Update from Gregory Kurtzer on Singularity’s Push into FS and the Enterprise

By John Russell

September 11, 2018

Editor’s note: Container technology is hardly new but it has undergone rapid evolution in the HPC space in recent years to accommodate traditional science workloads and HPC systems requirements. While Docker containers continue to dominate in the enterprise, other variants are becoming important and one alternative with distinctly HPC roots – Singularity – is making an enterprise push targeting advanced scale workload inclusive of HPC. Singularity got its start at Lawrence Berkeley National lab in 2015 as an open source effort and found near-immediate traction within the HPC community.  

Today, Singularity remains open source but is overseen by start-up company, SyLabs, headed by Gregory Kurtzer who led development of Singularity at LBNL (see HPCwire article, Singularity HPC Container Start-Up – Sylabs – Emerges from Stealth). SyLabs offers a supported version of Singularity and, as mentioned, has turned its attention to the enterprise. In conjunction with the HPC on Wall Street conference taking place this week in New York City, HPCwire asked Kurtzer for an update on advanced container technology progress in the enterprise with a focus on Singularity’s progress and the specific needs of financial services sector, which has long been a leader in adopting HPC and advanced scale systems. 

HPCwire: Greg, maybe provide a quick refresher snapshot of container technology and distinguish it from VMs, and touch on the important characteristics of HPC/advanced scale containers.

Gregory Kurtzer: HPC and what we call EPC (Enterprise Performance Compute) focused applications require direct integration with the host operating system and underlying hardware. In contrast, services require isolation from each other and from the host’s resources. Singularity is designed to mitigate security issues when running containers as non-root, and thus blur the line between host and container. Singularity is also highly performant on both startup and teardown and will completely get out of the way, allowing the application to execute without any interference from the container runtime.

HPCwire: Filling out the container ecosystem a bit, explain the role of deployment/management tools such as Kubernetes or other tools such as job schedulers.

Gregory Kurtzer

Kurtzer: Job schedulers have been part of the core ecosystem on HPC for a long time. Now, with the advent of containers on HPC, we are seeing both HPC and EPC users interested in deployment tools, such as Kubernetes/Kubeflow, for their compute workloads. But the container ecosystem demands more than what a job scheduler offers; now users want to build their containers asynchronously, store them in a clear and verifiably reproducible way, and run their workloads on a different set of resources across multiple resources. These tools now play a big role for users trying to move their workloads between onprem and the cloud.

HPCwire: Looking at the traditional HPC environment (academia and government) and enterprise and financial service sector in particular, how do the container use patterns/needs differ and where are they similar?

Kurtzer: In academia and government, the HPC ecosystem consists of a wide variety of use cases, ranging from massively parallel tightly coupled MPI based applications to single threaded, interpreted based workloads (scripts). The EPC and financial services sector tend to generally have more serial based workloads, but given that all of these are focused on performance and compute, many of them have a very similar nature to the needs of academic and government HPC.

This means that the financial sector resources may not have InfiniBand for interprocess communication, or a parallel file system, but they do need low latency networks usually with TCP offloading for HFT requirements. Additionally, they need to manage unprivileged users and resource management with scheduling as a traditional HPC resource would, but they also need to handle orchestration, CI/CD, DevOps, policy compliance, and change management with validation of their workflows. Singularity is uniquely designed for this.

HPCwire: Security is an issue that is often flagged with Docker and one that’s obviously important in the FS world. What are the security challenges container technology presents and how are they best solved?

Singularity is unique in how it handles security, privilege, and user access. Designed to allow untrusted users to run untrusted containers but in a trusted way, Singularity allows non-root users the ability to run containers while locking their privilege within the container. Singularity actually blocks privilege escalation attempts within the container, so from a security point of view, it is safer for users to run applications from within Singularity.

This use case is not limited to just HPC. Imagine being able to run any service through a container without ever being root, and mitigating to ensure that anything running inside that container can never become root.

But security is also rooted within trust. Singularity (as of version 3.0, which is slated to be released in early October), can support cryptographically signed containers. This means you can trust your container runtime environment. Furthermore, with the Sylabs keystore cloud service, you can verify containers and provide accountability back to the developer. Coupling that with the ability to revoke keys means we can limit the “blast radius” of a given exposure.

Between our security model and trusted environments, Singularity and Sylabs adds an entirely new layer of security to your existing environments.

HPCwire: What are some of the dominant HPC-related container use cases in FS you are seeing?

Kurtzer: We are seeing Singularity’s use cases in EPC and the financial sectors gaining momentum on data driven analytics, simulation, HFT (high frequency trading), and starting to see an uptake in AI for market prediction.

HPCwire: When we talked a little over a year ago, you said Singularity had only a smattering of commercial users. How has that changed and why?

Kurtzer:We have a public “Singularity Registry” in which people can voluntarily list their computational resources which support Singularity. Unsurprisingly it consists almost exclusively of academic and government non-classified systems; most commercial users do not list their resources there. So it is somewhat of a surprise to us every time we are contacted by a commercial organization that is already using Singularity. At this point, we have been contacted by large number of commercial end-users as well as hardware and software providers who are interested in working with us to satisfy the requests of their customers.

One of the motivators here has been on our release of SingularityPRO. SingularityPRO is a curated version of the open source codebase and thus it is made of 100 percent open source software. But, we give a 2-week priority of security updates to paying customers as well as make available the Sylabs Keystore for cryptographic validation of containers (a freemium service to open source users). Lastly, we offer commercial support, training materials, and professional services to PRO customers exclusively as we do not provide enterprise support on the open source codebase.

HPCwire: Can you comment on the growth of Singularity (and other HPC flavors of containers) in the enterprise broadly and perhaps its segments such as FS and manufacturing, etc.

Kurtzer: Singularity’s growth in the enterprise is like a step function, starting with the low hanging fruit of commercial HPC and EPC which introduces Singularity to these enterprises organizations. From there, we have seen that other groups within the organization are introduced to Singularity and love its ease of use, security differentiators, and the novel single-file container image format.

The biggest barrier so far has been the lack of compatibility with existing resources like Kubernetes; but we will soon be releasing a solution for exactly this, so stay tuned!

HPCwire: How is container technology well suited for FS, and what are the challenges?

Kurtzer: Container technology in general is changing the paradigm about what it means to package and distribute software. Singularity takes this to the next level. For example, the Singularity Image Format is to containers what RPM and DEB files are to source code. Our image format, modeled after the ELF binary format in Linux, offers flexibility, control, and cryptographic verification, and thus guaranteed immutability. This changes the DevOps paradigm and offers bit for bit reproducibility and trust.

But for financial services, there are other requirements that have historically made containerization a non-starter. For example, the networking layers of other container systems introduce too much latency for HFT and distributed workflows. Fortunately, Singularity, being designed for performance and compute, does not suffer the same outcome as Singularity does not introduce additional latencies in the network, memory, or IO subsystems.

HPCwire: What kinds of forthcoming container technology changes will help FS segment?

Kurtzer: Security is key as is trust via cryptographic signing and encryption. Additionally, integration with existing resources (Kubernetes, Kubeflow, Mesos), performance metrics, tighter integration into existing workflows, and leveraging a community with an already strong knowledge of the container space.

HPCwire: What’s ahead for container technology, in particular for HPC-capable container technology.

Kurtzer: We see PMIx being a big help for MPI and we are working with Mellanox to solve the OFED compatibility layer.

In terms of the container ecosystem, we are soon to release a Container Library and Marketplace for purchasing of premade containers. This will provide software providers the ability to have software vendors shipping their applications as signed Singularity containers.

HPCwire: It seems like heterogeneous architectures (CPU-Accelerator) are becoming a fact of life with processors diversity in particular – Intel, AMD, IBM/Power, ARM, RISCv – further complicating platform selection and use. How does this affect container technology and what challenges (port to processors, etc.) does it present? For example, which processors does Singularity support.

Kurtzer: There is no limit to which platforms can run compute-driven analytics. Because of this, we support everything possible, including GPU and interconnects. Also, the Singularity Image Format (SIF) contains metadata about what architectures it is built and optimized for such that orchestrators can easily glean insights from the container image itself for orchestration.

HPCwire: Do you expect a convergence between varying flavors?

Kurtzer: No. Options are good as each solution offers variety. There will always be Gnome and KDE, Vim and Emacs, Perl and Python, Docker and Singularity.

HPCwire: You’ve talked in the past about how containers potentially represent a paradigm change in the way applications are delivered; how is this playing out and what should we expect?

Kurtzer: 451 Research believes the application market space to grow to $1.6B in 2018 alone. If the market is growing that rapidly, support of the market needs to be there. Sylabs will be there to support it in terms of technology enhancements and services, including working with other open source projects to create solutions to cover a broad spectrum of customer problems.

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industy updates delivered to you every week!

Nvidia Rolls Out Certified Server Program Targeting AI Applications

January 26, 2021

Nvidia today launched a certified systems program in which participating vendors can offer Nvidia-certified servers with up to eight A100 GPUs. Separate support contracts directly from Nvidia for the certified systems ar Read more…

By John Russell

XSEDE Supercomputers Square Off Against Ebola

January 26, 2021

COVID-19 may have dominated headlines and occupied much of the world’s scientific computing capacity over the last year, but many researchers continued their work to keep other deadly viruses at bay. One of those, Ebol Read more…

By Oliver Peckham

What’s New in HPC Research: Galaxies, Fugaku, Electron Microscopes & More

January 25, 2021

In this regular feature, HPCwire highlights newly published research in the high-performance computing community and related domains. From parallel programming to exascale to quantum computing, the details are here. Read more…

By Oliver Peckham

Red Hat’s Disruption of CentOS Unleashes Storm of Dissent

January 22, 2021

Five weeks after angering much of the CentOS Linux developer community by unveiling controversial changes to the no-cost CentOS operating system, Red Hat has unveiled alternatives for affected users that give them severa Read more…

By Todd R. Weiss

China Unveils First 7nm Chip: Big Island

January 22, 2021

Shanghai Tianshu Zhaoxin Semiconductor Co. is claiming China’s first 7-nanometer chip, described as a leading-edge, general-purpose cloud computing chip based on a proprietary GPU architecture. Dubbed “Big Island Read more…

By George Leopold

AWS Solution Channel

Fire Dynamics Simulation CFD workflow on AWS

Modeling fires is key for many industries, from the design of new buildings, defining evacuation procedures for trains, planes and ships, and even the spread of wildfires. Read more…

HiPEAC Keynote: In-Memory Computing Steps Closer to Practical Reality

January 21, 2021

Pursuit of in-memory computing has long been an active area with recent progress showing promise. Just how in-memory computing works, how close it is to practical application, and what are some of the key opportunities a Read more…

By John Russell

Nvidia Rolls Out Certified Server Program Targeting AI Applications

January 26, 2021

Nvidia today launched a certified systems program in which participating vendors can offer Nvidia-certified servers with up to eight A100 GPUs. Separate support Read more…

By John Russell

Red Hat’s Disruption of CentOS Unleashes Storm of Dissent

January 22, 2021

Five weeks after angering much of the CentOS Linux developer community by unveiling controversial changes to the no-cost CentOS operating system, Red Hat has un Read more…

By Todd R. Weiss

HiPEAC Keynote: In-Memory Computing Steps Closer to Practical Reality

January 21, 2021

Pursuit of in-memory computing has long been an active area with recent progress showing promise. Just how in-memory computing works, how close it is to practic Read more…

By John Russell

HiPEAC’s Vision for a New Cyber Era, a ‘Continuum of Computing’

January 21, 2021

Earlier this week (Jan. 19), HiPEAC — the European Network on High Performance and Embedded Architecture and Compilation — published the 8th edition of the HiPEAC Vision, detailing an increasingly interconnected computing landscape where complex tasks are carried out across multiple... Read more…

By Tiffany Trader

Saudi Aramco Unveils Dammam 7, Its New Top Ten Supercomputer

January 21, 2021

By revenue, oil and gas giant Saudi Aramco is one of the largest companies in the world, and it has historically employed commensurate amounts of supercomputing Read more…

By Oliver Peckham

President-elect Biden Taps Eric Lander and Deep Team on Science Policy

January 19, 2021

Last Friday U.S. President-elect Joe Biden named The Broad Institute founding director and president Eric Lander as his science advisor and as director of the Office of Science and Technology Policy. Lander, 63, is a mathematician by training and distinguished life sciences... Read more…

By John Russell

Pat Gelsinger Returns to Intel as CEO

January 14, 2021

The Intel board of directors has appointed a new CEO. Intel alum Pat Gelsinger is leaving his post as CEO of VMware to rejoin the company that he parted ways with 11 years ago. Gelsinger will succeed Bob Swan, who will remain CEO until Feb. 15. Gelsinger previously spent 30 years... Read more…

By Tiffany Trader

Julia Update: Adoption Keeps Climbing; Is It a Python Challenger?

January 13, 2021

The rapid adoption of Julia, the open source, high level programing language with roots at MIT, shows no sign of slowing according to data from Julialang.org. I Read more…

By John Russell

Julia Update: Adoption Keeps Climbing; Is It a Python Challenger?

January 13, 2021

The rapid adoption of Julia, the open source, high level programing language with roots at MIT, shows no sign of slowing according to data from Julialang.org. I Read more…

By John Russell

Esperanto Unveils ML Chip with Nearly 1,100 RISC-V Cores

December 8, 2020

At the RISC-V Summit today, Art Swift, CEO of Esperanto Technologies, announced a new, RISC-V based chip aimed at machine learning and containing nearly 1,100 low-power cores based on the open-source RISC-V architecture. Esperanto Technologies, headquartered in... Read more…

By Oliver Peckham

Azure Scaled to Record 86,400 Cores for Molecular Dynamics

November 20, 2020

A new record for HPC scaling on the public cloud has been achieved on Microsoft Azure. Led by Dr. Jer-Ming Chia, the cloud provider partnered with the Beckman I Read more…

By Oliver Peckham

NICS Unleashes ‘Kraken’ Supercomputer

April 4, 2008

A Cray XT4 supercomputer, dubbed Kraken, is scheduled to come online in mid-summer at the National Institute for Computational Sciences (NICS). The soon-to-be petascale system, and the resulting NICS organization, are the result of an NSF Track II award of $65 million to the University of Tennessee and its partners to provide next-generation supercomputing for the nation's science community. Read more…

Is the Nvidia A100 GPU Performance Worth a Hardware Upgrade?

October 16, 2020

Over the last decade, accelerators have seen an increasing rate of adoption in high-performance computing (HPC) platforms, and in the June 2020 Top500 list, eig Read more…

By Hartwig Anzt, Ahmad Abdelfattah and Jack Dongarra

Aurora’s Troubles Move Frontier into Pole Exascale Position

October 1, 2020

Intel’s 7nm node delay has raised questions about the status of the Aurora supercomputer that was scheduled to be stood up at Argonne National Laboratory next year. Aurora was in the running to be the United States’ first exascale supercomputer although it was on a contemporaneous timeline with... Read more…

By Tiffany Trader

10nm, 7nm, 5nm…. Should the Chip Nanometer Metric Be Replaced?

June 1, 2020

The biggest cool factor in server chips is the nanometer. AMD beating Intel to a CPU built on a 7nm process node* – with 5nm and 3nm on the way – has been i Read more…

By Doug Black

Programming the Soon-to-Be World’s Fastest Supercomputer, Frontier

January 5, 2021

What’s it like designing an app for the world’s fastest supercomputer, set to come online in the United States in 2021? The University of Delaware’s Sunita Chandrasekaran is leading an elite international team in just that task. Chandrasekaran, assistant professor of computer and information sciences, recently was named... Read more…

By Tracey Bryant

Leading Solution Providers

Contributors

Top500: Fugaku Keeps Crown, Nvidia’s Selene Climbs to #5

November 16, 2020

With the publication of the 56th Top500 list today from SC20's virtual proceedings, Japan's Fugaku supercomputer – now fully deployed – notches another win, Read more…

By Tiffany Trader

Texas A&M Announces Flagship ‘Grace’ Supercomputer

November 9, 2020

Texas A&M University has announced its next flagship system: Grace. The new supercomputer, named for legendary programming pioneer Grace Hopper, is replacing the Ada system (itself named for mathematician Ada Lovelace) as the primary workhorse for Texas A&M’s High Performance Research Computing (HPRC). Read more…

By Oliver Peckham

At Oak Ridge, ‘End of Life’ Sometimes Isn’t

October 31, 2020

Sometimes, the old dog actually does go live on a farm. HPC systems are often cursed with short lifespans, as they are continually supplanted by the latest and Read more…

By Oliver Peckham

Gordon Bell Special Prize Goes to Massive SARS-CoV-2 Simulations

November 19, 2020

2020 has proven a harrowing year – but it has produced remarkable heroes. To that end, this year, the Association for Computing Machinery (ACM) introduced the Read more…

By Oliver Peckham

Nvidia and EuroHPC Team for Four Supercomputers, Including Massive ‘Leonardo’ System

October 15, 2020

The EuroHPC Joint Undertaking (JU) serves as Europe’s concerted supercomputing play, currently comprising 32 member states and billions of euros in funding. I Read more…

By Oliver Peckham

Intel Xe-HP GPU Deployed for Aurora Exascale Development

November 17, 2020

At SC20, Intel announced that it is making its Xe-HP high performance discrete GPUs available to early access developers. Notably, the new chips have been deplo Read more…

By Tiffany Trader

Nvidia-Arm Deal a Boon for RISC-V?

October 26, 2020

The $40 billion blockbuster acquisition deal that will bring chipmaker Arm into the Nvidia corporate family could provide a boost for the competing RISC-V architecture. As regulators in the U.S., China and the European Union begin scrutinizing the impact of the blockbuster deal on semiconductor industry competition and innovation, the deal has at the very least... Read more…

By George Leopold

HPE, AMD and EuroHPC Partner for Pre-Exascale LUMI Supercomputer

October 21, 2020

Not even a week after Nvidia announced that it would be providing hardware for the first four of the eight planned EuroHPC systems, HPE and AMD are announcing a Read more…

By Oliver Peckham

  • arrow
  • Click Here for More Headlines
  • arrow
Do NOT follow this link or you will be banned from the site!
Share This