With Triton, Joyent Further Pushes Docker Management to Bare Metal

As it builds even closer ties to Docker, cloud infrastructure company Joyent continues to address what it calls containers’ “limitations” with the release of Triton Elastic Container Infrastructure, a platform designed to radically simplify container deployment in production at scale.
In essence, it allows containers to run on bare metal while eliminating the VM abstraction layer, which Bryan Cantrill, CTO at Joyent, calls “an unnecessary layer of fat.”
“It’s just something else you have to manage, something you have to pre-provision. In terms of elasticity, in terms of performance, in terms of density, it doesn’t actually make sense to run containers inside of VMs and then be running those on physical machines. What you want to do is run a container directly on the principal hardware,” he said.
The challenge to that, he said, has been the Linux substrate used for containers — namely namespaces and cgroups — was really not designed for multi-tenancy, creating security issues that make it either difficult or unwise to deploy Linux containers on bare metal.
The Triton service instead uses Joyent’s SmartOS substrate, which it has been using for around a decade, and also builds on some previous security work done by Sun Microsystems used in the open source variant of Sun Microsystems’ Solaris used in SmartOS.
“That allows us to leverage all our expertise around operations, multi-tenant operations and also allows us to leverage a bunch of technology from networking, in terms of Crossbow, from CFS, to solve some major problems with Docker today around networking, persistence. And as a bonus, we get rid of that VM layer,” he said, which allows clients to manage only containers, not where they’re provisioned physically in the data center.
With Triton, it’s touting:
- Simplified management: Triton virtualizes the entire datacenter as a single, elastic Docker host. Triton provides a suite of real-time introspection and post-mortem debugging tools that allow visibility into each container.
- Security: Triton’s container runtime was built for security isolation first, treating the container as a first-class citizen on the network.
- Networking: Each Triton Docker container has its own unique IP address and offers VXLANs across containers.
- Bare metal performance: Triton’s container runtime leverages OS virtualization and eliminates the need for a hardware hypervisor layer to deliver bare-metal advantages, including lower- latency access to CPU, storage and network resources.
Joyent spent the bulk of last year working on this product, Cantrill said. It involved figuring out how to run Linux binaries inside a SmartOS zone, and also talks with Docker about how to run it on that substrate.
“There we benfitted from the fact that Docker has a surprisingly robust API. It’s surprising because when you download Docker — the Docker client, the Docker command and the Docker server — they are the same binary, which is a little unusual. When you see that, you wonder how well these things will be separated from each other and how well designed the protocol will be, the API, between the client and the server. The remote API in Docker is actually quite robust,” Cantrill said.
“So it was relatively straightforward for us to create a Docker remote API endpoint that to the Docker client looks like the Docker daemon, when actually it’s the Triton stack emulating the Docker daemon.”
Since the Triton stack is based on Joyent’s open source assets, there are three ways companies can use it: as a service from Joyent, as an on-prem product from Joyent or by downloading the open source and running it themselves.
“We believe that new buildout will be 100 percent container-based, and if we’re going to an all-container future it does beg the question, why do we have this VM abstraction that we’re towing with us into the future?” Cantrill said.
“We believe that VM abstraction doesn’t really have a place in the future other than running legacy workloads. Pretty much all the other vendors out there are going to be running containers in a hardware-virtualized VM.”
While Amazon Web Services is Joyent’s most formidable competitor, its rivals include initiatives such as OpenStack and CloudStack. The company, which has been focused on containers for more than a decade, has latched onto Docker’s rapid rise in popularity to fuel a resurgence.
In October the company announced it had raised another $15 million, bringing total investment in the company to $120 million. Within a couple of weeks, it announced it would open source its core technology: SmartDataCenter, its container-based orchestration software, and the multi-tenant ZFS-based Manta object storage platform.
In December it announced the integration of Docker Engine into SmartDataCenter, and a platform for running Linux applications, including those running in Docker containers, natively on secure OS virtualization without an intervening hardware hypervisor. The company also announced Linux Branded Zones (LXz), a new platform for container deployments.
Feature image via Flickr Creative Commons.