One of the gnarly questions IT folks have been asking for a solution to is how to get software to run reliably when it’s moved from one computing environment to another. Problems arise when the supporting software environments aren’t identical. And because network topologies, security policies and storage configurations differ, things can be confounded further. Now with the cloud going mainstream, the need for such a solution has grown more critical.
Enter containers. Containers inherently address the need of how to make mission-critical software work in different computing environments. A container consists of the application and its runtime dependencies; that is, an application, libraries and other binaries, and configuration files needed to run it, bundled into one package. Basically, the approach breaks down the application into smaller, bite-size components known as microservices.
By containerizing an application and its dependencies, differences in operating systems and the underlying infrastructures disappear. Containers enable software developers and operations to encapsulate an application component in a single, lightweight package and easily share and reuse container content . Inherently Linux-based, containers offer the promise of running consistently from one compute environment to another, whether virtual or physical (a.k.a., bare-metal servers).
Large enterprises are exploring the possibilities enabled by container technologies such as Docker. (Docker is a widely used, open-source platform developed by Solomon Hykes and is arguably the most used container platform.) Juniper Networks sees this trend as a milestone in data center innovation, offering significant gains in efficiency, productivity and agility particularly for large enterprises that offer cloud as a service.
Containment Policy: The Network Rules
Once containers are set up, they also need to talk to each other. This is simple if they reside on the same host, but what if different container nodes want to talk to each other across the network? This makes container networking a very important part of the container ecosystem.
The container world has started to adapt by creating its own network virtualization technology, which allows the container network to be portable across domains. Think of it as a virtual network within a virtual network. For example, a Docker container network can be set up as its own software-defined network (SDN).
Juniper Networks is one several companies actively involved in developing container SDN and container Network Function Virtualization (NFV) strategies based on our Contrail, a Cloud Network Automation platform. Contrail is a simple, open and agile platform that can provide microsegmentation for a container ecosystem, securely isolating networks within a multi-tenant environment. Integrated with Docker, Contrail connects different virtual networks between applications running on containers and VMs, and also connects elements such as legacy infrastructure or databases running on bare-metal servers in private, public and hybrid clouds.
For the enterprise using containers to build out its cloud infrastructure – whether public, private or hybrid – the Contrail platform provides a number of benefits, including the ability to weave virtual overlay networks (a writable layer) with heterogeneous environments that straddle private and public clouds, orchestration tools and compute workload vehicles.
Further, Contrail allows tenants to specify traffic selection criteria and the network function sequences to which selected traffic will be subjected— a capability referred to as Service Function Chaining. It implements secure multitenancy for tenants using containers and/or groups of containers, ensuring clear segmentation between tenants sharing the pooled infrastructure. Finally, it enforces security policies at every server host where containers are running by implementing a fully distributed firewall in the vRouter.
Can’t Contain Yourself?
What shipping containers did for transportation, software containers are poised to do for computing. They make it easier to move applications from the developer’s laptops or workstations to the computers that deliver those applications to operations and customers. Containers will be part of data centers in the future, whether they move to the cloud or not. In fact, containers may be the way systems are built for years to come.