CloudPassage specialist highlights value of containers

Ash Wilson shares advice on investing in container technology

Tags: CloudPassage ( Arab Emirates
  • E-Mail
CloudPassage specialist highlights value of containers Ash Wilson, Strategic Engineering Specialist, CloudPassage.
By  Ash Wilson Published  November 6, 2017

Container adoption at the enterprise level has exploded in recent years due to containers’ ability to provide the fastest widely available application development and deployment to date.

At first glance, they look an awful lot like extremely lightweight virtual machines with lean system requirements. They are easier to deploy, faster to launch, and they operate on shorter average lifespans. They’re also portable with a small footprint, meaning a server can support drastically more containers than VMs — resulting in lower infrastructure costs. Businesses are realising the benefits: in the 2017 edition of the Portworx Annual Container Adoption survey, 32% of responding companies spent $500,000 or more per year on license and usage fees for container technologies, up from a reported five percent in 2016. This extreme growth is expected to continue as more enterprises look to make their DevOps processes more efficient as they relate to both cost and production.

Containers are a great way to add agile delivery to an agile development process. They represent the next step in the evolution toward faster application development and delivery by increasing developer efficiency and offering easier and faster deployment. The biggest advantages of container adoption centre around enabling agile delivery and ease of delivering microservices. Adopters are quick to exploit these advantages. Docker, the most popular container orchestration tool, sees the average user quintuple their container count within nine months.

When considering investing in containers, be sure to have clear expectations of the benefits you expect to gain before you broadly adopt containerisation. There are tools and platforms that can help with aspects of automating the containerised environment, and it’s good to understand what the ecosystem will look like before you implement it. There can be a learning curve for enterprises who have never dabbled with container adoption before. This is particularly true when it comes to delivering and securing a containerised application. If you’re unsure of the best use for containers, the ease of conversion means ephemeral workloads are usually a good target. Workloads requiring persistent disk storage (like database servers, for instance) can require a little more effort to containerise.

In order to maintain the most effective and efficient containers usage, be sure to periodically revisit your build processes and refactor for smaller containers with fewer layers. Keep an eye on resource utilisation, especially around storage—persistent storage is the most common challenge for running containers.

Of course, just like any other method of application development, security must be a high priority. While a containerised application bears some similarity to a more traditional application on virtualised infrastructure, the technology is different enough that effectively protecting containers requires a subtly different approach. Using containers without a strong automated approach to security is like buying the front half of a race car. Sure, it can go fast; it’s really lightweight, too. But just as you wouldn’t expect to be able to avoid obstacles in a race car missing the back two wheels, you wouldn’t maintain high expectations for a containerised application without automated security. Without automated security, you’ll either operate at a safe speed (meaning that you’ll be slowed down by operating at the speed of traditional security tools), or you’ll throw caution to the wind and hit the wall in a grandiose résumé-generating event.

Here are a few things to keep in mind: An effective security practice is baked into the development process from the start. When everything (including infrastructure and operating constraints) is defined in code, you have a great opportunity to extensively analyse an application before it reaches production. Do that, and favour tools that can be fully embedded into your software development and application delivery pipeline. Manage vulnerabilities in configuration and software packages as early in the process as possible. Be smart in how you deliver application credentials like API keys; don’t include secrets in container images or source code repositories.

Since a container only holds an instance of an application, not an entire operating system, you should be cognisant of resource requirements and restrict running containers accordingly. VMs have the implied boundary of the VM’s memory and CPU allocation. Configuring the same for containers requires a deliberate effort. Appropriate resource restrictions can serve to make a DDOS harder to execute. Perhaps most importantly, the host has to be secure: protecting only the containers and not the underlying host the containers run on is like building a strong house on quicksand. For the foreseeable future, enterprises will have a mix of VMs and containers. You need to secure them both.

If you’re looking to make your DevOps teams faster, more efficient, and more secure, container adoption is the way to go. Their popularity will only continue to grow in the coming years. If your enterprise is considering container adoption, make sure your entire team has a solid understanding of expectations and security requirements in order to truly maximise their capability.

Ash Wilson, strategic engineering specialist, CloudPassage.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code