Linux's Continuing Evolution as the Cloud Operating System

By CIOReview | Monday, March 7, 2016
752
1236
259
Wim Coekaerts, Senior Vice President, Linux and Virtualization Engineering, Oracle

Wim Coekaerts, Senior Vice President, Linux and Virtualization Engineering, Oracle

Linux is now established as the Cloud operating system of choice. Cloud innovation has been rapid, with significant changes to traditional Linux architecture. There are several new areas of innovation that will fuel further Linux and open source growth in the cloud.  These include Containers, the OpenStack cloud platform, minimalist Linux distributions, and Linux security.

Linux Containers

In the past year Linux Containers have become part of mainstream application development. Deploying server applications is increasingly complicated and Linux Containers are designed to make it much easier and quicker for developers to create complete application operating environments. Linux Containers package just about any type of server application to run everywhere – on your desktop, in a cloud or anywhere Linux is available – regardless of kernel version or Linux distribution. Containers can have a considerably smaller footprint than VMs, which means your systems can see higher densities and run more cost effectively with containers than with VMs on the same host.    

One important challenge for broad adoption of containers is portability. Linux Containers’ “write-once, run anywhere” philosophy is essential for simplifying application development and deployment across a multi-cloud environment. But additional tools are required. Docker in particular has become a de facto standard among all major Linux distributions for packaging and distributing cloud applications in Linux Containers. The industry needs to mature these new tools into formal standards that help ensure Containers will remain portable across Linux distributions. 

The Open Container Initiative, of which Oracle is a sponsor, has rapidly gained broad industry support. It is an attempt to create common specifications around container portability with stated goals to be:

  • “Not bound to higher level constructs such as a particular client or orchestration stack;
  • Not tightly associated with any particular commercial vendor or project;
  • Portable across a wide variety of operating systems, hardware, CPU architectures, public clouds, etc.”

OpenStack Cloud Platform

OpenStack has gained a lot of attention as a potential compatibility standard for public and private cloud infrastructures. OpenStack delivers several significant benefits. For example, OpenStack delivers a management layer that can scale to handle thousands of servers, which is critical for Cloud computing.  Administrators can install and upgrade OpenStack with no impact to these large scale deployments. Companies can also distribute OpenStack as a commercial platform with support for enterprise customers much the way that Oracle, Red Hat and SUSE do for Linux today.

OpenStack, one of the largest and most well-known open source projects, has a developer community and development process that continues to grow and improve. OpenStack is steadily maturing and is viewed as a viable private cloud alternative to AWS by many large companies.  This momentum should continue to increase as more and more companies choose to build private cloud datacenters at scale for business-critical data and processes. Similarly, emerging market service providers should be able to compete more effectively with larger global providers in their local region. 

OpenStack services are not fully fleshed out yet. For instance, virtual networking standards for OpenStack are becoming increasingly important. A great deal of work is being done for Network Function Virtualization (NFV) and Software Defined Networks (SDN) that can benefit enterprises and service providers alike but more needs to be done. For example, orchestration remains a key area of debate.  Kubernetes, Mesos and other projects are all vying to be the de facto standard. 

The OpenStack Foundation and similar organizations such as the Open Networking Foundation are driving open industry standards throughout the stack.

Minimalist Linux Distributions

In a Cloud thousands, even tens of thousands, of operating system images may be running, often in clustered environments. Cloud operators are asking the question, “How much operating system is enough?” Many Linux distributions have traditionally been designed for general purpose workloads.  Minimalist or ‘Just Enough’ Linux operating systems promise a slim-downed operating system footprint to increase speed, stability and security.  As Linux Containers grow in popularity among developers, these small agile operating systems could change long-standing Linux design principles.

Linux and Cloud Security

Today, an overwhelming majority of enterprises regard Linux as more secure than most other operating systems. Nevertheless, open source code has been hit by a series of attacks based on the Shellshock and Heartbleed malware. The Linux kernel development process has taken significant strides to improve security. Use of modern code scanning tools are helping to tighten up operating system software as fixes are now being implemented faster than bugs are being found. 

Container security is also important to enterprises, and much more challenging to implement than in server virtualization technologies. SELinux is becoming more popular as a way to increase isolation between containers. SELinux provides policy-based security controls in the operating system that limit what processes in a container are able to do on a system. Existing solutions such as SELinux can also provide better container isolation from the kernel, but more work is needed. 

Another major Cloud security requirement is to rapidly detect attacks and patch operating system flaws without taking the Cloud infrastructure offline. Linux kernel security updates with important new security and reliability patches are released about once per month. Industry regulations and best practices require companies to apply these security updates and patches regularly because security is compromised by a failure to update. System administrators are forced to choose between known best practices and system reboots that are costly and disruptive. With the latest Oracle Ksplice technology, updates are installed in the kernel or userspace in nearly seconds, without interrupting running applications or the people using those applications. This is key to quickly securing thousands of servers in a Cloud against a nascent threat.

Summary

Linux, and open source generally, is undergoing greater innovation today than at any recent time in the past. Next-generation multi-Cloud application environments are pushing traditional Linux architectures to become more scalable, more reliable and more secure. Industry efforts in operating system design, application containers, management tools and security are already responding quickly and successfully to those new requirements. And the role of Linux as the Cloud operating system is likely to remain unchallenged long into the future.