The Wave Drives the Paradigm

Cloud Started by Hypervisors
But subsumed by containers

Hypervisors Virtualize Hardware

Containers Virtualize the Operating System

Quest is to move beyond Infrastructure

By removing management burden from the tenant

In a VM cloud, added to the VM

Service Model of a legacy Cloud (Amazon, Azure)

One of the most powerful assets

Addition and API variation provide lock-in

Container Cloud can be transparent

Same kernel means administrator sees all data structures

And can enter other containers

Also source of container security issues

If admin can do it, how to prevent tenant?

Means management can be provided without additions to image

Easy and lock-in free.

e.g. Bluemix Vulnerability Analyzer

Key to the revolution in devops

Docker is nothing more than an application packaging and transport system

Image drift is a huge VM problem

Immutable images solved that

Irony: VMs can do Immutable Images too

But block device thinking prevented people seeing it

But was the solution too extreme?

Large Enterprise wants full control

Small Business Less so

Also means Cloud Owner can't manage container OS

Barrier to true Application Containers

Even agile DevOps takes too long to get update in place

Mostly Immutable Environment?

Modifications to the base image can be precise

Could allow Cloud Admin to manage patching of Base OS

Big problem is how to describe changes (sha256)

Online patching also requires lower layer overlay to be rw

What if you didn't need an orchestration system?

Self Containerising Applications

Obvious example are scripting languages

Interpreter can be in the host

Script can run in a container

Idea exists today (Amazon Lambda, IBM OpenWhisk)

Execution is more problematic

CPU extensions won the paravirtual war over hypervisors

But in the post hypervisor age do we need them?

Intel Clear Containers

Boot to containers using a hypervisor

Repurpose to run secure Microkernel

And add co-operative extensions for containers alone