Sylabs this week made generally available Singularity Enterprise, which combines a set of DevOps and security services with an open source Singularity container engine optimized for high-performance applications involving large amounts of data.
Company CEO Gregory Kurtzer says Singularity Enterprise makes it easier to keep track of the provenance of all the data within a containerized application by tracking cryptographically signed containers. Singularity Enterprise advances that effort by providing access to Remote Builder, which enables building containers in the Singularity Image Format (SIF) without requiring privileged access to shared resources. In addition, Remote Builder makes it easier to incorporate Singularity containers within a continuous integration/continuous deployment (CI/CD) environment, he adds.
Singularity Enterprise also provides access to Keystore, which allows users to exchange key certificates to verify digital signatures in SIF files, and Container Library, which allows SIF files to be shared in a way that maintains a versioned history of containers to satisfy audit requirements. Kurtzer says enterprise IT organizations should expect to see Sylabs expand on those capabilities by making it possible to encrypt data within containers at rest and manage secrets within a containerized application.
Compatible with a variety of container image formats such as Docker and the Open Containers Initiative (OCI) specification, Singularity containers trace their roots back to high-performance computing (HPC) applications. With the rise of artificial intelligence (AI) applications, the performance and security aspects of Singularity containers running on graphical processor units (GPUs) are now finding broader appeal within enterprise IT organizations, says Kurtzer.
The appeal of Singularity containers in the enterprise is also increasing thanks to the intervention of cybersecurity professionals, who Kurtzer says are now starting to require that developers implement cybersecurity policies and controls for containerized applications end to end using best DevSecOps processes.
Kurtzer says Sylabs isn’t making a case for replacing other container engines as much as it is focusing on specific use cases in which other engines don’t meet the levels of performance and cybersecurity demanded by IT teams building and deploying containerized applications. By supporting multiple container images alongside Kubernetes clusters, Sylabs has spent the last few years making it easier to transition between containers formats, he says.
It’s unknown how much the rest of the container community might crib ideas and concepts from Singularity. The Singularity container engine was developed in isolation from the original work of Docker Inc. to address a narrower set of HPC applications. Since then, it’s become apparent cybersecurity concerns are acting as a drag on the rate at which containerized applications are being deployed in production environments. It’s not that containerized applications are any less secure than monolithic applications, but the DevSecOps processes for ensuring that cybersecurity policies are enforced tend not to be as mature. Those concerns could (or not) result in organizations adopting additional container engines such as Singularity. However, as the pressure to build and deploy applications faster without compromising security continues to mount, the chance increases that organizations will start to evaluate container engine alternatives.