Professional Documents
Culture Documents
Apeksha Seminar Report
Apeksha Seminar Report
Apeksha Seminar Report
Submitted by
Apeksha Pradeep Kamble
In partial fulfilment of
T.Y. B.Tech (Sem – V)
(Department of Computer Science & Engineering)
Guided by
Dr. V.B.Kamble Sir
(2021 - 2022)
I
CERTIFICATE
has successfully submitted seminar under my supervision and guidance in partial fulfilment
in Sem V - T.Y. B.Tech in Computer Engineering of Dr. Babasaheb Ambedkar Technological
University, Lonere (Raigad).
Place: Aurangabad
Date:22-01-2022
Dr.V.B Kamble
Name of guide
Guide Head of Department
Principal
II
Contents
List of Abbreviations
List of Figures
List of Tables
List of Graphs
III
Sr no. Name of chapter Page
1 INTRODUCTION 1
2 LITERATURE SURVEY 6
3 WORKING 9
4.1 Speed 13
4.2 Portability 13
4.3 Scalability 13
4.5Density 13
6 REFERNCE 14
7 CONCLUSION 15
8 ACKNOWDEGMENT 15
IV
1 INTRODUCTION
1.1.0 Introduction of Docker
1
1.1.2 History of Docker
Docker Inc. was founded by Kamel Founadi, Solomon Hykes, and Sebastien Pahl during the Y
Combinator Summer 2010 start-up incubator group and launched in 2011.The startup was also
one of the 12 startups in Founder's Den first cohort. Hykes started the Docker project in France
as an internal project within dotCloud, a platform-as-a-service company.
Docker debuted to the public in Santa Clara at PyCon in 2013. It was released as open-source in
March 2013.At the time, it used LXC as its default execution environment. A year later, with the
release of version 0.9, Docker replaced LXC with its own component, libcontainer, which was
written in the Go programming language. In 2017, Docker created the Moby project for open
research and development.
Adoption
September 19, 2013: Red Hat and Docker announced a collaboration around Fedora, Red
Hat Enterprise Linux (RHEL), and Open Shift.
October 15, 2014: Microsoft announced the integration of the Docker engine into Windows
Server, as well as native support for the Docker client role in Windows.
November 2014: Docker container services were announced for the Amazon Elastic
Compute Cloud (EC2)
November 10, 2014: Docker announced a partnership with Stratoscale.
December 4, 2014: IBM announced a strategic partnership with Docker that enables Docker
to integrate more closely with the IBM Cloud.
June 22, 2015: Docker and several other companies announced that they are working on a
new vendor and operating-system-independent standard for software containers.
December 2015: Oracle Cloud added Docker container support after acquiring Stack Engine,
a Docker container startup.
April 2016: Windocks, an independent ISV released a port of Docker's open source project
to Windows, supporting Windows Server 2012 R2 and Server 2016, with all editions of SQL
Server 2008 onward.
May 2016: analysis showed the following organizations as main contributors to Docker: The
Docker team, Cisco, Google, Huawei, IBM, Microsoft, and Red Hat.
June 8, 2016: Microsoft announced that Docker could now be used natively on Windows 10.
January 2017: An analysis of LinkedIn profile mentions showed Docker presence grew by
160% in 2016.
May 6, 2019: Microsoft announced the second version of Windows Subsystem for
Linux (WSL). Docker, Inc. announced that it has started working on a version of Docker for
Windows that runs on WSL 2. In particular, this means Docker can run on Windows 10
Home (previously it was limited to Windows Pro and Enterprise since it used Hyper-V).
2
August 2020: Microsoft announced back port of WSL2 to Windows 10 versions 1903 and
1909 (previously WSL2 was available only on version 2004) and Docker developers
announced availability of Docker for these platforms.
August 2021: Docker Desktop is no longer free for enterprise users. Docker ended free Docker
Desktop use for larger business customers and replaced its free plan with a Personal plan.
Future scope: Docker also helps with DevOps because it simplifies deployment and scaling,
and that's why Every DevOps engineer should learn Docker in 2022.
Docker can be explained as a client and server based application, as depicted in Figure 1. The
docker server gets the request from the docker client and then process it accordingly. The
complete Restful (Representational state transfer) API and a command line client binary are
shipped by docker. Docker daemon/server and docker client can be run on the same machine
or a local docker client can be connected with a remote server or daemon, which is running on
another machine
3
1.2.2 Docker Images
There are two methods to build an image. The first one is to build an image by using a read-
only template. The foundation of every image is a base image. Operating system images are
basically the base images, such as Ubuntu 14.04 LTS, or Fedora 20. The images of operating
system create a container with an ability of complete running OS. Base image can also be
created from the scratch. Required applications can be added to the base image by modifying
it, but it is necessary to build a new image. The process of building a new image is called
“committing a change”. The second method is to create a docker file. The docker file contains
a list of instructions when “Docker build” command is run from the bash terminal it follows all
the instructions given in the docker file and builds an image. This is an automated way of
building an image.
Docker images are placed in docker registries. It works correspondingly to source code
repositories where images can be pushed or pulled from a single source. There are two types of
registries, public and private. Docker Hub is called a public registry where everyone can pull
available images and push their own images without creating an image from the scratch.
Images can be distributed to a particular area (public or private) by using docker hub feature
4
Virtualization is an old concept, which has been in used in cloud computing, after IaaS has been
accepted as a crucial technique for system constitution, resource provisioning, and multi-tenancy.
Virtualized resources play the main role in solving the problems using the core technique of
cloud computing. The Figure 2 shows the architecture of the virtual machine Hypervisor is lying
between host and guest operating systems. It is a virtual platform and it handles more than one
operating system in the server. It works between the operating system and CPU. The
virtualization divides it into two segments: the first one is Para-Virtualization and the second one
is Full Virtualization [3]. Figure 3 depicts the architecture of the Docker Container. Linux
containers are managed by the docker tool and it is used as a method of operating system level
virtualization. Figure 3 shows that in single control host there are many Linux containers, which
are isolated. Resources such as Network, Memory, CPU, and Block I/O are allocated by Linux
kernel and it also deals with cgroups without starting virtualization machine [8]. According to
Waldspurger (2002), in the Linux containers, an architecture is to manage CPU and distribute its
resources more proficiently. In any example of Hyper-V or VMWare, because of overhead
incurred, it is not easy to run more than ten virtual machines [13]. Up to a great extent, this issue
has been solved by the containers. Containers only utilize those resources, which are needed for
the services or applications. Therefore, on a weak configured machine, above 50 requests of the
containers can be executed. For example, suppose an organisation provides email security
services. The major functions of these services are to check emails for viruses, spam, and
malware. Moreover, it could manage to transfer messages to the agent, logs and report delivery
failure if the product is installed in the cloud [10]. Mostly in these cases, there is no use of any
associated dependencies or OS level libraries or any kernel data structure. Therefore, it is
worthwhile to containerized every component by sandboxing them utilizing OpenVZ or Docker
instead of having virtual machines. In many enterprises, virtual machines are used to perform
element testing. In this process, a lot of CPU resources and memory space are consumed.
Whereas, container technology provides a guarantee to their users that excess of a workload
would not affect the efficiency of the resources. The container takes less time for installation as
compared to virtual machines, so the adaptability of containers is much higher than VMs.
Furthermore, both Docker and OpenVZ have been under great examination in terms of their
security aspects. When isolation is reduced, it directly affects the security, which also decreases
rapidly. Root users of Linux can easily get access to containers as containers also use the same
kernel and operating system. The isolation of docker is not as strong as a virtual machine, even
though docker isolates the application, which is running in the docker container from its primary
host. Additionally, it is possible that some of the applications would not be able to run in a
containerized
5
Fig. 3 Docker Container architecture
2 LITERATURE SURVEY
2.1.0 Research Papers
Abstract. With the rapid development of virtualization technology, security issues have also
become increasingly prominent. All kinds of virtualization platforms use access control
mechanisms to prevent illegal or legal entities from illegally accessing unauthorized resources.
This paper discusses the access control mechanism adopted in Docker container, analyzes its
shortcomings, and proposes a DRBAC based Docker role access control mechanism. This
method is based on the role allocation method, dynamically expands the existing model, and
adds a role access control mechanism to the Docker container. Through the distributed trust
management and access control mechanism of DRBAC, we can solve the hidden danger brought
by the main body because of delegated authority to other entities autonomously. When the
system accesses Docker resources, this method can effectively control the access management
and delegate problem of the main body. In this way, we improve the access security of Docker
container to host resources.
1. Background: With the rapid development and popularization of cloud technology, the high
performance and portability of container technology are becoming more and more popular;
which are widely concerned and widely promoted [1]. But the security of access between the
container and the host is also greatly challenged. Access control technology is utilized to make
6
sure that unauthorized information system resources are not accessed illegally by authorized or
unauthorized entities. As a basic important safety technology, it is widely used in all kinds of
information system and operating systems.
PKI technology: PKI technology is based on public key technology and relies on digital
certificates to bind the information of entities on the network to their respective public keys. Our
methods established a secure and reliable network environment for users.it automatically
manages keys and certificates based on which users can use data encryption and digital signature
techniques to verify the identity of users on the Internet in a variety of applications. In order to
ensure the authenticity, integrity.
Certification(CA)
Secret key
Registration
management Certificate issuance
Authority(RA)
center(KMC)
Certificate acquisition
Publishing system
application interface
Two ordinary users A_u and B_u are created. At the same time we specify the roles that these
two users can be related to. User B_u can only use the B_r role, while A_u can only use A_r. A
prefix is specified for the user's home directory type. For user A, the administrator specify the
user name and extend the home directory to A_home_dir_t, and use A_home_t for files in that
directory. At this point, the allocation of users and roles is completed. The description is showed
in Figure.
Create three docker containers in the same image, using autonomous access control, mandatory
access control and dynamic role access control to assign role permissions. Authorize this role to
another user. Under the condition of autonomous access control, another user appears to be out
of step. Root can both write files and read permissions, contrary to the original permissions.
When dynamic role access control or mandatory access control is used, user permissions can be
granted correctly according to the original permission relationship. However, in the case of
multi-tenant docker, mandatory access control cannot manage the permissions of different
tenants and distribute them in time, while dynamic role access control can achieve the purpose of
7
securely distributing role permissions. The experimental results show that dynamic role access
control is more secure. The results of the experiment are shown in Table
References
[1] Lu Tao, Chen Jie, Shi Jun. Research of Docker Security. Computer technology and
development, 1-6, (2018).
[2] Yang Wenlin, Tan Xi, Guo Junting, Wang Shuo. The Vulnerability Analysis and Security
Enhancement of Docker. Information security and technology, 21-23+55, (2016).
[3] Wang Yu Ding, Yang Jiahai, Xu Cong, Ling Xiao, Yang. Survey on Access Control
Technologies for Cloud Computing. Software journal, 1129-1150, (2015).
8
3 WORKING
3.1 Docker Performance
Seo et al. (2014) used two servers with the same configuration in the cloud environment. One
server was used for docker and the other one was for an Open Stack platform for KVM by means
of a virtualization tool. According to him, a VM works independently. This factor make it easy
to apply and manage the policy of network, security, user, and the system. However, docker does
not contain a guest operating system. Therefore, it takes very little time in distributing and
gathering images. The boot time is also very short. These are the main advantages of utilizing
Docker Cloud as compared with VM Cloud. Scheepers (2014) compares LXC and Xen
virtualization technologies to benchmark some applications. He explains that Xen would be a
better choice in the sense of equally distributing resources, performance is not dependent on the
other tasks, and it is executed on the same machine. However, LXC is much better in the sense
of getting most of the hardware resources or for the execution of smaller isolated processes. In
private and dot clouds, LXC is a better option. Felter et al. (2014) evaluate the performance of
three different environments, Native, Docker, and KVM. He clarifies that containers and VMs
are both mature innovation that has profited from last 10 years of incremental equipment and
programming enhancements. According to this research, docker is equivalent to or surpasses
KVM execution for each situation they tried. Their outcomes demonstrate that both KVM and
docker present irrelevant overhead for CPU and memory execution. It has also been shown that
the overall performance of docker is better than the Local Host, as the applications were
executed and responded faster than in Local Host. Moreover, fewer hardware resources were
used in docker container to perform the tasks. Docker is really a future demanding technology.
As users and developers would know more about the docker and its capabilities then they would
consider replacing traditional virtualization with docker technology. Docker provides many
simple and useful features. To get the best performance and results, it is highly recommended to
move up from the default configuration. Containers provide advanced density, better
performance, scalability, and usability as compared with traditional virtualization because
containers smartly utilize its resources, which reduce the chance of unnecessary overhead.
Containers are better in performance than virtual machine, because containers take less start-up
time. Docker has removed the biggest issue of “dependency”. Now containers have all of their
required dependencies, which help containers to be properly built, and to execute them in any
docker environment. An additional layer of isolation is provided by the container, which
increases the containers’ security. Docker is not as insecure as people normally think, but it
provides a complete protection.
9
3.2 Docker vs. other Container Technology
In this section, the performance of application virtualization and the performance of the docker
container will be discussed, and the evaluation of other containerize technology will be compared and
reviewed. Seo et al. (2014) summarize that there is no guest OS of docker in the cloud, so the storage
and the wastage of CPU resources are less [8]. The images are not disturbed; boot time is faster and the
time of generating the images is short. These are the benefits of docker cloud in comparison with VM
Cloud. They used two similar servers with the same configuration in the cloud environment. One server
was used for docker and the other one was for an Open Stack platform for KVM
To calculate the approximate boot-time, 20 images were generated on each server and boot
time was checked. Figure 4 shows that the boot time of docker is lesser than the boot time of
KVM. Docker uses the Host OS, whereas KVM uses Guest OS. Thus, the boot time of
docker is shorter than the boot time of KVM.
Shows the calculation speed of docker is slightly faster than the calculation speed of the VM
Seo et al. (2014) concluded that VM works independently [8]. This is one of the reasons that it is
easy to apply and manage the policy of network, security, user, and the system. However, docker
10
does not contain a guest operating System. Therefore, it takes very less time in distributing and
gathering images. Its boot time is also very short. These are the main advantages of utilizing
docker cloud as compared with VM Cloud
Shows that LXC experienced less overhead as compared to Xen when the SELECT query
was run. The focus on running this benchmark process is to see the utilization of the CPU
and the performance of the Network speed because these are the main resources consumed
in this test.
Graph 4 Shows that in Xen setup, it took 16 seconds to accomplish when the
INSERT query was run in the database, whereas in LXC setup it took longer–around
335 seconds. This reveals the inability of LXC container to isolate resources
efficiently.
Felter et al. (2014) evaluated the performance of three different environments, Native, Docker,
and KVM [3]. Overhead issues are also highlighted in their research. Scenarios were investigated
where more than one hardware resource was completely utilized. To perform the tests, they used
an IBM x3650 M4 server, 16 core processors of Xeon E5-2665, Two Intel Sandy Bridge-EP of
11
2.4 - 3.0 GHz and 256 GB of RAM. To make a non-uniform memory access, two processors
were linked together with QPI link. Cloud providers also use this kind of similar Server. The
base operating system was Ubuntu 13.10, docker version 1.0, Linux kernel 3.11.0, libvirt version
1.1.1 and QEMU 1.5.0. This Figure 8 shows that the average size of 1 MB was used for I/O,
little over 60 seconds by measuring the performance of sequential read and write. In this case,
slight overhead can be seen by Docker and KVM. In other cases, KVM has almost a four times
performance difference.
Seo et al. (2014) [8] Scheepers (2014) [7] Felter et al. (2014) [3]
XenServer
Docker KVM CoreOS (LXC) Native Docker KVM
(Xen)
More overhead Less overhead Overhead Slightly less Slightly less than
Boot Time short Boot time long (wastage of (wastage of (wastage of overhead than Native and
resources) resources) resources) Native Docker
Less time to Longer time to
Calculation Calculation Slow Execution Slow Execution
accomplish accomplish Fast Execution
Speed is faster Speed is Slower equal to Docker equal to Native
request request
Better in sense Better in sense
No Guest OS Works of equally of executing - Mature Mature
Independently distributing isolated Innovation Innovation
resources processes
Table 1 Comparison Table based on Different Virtual Machines and Containerized Technology
Docker automates the applications when they are containerized. An extra layer of docker
engine is added to the host operating system. The performance of docker is faster than virtual
machines as it has no guest operating system and less resource overhead.
12
4 .ADVANTAGES and DISADVANTAGES of DOCKER
4.1 Speed
4.2 Portability
Those applications that are built inside docker containers are extremely
portable. These portable applications can easily be moved as a single element and the
performance remains the same.
4.3 Scalability
Docker has the ability that it can be deployed in several physical servers,
data servers, and cloud platforms. It can also be run on every Linux machine. Containers can
easily be moved from a cloud environment to local host and from there back to cloud again at a
fast pace. Adjustments can easily be done; the scale can simply be adjusted by the user according
to the need.
4.5 Density
Docker uses the resources that are available more efficiently because it does
not use a hypervisor. This is the reason that more containers can be run on a single host as
compared to virtual machines. The performance of a Docker Containers is higher because of
higher density and no overhead wastage of resources.
13
DISADVANTAGES OF DOCKER
There are some drawbacks of docker, which are listed below:
5. REFERNCES
[1] Boettiger, C. (2015). An introduction to Docker for reproducible research. ACM
SIGOPS Operating Systems Review, 49(1), 71-79.
[2] Bui, T. (2015). Analysis of docker security. arXiv preprint arXiv:1501.02967.
[3] Felter, W., Ferreira, A., Rajamony, R., & Rubio, J. (2014). An updated performance
comparison of virtual machines and Linux containers. Technology, 28, 32.
[4] Harji, A. S., Buhr, P. A., & Brecht, T. (2013). Our troubles with Linux Kernel upgrades
and why you should care. ACM SIGOPS Operating Systems Review, 47(2), 66-72.
[5] Joy, A. M. (2015). Performance comparison between Linux containers and virtual
machines. Paper presented at the Computer Engineering and Applications (ICACEA),
2015 International Conference on Advances in.
[6] Russell, B. (2015). Passive Benchmarking with docker LXC, KVM & OpenStack.
[7] Scheepers, M. J. (2014). Virtualization and containerization of application
infrastructure: A comparison.
[8] Seo, K.-T., Hwang, H.-S., Moon, I.-Y., Kwon, O.-Y., & Kim, B.-J. (2014). Performance
Comparison Analysis of Linux Container and Virtual Machine for Building Cloud.
[9] Turnbull, J. (2014). The Docker Book: Containerization is the new virtualization.
[10] Van der Aalst, W., Weijters, T., & Maruster, L. (2004). Workflow mining: Discovering
process models from event logs. Knowledge and Data Engineering, IEEE Transactions
on, 16(9), 1128-1142.
[11] Varghese, B., Subba, L. T., Thai, L., & Barker, A. (2016). Container-Based Cloud
Virtual Machine Benchmarking. arXiv preprint arXiv:1601.03872.
14
6. CONCLUSION
Docker is written in the Go programming language and takes advantage of several features of
the Linux kernel to deliver its functionality. Docker uses a technology called namespaces to
provide the isolated workspace called the container. When you run a container, Docker creates a
set of namespaces for that container. These namespaces provide a layer of isolation. Each aspect
of a container runs in a separate namespace and its access is limited to that namespace.
Docker is a revolutionary technology that simplifies isolation and provides environment
independency. However, in its current shape, you should only use it in development and testing
environments. I would not recommend using Docker in production applications yet, as it requires
a bit more maturity.
7. ACKNOWLEDGMENT
15