30 essential container technology tools and resources
Instead of a tool for system administrators like virtualization, software container technology affects everyone from developers, testers, and operations to analysts and IT. The size and completeness of container packages allow team members to deploy complete environments in seconds.
It’s a wonderful tool that brings about an entire series of downstream decisions, including which standards to use, how to store the old versions and deploy the images, as well as how to manage them in production.
But how do you assemble the right mix of products and services to build, run and manage containers efficiently in your environment? To answer that question we've surveyed a wide ranges of container technology products and services so that you can gauge the options—spanning container architecture, cluster management and deployment, storage, security, operating systems, and deployment.
Despite its popularity as a de-facto standard, Docker is just one of a set of competing, lightweight virtualization tools for Linux from which you can choose. Options include:
Docker's eponymously named open source containerization engine works with most of the products that follow, as well as many open-source tools.
Commercially Supported Docker Engine (CSDE)
This extension for Docker is proprietary, owned by Docker the company. CSDE enables support for running docker instances on modern windows servers.
Pronounced “rocket” and developed by CoreOS, rkt is the main competitor to Docker for containers.
This container architecture for Solaris pre-dates Docker. IT organizations that have already standardized on Solaris may wish to explore this option.
A competing alternative to Linux, Microsoft Containers can support Windows containers under very specific circumstances.
Cluster management and deployment
Your team can create images and pass them around from development to test and back. Now comes the hard part: supporting them in production. That means registering artifacts, deploying them to production as a system, and managing servers and collections of servers, including a collection of servers in the cloud, known as a “cluster.” Cluster management tools manage workloads, including moving instances from one virtual host to another based on load, and allocating resources, such as CPU and memory.
While there is no standard for cluster management, Google’s open source product, Kubernetes, is the most popular. Supported by Amazon’s AWS, Google’s Cloud Engine (GCE) and Microsoft’s Azure Container service, Kubernetes is relatively portable, which helps to prevent vendor lock-in, and it can even run on a private cloud, such as OpenStack. Microsoft, Amazon, and Google all provide container services that run Kubernetes, with commercial support options available.
A tool for abstracting computing resources, Apache Mesos can run both Docker and rkt images side-by-side in the same cluster. DC/OS is a platform build on Mesos that functions as a datacenter operating system.
Docker’s free product for cluster management, Swarm runs from the command line, and comes bundled with Docker 1.12 and higher. Now it's just Docker's native orchestration capabilities.
Docker Data Center
A web-based dashboard that provides full management of docker, including a control panel, registry, monitoring, logging, and continuous integration, Docker Data Center runs Docker Swarm for cluster management. Although Docker the standard is free, the data center is a commercial product with commercial support. Of course, Docker Data Center embraces and extends the company's free, open source products: Docker and Swarm.
Containers are designed to be interchangable—even fungible, like currency. That works exceptionally well for web servers, where identical servers can be added to or removed from a cluster based on demand. Storage and databases, on the other hand, need persistent locations to house data, or at least a standard interface layer. Organizations that want to move to an all-container infrastructure need storage, and companies have appeared to meet that demand.
These tools help to put databases into containers. Although the vendor that developed ClusterHQ went out of business last December, it left behind a great deal of free/open source software at github.com/ClusterHQ.
BlockBridge, the “elastic storage platform” company, offers storage as a container using Docker, with options for OpenStack and software-defined secure storage.
EMC / lib storage
Docker Plugins for Storage
EMC, NetApp, and others have created plugins to support storage, which Docker Inc. makes available for download.
Single sign-on, LDAP integration, auditing, intrusion detection and prevention and vulnerability scanning—all are pain points for organizations moving to containers. Even traditional devices and software can be hard, or impossible, to configure on container clusters. Fortunately, a handful of vendors is working to address this need. The space is so new, however, that two emerging companies do not yet have a shipping product offering.
You build Docker images out of components, such as an operating system, a web server, or a content management system. The problem is that unpatched or outdated software on an image could harbor security risks. Twistlock’s vulnerability scanner addresses that by comparing images against a database of known threats. This is an automated audit, against a database that's constantly updated. Other core features include more classic intrusion detection, and regulatory compliance systems.
Aqua Container Security
Like Twistlock, Aqua focuses on the ability to create, monitor, and enforce policy for containers, along with integration with CI, running security checks on every build.
Co-founded by Sameer Bhalotra, a former security executive at Google and senior director for cybersecurity at the Executive Office of the President of the United States, StackRox is preparing a similar product in this area. While the startup remains in stealth mode, with no product offering on its website as yet, the company is one to watch.
Another stealth-mode startup, Aporeto was co-founded a former CTO at Nauge Networks. Based in San Jose, California, Aporeto says it will provide a "comprehensive cloud-native security solution for deploying and operating modern applications," microservices and containers.
Most Linux operating system distributions are based on convenience, and include big, preinstalled packages, just in case the user might want them. Docker, in contrast, is designed for lightweight virtualization—to run many identical machines as possible with the least amount of overhead in terms of memory, disk, and CPU. In response, vendors have developed container-optimized builds of Linux that attempt to balance the capabilities teams might need in a Linux distribution with the minimalism that containers demand. Here are a few of the most popular ones:
Containing just the Linux kernel and Docker itself, the RancherOS system image fits into just 22 MB of disk space. RancherOS eliminates systemd, the service management system built into most versions of Linux, instead starting the Docker Daemon itself as the init, or “bootstrap” system.
CoreOS Container Linux
Designed to work with CoreOS Linux tools and systems, CoreOS Container Linux is preconfigured to run Linux containers. It also comes with automatic updates turned on; operating systems update themselves without any handling.
Canonical, the parent company of Ubuntu Linux, claims that Snappy, its answer for containers, runs over seven times more docker containers than any other distribution. Snappy is designed to have high performance, a small footprint, and delta (differential) updates to operating system and applications, keeping downloads small.
Red Hat Atomic Host
These tools will let you host Linux containers in a minimal version of Red Hat Enterprise Linux. Organizations that run Red Hat enterprise and want to use containers will want to have their hosts run the Red Hat Atomic Host operating system.
Microsoft Nano Server
Nano Server is a small, remote-administered, command-line operating system designed to host and to run as containers, possibly in the cloud. Yes, Microsoft does have Windows Server-based container capability, and Nano is specifically built for that purpose. Other Microsoft operating systems that can host Windows Containers include Windows Server 2016 and Windows Pro 10 Enterprise.
Weighing in at 220 MB on disk, Photon is a large container operating system than some others, although it's still only about one hundredth the size of the latest version of Windows. This Linux container host is designed to integrate with VMware's vSphere virtualization products.
Container events and sources for support
Once you've committed to containers, the hardest part will be implementing and supporting them. From conferences to support forums to commercial support, here are the resources you need.
This is the event to attend if your company is pursuing and all-Docker architecture, with the support of Docker Data Center, Swarm, and other products from Docker's business partners. DockerCon has seven tracks, ranging from introductory tutorials to tips and tricks and cutting-edge ideas.
This event is smaller than DockerCon, but has a much wider scope. In 2016, Container Summit held two big conferences, and 12 smaller ones in the US. Container summit is a good place to network with your peers who are working to implement and manage container technology.
This is a larger event that features both thought leaders in the container space, and a broad variety of vendors. ContainerCon runs in parallel with LinuxCon and CloudOpen.
This is CoreOS' answer to DockerCon. Attend CoreOS Fest for training, support, and information about the rkt/CoreOs technology stack.
The largest programmer online Q&A site, StackOverflow offers plenty of information on deploying your applications in containers.
Docker Community Site
Docker’s curated community site provides Docker-centric information and forums.
CoreOS Community Site
CoreOS’S curated community site focuses on connecting people to experts by meetups and chat.
Go forth and containerize
The concept behind containers is simple: It's the implementation that's complex. If your technical team uses for containers strictly for builds and testing, your decision sare limited to choosing the right operating system and container type. But once the build system is creating an image for every build, why stop there?
Expanding past build/test means selecting a stack of technologies for operations, deployment, monitoring, support, security, and so on. CoreOS and Docker, both offer extensions and support that makes integration easier for their own product ecosystems. But if you'd prefer to roll your own environment, using Kubernetes for cluster management can prevent vendor lock-in, and every major cloud provider supports it.
That's my concise list of resources container resources, but I welcome yours. What did I miss? Feel free to add your tips and suggestions to this list by posting them below.
Image credit: Flickr