Update from Gregory Kurtzer on Singularity’s Push into FS and the Enterprise

By John Russell

September 11, 2018

Editor’s note: Container technology is hardly new but it has undergone rapid evolution in the HPC space in recent years to accommodate traditional science workloads and HPC systems requirements. While Docker containers continue to dominate in the enterprise, other variants are becoming important and one alternative with distinctly HPC roots – Singularity – is making an enterprise push targeting advanced scale workload inclusive of HPC. Singularity got its start at Lawrence Berkeley National lab in 2015 as an open source effort and found near-immediate traction within the HPC community.  

Today, Singularity remains open source but is overseen by start-up company, SyLabs, headed by Gregory Kurtzer who led development of Singularity at LBNL (see HPCwire article, Singularity HPC Container Start-Up – Sylabs – Emerges from Stealth). SyLabs offers a supported version of Singularity and, as mentioned, has turned its attention to the enterprise. In conjunction with the HPC on Wall Street conference taking place this week in New York City, HPCwire asked Kurtzer for an update on advanced container technology progress in the enterprise with a focus on Singularity’s progress and the specific needs of financial services sector, which has long been a leader in adopting HPC and advanced scale systems. 

HPCwire: Greg, maybe provide a quick refresher snapshot of container technology and distinguish it from VMs, and touch on the important characteristics of HPC/advanced scale containers.

Gregory Kurtzer: HPC and what we call EPC (Enterprise Performance Compute) focused applications require direct integration with the host operating system and underlying hardware. In contrast, services require isolation from each other and from the host’s resources. Singularity is designed to mitigate security issues when running containers as non-root, and thus blur the line between host and container. Singularity is also highly performant on both startup and teardown and will completely get out of the way, allowing the application to execute without any interference from the container runtime.

HPCwire: Filling out the container ecosystem a bit, explain the role of deployment/management tools such as Kubernetes or other tools such as job schedulers.

Gregory Kurtzer

Kurtzer: Job schedulers have been part of the core ecosystem on HPC for a long time. Now, with the advent of containers on HPC, we are seeing both HPC and EPC users interested in deployment tools, such as Kubernetes/Kubeflow, for their compute workloads. But the container ecosystem demands more than what a job scheduler offers; now users want to build their containers asynchronously, store them in a clear and verifiably reproducible way, and run their workloads on a different set of resources across multiple resources. These tools now play a big role for users trying to move their workloads between onprem and the cloud.

HPCwire: Looking at the traditional HPC environment (academia and government) and enterprise and financial service sector in particular, how do the container use patterns/needs differ and where are they similar?

Kurtzer: In academia and government, the HPC ecosystem consists of a wide variety of use cases, ranging from massively parallel tightly coupled MPI based applications to single threaded, interpreted based workloads (scripts). The EPC and financial services sector tend to generally have more serial based workloads, but given that all of these are focused on performance and compute, many of them have a very similar nature to the needs of academic and government HPC.

This means that the financial sector resources may not have InfiniBand for interprocess communication, or a parallel file system, but they do need low latency networks usually with TCP offloading for HFT requirements. Additionally, they need to manage unprivileged users and resource management with scheduling as a traditional HPC resource would, but they also need to handle orchestration, CI/CD, DevOps, policy compliance, and change management with validation of their workflows. Singularity is uniquely designed for this.

HPCwire: Security is an issue that is often flagged with Docker and one that’s obviously important in the FS world. What are the security challenges container technology presents and how are they best solved?

Singularity is unique in how it handles security, privilege, and user access. Designed to allow untrusted users to run untrusted containers but in a trusted way, Singularity allows non-root users the ability to run containers while locking their privilege within the container. Singularity actually blocks privilege escalation attempts within the container, so from a security point of view, it is safer for users to run applications from within Singularity.

This use case is not limited to just HPC. Imagine being able to run any service through a container without ever being root, and mitigating to ensure that anything running inside that container can never become root.

But security is also rooted within trust. Singularity (as of version 3.0, which is slated to be released in early October), can support cryptographically signed containers. This means you can trust your container runtime environment. Furthermore, with the Sylabs keystore cloud service, you can verify containers and provide accountability back to the developer. Coupling that with the ability to revoke keys means we can limit the “blast radius” of a given exposure.

Between our security model and trusted environments, Singularity and Sylabs adds an entirely new layer of security to your existing environments.

HPCwire: What are some of the dominant HPC-related container use cases in FS you are seeing?

Kurtzer: We are seeing Singularity’s use cases in EPC and the financial sectors gaining momentum on data driven analytics, simulation, HFT (high frequency trading), and starting to see an uptake in AI for market prediction.

HPCwire: When we talked a little over a year ago, you said Singularity had only a smattering of commercial users. How has that changed and why?

Kurtzer:We have a public “Singularity Registry” in which people can voluntarily list their computational resources which support Singularity. Unsurprisingly it consists almost exclusively of academic and government non-classified systems; most commercial users do not list their resources there. So it is somewhat of a surprise to us every time we are contacted by a commercial organization that is already using Singularity. At this point, we have been contacted by large number of commercial end-users as well as hardware and software providers who are interested in working with us to satisfy the requests of their customers.

One of the motivators here has been on our release of SingularityPRO. SingularityPRO is a curated version of the open source codebase and thus it is made of 100 percent open source software. But, we give a 2-week priority of security updates to paying customers as well as make available the Sylabs Keystore for cryptographic validation of containers (a freemium service to open source users). Lastly, we offer commercial support, training materials, and professional services to PRO customers exclusively as we do not provide enterprise support on the open source codebase.

HPCwire: Can you comment on the growth of Singularity (and other HPC flavors of containers) in the enterprise broadly and perhaps its segments such as FS and manufacturing, etc.

Kurtzer: Singularity’s growth in the enterprise is like a step function, starting with the low hanging fruit of commercial HPC and EPC which introduces Singularity to these enterprises organizations. From there, we have seen that other groups within the organization are introduced to Singularity and love its ease of use, security differentiators, and the novel single-file container image format.

The biggest barrier so far has been the lack of compatibility with existing resources like Kubernetes; but we will soon be releasing a solution for exactly this, so stay tuned!

HPCwire: How is container technology well suited for FS, and what are the challenges?

Kurtzer: Container technology in general is changing the paradigm about what it means to package and distribute software. Singularity takes this to the next level. For example, the Singularity Image Format is to containers what RPM and DEB files are to source code. Our image format, modeled after the ELF binary format in Linux, offers flexibility, control, and cryptographic verification, and thus guaranteed immutability. This changes the DevOps paradigm and offers bit for bit reproducibility and trust.

But for financial services, there are other requirements that have historically made containerization a non-starter. For example, the networking layers of other container systems introduce too much latency for HFT and distributed workflows. Fortunately, Singularity, being designed for performance and compute, does not suffer the same outcome as Singularity does not introduce additional latencies in the network, memory, or IO subsystems.

HPCwire: What kinds of forthcoming container technology changes will help FS segment?

Kurtzer: Security is key as is trust via cryptographic signing and encryption. Additionally, integration with existing resources (Kubernetes, Kubeflow, Mesos), performance metrics, tighter integration into existing workflows, and leveraging a community with an already strong knowledge of the container space.

HPCwire: What’s ahead for container technology, in particular for HPC-capable container technology.

Kurtzer: We see PMIx being a big help for MPI and we are working with Mellanox to solve the OFED compatibility layer.

In terms of the container ecosystem, we are soon to release a Container Library and Marketplace for purchasing of premade containers. This will provide software providers the ability to have software vendors shipping their applications as signed Singularity containers.

HPCwire: It seems like heterogeneous architectures (CPU-Accelerator) are becoming a fact of life with processors diversity in particular – Intel, AMD, IBM/Power, ARM, RISCv – further complicating platform selection and use. How does this affect container technology and what challenges (port to processors, etc.) does it present? For example, which processors does Singularity support.

Kurtzer: There is no limit to which platforms can run compute-driven analytics. Because of this, we support everything possible, including GPU and interconnects. Also, the Singularity Image Format (SIF) contains metadata about what architectures it is built and optimized for such that orchestrators can easily glean insights from the container image itself for orchestration.

HPCwire: Do you expect a convergence between varying flavors?

Kurtzer: No. Options are good as each solution offers variety. There will always be Gnome and KDE, Vim and Emacs, Perl and Python, Docker and Singularity.

HPCwire: You’ve talked in the past about how containers potentially represent a paradigm change in the way applications are delivered; how is this playing out and what should we expect?

Kurtzer: 451 Research believes the application market space to grow to $1.6B in 2018 alone. If the market is growing that rapidly, support of the market needs to be there. Sylabs will be there to support it in terms of technology enhancements and services, including working with other open source projects to create solutions to cover a broad spectrum of customer problems.

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industry updates delivered to you every week!

Quantum Software Specialist Q-CTRL Inks Deals with IBM, Rigetti, Oxford, and Diraq

September 10, 2024

Q-CTRL, the Australia-based start-up focusing on quantum infrastructure software, today announced that its performance-management software, Fire Opal, will be natively integrated into four of the world's most advanced qu Read more…

Computing-Driven Medicine: Sleeping Better with HPC

September 10, 2024

As a senior undergraduate student at Fisk University in Nashville, Tenn., Ifrah Khurram's calculus professor, Dr. Sanjukta Hota, encouraged her to apply for the Sustainable Research Pathways Program (SRP). SRP was create Read more…

LLNL Engineers Harness Machine Learning to Unlock New Possibilities in Lattice Structures

September 9, 2024

Lattice structures, characterized by their complex patterns and hierarchical designs, offer immense potential across various industries, including automotive, aerospace, and biomedical engineering. With their outstand Read more…

NSF-Funded Data Fabric Takes Flight

September 5, 2024

The data fabric has emerged as an enterprise data management pattern for companies that struggle to provide large teams of users with access to well-managed, integrated, and secured data. Now scientists working at univer Read more…

xAI Colossus: The Elon Project

September 5, 2024

Elon Musk's xAI cluster, named Colossus (possibly after the 1970 movie about a massive computer that does not end well), has been brought online. Musk recently posted the following on X/Twitter: "This weekend, the @xA Read more…

Researchers Benchmark Nvidia’s GH200 Supercomputing Chips

September 4, 2024

Nvidia is putting its GH200 chips in European supercomputers, and researchers are getting their hands on those systems and releasing research papers with performance benchmarks. In the first paper, Understanding Data Mov Read more…

Quantum Software Specialist Q-CTRL Inks Deals with IBM, Rigetti, Oxford, and Diraq

September 10, 2024

Q-CTRL, the Australia-based start-up focusing on quantum infrastructure software, today announced that its performance-management software, Fire Opal, will be n Read more…

NSF-Funded Data Fabric Takes Flight

September 5, 2024

The data fabric has emerged as an enterprise data management pattern for companies that struggle to provide large teams of users with access to well-managed, in Read more…

Shutterstock 1024337068

Researchers Benchmark Nvidia’s GH200 Supercomputing Chips

September 4, 2024

Nvidia is putting its GH200 chips in European supercomputers, and researchers are getting their hands on those systems and releasing research papers with perfor Read more…

Shutterstock 1897494979

What’s New with Chapel? Nine Questions for the Development Team

September 4, 2024

HPC news headlines often highlight the latest hardware speeds and feeds. While advances on the hardware front are important, improving the ability to write soft Read more…

Critics Slam Government on Compute Speeds in Regulations

September 3, 2024

Critics are accusing the U.S. and state governments of overreaching by including limits on compute speeds in regulations and laws, which they claim will limit i Read more…

Shutterstock 1622080153

AWS Perfects Cloud Service for Supercomputing Customers

August 29, 2024

Amazon's AWS believes it has finally created a cloud service that will break through with HPC and supercomputing customers. The cloud provider a Read more…

HPC Debrief: James Walker CEO of NANO Nuclear Energy on Powering Datacenters

August 27, 2024

Welcome to The HPC Debrief where we interview industry leaders that are shaping the future of HPC. As the growth of AI continues, finding power for data centers Read more…

CEO Q&A: Acceleration is Quantinuum’s New Mantra for Success

August 27, 2024

At the Quantum World Congress (QWC) in mid-September, trapped ion quantum computing pioneer Quantinuum will unveil more about its expanding roadmap. Its current Read more…

Everyone Except Nvidia Forms Ultra Accelerator Link (UALink) Consortium

May 30, 2024

Consider the GPU. An island of SIMD greatness that makes light work of matrix math. Originally designed to rapidly paint dots on a computer monitor, it was then Read more…

Atos Outlines Plans to Get Acquired, and a Path Forward

May 21, 2024

Atos – via its subsidiary Eviden – is the second major supercomputer maker outside of HPE, while others have largely dropped out. The lack of integrators and Atos' financial turmoil have the HPC market worried. If Atos goes under, HPE will be the only major option for building large-scale systems. Read more…

AMD Clears Up Messy GPU Roadmap, Upgrades Chips Annually

June 3, 2024

In the world of AI, there's a desperate search for an alternative to Nvidia's GPUs, and AMD is stepping up to the plate. AMD detailed its updated GPU roadmap, w Read more…

Nvidia Shipped 3.76 Million Data-center GPUs in 2023, According to Study

June 10, 2024

Nvidia had an explosive 2023 in data-center GPU shipments, which totaled roughly 3.76 million units, according to a study conducted by semiconductor analyst fir Read more…

Shutterstock_1687123447

Nvidia Economics: Make $5-$7 for Every $1 Spent on GPUs

June 30, 2024

Nvidia is saying that companies could make $5 to $7 for every $1 invested in GPUs over a four-year period. Customers are investing billions in new Nvidia hardwa Read more…

Comparing NVIDIA A100 and NVIDIA L40S: Which GPU is Ideal for AI and Graphics-Intensive Workloads?

October 30, 2023

With long lead times for the NVIDIA H100 and A100 GPUs, many organizations are looking at the new NVIDIA L40S GPU, which it’s a new GPU optimized for AI and g Read more…

Google Announces Sixth-generation AI Chip, a TPU Called Trillium

May 17, 2024

On Tuesday May 14th, Google announced its sixth-generation TPU (tensor processing unit) called Trillium.  The chip, essentially a TPU v6, is the company's l Read more…

Shutterstock 1024337068

Researchers Benchmark Nvidia’s GH200 Supercomputing Chips

September 4, 2024

Nvidia is putting its GH200 chips in European supercomputers, and researchers are getting their hands on those systems and releasing research papers with perfor Read more…

Leading Solution Providers

Contributors

IonQ Plots Path to Commercial (Quantum) Advantage

July 2, 2024

IonQ, the trapped ion quantum computing specialist, delivered a progress report last week firming up 2024/25 product goals and reviewing its technology roadmap. Read more…

Intel’s Next-gen Falcon Shores Coming Out in Late 2025 

April 30, 2024

It's a long wait for customers hanging on for Intel's next-generation GPU, Falcon Shores, which will be released in late 2025.  "Then we have a rich, a very Read more…

Some Reasons Why Aurora Didn’t Take First Place in the Top500 List

May 15, 2024

The makers of the Aurora supercomputer, which is housed at the Argonne National Laboratory, gave some reasons why the system didn't make the top spot on the Top Read more…

Department of Justice Begins Antitrust Probe into Nvidia

August 9, 2024

After months of skyrocketing stock prices and unhinged optimism, Nvidia has run into a few snags – a  design flaw in one of its new chips and an antitrust pr Read more…

Nvidia H100: Are 550,000 GPUs Enough for This Year?

August 17, 2023

The GPU Squeeze continues to place a premium on Nvidia H100 GPUs. In a recent Financial Times article, Nvidia reports that it expects to ship 550,000 of its lat Read more…

MLPerf Training 4.0 – Nvidia Still King; Power and LLM Fine Tuning Added

June 12, 2024

There are really two stories packaged in the most recent MLPerf  Training 4.0 results, released today. The first, of course, is the results. Nvidia (currently Read more…

Spelunking the HPC and AI GPU Software Stacks

June 21, 2024

As AI continues to reach into every domain of life, the question remains as to what kind of software these tools will run on. The choice in software stacks – Read more…

Quantum Watchers – Terrific Interview with Caltech’s John Preskill by CERN

July 17, 2024

In case you missed it, there's a fascinating interview with John Preskill, the prominent Caltech physicist and pioneering quantum computing researcher that was Read more…

  • arrow
  • Click Here for More Headlines
  • arrow
HPCwire