making the cloud efficient & secure
TRANSCRIPT
Making the cloud efficient & secure
Cloud Enabling Technology: Application Container
2
Application
Application Environment
Local Testing
Enterprise Data Center
Public CloudHuawei Cloud
Public Clouds
Build once,Run anywhere
DevOps
Container
Application Containers are Hot and Getting Hotter!Container market by 2020:$2.7B
Container adoption rate: 50% by 2020
40%/year
3
But containers are NOT secure!
Host Operating System
Containers
Security is the TOP concern for surveyed companies adopting containersContainers: Real Adoption And Use Cases In 2017 – Forrester Consulting 4
Problem: Enterprise cloud customers forced to choose between security and efficiency
High Security
High Efficiency
54% choose security* But 9x performance penaltyAnd 14x more cost in clouds
*Containers: Real Adoption And Use Cases In 2017 – Forrester Consulting
Problem: Enterprise cloud customers forced to choose between security and efficiency
High Security
High Efficiency*Containers: Real Adoption And Use Cases In 2017 – Forrester Consulting
Problem: Enterprise cloud customers forced to choose between security and efficiency
High Security
High Efficiency
46% choose efficiency*But 10x larger attack surface
*Containers: Real Adoption And Use Cases In 2017 – Forrester Consulting
High Security
High Efficiency
Problem: Enterprise cloud customers forced to choose between security and efficiency
Problem: Enterprise cloud customers forced to choose between security and efficiency
High Security
High Efficiency
Fortune 1000 CTO:“We are willing to pay for a secure solution with 25% performance improvement”
Solution: Exotanium X-Containers Offer High Security and High Efficiency!
High Security
High Efficiency
No trade-off!Highly secure &
faster than native
X-Container
Exotanium X-Container Highlights
up to 10x better performanceby automatically improving code
10x better securityby reducing code and attack surface
14x lower costthrough consolidation
No vendor lock-inby providing high portability
Plug-and-playthrough 100% compatibility with
existing platforms11
12
Validation
• Performance• 27X system call throughput• 134% ~ 208% improvement for Memcached• 21% ~ 50% improvement for NGINX• >92% system calls converted to function calls
• Security• >90% reduction in attack surface• >90% reduction in reported vulnerabilities
13
00.5
11.5
Amazon Google
NGINX
Nor
mal
ized
Thro
ughp
ut
1.21x~1.27x
01234
Amazon Google
Memcached 2.64x~3.08x
00.5
11.5
Amazon Google
Redis 1x~1.2x
00.5
11.5
Amazon Google
Apache 0.64x~0.72x
Validation (backup)
14
Interview Count
In-person Video Conf Phone
TOTAL 106 90 14 2
Completed I-Corps Aug. 2019
Priority
Satis
fact
ion
Multi-cloud (Live Migration)
ScanningIsolation
Automation
Compliance
Cloud Customer Satisfaction vs. Priority
HighLow
Modernization
High
Collaboration
Multi-cloud(No vendor lock-in)
Performance (Latency / Throughput)
Modernization
Manage Operational CostsAutomation (Building & Provisioning)
X-Containers offer a unique solution for reducing the
cost!
██ Unique value propositions that X-Containers can provide██ Key value propositions of our MVP
16
Kubernetes is the Top Cloud-Native Container Orchestration Platform• 86% of cloud-native users are using Kubernetes • Virtual Machines (VMs) are used for isolating containers in
Kubernetes
-- Source: https://www.stackrox.com/
Challenges in Kubernetes
Kubernetes
Server
Container
Server
Container
Server
Container
• Difficult to predict resource requirements before deployment• Difficult to change resource allocation after deployment• Common practices:
• Over provisioning -> big resource waste
Solution: Exotanium V-Kube
Kubernetes
Virtual ServerServer
Container
Server
Container
VM
X-Container
VM
X-Container
VM
X-Container
Bin-Packing
Kubernetes
Virtual ServerServer
Container
Server
Container
VM
X
X
VM
X
X
VM
X
X
Bin-Packing
Kubernetes
Virtual ServerServer
Container
Server
Container
VM
X
X
VM
X
X
VM
X
X
Vertical Scaling
Kubernetes
Virtual ServerServer
Container
Server
Container
VM VM
X
X
X
X X
X
Vertical Scaling
Kubernetes
Virtual ServerServer
Container
Server
Container
VM VM
X
X
X
X X X-Container
Automation
Kubernetes
Virtual ServerServer
Container
Server
Container
VM VM• AI-enabled• Real-time• Zero downtime
X
X
X
X X X-Container
Business Model
Customer segments ○ B2B Enterprise SaaS companies: Retail, Finance, Healthcare, & Tech Services
○ Target Customer: Directors of Development Operations
Key value propositions○ Reduce operations resource consumption and cost
○ Simplify resource planning and scheduling
○ Improve performance and user experience
Revenue streams○ Service subscription / license: $50,000 / year
Cost Management Technologies
Online bin-packing
Online vertical scaling
AI-enabled automation
Competition
Milestones & Timeline
SBIR Phase I
Awarded by the National Science Foundation (NSF)
February2019
Patent Filed
PCT / US19/26995 filed with USPTO
April2019
MVP Version 1
Complete updated MVP for manual trial
December2019
Customer POC
Product Trial with Customer
February2020
Seed Round
$1 million round to scale company
June2020
I-Corps Course & SBIR Phase IIWashington D.C., Customer Discovery
August2019
Exotanium Team
Hakim WeatherspoonInterim CEO
Robbert van RenesseCPO
Zhiming ShenCTO
Nick RomanoCOO
3 Exits 15 Software Patents
ACM AwardCloud Storage
Our ask
Research○ Intern or Researchers to assist with quantification of technological impact in
various areas such as Energy, Smart Buildings, IoT, etc.
Product Testing○ Introduction to Cloud-native Companies to test MVP
Board Development○ Recommendations for individuals with B2B Enterprise Software experience to join
our board
Exotanium is seeking assistance with the following:
Backup Slides
30
Exotanium Competitors
31
Security Performance Cost Vendor Lock-in Plug-n-PlayExotanium Good Good Good Good Good
Docker, Kubernetes
Poor Limited Good Good Good
Google gVisor Good Poor Poor Good Limited
Kata, Amazon Firecracker
Good Limited Poor Limited Good
IBM Nabla, Unikernel
Good Limited Poor Good Poor
Business ModelCustomer Segments
• Directors of Development Operations at cloud-native SaaS companies in Finance, Healthcare, Higher Education, and Government.
Key value propositions• Zero downtime even during scheduled cloud outages.• Security Monitoring (Identify threats and anomalies, scan for outdated and unpatched
software modules).• Automate configuration of the the CI\CD or DevOps process.• Better able to manage costs in the cloud.
Revenue Streams• Tool stack subscription for developers: $40 per user / month• Tool stack license for Business Enterprise: $1,500 per node / month• Container Hosting Services: $0.10 per hour / node
Cloud-Native App Container Market Size: $2.7B
Cloud EnablingTechnology$39B by 2020
15% CAGR
0.6% obtainable$17.3M in 2022
Cloud-Native App Container$2.7B by 2020
40% CAGR
● Tool stack subscription for developers, TAM: $652.8 million
● Tool stack license for Enterprise,TAM: $337 million
● Container Hosting Services,TAM: $788.4 million
Go to Market Strategy
X-Container Community Edition- Free open-source download- Publicize through attending and speaking at conferences- Targeted marketing campaigns to software developers & DevOps team
X-Container Developer & Business Enterprise Edition- It is Estimated that 10%+ of all users that download the Community
Edition will upgrade to a paid subscription or license the Enterprise version
35
Engaging partners and customers to provide significant performance and cost savings
Exotanium Partners and Customers
Exotanium Team
Team Experience• Founded/sold three companies to Microsoft and Amazon• Over 300 peer-reviewed papers and 15 software patents • ACM paper (2000) laid the foundation of cloud storage
In progress now• Assembling Advisory Board• Hiring technical and business experts
36
Hakim WeatherspoonInterim Pres. & CEO
Robbert van RenesseVP of Science
Zhiming ShenVP of Technology
Nick RomanoVP of Operations
Exotanium Milestones
• Exotanium incorporated (April 2018)• Pitched at Cornell Entrepreneurship Summit NYC and RBA lunch (November 2018)• SBIR Phase I grant award by National Science Foundation (February 2019)• PCT# PCT/US19/26995 , filed by Cornell (April 11, 2019)• Cumulative non-dilutive seed funding $300K (May 2019)• Open source community version released (June 2019)• SBIR Phase II application with 2:1 fundraising match (August 2019)
37
Exotanium is seeking $1 million in Seed funding to build the enterprise version that will generate revenue for the company.
Funding Milestones:- Hire two F/T software engineers to build the Toolpak that will be licensed to IT
Departments and DevOps teams ($500K)- Hire F/T business development and sales team to start executing a targeted
marketing and customer sales strategy ($350K)- Hire two F/T technical support personnel to maintain customer service ($150K)
Funding
Appendix
System Call Performance
41
0
5
10
15
20
25
30
Amazon GoogleNor
mal
ized
Per
form
ance
Docker Clear-Container gVisor Xen-Container X-Container
Up to 27X of Docker (patched) and 1.6X of Clear-Container
Scalability
42
Container
Proc
ess
Proc
ess
43
Hardware
Linux Kernel
namespaces cgroups SELinux
ContainerPr
oces
s
Proc
ess
Shared kernel attack surface and TCB
Not allowed to install kernel modules
The Problem
Hard to tune or optimize for a specific container
Security Comparison
Linux
Container
Process
Process
X-Kernel
X-Container
X-LibOS
Process
Process
10X Reduction in Attack Surface, Complexity, and Vulnerabilities
• A new security paradigm for cloud-native containers
• X-Kernel: an exokernel with a small attack surface and TCB• X-LibOS: a LibOS that decouples security isolation from the process model
45
X-Containers
X-Kernel
X-Container
Kernel
Container
Process
Process
Container
Hypervisor
VM
Kernel
Process
Process
Virtual Machine
Hypervisor
VM
Process
LibOS
Unikernel, Dune, EbbRT,
OSv
Exokernel
ProcessLibOS
Library OS (Exokernel)
Process
Microkernel
L4Linux
L4Linux (Microkernel
)
Kernel
Process
Process
X-Container
X-LibOS
Process
Process
Optimizing System Calls
• Existing solutions• Patch source code• Link to another library
• Our solution• Automatic Binary Optimization
Module (ABOM)• Binary level equivalence• Position-independence
46
Kernel Mode X-Kernel
User Mode
X-Container
X-LibOS
Process
Process
System calls Function calls