If you’re like me, you’ve probably heard a lot of hype surrounding application containers being used in the data centers of today’s organizations. What I’ve found is that there are some important issues and pain points app managers need to be aware of if they are serious about leveraging this technology. Here are a few issues that I’ve identified through a little research:
One of the issues is something that those who have worked with virtual machines (VMs) will recognize: sprawl. According to tech analyst Chris Riley, the “easily accessible” nature of containers can potentially create an “ecosystem of unmanaged containers.”
A developer can pull a container image from the public library and provision an instance on their local machine very quickly. They can then make changes to that instance and publish it again on multiple other host machines, or even multiple new instances on the same machine.
If this ability is granted to a large group of developers, modification and provisioning of containers can have a “viral effect.” What happens when instances of containers they never knew existed or what they are even supposed to be used for.
According to tech writer Steven J. Vaughan-Nichols in an article examining the security of container services like Docker, it’s unclear just how secure containers really are. And furthermore, he says, there seems to be a lot of disagreement about how to actually keep them secure.
Vaughn Nichols points out that running container with Docker requires that you provide root privileges to the Docker daemon, opening up worrisome vulnerabilities in the event that a hacker is able to access your containers – or that “trusted” app managers may get up to some untrustworthy activities.
Vaughn-Nichols also points out that the software you are running within your container could be problematic too. Many companies are simply picking up from container repositories, but can you verify the software’s validity? Docker does include features that verify integrity of all Official Docker Repos, but it is still being perfected – in fact, it will often provide a warning about suspicious software but may not necessarily prevent the software from running.
As Vaughan-Nichols puts it, you can’t just pick up a container from a place like GitHub and expect everything to be a-ok.
Containers may pose a frustrating issue when it comes to managing legacy applications, as well. Those critical business applications built years before your container adopting may suddenly fail to operate properly once they are containerized.
According to tech writer Brien Posey in an article weighing the pros and cons of containers, many legacy applications were designed to be connected to root systems. By placing these apps in a container, you are potentially breaking an essential connection to these root processes, causing the app to malfunction (and any apps it may be connected to).
There are steps that you can take to properly migrate legacy apps into containers. Posey points out that some providers are designed for it, but simply dropping a legacy app into a container can provoke some pretty pesky performance and security issues.
Finally, resource management is another big issue to pay attention to. Posey points out in his article that if one application were to consume a huge amount of resources, either on purpose or on accident, then it is more than likely that that excessive consumption will have a negative impact on all the other applications it is bundled up in the container with, causing a sort of “domino effect” of underperforming applications.
This issue can be mitigated by running each container on its own virtual machine. However, this fix also has the potential to create VM sprawl – creating even more costs and resource management issues.
I don’t mean to sit here and bash containers or say it is a useless technology – far from it. It is a promising technology and there are clear benefits for organizations that leverage this technology properly, intelligently and safely. But it is important to be aware of the dangers before diving in head first.
Be on the lookout for upcoming articles on SearchSOA.com, SearchServerVirtualization.com and other sites in the TechTarget network that delve deeper into the issues surrounding containers and what you can do to fully enjoy the benefits of this technology.