Singularity is Now Apptainer: Containers for HPC With Full Software Supply Chain Security

Get Apptainer / Singularity Support Download Solution Brief

The Apptainer Story:
The Keyword Here is Cross-Pollination

For decades, there has been no sharing of technology between enterprise and HPC, but containers change that completely! High Performance Computing use cases can now leverage containers directly on traditional HPC resources in a way that emphasizes the benefits of containers with the performance characteristics necessary for HPC.

"Containers changed the landscape in enterprise, cloud, and hyperscale but generally were not compatible with the traditional architecture of HPC. Researchers and scientists however learned of the immense value that containers can enable in their science, and I created Singularity to help drive science. Recently, I moved Singularity to the Linux Foundation to ensure that will always remain freely available to the community and renamed it to Apptainer."

— Gregory Kurtzer, CEO of CIQ and Creator of Singularity (now Apptainer)

Do. Science.

Take Apptainer: the 100% open source, secure, performant application container system, which began life as “Singularity.”

It was created at Lawrence Berkeley National Laboratory (by our CEO, Gregory Kurtzer) as a direct, HPC-tailored response to Docker. And, in relatively short order, it became the dominant HPC container system.

Because of HPC’s traditional architecture—we’ll spare you the whole story of Beowulf—there had to be a new container system that, unlike Docker, would not give everyone root access. (Yeah. Think about that.) Apptainer is a container system that is designed to be used by non-privileged users on a shared system.

In essence, deep considerations for security and performance are in the DNA of Apptainer, which is what makes it a perfect solution for containers and science.

Apptainer: Verifiable “Buckets” with Just Enough Bits

Apptainer is designed to securely execute applications with bare-metal performance while being portable and 100% reproducible. An Apptainer container packages up whatever you need into a single, verifiable file. From small laboratory clusters all the way to massively-scalable HPC clusters, Apptainer provides:

Market-leading containers for HPC

Apptainer runs on the majority of HPC systems worldwide and facilitates new and innovative HPC use cases. 

Portable jobs and environments

Apptainer allows you to bring your environments anywhere, creating extreme portability from system to system.

100% Open Source

Apptainer is maintained by the Linux Foundation and has broad community and institutional support. All development activities, goals, and milestones are publicly available and open.

Optimization for applications:

While many container systems are built, designed, and optimized for microservices, Apptainer is for applications and computational use cases.

Trust

Apptainer enables trust in your software supply chain via cryptographic key validation and encryption.

Support

CIQ is the official support and services provider for Apptainer.

What Can You Do with Apptainer?

Apptainer enables you to easily create and run containers that package up pieces of software in a way that’s portable and reproducible. You can use it to build a container on your laptop, then run it on one of the largest HPC clusters in the world, on a single server, on company clusters... the possibilities are endless.

Bottom line: because the container is just a single file, it can run on any kind of computing infrastructure or platform.

Thanks to Apptainer now being maintained by the Linux Foundation, the user base continues to expand and organizations across all industries and academia are using it. Apptainer’s optimizations in performance and parallelization make it ideal for use cases such as artificial intelligence, machine learning, and compute- and data-driven analytics. In short, the cross-pollination mentioned earlier is happening at a rapid and accelerating pace.

Security Is Worth a Bit More Emphasis

Okay, this will get semi-geeky. Intuitively, you already know that stuff that is smaller and simpler gives hackers less “surface area” to exploit. Big things with lots of moving parts? Easier for the dark side to find something to unscrew or screw with.

So, version 1.1.0 of Apptainer delivers a smaller attack surface area with the implementation of a fully rootless container runtime. Which means? Apptainer no longer installs a setuid-root portion by default. Common operations can now be executed with only unprivileged user namespaces.

Continue Reading

Apptainer MPI

Workaround for Communication Issue with MPI Apps & Apptainer without Setuid

In this article, (1) we first introduce the intra-node communication issue with MPI applications and Apptainer without setuid (default version of Apptainer v1.1.x and v1.2.x) that uses unprivileged user namespace that happens with certain types of intra-node communication transport. (2) We show you test results of various MPIs, communication frameworks, interconnects, and intra-node communication transports....

Download the Apptainer Guide

Want to learn more about Apptainer?

Download the Apptainer Solution Guide and learn more about Apptainer and CIQ support!

Get Apptainer Support

Want to get Apptainer Support? Contact us to get started!

Contact Us