Just as in shipping physical cargoes where a load in a container can share transport on a train or ship with other similar loads while remaining separate, so in computing a containerised application is able to share machine space with many others whilst remaining separate in its own ‘box’.
You might be wondering how this differs from full virtualisation? A virtual machine provides a complete environment running an operating system and applications totally separate from the OS of the host server. A containerised application on the other hand is full self-contained in terms of a business application but is designed to work with the operating system kernel of the host. This provides a lighter weight alternative to full virtualisation, allowing the application to be run on any physical machine that shares the same operating system, but otherwise behaving as though it’s independent.
Containers are sandboxed so that they can’t interact with each other in order to preserve the integrity of data and keep them secure. The big advantage that containerisation offers is the ability to run many more applications on a single server than you could with full virtual machines. A container can be booted much faster and imposes much lower overhead on the host system.
In recent years containerisation has gained in popularity mainly thanks to the open source Docker environment. Docker applications are able to run independent of the infrastructure on physical machines or in the cloud.
Although containers on Solaris and other systems have been around for a long time, the roots of modern containerisation lie in the Linux Containers (LXC) format which provides an interface for Linux kernel features. Containers share the Linux kernel of the host machine which means that all containers on the same system operate using the same kernel.
Using this technology means that containerisation can only work in Linux environments and run Linux applications. Virtual machine systems, like VMWare, by contrast allow applications to run on Windows or any other supported operating system.
Docker remains the market leader, largely thanks to the Docker Hub a repository of container images for databases, programming languages, applications and more. This is a publicly available resource and has tens of thousands of images available making setting up Docker systems a straightforward process.
Each container is built up of layers which are used to build the required functionality. This means that when downloading an image only those layers which aren’t available locally need to be transferred, contributing further to the container’s light footprint.
Although Docker has perhaps done most to popularise containers since its launch in 2013, it isn’t the only option available. Canonical the company behind Ubuntu Linux has produced an LXD containerisation for the Ubuntu OS which is also integrated with OpenStack.
CoreOS also produce Rocket, an alternative to Docker that’s designed to be more lightweight. Rocket runs as a command line toolkit, allowing users to run containers based on the App Container Specification (appc). This is something that CoreOS has developed to provide a set of open and simple specifications for a portable container format. Rocket also supports Docker images, making it more attractive to developers.
Containerisation for Windows
Microsoft too is embracing containerisation technology and has partnered with Docker to provide container systems on Windows Server and the Microsoft Azure platform. This doesn’t mean that you can run Linux-based Docker containers on Windows systems, but rather that technologies are added to Windows Server to allow containerised native Windows Server and .Net applications to run.
As of 2016 Microsoft launched Nano Server, this is a cut down version of Windows Server designed specifically for running containers and taking up much less space than a full copy of the operating system.
Running a number of application containers on the same server and sharing the same OS kernel has raised security concerns, particularly in the early days of the technology. In response to these concerns CoreOS and Ubuntu have both developed secure container technology.
Since its launch Docker has also focused on improving its security. It now supports isolation APIs and it has incorporated a signing and verification workflow to make certain that containers are not tampered with.
The rise of containerisation is also producing a shift away from security at the network level towards securing the containers themselves.
Containers and business
For business users the big advantage of using containers is that they offer a consistent environment all the way from development to production. There‘s no risk of introducing errors when software is moved to a different machine as the same container is used by developers, testers and in production.
Moving to new hardware or to a different cloud platform is also easier, since if the software is in a container it should run in exactly the same way wherever it is. Because a container is also much smaller than a full virtual machine it’s easier to share.
The key to the popularity containerisation is that it offers the resilience and isolation of a virtual machine but a lighter footprint and lower licensing and maintenance costs. For this reason it’s likely that containers will overtake virtualisation. In the short term this is likely to see an overlap where containers are run on virtual machines as enterprises transition to a fully containerised environment.
Docker will probably remain the leading container platform for some time to come. Partly this is due to its head start, and the advantage of off-the-shelf container images available from the Docker Hub. The adoption of Docker images by Rocket actually strengthens Docker’s position since it underlines the importance of the Docker image format.
There’s little doubt that the advantages of containerisation mean that it’s here to stay. Because it frees applications from the hardware it makes transitioning to the cloud and even moving between public cloud providers a much easier process. Any business considering investing in new infrastructure or applications can’t afford to ignore the benefits offered by a containerised environment.
Image source: Shutterstock/TechnoVectors