Containerisation, a method of isolation for Linux applications that is claimed to enhance application portability and streamline development and maintenance, is rapidly picking up steam as the 'next big thing' in enterprise IT, says Colin McCabe, senior manager, platform business unit at Red Hat, but enterprises are being slow to adopt it.
“The benefits of containerisation include extreme application portability, flexibility, rapid application delivery and ease of deployment across a variety of platforms," he says.
"Containers offer the ability to run applications in their own environment with just the necessary operating system components. However, while this innovative technology has countless advantages, enterprises are not yet rushing to adopt containers. This is likely because, as a new technology, the full scope of potential security issues around Linux containers is still being uncovered.”
According to Webopedia "The foundation for containerisation lies in the Linux Containers (LXC) format, which is a user space interface for the Linux kernel containment features. As a result, containerisation only works in Linux environments and can only run Linux applications."
This, it says, is in contrast to traditional hypervisors like VMware's ESXi, Xen or KVM, where applications can run on Windows or any other operating system that supports the hypervisor.
Another key difference between containerisation and traditional hypervisors is that containers share the Linux kernel used by the operating system running the host machine, which means any other containers running on the host machine will also be using the same Linux kernel.
McCabe says the key to successfully deploying containerisation is to fully secure and isolate the containerised applications from the host system and from each other and to use certified containers that have been built and tested against the target deployment platforms.
"Containers tend to operate under a traditional security model and have core features in place that will provide a certain level of protection, but these don’t always provide the complete isolation of applications – simply put, 'containers don’t always contain'.This means that improperly implemented or even malicious containers can cause significant damage, just like any other poorly coded or malware-harbouring application. Another level of separation is required to fully secure containers and their environment."
He suggests three steps to accelerate the adoption of secure containers:
- Know what’s inside. When implementing containers, establishing trust is critical. As with traditional applications, organisations need to be able to clearly identify where a container originated and what components are packaged in the container. Companies need to be sure that their containers’ content will not introduce malicious or vulnerable code into production environments and that affected containers are identified quickly and replaced to maintain high security levels.
- Implement management tools. Companies must have management tools in place to track containers across all platforms and quickly respond to threats and patching or replacement issues.
- Use reliable sources and advisers. IT organisations need to verify a container’s source, track the container when it is being deployed across different platforms and make sure the container receives the support and updates required throughout its lifecycle. Reliable advisers will be able to provide this ’chain of trust’, from the container creation, throughout delivery, until the end of the lifecycle. These advisers can provide both the technology and the ecosystem that supports containerisation and that makes containers enterprise-consumable.
McCabe concludes: “Containers deliver the promise of virtualisation at the application level without the associated overhead of a full-blown operating system. As we move towards micro services and cloud-based applications, containers will allow for easy portability of workloads, and a better use of infrastructure as a platform.”
About IT Masters and Charles Sturt University
IT Masters and Charles Sturt University are proud to offer a unique series of Online Masters Degree qualifications that are:
Relevant: Preparation for the world’s premium IT industry certifications from Cisco, ITIL, Microsoft, the Project Management Institute and Oracle are included as an integral part of the Masters.
Accessible: Study for your Masters Degree in your own home. With over 32,000 students studying globally, Charles Sturt University is Australia’s (and one of the world’s) largest suppliers of distance education.
Accredited: All of our Online Master Degrees are fully accredited under the Australian Government Qualifications Framework.
Affordable: Australian Citizens can use Australian government FEE-HELP study loans facility to pay tuition fees.
For further information please visit http://www.itmasters.edu.au