Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Background

Application running on GEISA need separation / isolation from each other to ensure that one application doesn’t impact another. While some level of resource management and process isolation is provided by most operating systems, this isn’t robust enough to for GEISA.

There are several methods for providing advanced isolation including:

  • Containers

  • Virtual Machines / Hypervisors

  • Virtual Execution Environments (e.g. Java’s JVM, Erlang’s BEAM, .Net’s CLR)

Amazon’s Firecracker team released a whitepaper on their efforts which includes a helpful discussion of the advantages and disadvantages of these approaches.

Isolation Mechanism

Resource Management

  • Define Container Resource Limits

    • CPU limit (% of CPU)

    • Memory Limit (in 1 KB units)

    • Storage Limit ( in 1 KB units)

  • Define Container Access Levels:

    • Level 0 - Read & Control - Core Features - Immutable

    • Level 1 - Read & Control - Utility

    • Level 2 - Read Only