To gather insights on how companies are currently orchestrating and deploying containers, we spoke with 15 executives who are familiar with container deployment today. Here’s who we talked to:
Mark Thiele, Chief Strategy Officer, Apcera
Ranga Rajagopalan, CTO and Co-Founder, Avi Networks
Chandra Sekar, V.P. Marketing, Avi Networks
Dustin Kirkland, Ubuntu Product and Strategy, Canonical
Phil Dougherty, CEO, Containership
Anders Wallgren, CTO, ElectricCloud
Luca Ravazzolo, Product Manager, InterSystems
Rajesh Ganesan, Dir. of Product Management, ManageEngine
Jim Scott, Dir. of Enterprise Strategy & Architecture, MapR
Brooks Crichlow, V.P. Product Marketing, MongoDB
Derek Smith, CEO, Naveego
Fei Huang, CEO, NeuVector
Chris Brandon, CEO, StorageOS
Wei Lien Dang, V.P. OF PRODUCTS, StackRox
John Morello, CTO, Twistlock
1) The most important elements of orchestrating and deploying containers are wide-ranging and require a platform, support framework, infrastructure, or ecosystem. The elements of this ecosystem should include: storage, network, security, management, load balancing, provisioning, orchestration/scheduling, lifecycle management, patch
management, deployment, automation, bursting, monitoring, log aggregation, and routing. It’s important to understand these services are an integrated ecosystem that is automatically managed with predetermined policies aligned with the problems that need to be solved.
2) Kubernetes was the most frequently mentioned tool that respondents used to orchestrate and deploy containers. Go and Java were the most popular programming languages for applications built with containers. However, those were just three of 26 solutions mentioned.
3) The automation of application deployment and developing has accelerated the speed of the orchestration and deployment of containers. This results in high-quality and secure applications
being deployed more quickly. Containers provide a standard unit of packaging for applications, so developers can focus on individual components and collaborate when building out the application. Developers can move these standard units across a variety of environments. Package lifecycles can be easily automated from development to deployment to runtime to teardown. This results in greater reliability and stability, as well as the ability to push new apps quickly.
4) Security of containers relies on best practices and scans, as well as companies’ own solutions. Best practices include: a secure operating system beneath the container, image scanning, host security, trusted registries, access controls, and integration with run-time security. Companies should only deploy what has passed predetermined security protocols. Some companies have built their own platforms to secure containers, while others are using Twistlock, Hashicorp Vault, 256bit AES encryption or TLS for encryption of traffic between nodes, and SSL for frontend web security.
5) Containers are helping companies across many industries accelerate software development and deployment at scale, while reducing costs and saving IT departments time. Customers can instantly launch, migrate, and scale applications based on granular cost-benefit analysis. Solutions providers are reducing the time and effort by reducing the IT workload environment by 85%, building an infrastructure for log management, and reducing risk through automation, which provides healthcare, financial services, telecom, and entertainment companies with greater flexibility to deliver against their business objectives.
6) The complexity and speed of change around developers’ tools and security, are the most common issues affecting the orchestration and deployment of containers. The rapid evolution of container platform components such as orchestration, storage, networking, and systems services like load balancing are making the entire stack a moving target. This makes it difficult to
have a stable application or service on top of them. The industry will need to standardize, consolidate, and simplify containers for mass adoption. Security and visibility are concerns as well. Containers are great in a test environment, but they can be tougher to roll out into production and scale for enterprise-grade services. The orchestration platform is a substantial attack surface.
7) The greatest concerns regarding the current state of containers are complexity, security, and hype. Once it’s in place, a container-based CI/CD pipeline is incredibly powerful; however, getting there is not easy. Orchestration systems are not easy to set up and automate. We need containers talking to each other via registries and services in a standardized way.Security is an unknown frontier. We need an ecosystem of container technology companies to work together to make it easier for the average enterprise to adopt containers securely. The security exposure is at the application layer, which is frequently changing and scaling. We need to think about how security is architected and implemented from the beginning. We are very concerned about security, high availability, disaster recovery, and policy and roles management. The actual capabilities lag behind the hype by a couple of years. This noise and misinformation makes it that much more complicated for companies to pursue and implement a containers-based infrastructure. An elementary technology has gotten overcomplicated with too many vendors blowing smoke.
8) We’re at an inflection point similar to where virtual machines were 10 years ago. We have convenient development and packaging tools for developers that are spreading into IT and operations. Ultimately this will lead to a better user experience (UX). We are
moving toward the immutable image of deployment where we have reliability and consistency. We’re making headway on the APIs and the standards around them. Docker made containers so popular but the addition of too many things resulted in stability problems and tools like Rocket evolving from Docker. What happens to Docker customers as they scale? As everything scales, there is greater opportunity for hackers and bots. Keys and security must be maintained, as well as access policies. The declarative nature of containers will make securely spinning up containers as easy as spinning up a cloud server instance today. There’s still speed and efficiency to be rung out of the application. What’s next? Serverless with the lambda functionality offered by AWS and Azure along with remotely scheduled processes. Hosting constraints are bringing us very close to a
serverless environment. This will become a special discipline within containers.
9) Developers need to know a lot when working on orchestrating and deploying containers.
Start by working with the architect or operations to map how the application will work from end-to-end. Know the workflow of development, orchestration, and deployment. Be aware of how the application will handle run-time situations in a microservices architecture. Learn how to properly build a clean Docker container without unnecessary components. Remember to protect the data of your application – storage and data security must be included in the initial design. Container systems do not have native persistent storage. Containers can be more secure than traditional virtual machines with less developer input; however, security cannot be forgotten or ignored.
10) Additional considerations involve security, data, and automation:
There is no one solution to container security. The complexity of virtualized environments requires multiple levels of security to be in place. There are many best practices for preparing a
secure environment for containers, but the real challenge is getting the security and visibility needed when containers are actively running in production and there are suspicious activities happening in real time. Ultimately, we’ll have active penetration testing of containers in real time.
Data fabric and centralized data storage is overlooked and developers are missing the benefits. How are people managing their data when it’s in a container? How do containers talk to each other? Data is the most critical piece of the scaling platform you are building out. How are you managing the central repository in the data center? When there are multiple data centers, we mirror volumes of data with data repositories; however, a lot of people overlook the management of these repositories.
I’m not sure organizations realize the importance of organizational change to get value from a cloud-native approach. CI/CD is less about the build and orchestration software you’re using and more about the mindset shift of automating everything and tearing down the traditional friction points in deployment.