Sylabs - IT Press Tour December 2018

Transcript

1. None

2. SECURE CONTAINERS FOR THE MULTI-CLOUD ENTERPRISE A new secure onramp

   across all enterprises and clouds • Changing the packaging and mobility paradigm for application and data • Disrupts the barriers of portability and bridges the gaps between all available resources • From private resources, to public clouds, and all the way out to edge and IoT Local Compute IoT Edge

3. Singularity, the container runtime of choice for HPC, EPC/AI, and

   Cyber Security As of Singularity 2.6: • Multi-millions of container runs per day • Estimated user base of more than 25k • Installed on over 3 million x86 cores • Accelerating adoption of GPUs in the enterprise The same reasons that make Singularity fantastic for HPC, is what makes Singularity fantastic for all enterprise compute needs! THE ADOPTION OF SINGULARITY HAS BEEN FASTER THEN THAT OF CENTOS

4. Host 2 Host 1 CONTAINER 101 CPU Memory Devices Kernel

   Applications, Libraries, Services CPU Memory Devices Kernel Apps, libs, services Container SCP, HTTP, FTP, Archive An environment can be built on one host, encapsulated, and packaged up into a container image. The container image can be copied to another host, and applications can be executed directly as if they are running native.

5. VMWare case study of GPU performance through Singularity: ”Singularity Containers

   in combination with vSphere are a great combination for Machine Learning.” – VMWare Singularity is the container system for compute: ”... Docker for hyperscalers (web), Singularity for (super)compute … Singularity will be everywhere!” – Jensen Huang, CEO Nvidia Singularity is faster then Docker: ”HFT workloads can not run on Docker due to the additional latency”, Singularity does not incur this regression of performance – Societe Generale Singularity works natively with GPUs: ”Docker must be hacked to allow containers access to the underlying GPUs, Singularity just works” – National Institutes of Health Singularity is the only truly universal container platform: ”The combination of compatibility, performance, trust and security facilitates Singularity across all CSPs, compute centers and local resources” – Rstor WHAT PEOPLE ARE SAYING…

6. The “New HPC”: Compute in the Enterprise

7. Singularity is differentiated by two primary categories: • Runtime Engine:

   Improves performance, isolation, security, ease of use, and reduces attack surfaces and OCI compatibility enables the growing enterprise cloud tools including: Kubernetes, Mesos, Kubeflow, and Nomad. • Container Format: We created an open container runtime image format (SIF) to encapsulate an OCI/Docker container as a single signed, trusted, immutable and encrypted (WIP) image; this provides additional features and capabilities to new and existing containers. DESIGNED FOR SECURITY, MOBILITY, AND PERFORMANCE Runtime Engine Container Format

8. The Singularity Image Format (SIF) is the universal application format

   A NEW DELIVERY PARADIGM FOR ENTERPRISE SOFTWARE Singularity Container TRUST sha256:94ed0.. sha256:94061.. sha256:aa74a... sha256:becac… … Host Operating System Presentation Layer Root Owned Container Daemon Network Registry Trusted by:

9. Singularity secures the contained application environment enclave and limits exposure

   It is more secure to allow users to run applications within Singularity containers than natively on the host! Singularity enables: Untrusted users running untrusted containers in a trusted way RUNTIME: THWARTING THE CYBER ADVERSARY $ singularity shell container.sif Singularity> su – Singularity> sudo bash Singularity> /proc/1/root/bin/su -

10. A cloud scale data center in a single file Singularity

    containers are immutable, cryptographically signed, and verifiable, ensuring absolute trust of the container environment. We fix the security problems found in enterprise container platforms, improve performance, and reduce cost by at 75% A NEW SECURITY CONTROL POINT FOR THE ENTERPRISE $ singularity verify container.sif $ singularity sign container.sif

11. We created a new layer of trust and control from

    the cloud to the edge • Singularity has no root owned daemon process • Singularity containers don’t run as root • Singularity containers are signed • Public keys are maintained by Sylabs • Enables “Crowd sourcing of trust” • Keys can be revoked, blocking containers from starting and notifying on execution CONTAINS THE BLAST RADIUS OF APPLICATION VULUNERABILITY

12. The DevOps workflows heavily depend on reproducibility of environments using

    recipes; unfortunately recipes are only reproducible for a short period of time Singularity uses binary, immutable, cryptographically signed containers, encapsulating the entire runtime stack that are always 100% reproducible Stage Validate Build Production ABSOLUTE REPRODUCIBILITY

13. Sylabs Among “The 10 Hottest Container Startups Of 2018”

14. “The convergence of AI, data analytics and traditional simulation (HPC)

    will result in systems with broader capabilities and configurability as well as cross pollination.” ⏤ AI Gara, Intel Fellow Google, Red Hat, Microsoft, Dell, HPE, Nvidia, Lenovo, and Atos… all recognize this shift and are working directly with us to support Singularity natively in Kubernetes, OpenShift, Kubeflow, and their respective supported offerings. ENABLING THE ENTERPRISE PERFORMANCE COMPUTING ECOSYSTEM KUBERNETES & KAFKA KUBEFLOW MODEL EXECUTION MODEL EXECUTION MODEL EXECUTION MODEL EXECUTION MODEL EXECUTION Distributed Training Model Distributed Training Model Distributed Training Model Sylabs Cloud: Container Library and Keystore

15. BRIDGING THE GAP BETWEEN COMPUTE AND SERVICES Native integration between

    Singularity with OCI, Kubernetes, Nomad, and Mesos is in the works and will be completed in Q1 2019.

16. SYLABS BUSINESS OFFERINGS SingularityPRO – Available today Subscription Singularity licensing,

    professional services, and support of container runtime. Singularity Cloud – Alpha available today, GA Feb 2019 Cloud based offerings including the Container Library, Container Build Services, KeyStore, and a DevOps platform that ties it all together. Monetization modeled after GitHub and Dropbox “by user subscription and storage capacity.” Singularity Enterprise – Q2 2019 SingularityPRO + Singularity Cloud running on-prem. SyOS – Q2 2019 A thin micro-OS appliance to securely boot and control containers on any x86, ARM and GPU platforms. Distributed Container Management – Q2 2019 Making on-prem, cloud resources, edge, and IoT management easy and secure at scale.

17. SYLABS LEADERSHIP Gregory M. Kurtzer CEO, Sylabs Board Giovanni Coglitore

    RStor CEO, Sylabs Board Jonathan Dooley Acting CFO, Advisor Matteo Daste General Counsel John Kenevey Strategic Advisor Experienced team with successful track record, worldwide adoption of disruptive technologies, multiple and very large and successful companies Tim Harder Strategic Advisor Sylabs was founded in November 2017, came out of stealth in February 2018, seed funded, revenue positive and growing

18. THE SYLABS TEAM

19. Singularity Hands Down Container Platform for Compute

20. None