Sylabs is the leader in secure, trusted, performance focused container solutions. The capabilities that we have created are revolutionary and unique within the industry purposely built to address some of the shortcomings and flaws within the current container technologies. On top of that, we have created a series of commercially accessible value adds for traditional simulation, artificial intelligence, edge computing, on-ramping to the cloud, multi-cloud, edge, and core infrastructure management.
Containers provide the means to encapsulate an application, its dependencies, data, and configurations, that allows for full mobility and reproducibility of the software stack. Containers have disrupted the Linux scene within the last few years because they have created a paradigm shift in what it means to package up and move applications and data.
Containers are also fast and lightweight because the “contained” applications run directly on the host kernel and thus do not incur the performance hits of traditional virtualization.
But it is not all glitz and glam due to the fact that other container systems aren’t good as virtual machines in terms of process isolation, security, and trust as they rely on the Linux namespaces within the host’s kernel — this means they run as privileged processes on the host’s kernel, security is based on pseudo-isolation, and there are no guarantees of trust or data confidentiality within the commonly used container formats.
Singularity originated deep in the world of supercomputing and performance critical workloads, as the previously utilized container solutions were incompatible with multi-tenant, large scale, performance-focused architectures and applications; Singularity was architected specifically to solve both the security and flexibility necessities of supercomputing use cases.
What we have created with Singularity is a unique open source container-like packaging solution that guarantees trust of software and data using cryptographically verifiable signatures to guarantee trust and provenance as well as encryption for data protection. Singularity Image Format (SIF) files are as easily managed as any other user-owned data files and can be executed directly from storage or the user’s path.
The Singularity runtime platform has always been both “root-less” and “daemon-less” which means it runs as a non-privileged (aka regular) user and does not have a persistent control daemon. Additionally, Singularity utilizes the POSIX friendly security and data model, and blocks privilege escalations. As a result, Singularity securely integrates with underlying infrastructure like (parallel) file systems, GPUs, FPGAs, high performance interconnects, etc.
Sylabs Value Adds
Sylabs builds upon the secure packaging and runtime abilities that Singularity provides to deliver additional capabilities for application mobility, trust, provenance, encapsulation, building, CI/CD integration, security, and management. These capabilities are available either as a cloud hosted platform by Sylabs, as well as licensable for private deployments.