Bare Metal Performance with the Security of a VM
What if you could have the unbreakable security of a VM but the performance of a container? That’s what SmartOS, a Unix-based hypervisor OS of OpenSolaris pedigree, can offer. Anyone who has been in IT long enough would know that Docker, nor LXC/LXD were the first container runtimes, not by far. Skip back in time towards BSD jails and chroot, and from that time, you’ll discover Solaris Zones, which is probably the “best kept secret” in the datacenter virtualization world.
Zones are strongly isolated container environments that provide the illusion of an operating system to the applications running inside of them, much like Docker containers. In SmartOS, the emulated kernel can either be that of SmartOS itself, or Linux in the case of an LX-branded zone. Without the overhead of virtualizing the hardware, SmartOS zones provide a partitioned virtual OS with nearly native performance. Unlike a Docker container, there are no known exploits where a rogue SmartOS zone broke out of its container and achieved root escalation on the host machine.
Here’s another difference. SmartOS requires local storage formatted with the ZFS file system, which FreeBSD and other Unix users are well-acquainted with. Most Linux distributions don’t support ZFS out of the box, but its a fixture of most Unix-based operating systems. Advantages of ZFS compared to other file systems include the ability to recover from disk failures by automatically rebuilding a degraded zpool and taking snapshots of the stored data instantly. ZFS also makes use of ECC RAM found in enterprise-grade servers to prevent “data rot” from “flipped bit” errors which arise from data corruption. As a Copy on Write (CoW) file system, ZFS boasts high performance that handily rivals a conventional RAID array.
Who’s behind SmartOS?
SmartOS is now maintained by Joyent, a Samsung company that operates the Triton Public Cloud, a fully SmartOS powered public cloud. Some of the smartest minds who forked the Solaris project after Sun Microsystems was acquired by Oracle are on Joyent’s engineering team.
Today, SmartOS is based on the Iluminos kernel, a subsequent fork of OpenSolaris. For the foreseeable future, SmartOS will continue to be under active development with Samsung’s financial backing. Many other Solaris projects have been abandoned, but luckily, this isn’t a significant concern for anyone considering SmartOS for their IT infrastructure.
Can I run Docker containers in SmartOS Zones?
Yes, you can. Developers & operations teams unequivocally consider Docker to be the de-facto standard for building and shipping containers. Although LX branded zones don’t have the kernel features to run Docker directly, Joyent ported the Docker API to Triton Datacenter. Running a Docker container with Triton Datacenter (or Triton Public Cloud) spins up a SmartOS zone behind the scenes, and launches your container within that zone. Each Docker container has its own zone, which is a boon for security.
You can use most docker commands and pull images from the Docker Hub, or a private registry of your own, although features like inter-container networking and volumes are handled differently. Each zone, and by extension, each Docker container is assigned its own NIC(s) instead of simply being bridged over to the host’s network. Docker containers running in SmartOS are assumed to be mostly stateless and don’t have persistent storage on the host. Instead, an object store can be used to hold snapshots of persistent data, such as databases. Each time a database container fails, a new one can be brought up and quickly replicate the data from the master node.
Does SmartOS also support KVM?
Again, the answer is yes. Although the SmartOS preferred mode of virtualization is Joyent zones, the developers ported KVM support from Linux, thus giving you hardware virtualization. It cannot be overstated how this is an incredible engineering feat; KVM relies on complex features in the Linux kernel, yet this was refactored for SmartOS which is 100% Unix. Therefore, if your workloads require KVM, SmartOS can still be your hypervisor of choice.
Using the imgadm and vmadm command line utilities in SmartOS, you can spin up Joyent zones (Solaris-style bare metal containers), Docker containers and KVMs all with the same commands. This makes SmartOS an excellent all-in-one solution.
What is the relationship of Triton DataCenter to SmartOS?
Triton DataCenter is a cloud management solution for running your own private cloud based on SmartOS. The Triton Public Cloud also runs Triton DataCenter, formerly known as SmartDataCenter, but it can certainly be self-hosted as well.
With Triton DataCenter, you can manage the packages that you want to offer to your users, as well as what operating system images you want to make available. A Triton DataCenter cluster consists of at least one headnode, which intelligently schedules containers and SmartOS zones to run across all the compute nodes you have. Other compute nodes can pick up the slack for a compute node that becomes incapacitated, making Triton DataCenter the ideal platform for a powerful computing fabric.
Building a Triton DataCenter cluster isn’t for the faint of heart, and asking for advice from a professional services provider who’s done it before can certainly help. It’s possible to run Triton Datacenter as a single node, but bringing up guest operating systems on the headnode is mostly done for testing purposes. If you simply want a bare metal hypervisor for a single machine, SmartOS would be a better choice without the additional configuration and resource demands of Triton DataCenter.