LXD: The New Container Hypervisor for Virtualization Security
PARIS—At the OpenStack Summit here, one of the biggest announcements was LXD, a new secure container approach to building a hypervisor that was announced by Mark Shuttleworth, founder of Canonical, the lead commercial sponsor of Ubuntu Linux.
In a video interview with eWEEK, Shuttleworth, explained that LXD is all about and why it is complementary to the Docker container effort that has become increasingly popular over the last year. What LXD provides is a secure system daemon to create LXC (Linux containers). The Docker effort in part, is built on top of LXC and Docker apps will now be able to run in an LXD environment as well.
"LXC is the client, and LXD is the server," Shuttleworth explained. "LXD can run on a whole bunch of nodes and allows you to use LXC to create containers on other machines."
Going a step further, with LXD, Shuttleworth is aiming to bridge the gap between a traditional virtualization hypervisor like Xen or Kernel-based Virtual Machine (KVM) and containers. He explained that a hypervisor runs on a host system and it emulates another server that can then have its own kernel, operating system and application on top.
With a traditional hypervisor, the environment can be secured by the server hardware that keeps a given virtual machine separate from other things running on a system. The overhead of a traditional hypervisor is that another system kernel needs to be emulated and another operating system is needed on top.
In the container model, the deployment can be more optimized as a separate kernel and operating system are not required. Containers are faster than hypervisors from a performance perspective, because there is not the additional overhead of a separate kernel and operating system.
The idea with LXD is that the same type of hardware security that is available to traditional hypervisors will be available for containers.
"So you get the security of a VM that is hardware-enforced and you get the experience of a VM," Shuttleworth said.
The LXD technology is not competitive with what Docker is providing. As Docker founder Solomon Hykes explained to eWEEK in a recent video interview, the Docker story is about more than just containers. Docker is also about a new way to package and deliver applications.
"You will run Docker containers inside of LXD," Shuttleworth said.
Dustin Kirkland, product manager at Canonical added that LXD offers the promise of increased application density on a given server in comparison with a traditional hypervisor.
The LXD technology can run on any Linux operating system and though it is being developed by Ubuntu, it is not specific to Ubuntu. Kirkland noted that for the recent Ubuntu 14.10 release, there is now a technology preview of LXD running with OpenStack. The technology preview is contained in part within a driver called Nova Compute Flex that enables a cloud administrator to start up OpenStack Nova compute instances within Linux containers.
Shuttleworth sees the LXD effort as the next natural step for the hypervisor and he wants to make the technology faster for everybody
"You will literally on any Linux machine just start LXD, and then from anywhere you'll be able to talk to that [service] and say give me containers," Shuttleworth said.
Watch the full video interview below:
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
Read more on "Server OS Spotlight" »