Blog

Deploying Docker Containers on CenturyLink Cloud

If you’ve been reading cloud-related news lately or you follow any developers or system admins on Twitter, then you’ve undoubtedly seen the words “container”, “Docker”, and “CoreOS” written a few thousand times over the past year or so. Chatter has particularly picked up in the last few months with Docker 1.0 being released in June and CoreOS announcing their first stable release within the past few weeks. CoreOS also received an 8 million dollar investment just a couple of months ago, and Docker just got another $40 million in funding a few days ago. And just yesterday, CenturyLink joined the container party and announced the release of the open-source Docker management platform, Panamax. Developed by the recognized thought-leaders at CenturyLink Labs, Panamax was described by RedMonk principal analyst James Governor as “Docker management for humans. It dramatically simplifies multi-container app deployment.”

This is bleeding edge technology we’re talking about here, so if you haven’t heard about any of it yet, there’s no time like the present. Docker is one of the fastest-growing open-source projects ever, with more than 550 contributors and 7 million downloads in just over a year since its release. The power of Docker lies in its ability to build and deploy applications in containers, which are extremely efficient and more portable than traditional virtual machines. This is because they abstract only the operating system kernel rather than an entire device. Of course, there are plenty of places to read up and find out more information on what all the fuss is about, and none are better than our very own CenturyLink Labs blog, where the Labs team has been pumping out exceptional content about all things Docker and CoreOS for months.

But if you’re like me, you’ll never be satisfied just reading about anything – you want to try it already! If so, I’ve got good news for you. Whether you’re looking to just get your feet wet and experiment with containers or you’re feeling ready to jump right into the deep-end and start deploying applications with them, CenturyLink Cloud has got you covered. There are at least three ways you can get Docker up and running on CenturyLink Cloud right now: install Docker on a CentOS server, provision a CoreOS server running Docker, or take advantage of Panamax and make it even easier to use Docker. Whichever route you choose, all you need is a CenturyLink Cloud account to get started.

Option #1 – Installing Docker on CentOS

You might not be too familiar with CoreOS, so if you want to get started using Docker on a more familiar Linux distribution, you can easily use our Docker blueprint to install it on any CentOS server running on CenturyLink Cloud. You’ll even get the option to deploy a Hello World container so you can see a simple example of how Docker containers work and get started building your own.

CentOS Blueprint Docker CentOS Blueprint

 

Option #2 – Installing CoreOS

Interested in CoreOS? This lightweight Linux distribution is optimized for massive server deployments and it comes with Docker preinstalled because it’s designed specifically to run applications as containers. You can follow our step-by-step instructions or watch our how-to video for using blueprints to build a CoreOS server cluster on CenturyLink Cloud and start deploying your applications on Docker in minutes.

Option #3 – Installing Panamax on CoreOS

Maybe you like the idea of Docker and CoreOS, but you’re not a Linux expert and you’re a little afraid of getting too into the weeds on the command line. If so, CenturyLink Labs has developed just the answer for you: Panamax. Panamax is a single management platform for creating, sharing, and deploying Docker-containerized applications. By following similar steps to our CoreOS deployment above and selecting the “with Panamax” version of the blueprint, you can have a CoreOS server up and running with Panamax installed in no time, and there’s no easier way to get started with Docker.

Docker Instructions

Not only can you use Panamax to deploy images from Docker’s repository, you can also deploy complex multi-container Dockerized apps from Panamax’s Open-Source Application Template Library. Think of these templates as collections of Docker images that work together to form the complete architecture of an application, with separate containers for the database vs. web tiers, for example.

Docker Management

CentOS Docker Management

 

If you’re looking to deploy one of the available template options like Wordpress or Drupal, you’ll have it working with a single click in seconds flat. However, you can also choose to define your own custom templates to use and even add custom repositories to search as the Panamax community grows. There’s no easier or faster way to start using Docker containers than with Panamax, and it’s built to leverage the power and scale of CoreOS.

Panamax & Docker Portal

CentOS Server

Wordpress & Drupal On Docker

Have a server already? Install Docker! Curious about CoreOS? Provision it! Feeling overwhelmed? Try Panamax. With CenturyLink Cloud, you’ve got lots of ways to get started using Docker right now, so no more excuses! Sign up for a CenturyLink Cloud account today and add containers to your repertoire of application deployment options today and start enjoying their power, performance, and portability.

Related Resources: Cloud Server, Private Cloud, Object Storage, Cloud Orchestration

Scale All of the Things! Go In, Out, Up, Down in the CenturyLink Cloud

Are you getting the full benefit of the cloud if you don’t take advantage of its elasticity? To be sure, there are many ways that cloud environments—running dynamic OR static workloads—can positively impact your business agility. But cloud computing fundamentally changes the relationship between infrastructure and workloads that run upon it; you can constantly right-size by adding and removing capacity on demand instead of being stuck with over-sized or under-powered environments. To do this effectively, you need flexible options for automatically and manually adjusting your infrastructure resources. In this post, I outline five different application scenarios, and which CenturyLink Cloud scaling capability delivers the optimal elasticity solution.

1. Modern web application with variable usage? Horizontal Autoscale!

Horizontal AutoscaleAre most of your internal or external facing web applications in constant, heavy use? If so, I’d be surprised! The applications that your employees rely on may be busy during predictable periods, or, experience load whenever random business conditions occur. Public web applications may spike in usage when marketing campaigns are in flight, or when an avalanche of traffic follows a social mention.

Instead of standing up gobs of (costly) infrastructure that only add value during random usage spikes, consider services like CenturyLink Cloud Horizontal Autoscale. Our Horizontal Autoscale service is a great fit for web applications that cleanly scale by adding or removing virtual servers from a defined pool. Simply park powered off servers in a CenturyLink Cloud Server Group and define an Autoscale policy that outlines criteria for scaling out and in. When that policy is applied to a Server Group and tied to our Load Balancing service, the platform quickly powers servers on and off in response to changes in utilization.

What does it cost to "park" a server? Customers only pay for storage and operating system licensing when a server is powered off. For example, if your mobile web application can satisfy its regular load with three servers (Ubuntu 12.04, 2 CPUs, 6 GB of RAM, 20GB of storage each), it only costs just $15 per month to keep five servers powered off in reserve to handle occasional spikes. That uptime peace of mind will cost you less than lunch for two in a moderately priced Chinese restaurant.

2. Relational database under load? Vertical Autoscale!

horizontal autoscaleLet’s be honest, not EVERY application is designed to scale horizontally by adding more servers to share the load. Rather, many applications benefit by adding horsepower to the existing servers. For instance, relational databases work in multi-server configurations, but each server typically has a lot of resources allocated. In that case, adding more CPU/memory/storage to a given server is a perfectly viable way to handle new demand.

The CenturyLink Cloud is one of the few providers that offer an automated vertical scaling function. Our Vertical Autoscale service adds CPU capacity to running servers without requiring a reboot, increasing capacity based on utilization criteria that you specify. When the usage spike is over, the Vertical Autoscale service will remove CPU capacity and reboot the server during the window that you select. If you need to add storage or RAM to a server on the fly, you can also manually update servers, also typically without a need to reboot. This is a powerful way to take advantage of cloud elasticity without rebuilding your existing applications for horizontal scale.

3. Worker nodes that are falling behind? Horizontal Autoscale!

In loosely coupled, distributed systems, you’ll often find services that work asynchronously in the background. These services may take product orders from your website and update the transaction system, perform financial calculations, render complex animation sequences, and much more. For example, consider a website where people can register for a new, paid service. That system has to perform a fraud check, authenticate a payment method, and create a container for the new user. A "new user signup" message is dropped to a queue, and a set of servers are all tasked with reading data from the queue and processing the request. If the number of signups spikes, these worker nodes can get overwhelmed and the new customers are stuck waiting for their signup confirmation.

In a case like this, it makes a lot of sense to scale the worker nodes horizontally. CenturyLink Cloud Horizontal Autoscale can respond to CPU or memory spikes by powering on (and off!) servers that can instantly help relieve the backlog of queued up requests. Cloud users don’t have to choose a load balancer to associate with an Autoscale policy, so in that case, the Server Group just expands and contracts the number of running servers without worrying about routing traffic to them. A strategy like this can reduce the risk of a poor user experience and encourage customers to trust your application, even during busy periods.

4. Web application with predictable bursts in usage? Schedule-based Scaling!

autoscale managementWe’re probably all familiar with this back-office scenario: at the end of the month, the financial accounting system is overwhelmed by closing activities and invoice generation. To combat these predictable spikes, many companies either (a) deploy systems like this on pricey hardware that always has enough headroom to deal with the spike, or (b) resign themselves to delivering a subpar, slow application during these bursty windows.

There’s a better way! The CenturyLink Cloud is built with automation and management in mind. Apply a "scheduled task" to a server so that it powers on at a specific point each day/week/month to increase application capacity. Create a second scheduled task that powers that server back down when the predictable spike is over. This sort of elasticity is exactly what the cloud is good at, and helps you deliver an optimized application that delights users, keeps costs down, and helps you arrive at business conclusions faster.

5. Cache cluster that needs controlled resizing? Manually scale up/out!

You may love automation as much as we do, but sometimes a scale event requires careful planning and manual resizing because of complexity with the target application. You may not want an automated service resizing your NoSQL database, cache cluster, or mission critical line of business system whenever it detects a heavy load.

In cases like this, you can choose from the full catalog of elasticity options that the cloud provides. Experiencing I/O contention and want to add more servers and spread the intense demand? Clone a running server or quickly build a new one from scratch. Need to add storage to a server that’s rapidly running out of room? Add more space to an existing volume to add a new volume to the running server. Looking to add CPU or memory to a server and then update the application to recognize the new capacity? Immediately add resources and run a script against all the resized servers.

CenturyLink Cloud Scaling Tools Deliver Elasticity

Elasticity is a hallmark of the public cloud. It helps you maintain a dynamic resource pool that expands and contracts to meet business demand. The CenturyLink Cloud offers a leading set of services to help you automatically and manually adjust capacity for one server, or a fleet of servers.

As you migrate applications to the cloud—or design entirely new cloud-native ones—do it with scalability and elasticity in mind!

Related Resources: Hyperscale Server, Cloud Servers, Object Storage, Cloud Orchestration

Why Reliable Cloud Performance Matters

People are right to be wary of any vendor claiming to be the “top performing!” or “fastest!” cloud provider. Most folks know that ANYTHING can look spectacular – or unspectacular for that matter – if you stack the deck just right. But at the same time, cloud shoppers have a deep hunger for legitimate information on realistic performance expectations. Cloud performance has a direct impact on what you spend on compute resources, how you decide the right host for your workload, and how you choose to scale when the need arises. In this blog post, we’ll summarize some recent findings and put them in context.

With the launch of our new Hyperscale instances, we approached an independent analytics company, CloudHarmony, and asked them to conduct an extended performance test that compared CenturyLink Cloud Hyperscale servers to the very best equivalent servers offered by AWS and Rackspace. CloudHarmony is a well-respected shop that collects data from dozens of benchmarks and shares the results publicly for anyone to dissect.  After running a variety of benchmarks over a long period of time (to ensure that the test gave an accurate look over an extended window), they shared their findings with the world.  See the report

The results were positive – as we’ll talk through below – but how do reliable performance metrics help you in your cloud journey?

More Bang for the Buck

In an ideal world, you want reliable performance at a fair market price and no hidden charges. In the CloudHarmony results, we saw that our Hyperscale SSD storage provided excellent disk read performance and strong disk write performance through a variety of tests. In the results below – run against AWS c3 servers and Rackspace Performance servers – you can see that Hyperscale has a fantastic IO profile for large block sizes.

Disk Read Performance

Disk Read Performance

Why does this matter? Consider databases running on Microsoft SQL Server that often works with 64k blocks. By running this workload on Hyperscale, you get persistent storage, high performance, and no charges for IO requests or provisioned IOPS. This results in predictable costs and fewer resources needed to achieve optimal performance.

Simplified Decision Making

Choice is great, but is also a paradox. When you’re faced with dozens of server types to choose from, you find yourself selecting a “best fit” that may compromise in one area (“too much RAM!”) in order to get another (“need 8 CPUs”). In CenturyLink Cloud, we have two classes of servers (Standard and Hyperscale) and both have shown to have reliable performance. Pick whatever amount of CPU or memory that makes sense – which is of course how traditional servers have always been purchased.

Choose Your Own VM Size

If built-in data redundancy doesn’t matter, but reliable, high performance does, choose Hyperscale. Need strong, consistent performance but want daily storage snapshots and a SAN backbone? Use Standard servers. Straightforward choices means that you spend less time navigating a gauntlet of server types and more time deploying killer applications.

Predictable Performance & Scaling

Valid performance testing results can help you understand how best to scale an application. Should I add more capacity to this VM, or does it make sense to add more VMs to the environment? That’s a hard question to answer without understanding how the platform reacts to capacity changes,. The CloudHarmony results not only showed that the CenturyLink Cloud Hyperscale CPU performed better than the others in the “Performance Summary Metric” that compared cloud servers to a bare metal reference system, but also showed that performance improved as CPU cores were added. That’s obviously not shocking, but it’s good to see that performance change was relatively linear.

CPU Performance

How does this information help you maximize your cloud portfolio? If you know that you can add resources to a running VM *before* scaling out to new hardware, that can simplify your infrastructure and lower your costs. Scaling out is fantastic cloud pattern, but it doesn’t always have to be the first response. You can trust that Hyperscale scales out *and* up well, and you can plan your scaling events accordingly.

Summary

Performance metrics are only a snapshot in time. The individual results may change from month to month or year to year, but a reliable performance profile means that you can minimize costs, make decisions faster, and make predictable choices.

Want to read this CloudHarmony report in full? Simply get it here and see all the details about this thorough analysis. Price out a Hyperscale server for yourself, and sign up to take the platform for a spin!

Our First 140 Days as CenturyLink Cloud

Recent history has shown that after a cloud provider is acquired, the pace of innovation slows and there’s a loss of focus (and staff). If you don’t believe me, check out the release notes (if you can find them!) of some recently acquired cloud companies. It’s not pretty. I’m here to say that we’re different.

140 days ago, the acquisition of Tier 3 by CenturyLink was described as a "transformational deal for the industry." Instead of randomizing Engineering post-acquisition with unnecessary process, and haphazard integrations with legacy and redundant products, we’ve actually accelerated pace of development on our go-forward platform, CenturyLink Cloud. In the past four months, we’ve maintained our software release cadence, grown our team, expanded our data center footprint, actively integrated with our parent company, and solidified a game-changing vision that has retained and attracted a phenomenal set of customers.

We update our cloud platform every month with new, meaningful capabilities. Only a very small subset of cloud providers can make that claim. In the past 140 days, we’ve shipped over 1,200 features, enhancements, and fixes. This includes a new high performance server class, faster virtual machine provisioning, new reseller services, a major user interface redesign, a compelling monitoring/alerting service, a new RESTful API, and a pair of new data centers.

Our ambitious data center expansion is on track. In the past few weeks, we’ve lit up a pair of new data centers in the US. This gives customers access to world-class CenturyLink network, security, and management services in those locations. With 11 total data centers, the CenturyLink Cloud has a greater geographic breadth than all but two public cloud providers. That’s pretty awesome for our customers who want a highly distributed environment for running their portfolio of applications.

Our Engineering team has also grown as additional experienced developers have come on board and contributed in a major way. The Operations team continues to scale out as well while becoming even more efficient at managing infrastructure at scale.  Just as important, we’ve integrated with the broader CenturyLink teams and have a single, comprehensive vision for delivering multiple infrastructure options on a unified platform to a global customer base. Why should organizations compromise when trying to fit their needs into the cloud? With CenturyLink, customers can consume co-location, dedicated hardware, managed services, public infrastructure-as-a-service, and platform-as-a-service all with a single provider. And we’re working to integrate these options into a groundbreaking customer experience.

We aren’t close to being done disrupting this space. The next 140 days will be just as exciting. Try out our compelling platform, or join the team building the future of cloud and infrastructure.

The Six Commandments of Achieving Isolation in a Multi-Tenant (Cloud) Environment

Multitenancy – the concept of using a single (software) platform to serve multiple customers – is a key aspect of nearly every cloud computing platform. Pooling resources results in lower costs for all parties, greater efficiencies, and faster innovation for customers. Are there risks and tradeoffs with this model? Sure, but every technology paradigm has them.

 In this blog post, we’ll look at some core principles for successful multitenancy, see how the CenturyLink Cloud provides tenant isolation, and review the ways that CenturyLink Cloud customers create isolation within their own account. The goal is to simply help customers understand what to look for when assessing multi-tenant environments to run their workloads, SaaS applications, and more.

Core Principles

Any service provider delivering a multi-tenant environment must adhere to these six commandments:

     
  1. Thou shalt isolate tenants within their own network. This one applies mainly to infrastructure-as-a-service (IaaS) providers who promise secure computing environments. Software-as-a-Service (SaaS) customers on a platform like Salesforce.com don’t have this issue as customers do not have access to low level network traffic. When granting virtual machine access to users, the service provider has to ensure that there’s no opportunity to intercept network traffic from other customers.
  2.  
  3. Thou shalt not allow tenants to see another tenant’s metadata. Sometimes metadata can be just as sensitive as transactional data! Multi-tenant service providers must make sure that customers are logically or physically walled off from seeing the settings or user-defined customizations created by other customers.
  4.  
  5. Thou shalt encrypt data in transit AND at rest. Providers shouldn’t let their guard down just because data is within their internal network. Rather, data should constantly be transferred over secure channels, and encrypted whenever it’s stored on disk.
  6.  
  7. Thou shalt properly clean up deleted resources. In a multi-tenant IaaS environment, there is clearly reuse. When a network is released by one customer, another can use it. When a storage volume is removed, that space on the SAN is now available for others. It’s imperative that service providers reset and clear resources before allowing anyone else to acquire them.
  8.  
  9. Thou shalt prevent noisy neighbors from impacting others. This phenomenon is one of the hardest problems to address in multi-tenant environments. As a user, you have no say in who *else* is using the same environment. It’s up to the service provider to make sure that one customer can’t (intentionally or unintentionally) adversely impact the performance of other customers by overwhelming the shared compute, storage, or networking resources.
  10.  
  11. Thou shalt define and audit policies to ensure proper administration of shared environments. Let’s be honest – using a multi-tenant environment involves a bit of trust. As a customer, you have to trust that the service provider has built a platform that properly isolates each customer, and that operational staff can’t go off the reservation and compromise your business. However, to run mission-critical apps in someone’s multi-tenant platform requires more than blind trust; you should also be able to demand to see 3rd party certifications and audits that prove that a mature organization is behind the platform.

Built-in Platform Isolation

With those principles in mind, how does the CenturyLink Cloud platform deliver secure isolation?

IaaS customers can create sophisticated network topologies with one or more VLANs. All of these logical networks are part of a giant physical network and we do best-practice VLAN isolation to make sure that data packets stay within the appropriate VLANs. This ensures that our customers cannot intercept traffic from other customers and creates a protected barrier around your virtual hardware.

What about data? The CenturyLink Cloud makes it easy to provision terabytes of persistent storage that you can easily resize as needed. But when it comes time to delete volumes, we make sure that all virtual disks are automatically wiped so that the next customer always get a blank volume with no way to retrieve data from the previous user.  Regarding data encryption, by the end of 2014 we plan on being 100% encrypted at rest and support 3rd party tools for customers to manage their keys.

As mentioned above, noisy neighbors are one of the biggest challenges for multi-tenant cloud providers to handle. The CenturyLink Cloud takes a multi-pronged approach. First, we always leave headroom on host machines and closely monitor usage to know when it’s time to scale. Second, we use features in our hypervisor platform to protect against capacity and latency bursts in CPU and disk. Our storage subsystem is built to handle multi-tenancy and provide protection against I/O bursts. Third, the network is designed to prevent any one tenant from overwhelming the firewalls, and our ample bandwidth ensures that network saturation is nearly impossible.

Finally, you can certainly just “trust us” that we do everything right. But most customers, at first anyway, trust those who audit us. Our data centers and policies are regularly reviewed and we maintain certifications and standards that prove our extreme focus on building a secure environment for your applications.

Account-level Isolation

The platform itself provides built-in multi-tenancy to isolate customers, but how can you build your own isolation WITHIN your account? This is a common scenario for resellers, SaaS provider, and large enterprises who want to logically segment business units or departments. Let’s look at a few options.

One of the best ways to create isolation in your account is through sub-accounts. Sub accounts are containers that can have unique users, permissions, billing procedures, networks, and even branding (look-and-feel). You can choose to inherit various settings from a parent account (e.g. “share parent networks”, governance limits) or treat them as completely independent resources.

 

Another choice? Use separate VLANS to isolate servers within an account. Consider providing users with remote access to cloud servers but only allowing a small subset of administrators to place the servers on the appropriate VLANs. This makes it possible to have project-specific VLANs where traffic is cleanly isolated from other networks in the account.

 

A final way to isolate users within an account is through the use of different data centers. The CenturyLink Cloud is spread across the globe, and expanding even more this year. It’s easy to spin up sub-accounts and intentionally constrain users to a chosen set of data centers. This helps you isolate accounts (and applications) to the geographies that work best for your business.

 

Summary

The most advanced cloud deployments depend on multi-tenant platforms. Building systems in this way isn’t easy - it takes careful upfront consideration and steady vigilance to ensure that all users get reliable, consistent performance. The CenturyLink Cloud was designed from day one to excel at multi-tenancy, and you can see that in how we’ve architected the platform and the features we expose to our customers.

Want to try it out? Spin up an account and see how our high-performing cloud can meet your needs today.