Hi, I'm Amy Leland, and I work at Intel's Open Source

Technology Center.

I'm the program manager for Intel's Clear Containers

Project.

We're going to talk a little bit about what Intel Clear

Containers are and how they're available in the ecosystem

today and how we integrate with open source partners.

So I'm going to start with the word container.

The word container is used for, really, two separate parts.

There's the back end technology of containers.

So Linux kernel containers have been around

for a really long time.

They're about resource allocation and isolation.

And the other side of that is the packaging and deployment

of containers.

This is what's really new in the industry

today, which companies like Docker and Brockett

have made container technology really easy to use.

This is a basic diagram of a Linux kernel container.

And as you can see, the isolation

is within the name-space.

And all of the containers are sharing a Linux kernel.

And while there are many benefits to container

technology-- so they're fast, they're agile,

they're easy to use--

there's still a lot of concerns around security.

This slide just signifies that if there's

a kernel vulnerability that seeps into one container,

it can go from one container to the next container

to the next container all on one host.

Again this is due to the fact that they share a Linux kernel.

And again, this leads to a lot of security concerns

in the container ecosystem.

And as I said, I'm talking today about Intel Clear Containers.

So when we looked at the container ecosystem,

we said, OK, so virtual machines are secure.

But they're slow, harder to manage,

and container technology-- they've

got all this speed, agility.

They're very small in size.

And can we get the best of both worlds?

Intel Clear Containers is a lightweight virtual machine.

So it acts as fast as a container,

but it has the security benefits of a virtual machine.

And what we've done is use Intel VTX.

So we use hardware-based security

to secure each container on a host.

So each container or lightweight virtual machine

has its own operating system, but it's a minimal operating

system.

And again, we utilize Intel VTX to secure each container

on the system.

I always refer back to the first part of this presentation.

So again, there's the back end technology of containers--

Linux kernel containers.

And then there's the front end application,

logistics, deployment.

And what we're trying to do is just offer another back end

solution in the market.

The reality today is that most people

deploy container technology in a full-on virtual machine.

You can see this as people deploy

on AWS or many other clouds.

So the reality is is that people are actually

deploying containers in virtual machines already.

What we're doing is saying, why wouldn't we just offer

a lightweight virtual machine that, again, has the benefits,

the security of a full-on virtual machine,

but then also all of the benefits that containers

offer--

size, speed, logistics, all the application and deployment

frameworks.

Before Intel Clear Containers, there

was really only two options.

There's this virtual machine-- full-on virtual machine--

or a container technology solution.

And again, we're just offering another back end solution

into the ecosystem.

And since Intel Clear Containers is a back end technology

solution, we plug into the application and deployment

tools that you're used to within the container ecosystem.

We plug into Docker 1.12 and greater--

I think up until 1703.

We also plug into not Kubernetes.

So you can use Intel Clear Containers with Kubernetes 1.5

and greater through the CRI specification.

We're available for Rocket 1.0.

And we just released Intel Clear Containers 2.1.

It's available on Github.

We currently package for multiple Linux operating

systems.

So this is a subset of Linux operating systems.

We definitely don't package for every single Linux operating

system that's out there.

But Intel Clear Containers does work

with multiple different Linux distributions.

And we have some requirements that

are available on our website for what's required

to run Intel Clear Containers.

But you should be able to run them

with any Linux distribution, as long as you

follow those guidelines.

So there's a lot of container specifications

that are out there today.

And we try to work both upstream and downstream.

And so I'm going to talk through that.

The Open Container Initiative--

OCI-- is one specification that's out there.

And we are compliant with that specification.

We also are compliant with APPC, which

is another specification in the container ecosystem.

We are compliant with CRI--

the Container Runtime Interface--

that Google and Red Hat started.

And this is the primary interface

to work with Kubernetes, which I talked about earlier.

We have also added support for Intel Clear Containers

in the container networking space.

So there's two specifications that are out there today.

There's CNI and CNN.

And we've added the ability to support

lightweight virtual machines in those specifications.

So again, we're available for both CNI and CNN.

And in terms of downstream proliferation,

we're working with the likes of Docker, Rocket, Kubernetes

to be integrated within those communities.

But we also want to partner with companies--

OSV's, ISV's, Integrators, and CSP's--

to offer go-to-market solutions.

Intel Clear Containers is an open source project

that Intel is a part of.

And again, we want to work with our partners

to offer go-to-market solutions.

I want to thank you for spending time with me today

to learn about Intel Clear Containers, what they are,

and who we're working with, and how they're

available in the market.

And I really appreciate your time.

Thank you.

[MUSIC PLAYING]