Containers are being hailed as the next great thing for more efficient virtualization of computing resources, including the ability to treat infrastructure as code. Docker is the leading edge of the containerization movement, promising reusability and speed improvements an order of magnitude better than traditional environments. This morning I spoke with Federal News Radio Tech Talk host John Gilroy about containerization, virtualization, and the benefits to government users (Federal News Radio 1500 AM Tech Talk Containers Virtualization and the Benefits to Government Users).
What makes containers so valuable is the ability to partition the resources managed by a single operating system into isolated groups to better balance the conflicting demands on resource usage. Containers can run instructions native to the core CPU without any special interpretation mechanisms. By providing a way to create and enter containers, an operating system gives applications the illusions of running on a separate machine while at the same time sharing many of the underlying resources. The savings realized by sharing these resources, while also providing isolation, mean that containers have significantly lower overhead than true virtualization.
Containers are not new to computing, as the virtual machine was developed by IBM and first introduced into its operating systems in the early 1970s. IBM added logical partitions to its mid-series computers nearly 15 years ago while the “jail” utility and system call were introduced to FreeBSD operating system at the same time. Solaris containers (now Zones) have been around for 10 years and the basis for Linux-based containerization, control groups (cgroups) was added to the kernel in 2007. Linux based containers have since evolved in several formats.
One of the most extensively used Linux container formats is Linux Containers, LXC (https://linuxcontainers.org/). LXC is a userspace interface for the Linux kernel containment features and runs on an unmodified Linux kernel. LXC supports binding in other programing languages like Python, Lua, Ruby, and Go. It contains a library, language bindings, management tools, and container templates. There are features that can be used for hardening LXC containers to enable further security features.How do you start to use a container? You can build your own with one of the Linux container formats such as LXC. You can also try one of the most disruptive environments to emerge in the last several years, that of Docker (http://www.docker.com/). Docker is an open-source project that automates the creation and deployment of containers. Docker combines a lightweight container virtualization platform with workflows and tooling to help manage and deploy applications. Docker includes automated builds, versioning support, a fully featured REST API, a command line interface, and image repositories. The public docker repository has hundreds of images with many different environmental configurations.
Docker is getting a lot of backing from Red Hat, Google, HP, IBM Microsoft and Rackspace as they battle for the enterprise hosting customers. Docker can be deployed on a variety of platforms including Mac OS X, RHEL, Google Cloud Platform, Amazon EC2, IBM Softlayer, and Microsoft Windows. As an open source platform, Docker brings many capabilities to the user, but it is still only one piece of the puzzle and must be orchestrated through the development lifecycle.
Fortunately, many players are including support for Docker in the management plane, including Amazon Web Services, OpenStack, and Red Hat OpenShift. In AWS, for example, Docker can be installed directly on EC2, can be automatically deployed as a web-based application via AWS Elastic Beanstalk, or can be automatically deployed as a complex application stack via AWS OpsWorks. AWS CloudFormation provides the ability to create a template for programmatically deploying your application stack.
Use of this "management plane" is at the core of DevOps, an emerging cloud computing discipline that seeks o break down the barriers between development and operations. In this manner, it is possible to automate the entire life cycle of this process. And this will provide significant benefits to the government user and manager.