We're **crazy** excited to have Bryan Cantrill (http://dtrace.org/blogs/bmc/), CTO of Joyent, formerly of Sun Microsystems, presenting on Jails: Confining the omnipotent root. (https://us-east.manta.joyent.com/bcantrill/public/ppwl-cantrill-jails.pdf) by Poul-Henning Kamp and Robert Watson and Solaris Zones: Operating System Support for Consolidating Commercial Workloads (https://us-east.manta.joyent.com/bcantrill/public/ppwl-cantrill-zones.pdf) by Dan Price and Andy Tucker!
You can also catch Bryan presenting at the NYC Container Summit (http://containersummit.io/events/nyc-2016) on February 10th, which also is hosting an advanced technical track (https://www.eventbrite.com/e/container-summit-advanced-technical-track-tickets-20708946015), which includes hand-on tutorials! Also, watch this amazing illumos presentation (https://www.youtube.com/watch?v=-zRN7XLCRhc) by Bryan in 2011!
Jails: Confining the omnipotent root.
The traditional UNIX security model is simple but inexpressive. Adding fine-grained access control improves the expressiveness, but often dramatically increases both the cost of system management and implementation complexity. In environments with a more complex management model, with delegation of some management functions to parties under varying degrees of trust, the base UNIX model and most natural extensions are inappropriate at best. Where multiple mutually untrusting parties are introduced, ‘‘inappropriate’’ rapidly transitions to‘‘nightmarish’’, especially with regards to data integrity and privacy protection. The FreeBSD ‘‘Jail’’ facility provides the ability to partition the operating system environment, while maintaining the simplicity of the UNIX‘‘root’’ model. In Jail, users with privilege find that the scope of their requests is limited to the jail, allowing system administrators to delegate management capabilities for each virtual machine environment. Creating virtual machines in this manner has many potential uses; the most popular thus far has been for providing virtual machine services in Internet Service Provider environments.
Solaris Zones: Operating System Support for Consolidating Commercial Workloads
Server consolidation, which allows multiple workloads to run on the same system, has become increasingly important as a way to improve the utilization of computing resources and reduce costs. Consolidation is common in mainframe environments, where technology to support running multiple workloads and even multiple operating systems on the same hardware has been evolving since the late 1960’s. This technology is now becoming an important differentiator in the UNIX and Linux server market as well, both at the low end (virtual web hosting) and high end(traditional data center server consolidation).This paper introduces Solaris Zones (zones), a fully realized solution for server consolidation projects in a commercial UNIX operating system. By creating virtualized application execution environments within a single instance of the operating system, the facility strikes a unique balance between competing requirements. On the one hand, a system with multiple workloads needs to run those workloads in isolation, to ensure that applications can neither observe data from other applications nor affect their operation. It must also prevent applications from over-consuming system resources. On the other hand, the system as a whole has to be flexible, manageable, and observable, in order to reduce administrative costs and increase efficiency. By focusing on the support of multiple application environments rather than multiple operating system instances, zones meets isolation requirements without sacrificing manageability.
Bryan Cantrill is the CTO at Joyent, where he oversees worldwide development of the SmartOS (http://smartos.org/) and SmartDataCenter (https://www.joyent.com/private-cloud) platforms, and the Node.js (http://nodejs.org/) platform. Prior to joining Joyent, Bryan served as a Distinguished Engineer at Sun Microsystems, where he spent over a decade working on system software, from the guts of the kernel to client-code on the browser. In particular, he co-designed and implemented DTrace, a facility for dynamic instrumentation of production systems that won the Wall Street Journal's top Technology Innovation Award in 2006 and the USENIX Software Tools User Group Award in 2008. Bryan also co-founded the Fishworks group at Sun, where he designed and implemented the DTrace-based analytics facility for the Sun Storage 7000 series of appliances.
Bryan received the ScB magna cum laude with honors in Computer Science from Brown University.
TwoSigma (https://www.twosigma.com/) - Platinum Sponsor of the New York chapter
Doors open at 7 pm; the presentation will begin at 7:30 pm; and, yes, there will be refreshments of all kinds and pizza.
After Bryan presents the paper, we will open up the floor to discussion and questions.
We hope that you'll read the paper before the meetup, but don't stress if you can't. If you have any questions, thoughts, or related information, please visit #pwlnyc (https://paperswelove.slack.com/messages/pwlnyc/) on slack (http://papersweloveslack.herokuapp.com/), our GitHub repository (https://github.com/papers-we-love/papers-we-love), where you can also find the papers (https://github.com/papers-we-love/papers-we-love/tree/master/operating_systems), or add to the discussion on this event's thread.
Additionally, if you have any papers you want to add to the repository above (papers that you love!), please send us a pull request (https://github.com/papers-we-love/papers-we-love/pulls). Also, if you have any ideas/questions about this meetup or the Papers-We-Love org, just open up an issue.
February's meetup is sponsored by