Delivering Enhanced OCI Compatibility, Customizable Workflows, and Strengthened SecuritySylabs, a global leader in providing tools and services for performance-intensive container technology, today announces the release of SingularityCE 4.1.0, the newest iteration of...
Who is Sylabs?
We are often asked about who Sylabs is, and what we are working on for both the open source community, and for those who require professional support of their HPC container workflow environments. Sylabs was created in 2017 to provide support, professional services, and value-added tooling for the Singularity container ecosystem, which has become predominant in shared, high performance computing environments.
To back up, let’s start with why a new container runtime was introduced into HPC. Docker had taken off as a de facto container technology for scaling out web and database services, but this differed widely from how scientists and researchers wanted to use it in HPC with batch schedulers. So, the means to containerize applications was important, but the way in which Docker did this did not meet HPC needs for simplicity, security and repeatability. Singularity was created to address the gaps in the existing technology. While allowing easier access to the underlying hardware on a compute node.
Singularity began as an open source project, and achieved great accomplishments in 2016 when community features were introduced to leverage an already existing Docker ecosystem of application containers. Docker paved the way to container adoption in Enterprise, and Singularity became a widely adopted container runtime for HPC in a very short time. One year later, adoption of Singularity drove the creation of Sylabs to provide professional support and additional tooling to the open source community, and the customers who rely on production-ready support.
Let’s talk a little more about the open source container platform designed to be simple, fast, and secure; Singularity.
What is Singularity?
Singularity is designed for ease-of-use on high density clusters. Singularity implements a unique security model to mitigate privilege escalation risks, and provides a platform to capture a complete application environment into a single file. It supports all the major distributions, as well as multiple architectures.
Sylabs continues to be a good steward to the open source community, by leading release management and hosting community forums across the globe, as well as in Slack and Google Groups. We also provide build, registry and signing services for the open source community. Working within the open source community is an important aspect to our endeavors; for example, we recently worked with Anchore to provide support of SIF within their software bill of materials toolset.
Next, let’s briefly go into some of the features of SIF, the default Singularity container image format.
- An immutable single-file container image format supporting cryptographic signatures
- Mobility of compute – the single file SIF container format is easy to transport and share.
- Native support of encryption
- Integration with Anchore, Syft, and Grype for support of Software Bill of Materials (SBOM)
This container image format became important for scientists and researchers in that it provides a mechanism for portability from a development workstation to wherever the container is deployed in production. It is a single file that can be encrypted, and does not require decryption to disk before running. The SIF image format has been a mainstay in HPC where customers may take a few source application containers from their favorite container registry, to build a production SIF container for deployment in their cluster. SIF is recognised as an important format where we worked with Redhat to provide recently announced support for SIF within Podman, and Apptainer also supports SIF.
Sylabs continues to develop the SIF format to address the needs of a rapidly changing and growing community. Keep an eye out for our GitHub repository for what we have planned, or check out our announcements for recently released features.
Where does Singularity play a key role in containerization?
Singularity is a container runtime and image format used in a variety of applications and industries, on large scale systems with a hundred thousand nodes to single node systems, across the three major architectures. Compatibility is a key requirement for the variety of different workflows, since many customers use a variety of container runtimes with the OCI format. Singularity can use an OCI image as a source to run or create a SIF container image, which is then used to deploy across compute resources, whether on premise, in the cloud or more commonly in hybrid computing environments.
Sylabs designed SingularityPRO for high performance use cases and emerging fields such as artificial intelligence, deep learning, machine learning and data analytics. SingularityPRO is differentiated from the open source version by the inclusion of several plugins to augment capabilities as well as a software bill of materials to address software supply chain security. SingularityPRO was created to address the needs in environments that desire structured support with timely updates, backported fixes, pre-packaged binaries, direct influence on features that are critical to their needs, extra functionality and peace of mind with a software bill of materials.
Singularity Enterprise is a set of three services to support Singularity container workflows. The first version was created in 2018 by Sylabs as a SaaS offering that evolved into an on premise version. This is a complimentary technology for Singularity, to address the needs of container workflows with a Remote Builder to securely build architecture specific containers, a container Library, to store and share SIF containers, and a Keystore which is a GPG key service for signing and verifying containers. The signing feature provides provenance and authenticity to those who created, and those who deploy containers.
Singularity Enterprise is the leading technology for customers who prefer on premise deployments, or in a virtual private cloud (VPC). It can be deployed to support up to three build architectures, such as x86-64, ARM64 and IBM Power 9.
Sylabs is proud to represent a portfolio of products and services to address the burgeoning needs of the high performance computing industry, including exascale and supercomputing environments.
From maintaining the SingularityCE codebase and collaborative efforts with other open source projects, to providing free services like the Singularity Container Services, and offering professional products and services through SingularityPRO and Singularity Enterprise, Sylabs is committed to addressing the containerization needs of scientists, researchers, engineers, and businesses utilizing performance-intensive, mission-critical applications.
Follow us on at @Sylabs and @Singularity_CE or sign up for our newsletter to stay updated on the latest news and videos. Please feel free to try out the services, and let us know about your experience, and what features you’d like to see at https://sylabs.staging.sycloud.io/contact-us/.
Join Our Mailing List
Overview Singularity Enterprise comes with a fully compliant Open Container Initiative (OCI) registry. The following is a collection of typical registry operations within your workflow. Assuming the Singularity Enterprise registry address is registry.sylabs.io, please...
Program Aims to Empower Next Generation of Container Technology ExpertsSylabs, a global leader in providing tools and services for performance-intensive container technology, today announces the comprehensive "Singularity Containers 101" curriculum. Using the...