Abstract:

As we all know, the advantages of virtual machines are resource elasticity, second-level delivery, automatic operation and maintenance, and unified interface standards. The advantages of physical machines are non-destructive performance, non-destructive features, and hardware-level isolation. The advantages of elastic bare-metal servers (Shenlong) are both virtual machines and physical machines. ECS elastic bare metal server is based on its own Developed Divine Dragon technology architecture. By developing its own virtualization chips and Hypervisor system software, and redefining the server hardware architecture, it creates the world’s leading innovative computing products that deeply integrate the features of physical machines and virtual machines, 100% compatible with the Ali Cloud product ecosystem. To achieve “zero” performance loss, “zero” barrier to the cloud, and “zero” security risk, etc., to fully meet the requirements of critical business systems, high-intensity load applications and other cloud.

Aliccloud ECS elastic bare metal server (Shenlong) has been fully compatible with its container services, which also means that in addition to virtual machines and physical machines, you can also choose to run containers directly on the elastic bare metal server and manage Kubernetes/Docker container cluster. This will achieve excellent performance, several times improved resource utilization, chip level encryption security and other advantages.

Container on ‘Dragon’ has three major advantages

X-dragon elastic bare metal server has no virtualization overhead. Container on ‘Shenlong’ has the following three advantages:

  • Resource zero competition and utilization improvement: In a wide range of containerization scenarios, the use of Kubernetes container scheduling capability can realize application mixing, improve resource utilization by more than 3 times, and make full use of x-Dragon elastic bare metal server’s extreme performance.
  • Network bandwidth expansion and enhanced performance: SCC Supercomputing Cluster instances with RoCE network interconnections not only ensure high parallel computing efficiency, but also network speeds up to the performance of RDMA networks and support a wider range of Ethernet applications. In terms of network, the container service implements network drivers supporting Kubernetes/Docker based on the virtualization network capability of Aliyun. Compared with the original network drivers, there is no extra overlay cost. After the previous test, With x-Dragon elastic bare metal server’s high performance network and container service’s network drive, the network bandwidth between containers and hosts has almost no performance loss compared to the host machine, which is very suitable for running high performance computing and other network intensive applications.
  • Physical-level encryption + application-level isolation: DpCA has physical-level security isolation. On the other hand, THE CPU and memory of x-Dragon elastic bare metal server have the characteristics of zero virtualization and complete exclusivity, and have higher security isolation. Aliyun is the first public cloud vendor in Asia to support Intel SGX encryption computing. X-dragon elastic bare metal server adopts Intel SGX trusted execution environment (CHIP) to ensure that encrypted data can only be calculated in a secure and trusted environment. In addition to the chip-level hardware security, users can control the entire process of data encryption and key protection. On X-Dragon elastic bare metal server, container service can not only use container technology to strengthen application security and resource isolation, but also make full use of the trusted computing capability provided by SGX to support blockchain application encryption and other scenarios. Therefore, x-Dragon elastic bare metal server + container service can provide users with the security of the cloud environment and the isolation and security between applications in the cloud environment.

Taking network as an example, the strong support of “Shenlong” multiple network cards makes the container network performance significantly improved. The Shenlong large-size instance supports 32 elastic network cards. The elastic network adapter supports dynamic hot swap and can better match the container network. It does not need to use Technologies such as Linux VETH and Bridge. Meanwhile, packet forwarding is moved down to the Virtual Switch (vSwitch) on the DpCA Hypervisor, improving network performance by reducing process.

Elastic nics enable containers to provide multiple NETWORK interface card (NIC) passthrough and directly access the VPC network plane, enabling each container to provide a full range of VPC network functions, including advanced functions such as EIP, SLB, high defense, security group, HAVIP, NAT, and user routing. Container Services plans to provide a more native high-performance network experience in combination with future multi-network card support from X-Dragon elastic bare metal servers.

The Terway network driver provided by Ali Cloud container service can directly provide lossless high-speed network interconnection for container applications by using elastic network cards, as well as advanced functions such as network policy and bandwidth guarantee.



When do you need to consider “Summoning the Dragon”?

Scenario 1: Online games and other killer applications meet the demanding requirements of high performance

In scenarios with extreme application performance requirements, such as online games, it provides the same performance experience as physical machines. Combined with the scheduling and distribution capabilities of container services, it achieves efficient utilization of resources and rapid application iteration, thus ensuring the rapid growth of core business under high pressure. For example, player experience testing before a game is released, enhanced 3D scene rendering, and improved lag and packet loss in online games.

On the other hand, Ali Cloud container service provides perfect support for the full range of elastic computing specifications, container services for high-performance computing, deep learning applications. In addition to x-Dragon elastic bare metal servers, container services also provide GPU-based scheduling capabilities and GPU device status monitoring to facilitate the deployment, operation and maintenance of HIGH-PERFORMANCE computing applications. The number of gpus in an online cluster exceeds hundreds. Furthermore, container services provide optimized deep learning solutions with best practices built into cloud deployment operations. Container service fully simplifies the deployment, operation and maintenance of complex distributed applications, provides cloud best practices and optimization, and gives full play to the powerful computing power of Ali Cloud elastic technology.

Scenario 2: Chip-level encryption, a killer in the blockchain field and the financial industry

Recently, the hot blockchain technology is an intelligent peer-to-peer network that uses distributed ledger technology and consensus algorithm to identify, disseminate and record information. It has high requirements for computing, network and security.

Intel SGX embedded in X-Dragon elastic bare metal server ensures that encrypted data (such as the most critical private key and signature process) can only be calculated in a secure and trusted environment, and provides a secure operating environment for smart contract processing transactions and ledger data. Containers can mount native encryption devices into containers via mount devices, and container services on X-Dragon elastic bare metal servers can also use this encryption capability. With it, data in the blockchain can be stored encrypted and decrypted only for transactions, greatly improving overall security.

Ali Cloud Container Service has released the open source blockchain Hyperledger Fabric solution based on container cluster. Using container technology, a production-level secure and highly available blockchain application running environment can be deployed within 2 minutes to help enterprises accelerate business innovation.



Summon the dragon correctly from the container

Users can choose to use Aliyun container service on ECS, EGS or X-Dragon elastic bare metal server according to their own needs. In the same way as other types of nodes, the X-Dragon elastic bare metal server is added to the cluster as a node of the cluster, and the container runs on the X-Dragon elastic bare metal server according to the scheduling rules.

In terms of usage, the operation of adding X-Dragon elastic bare metal server through Kubernetes container service is exactly the same as that of adding ECS. Users are advised to:

  1. Manager nodes of the cluster use ECS VMS, and Aliyun Kubernetes service supports Manger nodes across 3AZ to ensure the availability of the cluster.
  2. Worker nodes can be freely combined. Based on different resource requirements of services, applications can be run on different types of nodes based on constraints of container service scheduling. For example, elastic bare metal server nodes can be selected for high-performance computing and network applications, and GPU nodes can be selected for deep learning applications. For GPU nodes, Aliyun Kubernetes service will automatically enable the corresponding scheduling capability.
  3. You can dynamically expand or shrink cluster resources when they change.

In addition, it is necessary to interpret the technical term “mirror” in detail. For an ECS or X-Dragon elastic bare-metal server, an image (snapshot) is a customized image. An image is a snapshot of the system disk of an ECS instance at a certain point in time. And for containers, images are Docker images are the standard format for packaging container applications.

  • Base operating system image: basic operating system image refers to a virtual machine or physical machines start to complete disk image, which contains the disk boot, boot the kernel, system services, and a series of content, size in the G level, generally for the start-up operating system installed on the bare machine, is not convenient for application of the distribution.
  • Container application image: the container image only contains the basic runtime and the user’s own application program, the general total size in 100 MB level, and the default is hierarchical storage, the use of copy-on-write mechanism, multiple images can share the same part, you can use the image warehouse to do the image storage, version management and distribution. Typically used for delivery of applications and application dependent environments.

Stay tuned for more

In the future, X-Dragon elastic bare metal server will also output the proprietary cloud version. Container services can combine the proprietary cloud version of X-Dragon elastic bare metal server to achieve the same experience as those on the public cloud. The existing X-Dragon elastic bare metal server provides high performance and high configuration versions to meet the requirements of physical machines used by users in private cloud IaaS. Customers can use container services to package existing applications and environments into container images. Run on x-Dragon’s container cluster of flexible bare metal servers, the cost of application migration can be greatly reduced, and even the deployment management of applications in hybrid cloud environment can be easily realized.

With the boom of big data and artificial intelligence, there will be more demands for HPC, but the cost and complexity of self-built HPC are high. The agility of X-Dragon’s flexible bare metal server and container services will provide a convenient environment for HPC resource utilization and rapid iteration, improve efficiency and simplify management, and allow users to focus on business development.

The original link