4 NEW • 14% sin3 e t0read per%or4an$e i4pr#ve4ent • 40T" max me4or& IBM Z / © 2019 IBM Corporation 9 • 190 usab e $ores "alanced s&stem desi3n7 RAW I/O Bandwidth*** (GBps) 1152 832 832 384 384 288 173 PCI* for 1-Way Memory (TB) 10 TB 3 TB 0.5 TB 581 1202 1695 40 TB 2055 32 TB 3 TB 1.5 TB 54 920 1514 1870 64 80 101 141 170 * PCI Tables are NOT adequate for making comparisons of IBM Z processors. 190 Additional capacity planning required ** Number of PU cores for customer use *** Theoretical max. I/O Bandwidth N-Way** IBM Z / © 2019 IBM Corporation 10 '"( 8 9 .r#$ess#r R#admap 14 nm z15 9/2019 14 nm 22 nm z14 32 nm 7/2017 45 nm z13 zEC12 z196 1/2015 8/2012 9/2010 Focus on power efficiency and new Core 0 Core 2 MC GX on-chip architectures L3B IOs IOs L3_0 L3_0 L2 L2 Improved and enlarged caches L3_0 Controller MCU CoP CoP GX L3_1 Controller Optimized Out-of-Order L2 L2 Pervasive encryption MC L3B GX architecture IOs IOs Core 1 L3_1 L3_1 Core 3 Low latency I/O for Leadership System Capacity acceleration of transaction Binary Floating point and Performance enhancements Top Tier Single Thread Leadership Single Thread, processing for DB2 on z/OS Performance,System Capacity Enhanced Throughput Modularity & Scalability Pause-less garbage collection IBM Integrated Accelerator for Accelerator Integration Improved out-of-order Dynamic SMT for enterprise scale JAVA zEDC (On-chip compression support (DEFLATE)) Out of Order Execution Transactional Memory Supports two instruction applications threads Enhanced Cryptographic Water Cooling Dynamic Optimization New SIMD instructions SIMD Coprocessor (CPACF) PCIe I/O Fabric 2 GB page support Optimized pipeline and PCIe attached accelerators RAIM Step Function in System enhanced SMT Capacity Business Analytics Optimized Enhanced Energy Virtual Flash Memory Management IBM Z / © 2019 IBM Corporation 11 z15 T#leration Supp#rt: Linux Distros' z/7M and K7M .
Load more

Recommended publications
  • The Seeds of Rural Resilience
    NEWS & VIEWS FROM THE SUSTAINABLE SOUTHWEST Growing a Regional Food System THE SEEDS OF RURAL RESILIENCE October 2017 NORTHERN NEW MEXICO’S LARGEST DISTRIBUTION NEWSPAPER Vol. 9 No. 10 2 Green Fire Times • October 2017 www.GreenFireTimes.com Is Your Roof Winter Ready? Whether your roof is currently leaking or you’d like to restore your roof before it fails, Fix My Roof is the right choice. Call today for a free roof assessment! www.GreenFireTimes.com Green Fire Times • October 2017 3 YOU’LL LOVE WHAT YOU SEE! PROGRAM PARTNERS: FRIDAY SATURDAY OCT 27 NOV 14 7:30 PM 7:30 PM Sponsored by The L.A. Grow the Growers Browns Dance Farm Training 5 Project Business Incubation A CULTIVATING BERNALILLO COUNTY INITIATIVE bernalillo Applications for the 2018 Opencounty Space internships now available Lensic.org 505-988-1234 For more information NONPROFIT • COMMUNITY FUNDED SERVICE CHARGES APPLY AT ALL POINTS OF PURCHASE A special thanks to our www.bernco.gov/growthegrowers 2017/2018 sponsor: Find Your Future in ENGINEERING @Northern New Mexico College NORTHERN The most affordable 4-year now offering college in the Southwest classes at Santa Fe HEC! Northern Engineering programs include: n ABET-accredited Bachelor in INFORMATION ENGINEERING Tech (IET) n Ask about our new CYBERSECURITY concentration in IET Schedule your campus visit today! n Bachelor in ELECTROMECHANICAL Engineering/Solar Energy Concentration CALL 505.747.2111 or visit nnmc.edu n Associate of Applied Science degrees in RENEWABLE ENERGY and ELECTRICAL TECH 4 Green Fire Times Oc tober 2017 www.GreenFireTimes.com Vol. 9, No. 10 October 2017 Issue No.
    [Show full text]
  • AD Bridge User Guide
    AD Bridge User Guide May 2019 Legal Notice © Copyright 2019 Micro Focus or one of its affiliates. The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice. For additional information, such as certification-related notices and trademarks, see http://www.microfocus.com/about/legal/. Contents About This Guide 5 1 Getting Started 7 2 Installing AD Bridge 9 Linux Requirements and Supported Platforms . 9 Linux Requirements . 9 Supported Linux Platforms. 10 Installing the AD Bridge Linux Agent. 11 Licensing the Linux Agent . 12 Joining Active Directory - Post Installation . 13 Installing the AD Bridge GPEdit Extension . 13 3 Managing Linux GPO Settings 15 Accessing or Creating Group Policy Objects . 15 Configuring Linux GPO Settings . 16 Managing Linux Agent Services with GPOs . 17 Importing Custom Configuration File Settings. 18 Managing Linux Applications with GPOs . 18 Managing User Logins with GPOs . 19 Viewing Policy Injection on a Linux Agent. 20 A Appendix 21 Linux Agent GPO Settings . 21 Linux Agent Commands and Lookups . 22 GPO Best Practices . 23 Contents 3 4 About This Guide The AD Bridge User Guide provides information to help you understand, install, configure, and employ the Micro Focus AD Bridge product to help manage your enterprise environment. Audience This guide is written for administrators and users who will use Micro Focus AD Bridge to more effectively manage Active Directory and group policies in a cross-platform environment.
    [Show full text]
  • List of New Applications Added in ARL #2517
    List of New Applications Added in ARL #2517 Application Name Publisher ActiveEfficiency 1.10 1E ACL Add-In 14.0 ACL Services ACL for Windows 14.2 ACL Services ACL for Windows 14.1 ACL Services Direct Link 7.5 ACL Services ACL Add-In 1.1 ACL Services Creative Cloud Connection 5 Adobe Experience Manager forms 6.5 Adobe Elements Auto Analyzer 12.0 Adobe Token Resolver 3.4 Adobe Token Resolver 3.6 Adobe LogTransport 1.6 Adobe LogTransport 2.4 Adobe IPC Broker 5.6 Adobe Data Workbench Adobe Token Resolver 3.5 Adobe Token Resolver 3.7 Adobe Dimension 3.2 Adobe Photo Downloader 8.0 Adobe LogTransport 2.2 Adobe GC Invoker Utility 4.5 Adobe GC Client 5.0 Adobe Crash Reporter 2.0 Adobe Crash Reporter 2.1 Adobe GC Invoker Utility 6.4 Adobe Dynamic Link Media Server 12.1 Adobe Token Resolver 3.3 Adobe Token Resolver 4.7 Adobe GC Client 4.4 Adobe Genuine Software Integrity Service 6.4 Adobe Creative Cloud Libraries 3 Adobe Token Resolver 3.9 Adobe Token Resolver 5.0 Adobe Genuine Software Integrity Service 6.5 Adobe Create PDF 17.1 Adobe Crash Reporter 1.5 Adobe Notification Client 4.9 Adobe GC Client 6.4 Adobe GC Client 6.5 Adobe Crash Reporter 1.6 Adobe Crash Reporter 2.2 Adobe Crash Reporter 2.4 Adobe GPU Sniffer 19.0 Adobe Token Generator 7.0 Adobe Token Resolver 3.8 Adobe LogTransport 1.5 Adobe InDesign Server CC (2020) Adobe GC Invoker Utility 5.0 Adobe GC Invoker Utility 6.5 Adobe RED Importer Plugin Unspecified Adobe Token Generator 8.0 Adobe GC Client 1.2 Adobe GC Client 4.5 Adobe EmailNotificationPlugin 11.0 Apple BatteryUIKit 1.0 Apple
    [Show full text]
  • Snap Vs Flatpak Vs Appimage: Know the Differences | Which Is Better
    Published on Tux Machines (http://www.tuxmachines.org) Home > content > Snap vs Flatpak vs AppImage: Know The Differences | Which is Better Snap vs Flatpak vs AppImage: Know The Differences | Which is Better By Rianne Schestowitz Created 08/12/2020 - 8:29pm Submitted by Rianne Schestowitz on Tuesday 8th of December 2020 08:29:48 PM Filed under Software [1] Every Linux distribution has its own package manager tool or command-line based repository system to update, install, remove, and manage packages on the system. Despite having a native package manager, sometimes you may need to use a third-party package manager on your Linux system to get the latest version of a package to avoid repository errors and server errors. In the entire post, we have seen the comparison between Snap, AppImage, and Flatpak. Snap, Flatpak, and AppImage; all have their pros and cons. In my opinion, I will always prefer the Flatpak package manager in the first place. If I can?t find any packages on Flatpak, then I?ll go for the AppImage. And finally, Snap is an excellent store of applications, but it still requires some development. I would go to the Snap store for proprietary or semi-proprietary applications than main applications. Please share it with your friends and the Linux community if you find this post useful and informative. Let us know which package manager do you prefer to use on your Linux system. You can write also write down your opinions regarding this post in the comment section. [2] Software Source URL: http://www.tuxmachines.org/node/145224 Links: [1] http://www.tuxmachines.org/taxonomy/term/38 [2] https://www.ubuntupit.com/snap-vs-flatpak-vs-appimage-know-the-difference/.
    [Show full text]
  • Ubuntu Server Guide Basic Installation Preparing to Install
    Ubuntu Server Guide Welcome to the Ubuntu Server Guide! This site includes information on using Ubuntu Server for the latest LTS release, Ubuntu 20.04 LTS (Focal Fossa). For an offline version as well as versions for previous releases see below. Improving the Documentation If you find any errors or have suggestions for improvements to pages, please use the link at thebottomof each topic titled: “Help improve this document in the forum.” This link will take you to the Server Discourse forum for the specific page you are viewing. There you can share your comments or let us know aboutbugs with any page. PDFs and Previous Releases Below are links to the previous Ubuntu Server release server guides as well as an offline copy of the current version of this site: Ubuntu 20.04 LTS (Focal Fossa): PDF Ubuntu 18.04 LTS (Bionic Beaver): Web and PDF Ubuntu 16.04 LTS (Xenial Xerus): Web and PDF Support There are a couple of different ways that the Ubuntu Server edition is supported: commercial support and community support. The main commercial support (and development funding) is available from Canonical, Ltd. They supply reasonably- priced support contracts on a per desktop or per-server basis. For more information see the Ubuntu Advantage page. Community support is also provided by dedicated individuals and companies that wish to make Ubuntu the best distribution possible. Support is provided through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The large amount of information available can be overwhelming, but a good search engine query can usually provide an answer to your questions.
    [Show full text]
  • Edgex Foundry Snap Package.Pdf
    CanSnap Package Tech Talks - Session 11 November 2018 edgexfoundry.org | @edgexfoundry Agenda ● Introduction to snaps ● Overview of the edgexfoundry snap ● How to install ● How to configure/manage/update ● How to use with additional device services ● Further references ● Upcoming tech talks ● Q&A edgexfoundry.org | @edgexfoundry Ian Johnson <[email protected]> ● Canonical / Software Engineer Field Engineering - Devices & IoT ● Primary snap developer for Dehli release ● Contributed CI work for snap build ● Contributed code to security to decouple Docker-isms ● Involved in testing most services for Dehli ● Contributed bug fixes to SMA ● Member of the DevOps working group edgexfoundry.org | @edgexfoundry Tony Espy <[email protected]> ● Canonical / Technical Architect Field Engineering - Devices & IoT ● Technical Steering Committee member ● Former Device Services WG chair ● Author of Device Services SDK Requirements ● Original developer of device-sdk-go ● Active member of Core, Device Services & Security working groups ● Created first EdgeX snap prototype edgexfoundry.org | @edgexfoundry Introduction What's a snap? Snaps are containerised software packages that work on all major Linux distributions without modification. Simple to create and publish, they automatically update safely. edgexfoundry.org | @edgexfoundry Introduction Snaps are... ● Self-contained squashfs-based software packages ● Containing one or more applications or services ● Cryptographically-signed by publisher and tamper-proof ● Published to risk-based update channels
    [Show full text]
  • Install a Microk8s Single Node Cluster Locally on Windows 10
    Install a MicroK8s single node cluster locally on Windows 10 By Philippe Beraud, Microsoft France This walkthrough guides you through all the steps required to create and configure a MicroK8s cluster on Windows 10. Kubernetes1 runs on Linux. As such, MicroK8s2 provides a single command installation of the latest Kubernetes release on a Linux machine for development and testing. MicroK8s is easy to install and use on Ubuntu or any other Linux distro which supports snaps, i.e. pre-packaged applications (similar to Docker containers). Although Windows 10 now has some very useful features, such as the ability to install Ubuntu as an app, the integration of Windows Subsystem for Linux 2 (WSL2) doesn’t provide (yet) all the Ubuntu functionalities required to make MicroK8s run smoothly right out-of-the-box (OOB) and thus use the snap daemon. If you wish to experiment with running MicroK8s semi-natively, see: • Discourse post Using snapd in WSL2 • Post Running Snaps on WSL2 (Insiders only for now) along with the short YouTube video Use this ONE trick to run Linux Snap packages in Windows Subsystem for Linux 2 (WSL2) For now, and for the sake of simplicity for anyone looking to try out Kubernetes on Windows 10, let’s run MicroK8s on Windows 10 with virtualization. MicroK8s will install without problems on Ubuntu on a virtual machine (VM). The Canonical way to get a Linux VM on Windows 10 and to run MicroK8s in it is with multipass. Multipass gives you an easy to use interface to manage VMs on Windows 10 – Same is true on MacOS and Linux -.
    [Show full text]
  • Snappy Ubuntu Core Enabling Secure Devices with App Stores We Are the Company
    Snappy Ubuntu Core Enabling secure devices with app stores We are the company behind Ubuntu. Canonical and Ubuntu | Best of both worlds CANONICAL Ubuntu Commercial backing #1 Linux Desktop for the #1 general purpose Linux OS: #1 Cloud OS Ubuntu Now also for Global Services, phones, tablets & Support, IoT devices Certification! It has never been easier to make a custom hardware appliance... Building an IoT Appliance Beaglebone Black Raspberry Pi 2 Snickerdoodle Intel NUC Qualcomm DragonBoard Samsung Artik But why? Old-School Modern Embedded Embedded RTOS/Embedded General Linux cross-compilation normal toolchain single-purpose multi-purpose constrained 256M RAM 2G SD rare updates constant updates offline connected expensive & custom cheap & easy software devel software devel Linux Server Linux Device Ops Ops centralised distributed supported field-serviced expensive cheap elastic spof cheap to service expensive to fix Autopilot App Business App Lite (free, included) Farmers ($500) Pro ($100) Avalanches ($2500) Elite ($250) Miners ($9950) $600 drone (hardware) Apps, Services and SaaS Infrastructure Certification. Support. Assurance. Security. Maintenance. Compatibility. Transactional updates Application confinement Familiar Ubuntu app development classic snappy app writable app writable any package can area area write to any file app snap app snap os writable files writable spaces os snap per snap read-only snaps kernel config filesystem kernel snap Snappy system architecture Software Innovator(s) Snap Snap Snap ● Automatic updates Library
    [Show full text]
  • How Containers Work Sasha Goldshtein @Goldshtn CTO, Sela Group Github.Com/Goldshtn
    Linux How Containers Work Sasha Goldshtein @goldshtn CTO, Sela Group github.com/goldshtn Agenda • Why containers? • Container building blocks • Security profiles • Namespaces • Control groups • Building tiny containers Hardware Virtualization vs. OS Virtualization VM Container ASP.NET Express ASP.NET Express RavenDB Nginx RavenDB Nginx App App App App .NET Core .NET Core V8 libC .NET Core .NET Core V8 libC Ubuntu Ubuntu Ubuntu RHEL Ubuntu Ubuntu Ubuntu RHEL Linux Linux Linux Linux Linux Kernel Kernel Kernel Kernel Kernel Hypervisor Hypervisor DupliCated Shared (image layer) Key Container Usage Scenarios • Simplifying configuration: infrastructure as code • Consistent environment from development to production • Application isolation without an extra copy of the OS • Server consolidation, thinner deployments • Rapid deployment and scaling Linux Container Building Blocks User Namespaces node:6 ms/aspnetcore:2 openjdk:8 Copy-on- /app/server.js /app/server.dll /app/server.jar write layered /usr/bin/node /usr/bin/dotnet /usr/bin/javaControl groups filesystems /lib64/libc.so /lib64/libc.so /lib64/libc.so 1 CPU 2 CPU 1 CPU 1 GB 4 GB 2 GB syscall Kernel Security profile Security Profiles • Docker supports additional security modules that restrict what containerized processes can do • AppArmor: text-based configuration that restricts access to certain files, network operations, etc. • Docker uses seccomp to restrict system calls performed by the containerized process • The default seccomp profile blocks syscalls like reboot, stime, umount, specific types of socket protocols, and others • See also: Docker seccomp profile, AppArmor for Docker Experiment: Using a Custom Profile (1/4) host% docker run -d --rm microsoft/dotnet:runtime …app host% docker exec -it $CID bash cont# apt update && apt install linux-perf cont# /usr/bin/perf_4.9 record -F 97 -a ..
    [Show full text]
  • Conflict Resolution Via Containerless Filesystem Virtualization
    Dependency Heaven: Conflict Resolution via Containerless Filesystem Virtualization Anonymous Author(s) Abstract previous installation, effectively preventing concurrent ver- Resolving dependency versioning conflicts in applications sions of that library from coexisting. The same is true for is a long-standing problem in software development and packages whose executable names does not change across deployment. Containers have become a popular way to ad- releases; unless the user renames the existing executable dress this problem, allowing programs to be distributed in a files prior to the installation of a new version it is notpos- portable fashion and to run them under strict security con- sible to keep both installations around. The problem with straints. Due to the popularity of this approach, its use has that approach is that it breaks package managers, as the re- started to extend beyond its original aim, with users often named files will not be featured in the package manager’s creating containers bundling entire Linux distributions to database and, consequently, will not be tracked anymore. run mundane executables, incurring hidden performance Further, unless executables depending on the renamed files and maintenance costs. This paper presents an alternative are modified to reflect their new path, users need todefine approach to the problem of versioning resolution applied to which executable to activate at a given time, usually through locally-installed applications, through a virtualization tool tricky management of symbolic
    [Show full text]
  • Snap Creator Framework 4.1.1 Installation Guide
    Snap Creator® Framework 4.1.1 Installation Guide NetApp, Inc. Telephone: +1 (408) 822-6000 Part number: 215-09552_A0 495 East Java Drive Fax: +1 (408) 822-4501 November 2014 Sunnyvale, CA 94089 Support telephone: +1 (888) 463-8277 U.S. Web: www.netapp.com Feedback: [email protected] Table of Contents | 3 Contents What the Snap Creator Framework does .................................................. 5 Snap Creator architecture ............................................................................................ 6 Snap Creator Server ........................................................................................ 6 Snap Creator Agent ......................................................................................... 7 Plug-ins for application integration ................................................................. 7 Preinstallation requirements ....................................................................... 9 Snap Creator installation and configuration requirements .......................................... 9 Downloading the Snap Creator software .................................................................. 11 Creating a Snap Creator user for Data ONTAP ........................................................ 12 Data ONTAP operating in 7-mode ................................................................ 12 Clustered Data ONTAP ................................................................................. 13 Installing Java on Snap Creator hosts ......................................................................
    [Show full text]
  • WAM Tmarm User’S Guide
    WAM TMArm User’s Guide Barrett Technology® Inc. Document: D1001 Version: AA.00 Table of Contents Getting Started ........................................................................................................................................................ 2 Unpacking.............................................................................................................................................................................................2 System Setup.........................................................................................................................................................................................3 System Startup ......................................................................................................................................................................................7 Hardware................................................................................................................................................................. 8 WAM Arm............................................................................................................................................................................................8 WAM Wrist: .......................................................................................................................................................................................11 PC & Control Software........................................................................................................................................
    [Show full text]