Docker, Unikernels and Docker for Mac discusses how Docker spans the continuum of compute by enabling the building, shipping, and running of applications across Linux containers, Windows containers, and soon unikernels. Docker for Mac embeds a hypervisor and extends it with improvements for native packaging, enabling Docker containers to run seamlessly on Mac systems. Unikernels compile application source code into custom operating systems including only required functionality for high performance, efficiency, and security. Docker aims to incorporate unikernels onto a continuum with Linux and Windows containers to allow applications to run from datacenters to clouds to IoT.

1. Docker, Unikernels and
Docker for Mac
Richard Mortier, Docker
@mort___
Thanks to Michael Chiang, Anil Madhavapeddy,
Mano Marks, Suzanne Panoplos, Dave Tucker

2. Transforming the Development Landscape
2
Loosely
Coupled
Many Small
Servers/Devices
~2000 Today
Monolithic
Big Iron
Change
Slowly
Rapidly
Updated

3. Docker Driving the Containerization Movement
Containers as a Service
• Integrated platform for IT and developers
• Commercial technical support provider
Docker Project Sponsor
• Primary contributor and maintainer to Docker project
• 2.4B+ Image Downloads, 2000+ Contributors, 300,000+
Dockerized Applications
About Docker
• 240 employees, $180M+ in funding from 3 of 4 top VC firms
• 10K cloud customers, 75+ F500 customers
3
Gerber, Anna. “The State of Containers and the Docker
Ecosystem: 2015” O’Reilly, September 2015
Docker users already
running in production
40%

4. Docker is the Nexus of Modern App Initiatives
4
Microservices
Cloud DevOps

5. Docker delivers Innovation, Speed and Savings
5 Docker Survey – Feb 2016
Quality
Reported a reduction in
time to identify and
remediate issues
62%
Productivity
Average reduction in time
to onboard new
developers
65%
Innovation
Average increase in
frequency of software
releases with Docker
13X

6. Containerization/Dockerization is a Catalyst
6
Development VM
QA Server
Public CloudDisaster Recovery
Contributor’s LaptopProduction Servers
Production Cluster
Customer Data Center
Queue
DataUser DB
API Endpoint Analytics DB
Web
Frontend Data

7. 7
Microservices
Dev Ops
What does the next
generation application
landscape look like
with microservices?
Self-contained
Portable
Fast
Multi-target
Performant
Secure
…and where do
unikernels fit into this
picture?

8. Docker for Mac / Windows
Embeds a hypervisor, extended with improvements for native packaging
• Sandbox friendly: processes run as non-root, except one network
helper
• Drag ’n’ drop installation: Docker.app is self-contained, installs
symlinks from app bundle into /usr/local
• Embeds Linux: includes an embedded lightweight Linux distribution
optimised for fast boot and stateless operation for containers
Demo!
8

9. Host Integration
Filesystem
• New osxfs engine bind mounts OSX filesystem trees into Docker containers
• Whole filesystem available under /Mac
• Targets for /Users, /Volumes, /private and /tmp exist for common directories
Network
• nat mode uses OSX vmnet framework to provide a system managed NAT
bridge with container’s ports accessed via docker.local
• hostnet translates container traffic into native OSX socket calls to look like it
comes from the Docker for Mac app with container’s ports accessed via
localhost or 0.0.0.0
9

10. Multi-arch Support
10
$ docker run resin/armv7hf-debian uname -a
Linux 7ed2fca7a3f0 4.1.12 #1 SMP Tue Jan 12
10:51:00 UTC 2016 armv7l GNU/Linux
$ docker run justincormack/ppc64le-debian uname -a
Linux edd13885f316 4.1.12 #1 SMP Tue Jan 12
10:51:00 UTC 2016 ppc64le GNU/Linux

11. Docker for Mac / Windows: Unikernel Technology
Goal
Run Docker containers anywhere. But how can we run
Linux containers seamlessly on Linux and Windows?
OLD
VirtualBox with a Linux virtual machine
NEW
Semantic OS translation layers convert filesystem and
network calls from library hypervisor into Mac/Windows
Result?
Native Windows and Mac applications that “just run”
Docker containers
11
An example of using unikernel
libraries in unexpected ways...
Now available in private
beta at beta.docker.com!

12. First, some history...
12
Monolithic Application
Operating System
Kernel

13. ...bare metal to virtualization...
13
Monolithic Application
Operating System
Kernel
Hypervisor
(Xen, VMWare, …)
Monolithic Application
Operating System
Kernel

14. ...from virtualization to microservices...
14
Monolithic Application
Operating System
Kernel
Hypervisor
(Xen, VMWare, …)
Monolithic Application
Operating System
Kernel
Hypervisor
(Xen, VMWare, …)
Operating System
Kernel
HTTP
JSON HTTP
JSON
HTTP
JSON
HTTP
JSON

15. From microservices to… dust clouds
15
Hypervisor
(Xen, VMWare, …)
Operating System
Kernel
Hypervisor
(Xen, VMWare, …)
Bare metal
(ARM, PPC, x86)
HTTP
JSON HTTP
JSON
HTTP
JSON
HTTP
JSON
HTTP
JSON HTTP
JSON
HTTP
JSON
HTTP
JSON

16. Unikernels: What is a Unikernel?
Code you want to run
• Unikernels compile your
source code into a
custom operating system
that includes only the
functionality required by
the application logic.
• Highly responsive
• Efficient
• Scalable
16
Operating system libraries
+
Standalone unikernel
=

17. Unikernels: Not reinventing the general-purpose OS
17
● Not trying to remake Windows or Linux
○ Just restructure them to break up their API chokehold.
○ NetBSD/Rumpkernel is one such example
● The model is “just enough” systems software to run
your application code.
○ Specialisation all the way down the stack.
○ Following the devops philosophy, the application
developer has complete control.
● Open source library base, with liberal licenses.

18. Unikernels: Impact of specialisation?
18
● Performance and Size
○ Unikernels can be kilobytes in size if simple.
○ Similar to the “network appliances” that powered the growth of
the early Internet.
● Multi-target
○ Application logic can be recompiled with different OS libraries
to target platforms such as IoT or JavaScript.
○ Portability against evolution of the cloud. Don’t tie your
application down unless necessary.
● Security and Correctness
○ Type-safety can permeate the entire deployment, not just the
application logic.
○ Mathematical correctness is within reach.

19. ● Management
○ Most functionality is exposed as libraries, but not all.
○ Unikernel lifecycle management that is application-centric.
● Deployment
○ Cloud APIs are not geared towards dust clouds, e.g. per hour
charging.
○ Even Lambda-services still charge for the base deployment.
● Ease of build
○ Cross-compilation
○ Integration with IDE ecosystem.
All of these are classic problems solved by the Docker Platform!
Unikernels: challenges remaining
19

20. Docker Spans the Continuum of Compute
• Build, Ship and Run: Linux Containers, Windows Containers and
soon Unikernels
- No physical infrastructure limitations
- Workloads in the data are on a spectrum from physical machine to container hypervisor
and only Docker platform can wide the scope
- More flexibility for orchestrating hybrid applications
20
add some windows containers

21. Docker with Unikernels
21
Sys Admin Benefits
• No physical infrastructure limitations
• Workloads in the data are on a
spectrum from physical machine to
container hypervisor and only Docker
platform can widen the scope
• More flexibility for orchestrating hybrid
applications
Value to Docker
• Leverage Unikernel Systems team
expertise
• Democratise technology already
used in leading networking and
storage solutions
• Incorporate unikernels onto a
continuum with Linux and Windows
containers
• Dockerize applications from the
datacenter to the cloud to IoT

22. THANK YOU
Richard Mortier
@mort___

23. Docker 1.11: OCI Compliant
23

24. Docker Datacenter
24
Integrated, end-to-end platform for agile application development and
management in production

25. Docker Datacenter readily integrates with existing enterprise systems
25

26. Developer
Freedom
Faster and Easier
Innovation
Smaller, Agile
Teams
Better Resource
Usage
Secure
Portability
Reminder: The Case for Going on This Journey
26

27. 27

28. After
Docker Datacenter delivers central CaaS to enable a transformation to DevOps and microservices
at ADP
28
Monoliths are now micro services applications. Each app
has it’s own container based on the same base image
Teams make requests into a central IT
maintained portal/registry to provision
infrastructure and pull base images
Common services in monoliths are turned
into base applications stored in the Trusted
Registry and available to all app teams
App Service App Service
App A App B
Auth
…more
App Reg
Marketplace
Logging
Auth
Session
…more
App Reg
Logging
Before
App BAuth
App Reg Marketplace
Logging
App Service
Application Teams
Universal Control Plane
App AAuth
App Reg Marketplace
Logging
App Service
App BAuth
App Reg Marketplace
Logging
App Service
App A
Auth
App Reg Marketplace
Logging
App Service
Portability
Authorization
App Registration
Session
Management
Marketplace
Integration
Logging
…more
Trusted Registry

29. Customers Benefitting from Docker
29

30. Customers Using Docker in Production
30
Modern application
platform for DevOps and
microservices
Transform monoliths to
secure and agile DevOps
environments
Moving 90% of all
applications to Docker

31. Gilt CD Innovates Over 100 Times a Day
Before Docker
• From dev-to-deploy: weeks
• 7 Monolithic apps
• Wasted time implementing monolithic IaaS and PaaS
After Docker
• From dev-to-deploy: minutes
• 400+ microservices
• 100+ innovations a day
• Easily burst to cloud burst at peak shopping times
31

32. ING delivers value faster
•
Challenge
• 9+ months to deploy to production
• Poorly rated applications
• Redundant processes and apps
Solution
• Continuous Integration with Docker and adopt DevOps
•
Benefits
• Ready to deploy in 15 minute
• 1,500 deployments per week
• 180 DevOps teams
• CD pipeline transformed in 4 month
32
“Docker gives us more speed and
speed for us is a huge measure of our
transformation.
Getting value to the customers faster,
that’s where Docker helps us.”
Henk Kolk, Chief Architect, ING

33. BBC News Cuts CI Job Time over 60%
Challenge
• Long wait times: 30+ min to schedule and 30+ min a single CI job
• Jobs run sequentially vs. in parallel resulting in more waiting if a job failed
• Workaround process to address unavailable tooling added days to job time
Solution
• Continuous Integration with Docker, Jenkins, AWS
Benefits
• Eliminate wait time to schedule
• Reduce job time to 10 minutes
• More jobs run daily in parallel
• Eliminate workarounds
• Standardization with Flexibility
33

34. Enabling Containers as a Service (CaaS)
34
Developers IT Operations
BUILD
Development Environments
SHIP
Secure Content & Collaboration
RUN
Deploy, Manage, Scale
Docker DatacenterDocker Toolbox