GP - Fotolia
As technology watchers reflect on 2015's major themes, application containers will top many lists for technology of the year. It seems that containers are everywhere, from public clouds -- with AWS releasing an EC2 Container Service -- to private clouds -- with VMware previewing container support for vSphere.
Application container hype has afflicted even seasoned IT pros, yet most still have a limited understanding of the fundamentals: the differences between containers and traditional virtual machines (VMs) and their advantages, drawbacks and use cases. According to one account from the 2015 OpenStack summit, container experience is sparse even among the tech-savvy crowd:
"During the opening keynote one of the speakers asked the 6,000-person audience 'How many people here are interested in learning more about Docker?' It seemed like almost everyone in the room put their hand up -- the room was a sea of arms. Then he asked 'How many are using Docker in production?' and almost all hands shot down."
Although nothing can substitute for hands on testing, I aim to bootstrap the learning process by highlighting application container basics, walking through some promising usage scenarios, and discussing application deployment and admin issues in a world of VM-centric management software.
Application container pros and cons
App developers can never get enough performance, which is one reason application containers are such a hit. They are more efficient than VMs, with a much smaller memory footprint, which translates into faster application start and stop times. One set of benchmarks (Figures 1 and 2) found that Docker containers used 1/3 of the memory of kernel-based virtual machine (KVM) instances and could boot a server in about half the time. Other tests show much greater performance improvements with application start times in the milliseconds.
Native containerized applications -- those designed for modularity, horizontal scalability and multi-tenant deployment -- almost instantaneously can scale up and down in response to workloads. Lower memory usage also allows much higher application density per server. Indeed, the benchmarks indicate that containerized runtime performance is about 97% that of a bare metal server.
Because containers encapsulate only the application runtime environment -- code, libraries -- and not the entire OS stack, they also are more portable. For example, when using a standard package format like Docker, the same application container can be run on an internal Linux server or AWS without modification. This level of application abstraction also means that containers can be configured and deployed using popular automation tools such as Ansible, Chef or Puppet.
The negative side of containers is that they provide less isolation between applications than a full VM and may be less secure by making it easier for rogue code to jailbreak from one container to another.
Common use cases
Given their efficiency, it's no surprise that application containers are quite popular with cloud service providers who want to maximize resource utilization through greater server consolidation. Why use a VM when four or five application containers can fit in the same slice of server?
Container efficiency also makes them ideal for complex, multi-tenant workloads like n-tier applications using Web servers, middleware and databases in which each user instance runs as a separate container. By encapsulating runtime libraries in a portable, easily deployed image, containers allow service providers to quickly add new applications or multiple versions of the same software while providing runtime isolation. This makes application containers a great option for software with many complex dependencies, such as content management systems (e.g., WordPress, Drupal, Joomla), or composite micro services using something like Flask, .NET or Slim.
Because containers allow many versions of the same application code to coexist in isolation on the same server, they are a great platform for rapid application development using continuous delivery and integration. Code isolation means that the entire build process -- development, testing, staging and production deployment -- can run on the same system. Coupling application containers with an orchestration platform such as Docker Swarm, Kubernetes, AWS CodeDeploy or Elastic Beanstalk OpsWorks enables rapid deployment because developers can pipeline application versions and automate workflows.
Application containers also can be used to "cloudify" monolithic legacy software. That is, you can deploy applications that weren't written for multi-tenant distributed systems or as microservices as self-contained, relocatable images on shared cloud infrastructure. Container isolation and abstraction simplifies repeatable configuration and management and allows monolithic applications to be deployed and monitored using cloud automation software. The isolation provided by containers also means that legacy systems can be deployed easily to public IaaS containers such as AWS EC2 Container Service, the Azure Container Service or Google Container Engine.
Container management issues
Vendors added application container support to their products in 2015, and it has taken VM and cloud management software a while to catch up. For example, a highlight of VMworld 2015 was the introduction of vSphere Integrated Containers, which allows Docker API-compatible containers to be controlled and consumed as part of a vSphere resource pool. Likewise, the Windows Server 2016 Technical Preview includes the Windows Server Container Manager, which lets you manage containers -- both Docker-compatible and new Hyper-V containers -- with PowerShell and a -- still crude -- GUI tool.
On the Linux-OpenStack side of the house, OpenStack Nova can control Docker containers using a hypervisor driver. Likewise, Dell is integrating Docker with OpenManage System Administrator, while Red Hat's Atomic Host container platform comes with Kubernetes. In the long term, look for container management to be integrated with other VM and cloud management platforms and comprehensive IT operations management and application performance management suites.
Despite the hype, application containers won't displace traditional VMs, nor are they a fleeting fad. Their technical advantages make them a great alternative to full server virtualization for many applications, and the advent of new micro-VM technologies such as Microsoft Nano Server and VMware PhotonOS promise to combine the performance benefits of containers with the complete isolation and management paradigm of VMs. The deployment choices for IT architects and developers have never been richer. The key is to understand each platform's relative strengths and choose wisely.
The two VMware container platforms
Containers overtake virtual machines
Comparing containers and VMs