Docker CEO Ben Golub In theCUBE

Docker is making waves again. Just this week, Google Inc. launched its cloud-based Docker-as-a-service called “Container Engine”, which is now available on its Google Compute Engine platform. And now, not to be outdone, Canonical Ltd. is trying to put an entirely new spin on the container concept with the release of its new Linux Container Demon (LXD) project.

In a video presentation, Canonical’s product manager Dustin Kirkland explains LXD is designed to run “full-system containers with the performance you’d expect from bare metal, but with the experience you expect from a virtual machine.”

LXD virtualizes the behavior of an entire VM inside a container, running it as close to the metal as it possibly can. This means it’s possible to get new machines up and running in under a second, and allows for an unprecedented degree of density – users can run hundreds of virtualized machines on a single, physical host.

LXD offers the speed of Docker alongside the security features of a fully isolated virtual machine. To do so it draws on a number of established Linux security technologies, including Cgroups and kernel support for user name spaces, in addition to third-party tools like AppArmour and Secgroup.

“It’s designed with security in mind, first and foremost,” said Kirkland in the presentation.

In an interview with eWeek, Canonical’s Mark Shuttleworth explained how LXDs will be complimentary to Docker containers. The idea, he said, is to try and bridge the gap between the traditional hypervisor and containers. Hypervisors require additonal server hardware to keep the environment secure, and this means emulating another system kernel and another operating system on top. But with the LXD model this is no longer required, allowing for more optimized deployments. Shuttleworth adds that containers offer faster performance because they aren’t burdened with the overhead of a separate kernel and OS.

“You get the security of a VM that is hardware-enforced and you get the experience of a VM,” said Shuttleworth.

Although Canonical is being careful to position LXD as something that’s complementary to Docker rather, the technology could potentially transform LXC virtualized container system into a truly enterprise-ready container virtualization platform in its own right.

Whether or not that happens will probably depend on how much support LXD can get outside of Canonical. But the likes of Google, IBM Corp., Microsoft Corp., and Red Hat Inc. have already thrown their weight behind Kubernetes, and so Canonical’s untested approach might be a tough sell.

Canonical is promising to give more details about what it’s doing in the coming weeks, and says LXD will be a fully open-source project under the Apache 2.0 license.

photo credit: SlapBcn via photopin cc