Computing systems and associated networks have revolutionized the way human beings work, play, and communicate. Nearly every aspect of our lives is affected in some way by computing systems. Of course, to ensure the proper operation of computing resources, both hardware and software are important. More and more often, hardware and even software resources are provided in a multi-tenancy environment, such as a public or even private cloud computing environment. In a multi-tenancy environment, resources are shared between different users using containers.
In a multi-tenancy environment, the various tenants sometimes mutually trust each other. This might be the case in a private cloud computing environment in which the users are all members of the same organization, and there are restrictions imposed as to what actions may be performed. In other words, there is little risk that one process will be hostile towards another, or perform an action that will cause risk to another process. In that case, the processes may be operated within a resource container that does not have to provide a trust boundary. An example of such a container is a job object in WINDOWS® or a cgroup in LINUX®. Such containers have the advantage in allowing different processes to share resources, while being low-latency in that they can be started up quickly. Such multi-tenancy environments are often used to perform large map-reduce operations (such as big data queries) where the number of containers might be quite large due to high parallelism.
In other multi-tenancy environments, the various tenants could potentially be hostile towards each other. Such might be the case in, for instance, a public cloud computing environment. Such hostility may be intentional. As an example, some tenants may literally be trying to infiltrate the operation or data of other tenants. Such hostility might also be unintentional. For instance, one tenant may inadvertently download malware onto shared resources of the various tenants. Accordingly, in public cloud computing environments, service provides operate the virtual machines on behalf of the tenants. Furthermore, trust boundary are provided such that the processes and data of the virtual machine are protected from the actions of processes outside of the virtual machine. Much like physical machines, virtual machines need to be started up through a boot process that can often take a significant time.
The subject matter claimed herein is not limited to embodiments that solve any disadvantages or that operate only in environments such as those described above. Rather, this background is only provided to illustrate one exemplary technology area where some embodiments described herein may be practiced.