Over the past decade, public cloud has grown in capabilities and adoption has grown with it as well. Just about everything in application development has adapted to take advantage of the cloud’s rapid elasticity and consumption based pricing. With this change though, complexity has been introduced that has made it difficult for operations teams to keep up as they seek to deliver the same level of application uptime, performance, and security that they had mastered in the on-premises and monolithic application models.
The Cloud Native Monitoring Conundrum
When the underlying infrastructure is no longer the province of operations teams, visibility becomes an issue. Previously, data about applications was easy to access at the infrastructure layer, particularly in the underlying OS and network. Multiple tools exist to gather and analyze data from the underlying infrastructure that will build a view of what happens much further up the stack inside an application. In a cloud-native applications however, these legacy tools and their lack of relevance leave operations teams blind.
It is with this problem in mind that Loris Degioanni, co-author of the massively popular WireShark, founded Sysdig. Loris sought to address the lack of monitoring, troubleshooting, and security tools for cloud-native applications and he chose to start with containers in particular. Despite Loris’ love of network packets, the ability to tap into applications at such a base level is just not possible in cloud infrastructure and a new solution was needed. After all, there is no span port in the cloud.
The Sysdig Way
Loris decided a new approach was need to provide the kind of visibility needed for cloud-native applications. Before deciding on any specific technology or architecture however, Loris believed that the solution must adhere to what he calls the Sysdig way. As Loris puts it, the Sysdig was has four guiding principals:
- Easiest Instrumentation
- No state-changing components
- No blind spot
- High granularity
Loris goes into more detail on the Sysdig way and how it guides their architecture during his presentation at Cloud Field Day 5.
With these principals in mind, Loris and Sysdig started the journey toward cloud-native visibility with containers. Using the extended Berkeley Packet Filter (eBPF), Sysdig is providing a view into traffic of containers running on a host when traditional network monitoring is not available. This is accomplished by running a lightweight Sysdig container on each host in your container infrastructure that is able to collect and analyze data produced by eBPF.
In his technical deep dive, Loris provides great detail about the architecture and technology behind Sysdig’s use of eBPF. The current architecture as well as the future of Sysdig are covered as well. Sysdig is off to a solid start with Linux container monitoring and have Windows containers as well as monitoring of serverless application monitoring on their roadmap.
Some of the delegates present during the presentation also wrote some insightful articles which can be found on the Tech Field Day website. Other video’s from Sysdig’s appearance are available as well and worth a watch. Sysdig CEO Suresh Vasudevan does a great job of introducing Sysdig as a company and the problems they are helping solve in the cloud-native application space and Payal Chakravarty, VP of product development guides us through a demo of the product.
Ken’s Conclusion
Overall, Sysdig did a great job at their first Field Day event. The introduction of the company to the Field Day community as well as the problem they are addressing resonated with the folks in attendance in the wider audience in general. Seeing the technology and architecture was cool, but the guiding principals of the “Sysdig way” give the impression that the company is on the path to a successful future as they continue to develop product features. As Enterprise IT adapts to the world of cloud, having a partner like Sysdig to help you navigate the new operational challenges is invaluable.