• Geophysics and Geophysical Exploration
• /
• v.24 no.2
• /
• pp.45-52
• /
• 2021

With advancements in software technology, more scientists and engineers are employing computer software and programming tools for research. However, several issues can arise in software-based research: environment setting, reproducibility, and loss of source codes. This study investigates the use of Linux containers and version control systems to prevent these problems. Managing research projects using a cloud source-code repository and building a research environment in a Linux container can prevent the abovementioned problems and make research collaboration easier. For researchers with no experience with Linux containers, a repository of project template containing shell scripts for building and running containers has been released.

• Proceedings of the Korean Information Science Society Conference
• /
• 2007.06b
• /
• pp.333-338
• /
• 2007

시스템 가상머신 환경은 높은 하드웨어 효율성과 높은 보안을 요구하는 시스템에서 그 사용이 점차 늘어나고 있다. 최근 많이 알려진 하이퍼바이저 가상머신 시스템은 높은 아이솔레이션과 보안성을 보장하나 각 게스트 운영체제 별로 운영체제 이미지를 가지기 때문에 하드웨어 효율성이 떨어지는 반면, 컨테이너 기반 가상머신 시스템은 운영체제 이미지의 공유로 인하여 높은 자원 효율성과 확장성을 가진다. 그러나 메모리 자원의 아이솔레이션에 대하여 취약점을 갖는 문제점을 안고 있다. 본 논문에서는 컨테이너 기반 가상머신 시스템에서 동적으로 각 가상머신별로 메모리 사용량 증가에 따른 페이지 히트율-곡선(Hit-Ratio-Curve)을 측정하였다. 이 곡선을 관찰해 보면 각 가상머신의 메모리 필요량을 알 수 있으며 이를 기반으로 메모리 자원을 할당하게 될 경우 효과적으로 메모리 자원의 아이솔레이션을 제공할 수 있게 된다. 본 논문에서는 대표적인 컨테이너 기반 가상머신인 리눅스 VServer가 적용되어 있는 리눅스 2.6.17 커널에 직접 구현하였으며, Lmbench 및 리눅스 커널 컴파일 등을 통하여 오버헤드를 측정하였고 $1.6{\sim}7.2%$의 적은 오버헤드로 이를 측정할 수 있음을 확인하였다.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.3
• /
• pp.97-103
• /
• 2020

Linux Cgroups takes a fundamental role for sharing system resources among multiple containers on container-based cloud computing environment. Especially for I/O resource, Linux Cgroups supports a mechanism for sharing I/O bandwidth in proportion to I/O weight. However, the current mechanism of Linux Cgroups using BFQ I/O scheduler seriously degrades the I/O performance with high bandwidth storage device such as NVMe SSDs. In this paper, we proposed a new feedback based I/O bandwidth sharing scheme for Linux Cgroups which allocates I/O credits to containers according to I/O weights and adjusts the amount of credits to performance fluctuation of NVMe SSDs. The proposed scheme is implemented on Linux kernel 5.3 and evaluated. The evaluation results show that it can share the I/O bandwidth among multiple containers proportionally to I/O weights while improving I/O performance more than twice as high as the existing scheme.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.04a
• /
• pp.40-43
• /
• 2017

OS-level 가상화 기술은 애플리케이션을 배포하기 위한 새로운 패러다임으로서, 가상 머신을 대체할 수 있는 기술이다. 특히 컨테이너는 기존의 리눅스 컨테이너에 유니온 마운트 포인트(Union Mount Point)와 레이어 구조의 이미지를 적용함으로써 보다 빠르고 효율적인 애플리케이션의 배포가 가능하다. 이러한 컨테이너의 특징들은 RoW(Redirect-on-Write), CoW(Copy-on-Write) 등의 스냅숏 기능을 제공하는 특정 파일 시스템에서만 사용될 수 있으며, 어플리케이션의 특징에 따라 적절한 파일 시스템을 사용해야한다. 따라서 본 논문에서는 컨테이너 이미지의 레이어구조를 사용할 수 있는 파일 시스템들의 특징을 설명하고 이에 따른 쓰기 작업의 성능 평가를 진행한다.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.7
• /
• pp.65-73
• /
• 2022

Recently, as the Windows system supports the Windows subsystem for Linux (WSL), various researchers have studied to apply a docker container on various systems such as server systems, workstation system and so on. However, in various existing researchers, there is a lack of performance-related indicators to apply the system to each operating system (linux system and windows system). In this paper, we compared a performance comparison and analysis of container-based host operating systems. We configured experimental environments of operating systems for microsoft windows systems and linux systems based on a docker container support. In experimental results, the containers of linux systems reduced the average data latency of dataset 1-6 by 3.9%, 62.16%, 1552.38%, 7.27%, 60.83%, and 1567.2%, compared to the containers on microsoft windows systems.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.18 no.6
• /
• pp.1125-1132
• /
• 2023

The importance of networks is gradually expanding in the battlefield environment. As time goes by, the types of tactical data links used in the Korean JTDLS are increasing, and the military's weapon systems equipped with tactical data link systems are increasing. Thorough quality verification is required to provide stable software to the wider battlefield. This study examines how to prepare an environment in which various simulation tests to verify the stability of the Korean JTDLS project can be conducted as diverse as possible using minimal physical space and Hardware resources. Through this, it is possible to improve the completeness of the project and secure the stability of the program, and it is intended to contribute to securing higher stability and reliability by securing maximum test capabilities in a limited test environment even in Linux based system project of a similar environment.

• Journal of the Korea Convergence Society
• /
• v.10 no.12
• /
• pp.71-80
• /
• 2019

DevOps is a combining which means giving a diverse environments for software development and operations through whole software lifecycle. The key value of the proposed DevOps platform is the fast and stable service capability for a software development and operation environment. To do this, the DevOps gives pre-embedded 7 programming languages-Java, C/C++, Python, PHP, Ruby, Node.js, goLang and 7 service frameworks - Korea eGov Framework, Spring, Struts, Django, Laravel, Rails, Express. With the DevOps platform, it is possible to develop a software and also to build and distribute operation packages directly with the Linux containers. In this paper, the performance evaluation for a compile time, a distribution time and a processing capability is will be also proved. Though the performance evaluation, this paper shows capabilities of the proposed DevOps for Cloud services with commercial service level, prospectively.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.10
• /
• pp.415-420
• /
• 2017

Virtualization technique of OS-level is a new paradigm for deploying applications, and is attracting attention as a technology to replace traditional virtualization technique, VM (Virtual Machine). Especially, docker containers are capable of distributing application images faster and more efficient than before by applying layered image structures and union mount point to existing linux container. These characteristics of containers can only be used in layered file systems that support snapshot functionality, so it is required to select appropriate layered file systems according to the characteristics of the containerized application. We examine the characteristics of representative layered file systems and conduct write performance evaluations of each layered file systems according to the operating principles of the layered file system, Allocate-on-Demand and Copy-up. We also suggest the method of determining a appropriate layered file system principle for unknown containerized application by learning block I/O usage history of each layered file system principles in artificial neural network. Finally we validate effectiveness of artificial neural network created from block I/O history of each layered file system principles.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.11
• /
• pp.2670-2677
• /
• 2014

The technique of virtual machine construction using hypervisor such as Xen and KVM is mainly used for implementation of cloud computing infrastructure. This technique is efficient in allocating and managing resources compared to the existing operation methods. However it requires high resource usage when constructing virtual machines and results in wasting of resources when not using the allocated resources. Docker is a technique based on the container method to resolve such a problem. This paper shows the container method such as Docker is efficient as a web construction technique by comparing virtual machine method to container method. It is shown to be especially useful when storing data into DB or storage devices in such environments of web server or program development. In the upcoming cloud computing environment the container method such as Docker is expected to improve the resource efficiency and the convenience of management.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.7
• /
• pp.1047-1059
• /
• 2022

With the development of cloud computing technology, container technology that provides services based on a virtual environment is also developing. Container orchestration technology is a key element for cloud services, and it has become an important core technology for building, deploying, and testing large-scale containers with automation. Originally designed by Google and now managed by the Linux Foundation, Kubernetes is one of the container orchestrations and has become the de facto standard. However, despite the increasing use of Kubernetes in container orchestration, the number of incidents due to security vulnerabilities is also increasing. Therefore, in this paper, we study the vulnerabilities of Kubernetes and propose a security policy that can consider security from the initial development or design stage through threat analysis. In particular, we intend to present a specific security guide by classifying security threats by applying STRIDE threat modeling.