You have heard about containers? You want to know what’s hiding behind the hype? What are the benefits for embedded systems projects?
After looking at an example illustrating how containers can be used to solve the problem of application lifecycle and atomic update, we will discuss how containers work on Linux and how they can be secured. Finally, the audience will learn about how to take advantage of Yocto to generate containers on their own embedded devices.
You can watch the full Webinar on our blog page : https://witekio.com/blog/containers-embedded-systems-webinar
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
Containers demystified webinar detailed
1. 1
Before We Get Started
YES! This session is being recorded
Questions and comments
• You can access the video anytime on Youtube
• Enter into the Q&A window
• We will answer at the end of the session
3. 3
Containers Demystified
Life cycle of your applications and security
Phone
System librairiesUI framework
Host System
Navigation Dashboard
New version of your
Dashboard using Altia?
4. 4
Containers Demystified
Life cycle of your applications and security
Phone
System librairiesUI framework
Host System
Navigation Dashboard
Dashboard
Altia
Containers come packaged
up with everything they
need.
5. 5
Containers Demystified
Life cycle of your applications and security
Phone
System librairiesUI framework
Host System
Navigation
Atomic update of your
container!
Dashboard
Altia
6. 6
Containers Demystified
Life cycle of your applications and security
Phone
System librairiesUI framework
Host System
Navigation
Dashboard
Altia
The new container
is not working
properly? Just
Rollback to the
former version!
Dashboard
7. 7
Containers Demystified
What is a container?
Container Isolation
Source: Freedom Penguin
File system container
File system host system
Libraries
Application 1
Libraries
Linux Kernel
Hardware
8. 8
Containers Demystified
Virtual Machine versus Container
Container Isolation
Libraries
Application 1
Linux kernel
Libraries
Application 1
Hypervisor
Libraries
Linux Kernel
Hardware
• Performance:
• Size:
• Security:
Container VM
Container VM
Container VM
9. 9
Containers Demystified
Namespace
Container 1
Network interface
Process ID
Cgroup
Namespace1
Wrap a particular global system resource in an abstraction that makes it appear to
the processes within the namespace that they have their own isolated instance of
the global resource.
Source: https://lwn.net/Articles/531114/
Container 2
Container 3
10. 10
Containers Demystified
Control Groups
Container 1 < 20% Process scheduler
Memory manager
Network interface
< 100MB
< 10MB/s
Fine-grained control over allocating, prioritizing, denying and managing system
resources
Control Groups
11. 11
Containers Demystified
Control Groups
Container 1 < 20% Process scheduler
Memory manager
Network interface
< 100MB
< 10MB/s
Control Groups
> 100MB
Out Of Memory from Cgroups will kill your container. One container equal one
application!
13. 13
Containers Demystified
Open Container Initiative
Source: DockerCon 2016 + wikipedia
✓ RUNC (used by
docker)
✓ RailCar (developed by
Oracle)
• More than 13 different
implementations of container
runtimes!
• Open industry standards around
container format and runtime
• 2 independent implementations
15. 15
Containers Demystified
Containers on Embedded System
Container
Runtime
Shared
Libraries 1
App2
Shared
Libraries 2
Filesystem
App1
Shared
Libraries 1
Shared
Libraries 2
Filesystem
Filesystem
One file system including the minimum
necessary to run your container runtime
Your containers
16. 16
Containers Demystified
How can we help?
Source: pixabay.com/
• Generate your containers.
• Secure your containers
• Sign your containers
• Transfer your containers
• Roll back your containers