Professional Documents
Culture Documents
A fresh approach
is needed to
manage containers
properly
FOTOLIA
DATA CENTER HANDBOOK
PHIL SWEENEY
hat admins need to know
W
to master containerization
technology A good IT operations team is primed to worry about an application’s availability
and performance. It’s a fundamental concern in every hour of every day. So
Docker container
when containers begin to deliver apps, an IT team needs to implement new
management renews appeal
to enterprises methods to monitor containers -- and to adjust to new ways of worrying.
That kind of growth suggests containers are destined to find a place in plenty
In this handbook: of IT shops, which makes learning about them -- and how to manage them --
Editor’s Letter
an IT priority. This handbook tackles that mission, beginning with an overview
from IT consultant Alastair Cooke on the best ways to manage and monitor
hat admins need to know
W containers -- either through native tools or emerging third-party products.
to master containerization
technology There will be plenty of new tasks for IT admins to consider in a container
environment. Also included are discussions of how Docker is adjusting its
Docker container
management tools and how container security is evolving as adoption begins
management renews appeal
to enterprises to pick up.
ALASTAIR COOKE
hat admins need to know
W
to master containerization
technology Containers have inserted themselves into the IT conversation, and their
usefulness is being discussed in ever-widening circles. While adoption
Docker container
has been limited so far, it seems clear that 2017 is going to see a lot more
management renews appeal
to enterprises production deployment of applications in containers. Deploying anything into
production, of course, is when the operations team gets involved -- and they’re
ontainer support grows to
C
combat security issues
going to have questions.
DevOps brought the idea that developers should support production. The
reality is that developers need their sleep, and it’s the operations team that
looks after production at all hours of the day and night. Operations teams will
In some cases, the container simply wraps up the application and its
dependencies. The container is then run on a server. The magic of Docker is
to wrap all of the application’s dependencies into a Docker image and have
In this handbook: a single text file (Docker file) that describes how to create the image. With
Editor’s Letter
this existing application model, each server may run just one instance of the
container -- just like the server used to run one instance of the application.
hat admins need to know
W
to master containerization It’s fairly simple to monitor and manage this use of containers: continue
technology
to monitor and manage the server. The admin can still see the application
Docker container processes on the server, along with resource usage.
management renews appeal
to enterprises In some ways, this is even simpler as there is no need to check that the
server has all of the application’s prerequisites. These prerequisites include
ontainer support grows to
C
combat security issues the correct version of Java or the appropriate Python libraries. All of these
dependencies are in the Docker image and controlled by the Docker file.
It might not be necessary to install and maintain Java on the server. But you
should have some control of these Docker files and ensure that the Docker
images contain components that are up to date. Rather than update or patch
the Java on the server, you need to update the Docker file and build a new
Docker image.
One new operational task may be to scan the Docker files for vulnerabilities.
This is a far more dynamic environment than the monolithic applications that
In this handbook: admins are used to managing. The underlying servers can still be monitored
Editor’s Letter
with your normal tools, but the containers themselves are too volatile for these
tools.
hat admins need to know
W
to master containerization A single container may only live for a few seconds. New tools will be required
technology
to manage and monitor these microservices applications in production.
Docker container Hyperscale vendors such as AWS have built their own tools to manage their
management renews appeal fleets of containers. Large organizations are more likely to use tools from
to enterprises
providers such as New Relic and Datadog to monitor their container fleets.
ontainer support grows to
C
combat security issues
SCHEDULERS, TOOLS MAKE A DIFFERENCE
BETH PARISEAU
hat admins need to know
W
to master containerization
technology Docker Inc. revamped its licenses and release cycles this week, which could
boost its appeal as it rides a wave of mainstream enterprise container adoption
Docker container
expected this year.
management renews appeal
to enterprises
Docker has pledged to slow and regulate updates to the Docker container
ontainer support grows to
C platform, now split into two editions: the free and open source Community
combat security issues
Edition, which will be updated every four months, and the Enterprise Edition,
which will be updated every 12 months with security and critical bug fixes, as
needed.
The Enterprise Edition starts at $750 per node, per year for business-day
In this handbook: support on Docker Enterprise Edition Standard. At the top level of the Docker
Editor’s Letter
container management pricing packages -- which costs $3500 per node, per
year -- the minimum support response time is two hours, and the package
hat admins need to know
W caps the number of support contacts at eight, according to Docker’s pricing
to master containerization
technology page. Analysts foresee this being the subject of price negotiations with larger
enterprises that may need faster responses or more people to handle them.
Docker container
management renews appeal
to enterprises DOCKER DATACENTER SEEKS LEG UP IN BUSY MARKET
“It should help boost their market share,” said Robert Stroud, an analyst with
Forrester Research. “We don’t hear much about Docker Datacenter at all. At
the same time, inquiries about container orchestration and management tools
have sharply increased.”
IDC analysts do get inquiries about Docker Datacenter specifically, said Gary
In this handbook: Chen, an analyst at the market research firm. But sales for all orchestration
Editor’s Letter
platforms are slow, as enterprises are still becoming acquainted with core
container platforms, such as Docker and CoreOS rkt.
hat admins need to know
W
to master containerization Here, Docker Enterprise Edition can raise Docker Datacenter’s profile,
technology
said Brandon Cipes, managing director of DevOps at cPrime Inc., an Agile
Docker container consulting firm in Foster City, Calif.
management renews appeal
to enterprises “[Docker Enterprise Edition] gives them a chance to start working on more
regular revenue streams and forge a path toward larger clients in need of more
ontainer support grows to
C
combat security issues reliable support,” Cipes said.
“A lot of my clients are not eager to go the full-blown PaaS route, nor do they
have the expertise to build it themselves from scratch,” Smith said. “Over the
next 18 months, we’re going to see more clients going with production-level
Cook said he was excited to see a partnership with Microsoft that includes
Docker Enterprise Edition licenses in Windows Server 2016.
JIM O’REILLY
hat admins need to know
W
to master containerization
technology Containers are among the hottest items in IT today. The concept behind
containers is simple: You can build virtual instances that share an OS. This
Docker container
comes with a number of benefits, including faster spin-up time, a lower
management renews appeal
to enterprises memory footprint and an expansion of a server’s operating capacity.
This container security approach does, however, increase the overall footprint
and may reduce agility, so the industry is looking to thin hypervisors, such as
In this handbook: Intel’s Clear Containers or CoreOS, and even bare-metal container products.
Editor’s Letter
This approach to security will evolve throughout 2017, providing users with
very secure, very lean container environments. Ideally, this will lead to an
hat admins need to know
W increase in container adoption over the next few years.
to master containerization
technology
Containers already offer great advantages for edge applications, such as
Docker container web servers. However, shared network storage challenges remain a problem,
management renews appeal preventing organizations from containerizing some complex applications.
to enterprises
Products like Flocker from ClusterHQ help address this problem, and
ontainer support grows to
C container technology continues to evolve.
combat security issues
Intel has developed a series of additions to their core CPU architecture to stop
cross-tenant access in virtualized environments. Unfortunately, these can’t
separate the tenants in containers. A common resolution to this problem is to
layer a hypervisor on bare-metal and give each tenant one or more VMs, each
isolated from other VMs by hardware. Tenants can build up as many containers
as they want within the VM.
Unfortunately, VIC is far more complex than other container offerings, which
means it has a slower container spin-up time.
KUBERNETES
In this handbook:
Kubernetes has gained a lot of support as a tool for creating containers in
Editor’s Letter hybrid clouds because of its portability. It’s ported to OpenStack and has
hat admins need to know
W support from companies such as IBM, Red Hat, VMware and Huawei. Amazon
to master containerization Web Services (AWS) and Azure will likely offer support for it in the near future,
technology
setting Kubernetes up to be the lingua franca of the container world.
Docker container
management renews appeal
to enterprises
OTHER CONTAINER ENVIRONMENTS
If you’re interested in trying out containers, the public cloud is a great place
to start because the cost and risk are relatively low. Companies like AWS,
Microsoft and Google already offer strong container support. AWS has EC2
Container Services (ECS), which comes with a broad set of tools, including
In this handbook: CloudFormation, EC2 Container Registry and Docker, among others. ECS
Editor’s Letter
supports continuous delivery.
Docker container
management renews appeal
to enterprises