Container adoption at the enterprise level has exploded in recent years due to containers’ ability to provide the fastest widely available application development and deployment to date. At first glance, they look an awful lot like extremely lightweight virtual machines with lean system requirements. They are easier to deploy, faster to launch, and they operate on shorter average lifespans. They’re also portable with a small footprint, meaning a server can support drastically more containers than VMs—resulting in lower infrastructure costs.
Businesses are realizing the benefits: in the 2017 edition of the Portworx Annual Container Adoption survey, 32 percent of responding companies spent $500,000 or more per year on license and usage fees for container technologies, up from a reported five percent in 2016. This extreme growth is expected to continue as more enterprises look to make their DevOps processes more efficient as they relate to both cost and production.
Containers are a great way to add agile delivery to an agile development process. They represent the next step in the evolution toward faster application development and delivery by increasing developer efficiency and offering easier and faster deployment. The biggest advantages of container adoption center around enabling agile delivery and ease of delivering microservices. Adopters are quick to exploit these advantages. Docker, the most popular container orchestration tool, sees the average user quintuple their container count within nine months.
Doing it right
When considering investing in containers, be sure to have clear expectations of the benefits you expect to gain before you broadly adopt containerization. There are tools and platforms that can help with aspects of automating the containerized environment, and it’s good to understand what the ecosystem will look like before you implement it.
There can be a learning curve for enterprises who have never dabbled with container adoption before. This is particularly true when it comes to delivering and securing a containerized application. If you’re unsure of the best use for containers, the ease of conversion means ephemeral workloads are usually a good target. Workloads requiring persistent disk storage (like database servers, for instance) can require a little more effort to containerize.
In order to maintain the most effective and efficient containers usage, be sure to periodically revisit your build processes and refactor for smaller containers with fewer layers. Keep an eye on resource utilization, especially around storage—persistent storage is the most common challenge for running containers.
Of course, just like any other method of application development, security must be a high priority. While a containerized application bears some similarity to a more traditional application on virtualized infrastructure, the technology is different enough that effectively protecting containers requires a subtly different approach. Using containers without a strong automated approach to security is like buying the front half of a race car. Sure, it can go fast; it’s really lightweight, too. But just as you wouldn’t expect to be able to avoid obstacles in a race car missing the back two wheels, you wouldn’t maintain high expectations for a containerized application without automated security. Without automated security, you’ll either operate at a safe speed (meaning that you’ll be slowed down by operating at the speed of traditional security tools), or you’ll throw caution to the wind and hit the wall in a grandiose résumé-generating event.
Here are a few things to keep in mind: An effective security practice is baked into the development process from the start. When everything (including infrastructure and operating constraints) is defined in code, you have a great opportunity to extensively analyze an application before it reaches production. Do that, and favor tools that can be fully embedded into your software development and application delivery pipeline. Manage vulnerabilities in configuration and software packages as early in the process as possible. Be smart in how you deliver application credentials like API keys; don’t include secrets in container images or source code repositories.
Since a container only holds an instance of an application, not an entire operating system, you should be cognizant of resource requirements and restrict running containers accordingly. VMs have the implied boundary of the VM’s memory and CPU allocation. Configuring the same for containers requires a deliberate effort. Appropriate resource restrictions can serve to make a DDOS harder to execute. Perhaps most importantly, the host has to be secure: protecting only the containers and not the underlying host the containers run on is like building a strong house on quicksand. For the foreseeable future, enterprises will have a mix of VMs and containers. You need to secure them both.
If you’re looking to make your DevOps teams faster, more efficient, and more secure, container adoption is the way to go. Their popularity will only continue to grow in the coming years. If your enterprise is considering container adoption, make sure your entire team has a solid understanding of expectations and security requirements in order to truly maximize their capability.
Ash Wilson is a strategic engineering specialist at CloudPassage
This is an updated version of a story originally published in August