Welcome!

How to Implement Large Complex Cloud Solutions

Ed Featherston

Subscribe to Ed Featherston: eMailAlertsEmail Alerts
Get Ed Featherston via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Related Topics: Cloud Computing, Security Journal, DevOps Journal

Article

Containers and Cloud and Security By @EFeatherston | @DevOpsSummit [#DevOps]

Containers try and find a balance between isolating the applications virtually without requiring the overhead

Dorothy the CIO was walking the yellow brick road of planning. She was on her way to the Emerald City to ask the great wizard of the agile data center for advice. Along the way she met two other CIOs who joined her on the journey, nicknamed Tin Man and Scarecrow. Their travels brought them to the edge of the dark forest of datacenter hype and fear.

‘‘Do you think we'll meet any wild technologies and fears in there?'' she asked her companions.

‘‘We might.'' responded Tin Man.

‘One's that devour IT projects?'' whispered Scarecrow.

‘‘Possibly.' said the Tin Man, ‘‘but mostly containers, and clouds, and security.''

‘‘Containers, and clouds, and security, oh my!'' they all murmured in unison as they entered the dark forest.

Okay, I admit, it's corny, but there is some reality in this situation for many CIOs. CIOs are both challenged and enabled by the rapid pace of technology change and disruption today. In order to provide business value, they have to be able to deliver new services and capabilities with speed, flexibility, and stability. A key step is providing a flexible and responsive, modernized IT infrastructure. While navigating the dark forest of hype and fears, software containers is a topic on many people's tongue. Depending on who you ask, software containers are seen as either ‘the solution to everything' (hype) or a ‘huge security risk' (fear). As with most things, reality never matches the hype or the fear. Let's examine the benefits and risks of containers a little closer.

In the beginning there were physical servers....
There was a time, in the not too distant past, when deploying an application meant deploying it to physical servers. Each server was running a single OS. The server provided CPU, memory, and storage resources to the applications. Each application had access to all the resources of that physical server. This could result, and often would, in contention for those resources with other applications running on that same server. Then came the server virtualization explosion. You now deployed to virtual machines (VMs) each with a guest OS that were running on top of a host operating system and physical server. Resources could be allocated appropriately to each virtual machine based on application need. Applications had and required no knowledge of the underlying host OS and physical system. This allowed your application to be isolated from other applications; each application is running in their own virtual machine on the same physical system.

Virtualization helped create the foundation that fuels the cloud technology of today. Every cloud provider out there is spinning up and managing virtual machines under the covers to provide that elastic cloud environment. As with any technology, nothing comes for free - everything is a tradeoff. Virtualization provides tremendous flexibility in configurations, and facilitates isolation of applications from one other. On the downside, each virtual machine needs to emulate virtual hardware. This is done in a component called the hypervisor. Emulation of virtual hardware makes them fairly heavy and fat. Additionally, each VM requires its own OS, and thus its own license. Each VM carries all the software components of the OS whether your application needs them or not. OS software patches/fixes need to be applied across all the virtual machines, even for components not required by the application.

Enter containers, roaring loudly
Over the last year and a half, the topic of containers has quickly entered the conversation. Containers try and find a balance between isolating the applications virtually without requiring the overhead and licensing issues of bringing along virtual hardware and a guest OS that virtual machines require. Containers rest on a singular shared OS, making them potentially more efficient in resource use. Rather than virtualizing the hardware, the container virtualizes just the OS kernel. This allows the container to provide the isolation for an application without the inherent overheard of emulating hardware. In the ideal world, this makes the moving and deploying of applications significantly faster. The container running on a developer's machine can easily move to a test environment, and eventually to a cloud production environment. With the pressures the CIO and IT are under to be agile and fast, the attraction is hard to resist. Another potential benefit is that with less overhead, more resources are available for the application themselves, resulting in better utilization of system resources.

Hype vs the FUD (Fear, Uncertainty, & Doubt) factor
If one were to listen to all the hype surrounding containers, they would seem to solve every problem including world hunger (okay, maybe not world hunger). One of the container companies, Docker, released v1.0 of their product a mere 18 months ago. Already, major cloud offerings such as Amazon's AWS and Microsoft's Azure have embraced and announced support for Docker containers. Google has been using containers internally for years. If you use any of the Google engines (search, mail, Google Docs), they are all running in containers. While widespread adoption is still to come, the benefits envisioned for containers have credibility with the big players.

On the FUD side of the equation there are many questions raised around containers. Security is frequently raised as a key risk area. The specter of rogue apps and containers leveraging security flaws in the container and/or the underlying server OS is raised frequently. Another concern raised is the potential for ‘container sprawl,' where multiple versions of an application container, all at differing patch levels from a security perspective, are being deployed. Finally, the concern that DevOps and audit processes have not caught up yet and that managing these types of environments will be fraught with risk.

The reality, no technology negates the need for good planning and design
The potential benefits for container usage are real. Does it fit for every situation? Not necessarily. For example, if you needed to run different operating systems on the same physical server, you should be looking at virtualization, not containers. The concerns raised on the FUD side of the house are legitimate concerns that must be addressed if you choose to use containers. No matter how beneficial a technology is, it never negates the need for good planning and design. As technologists, when we walk that yellow brick road through the dark forest of hype and fear, we must always ensure we strike the proper balance based on the business needs and goals and the realities of the technology. Containers are not ruby slippers, where you click your heels and arrive home. Neither are containers flying monkeys waiting to drag us off to the wicked witch. Containers are just a tool in the toolbox. They are an ax; not every problem is a tree in need of chopping down.

This post is sponsored by the Enterprise CIO Forum and HP's Make It Matter.

More Stories By Ed Featherston

Ed Featherston is VP, Principal Architect at Cloud Technology Partners. He brings 35 years of technology experience in designing, building, and implementing large complex solutions. He has significant expertise in systems integration, Internet/intranet, and cloud technologies. He has delivered projects in various industries, including financial services, pharmacy, government and retail.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.