DOCKER! (and containers)
Docker’s visibility in the container space is around that of Microsoft in the OS space. As an example, Docker pops its head up here in a 451 Group commentary: “Docker and containers continue to gain attention and adoption in the enterprise. Just as we saw with OpenStack, the Docker and container ecosystem is marked by the presence of well-established giants as well as startups, which makes the space fertile ground for mergers and acquisitions. We anticipate significant consolidation this year, and given early involvement from large players, we may see container M&A accelerate when the first big deal occurs.” The underlines are mine. So it’s not just that “containers continue” or that the “container ecosystem is marked” but that “Docker and containers” are doing this and marked by that.
Yes, Docker is big, flashy, and making a lot of noise. But that alone is not enough that it should play a key role in containers, such as helping to grow the potential for M&A in the space. Here are some Docker facts beyond the flash and hype together with a discussion of when Docker use is not indicated.
Containers, which stand on the shoulders of VMs to some degree started with LXC and continue with it today in Linux. Many hands have touched the developing LXC technology over the years. What eventually became the Docker of today was the result of years of building up a large toolset / tool chain from experience and expertise in using LXC to run developer apps at scale in the cloud, according to Kowsik Guruswamy, CTO, Menlo Security.
“They became Docker and then released the tool chain, so really from a hierarchy perspective at the bottom you have Linux containers and then Docker built a set of really, incredibly easy to use and sharable sort of tools targeted at developers on top of Linux containers. They also added a marketplace where developers can share these snapshots of containers,” says Guruswamy.
As a result, many refer to Docker technology as containers and Docker has earned that privilege by creating and releasing additions and improvements to that tool chain that many developers find indispensable.
Considerations When Contemplating Docker Deployment
If your organization is not making drastic changes to its applications, consider whether a Docker investment is worth the effort and risk. “Every new process, which requires new tools and training also creates certain types of issues,” says Stephanie Tayengco, Senior Vice President of Operations, Logicworks. If the enterprise is not routinely converting all its applications to containerization, Docker adoption may not be the best option.
“There are other options than Docker that have more tested security frameworks; for example, configuration management tools such as Puppet and Chef can install packages on the fly as a cloud instance spins up. This is as opposed to a Docker image that must have those packages baked into it,” says Tayengco. Puppet in particular is a smooth tooling transition for organizations sticking to their existing development approaches.
“Docker lacks sufficient tools to depict whether a container is running efficiently,” says Tayengco; “while there are a few Docker orchestration tools on the market, these are mostly untried by enterprise IT departments,” says Tayengco. The ecosystem of third-party Docker vendors including those that enable enterprises to monitor security inside containers more effectively is still young and prone to growing pains, pains that enterprises must mull whether to share in. This will be a concern for the foreseeable future with the software development stage the earliest and most effective for avoiding security vulnerabilities. The increasing speed of maturation of third-party vendors will not soon outpace the maturation rate of threats, whether to containers or otherwise.
Monitoring tools need a deeper, more fine-grained view into transient instances in the public cloud and particularly into sub-virtual machine entities like Docker containers, according to Tayengco, to address these app and container efficiency and security monitoring concerns.
Another area of concern with Docker is in logging. “This is critical for most enterprises due to increasing industry security and compliance concerns,” says Tayengco. It is not trivial nor simple to set up Docker containers to consistently and reliably ship logs to a central repository, as these containers work most efficiently when there is no permanent data store requirement, affirms Tayengco. Most enterprises must have this permanent log data store.