White Paper

Server

Docker in SUSE Linux

Enterprise Server 12

Table of Contents
page
Executive Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Challenges in Development and Operations Today. . . . . . . . 2
Docker and Containers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Enterprise Use Cases for Docker. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Docker in SUSE Linux Enterprise Server 12. . . . . . . . . . . . . . . . . . . . . . 4
Whats Coming. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Next Steps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Server White Paper

Docker in SUSE Linux Enterprise Server 12

Executive Summary

Before virtualization, to bring up a new server took

days; virtualization reduced the time to minutes; and,
now, with containers and Docker, it takes just seconds.
SUSE Linux Enterprise Server 12 includes support for
Docker, an open source technology that automates the
deployment of applications inside Linux Containers.

Docker from SUSE provides customers with enterprise-focused

features and easy-to-use tools that improve operational efficiency and allow you to more easily and fully use innovations in
the Docker space.

Challenges in Development and Operations Today

Given constant requests for newer features and faster delivery
from end users, both enterprise application development and
data center operation teams are facing more and more challenges in improving their collaboration.
Their first challenge is how to reconcile the conflict between
frequent releases versus staged production schedules. On the
one hand, developers want to release new revisions of codes
frequently, in days, to the operations team. On the other hand, to
maintain data center stability and uptime, the operations team
normally uses staged deployment, e.g., to include new codes
once a month.
Second, the development environment and production environment, although managed to be identical, in reality have some
differences. There may be some minor differences in the libraries
or the runtime that could create incompatibility issues and cause
downtime. Whats worse, these issues are hard to find before
the application is actually running. And this causes conflict between the teams: for example, It works on my dev machine, so
its operations problem.

Finally, operations teams are facing time-to-market pressure and

need more options for efficiency and utilization. Virtualization
is helping in some aspects. But if customers need a more dense
solution, traditional virtualization cannot do more, due to the
resource isolation nature among virtual machines (VMs). For
example, you cannot optimize the disk utilization among VMs
because each VMs images are fully independent.
Docker, as an innovative framework based on Linux Containers,
provides an efficient way to address all these challenges.

Docker and Containers

Containers have a long history in computing. They were initially introduced in the UNIX age and can still be seen in some
UNIX platforms today. Unlike hypervisor virtualization, where
one or more independent machines run virtually on physical
hardware via an intermediation layer, containers instead run in
user space on top of an operating systems kernel. As a result,
container virtualization is often called operating system (OS)level virtualization.
SUSE has been supporting Linux Containers since SUSE Linux
Enterprise Server 11 SP2 was introduced in 2012. This technology provides customers with highly efficient and low overhead
OS-level virtualization. Also, its designed to work well with other
virtualization technologies supported by the distribution.

Table 1Comparison of a Virtual Machine (VM) and a Container

OS environment

VM
Full OS is needed for each VM

Container
Containers share the same kernel

Virtualization mechanism

Emulation of a physical computing environment.

No hypervisors, no hardware emulation. Rely on kernel

Virtualization type

Full virtualization or para-virtualization

OS-level virtualization

OS-supported

Any OS is supported

Must be an instance of Linux

Resource sharing

High-level resource management policies

Access to resource over normal user space/IPC facilities

Start/boot speed

Slow (OS boot)

Fast

Overhead

High

Low

Virtualization level

Hardware

Software

Sharing with the host

Complex due to isolation between host and VM

Easy: host sees everything; containers see their own

Security

Secure isolation yet larger attack surface (VM OS and

Less secure than VMs.

hypervisor)

Docker, an open-source engine that automates the deployment

of applications into containers, adds an application deployment
engine on top of a virtualized container execution environment.
Its designed to provide a lightweight and fast environment in
which to run your code as well as an efficient workflow to get
that code from your laptop to your test environment and then
into production, minimizing incompatibility issues. On a very high
level, Docker is:
Lightweight and easy. Docker is fast. You can quickly
create containers running your applications. Most Docker
containers take less than a second to launch. And as recent
research* shows, containers have near native performance.
This is thanks to the removal of the overhead of the hyper
visor. Moreover, Docker offers an advanced multi-layered
unification file system (AUFS) that allows efficient disk
utilization and easy OS resource sharing.
Application-centric. Docker focuses on application output
without worrying about virtual system details, so its a highly
developer-friendly methodology. Docker is designed to
enhance consistency by ensuring the environment in which
your developers write code matches the environments into
which your applications are deployed.
__________
*http://domino.research.ibm.com/library/cyberdig.nsf/papers/
0929052195DD819C85257D2300681E7B/$File/rc25482.pdf

www.suse.com

namespace and cgroups

Fast, efficient deployment life cycle. Docker aims to reduce

the cycle time between code being written and code being
tested, deployed and used. It aims to make your applications
portable, easy to build and easy to collaborate on.

Enterprise Use Cases for Docker

As a new technology, Docker is evolving. And its use cases in
enterprises are evolving, too. Here are some typical cases:
Devops. Docker is ideal for quickly setting up development
and test environments as well as sandboxes. Compared to
a VM, its more efficient with less overhead. In addition,
Docker offers better segregation of duties for devops to
improve efficiency; developers need to focus only on their
applications running inside containers while operations
focuses on managing the containers. Finally, Docker can
be easily integrated into a devops tool stack such as
Jenkins to achieve better workflow automation and
continuous integration.
Server consolidation. The low overhead and layered image
system of Docker containers improve the server consoli
dation ratio. By removing a guest OS, Docker containers
can have two to three times the density (number of virtual
environments) of a regular VM. This provides many benefits
to customers, e.g., hosting companies that want to reduce
their costs by running more virtual environments on existing
hardware platforms.

Server White Paper

Docker in SUSE Linux Enterprise Server 12

Platform-as-a-Service (PaaS) and managed services.

Docker can be used to build a multi-tenant PaaS infrastruc
ture because it is easy and inexpensive to create isolated
environments for running multiple instances of app tiers
for each tenant. This is possible given the spin-up speed of
Docker environments and effective tools. Also, Docker helps
to run stand-alone services and applications consistently
across multiple environments, a capability especially useful
in service-oriented architectures (SOA) and deployments
that rely heavily on micro-services.

Figure 1Portus Graphical User Interface

Docker in SUSE Linux Enterprise Server 12

SUSE Linux Enterprise Server is designed to provide better operational efficiencies to enterprise customers by including bestof-breed open source technologies. Just like its support of Linux
Containers and dual hypervisors, namely Xen and KVM, SUSE
Linux Enterprise Server 12, the latest major version, includes
support for Docker as a complementary virtualization option
for customers with the following advantages:
Enterprise-ready. Fully supported with a SUSE Linux
Enterprise Server 12 subscription, Docker from SUSE
is enterprise-ready. It provides pre-built images from a
standard repository, a trusted source that is verified and
distributed by SUSE. Whats more, you can set up an onpremise registry behind the enterprise firewall, minimizing
exposure to malicious attacks, and have better control of
your IP. Portus, an open source front-end for an on-premise
Docker registry, is included as a technology preview.
With Portus, you can have authorization, as well as a user
interface and search functions, for your on-premise Docker
registry, improving security and productivity. The authori
zation function of Portus allows enterprise users to control
the access to Docker images and enhances data security.

Improves operational efficiency. Docker and containers

from SUSE allow you to complement existing virtualization
technologies to improve operational efficiency. SUSE Linux
Enterprise Server has already included Xen and KVM sup
port as hypervisor options. It is a perfect guest to run in vir
tual and cloud environment, too. With Docker in SUSE Linux
Enterprise Server, you may build, ship and run containerized
applications in physical, virtual or cloud environments, wher
ever it makes sense for you in terms of cost and efficiency.
Easy-to-use tools. SUSE offers easy-to-use tools to build,
deploy and manage Docker. YaST has been the most ef
ficient management framework for SUSE Linux Enterprise.
Now you can use the YaST interface to get a simple over
view of the available Docker images, run Docker containers
and easily control running containers. Besides the build tools
included in Docker, you can get KIWI, a flexible goldenimage building tool that allows you to configure once and
create output formats including Docker. SUSE also offers
a convenience tool called sle2dockerthat can be used
to activate pre-built images delivered by SUSE.

Figure 2YaST Interface for Containers

Figure 3Diagram of Docker in SUSE Linux Enterprise

Server 12

Better security, compliance and life cycle management.

The integration with SUSE Manager, a comprehensive tool
for Linux management, will make it possible to patch and
update Docker images in the registry. With this feature, .
customers will have better control of the security,
compliance and life cycle of Docker images.
Docker is planned to be available on more hardware
architectures such as IBM POWER and IBM zSystem. .
The current Docker offering is based on x86_64 only.
Docker containers integration with SUSE OpenStack
Cloud. With this integration, you can leverage the SUSE
OpenStack Cloud functions of automation and self-service to
manipulate containers just like you manipulate regular VMs.
Increased integration with the Open Build Service, an open
system for building and distributing Linux images, including
Docker, in an automatic, consistent and productive way. .
The integration aims to provide an easy image building
environment that can be used to provide always up-to-.
date images.

Next Steps
To learn more about Docker:

Whats Coming
SUSE has a dedicated team working on the latest Docker projects to make them a better fit for enterprise uses in the following areas:

www.suse.com

Watch the Docker mini-course from SUSE at:.

www.suse.com/promo/docker.html
Try a 60-day free trial of SUSE Linux Enterprise Server 12 at:
www.suse.com/products/server/download/
View the SUSE Docker Quick Start Documentation at:
www.suse.com/documentation/sles-12/singlehtml/
dockerquick/dockerquick.html

Contact your local SUSE Solutions Provider,

or call SUSE at:
1 800 796 3700 U.S./Canada
1 801 861 4500 Worldwide
SUSE
Maxfeldstrasse 5
90409 Nuremberg
Germany

www.suse.com

262-002517-002 | 06/15 | 2015 SUSE LLC. All rights reserved. SUSE, the SUSE logo and YaST are registered trademarks of SUSE LLC in the
United States and other countries. All third-party trademarks are the property of their respective owners.