Virtual container technology options for management, security
A comprehensive collection of articles, videos and more, hand-picked by our editors
Containers are lightweight, virtualization mechanisms built on features of the Linux operating system. While they...
enable enterprise teams to exploit even greater efficiencies of virtualization, management can be tricky.
Managing clusters of machines that host containers can be difficult. IT teams have a few options: run cluster management tools, such as Docker Swarm or Kubernetes, or use container services from providers, such as Amazon, Google and Microsoft that offer container management services in addition to VM instances. Amazon EC2 Container Service (ECS) enables customers to run containerized applications in an AWS-managed cluster of EC2 instances. By running ECS containers, IT teams can take the guesswork out of installing and managing cluster management infrastructure.
Like other AWS products, customers use API calls to create clusters, launch Docker containers and monitor the state of the cluster. The service is built on EC2 instances, so developers and application administrators can take advantage of other AWS features, such as AWS Identity and Access Management, Elastic Block Store, security groups and Elastic Load Balancing. AWS does not impose a separate charge for using AWS container services; customers are billed for the underlying compute, storage and other metered services the container applications use.
ECS containers are well-suited to applications that may not require the full resources of an EC2 instance. Microservices, for example, are good candidates to use in conjunction with ECS containers. IT teams can run any application without time limits on when an operation completes, and they can deploy applications developed on any platform or in any language. The service manages availability and scalability, so IT teams can adjust the number of ECS containers running at any time, according to demand.
ECS containers are configured using an abstraction called tasks. Tasks specify a Docker image, the processor and memory resources, data volumes, port mappings, links to additional containers and other parameters. Tasks enable developers to divide services down to the microservices level while still coordinating a number of services to complete a processing operation.
Diving into Google's container engine
Google Cloud Platform also offers a container service for Docker called Google Container Engine (GKE). GKE uses Kubernetes as a cluster management platform. Kubernetes is an open source platform, which gives customers the option to run the same cluster management platform on premises and in the cloud. Other vendors, such as Red Hat, VMware, Microsoft and IBM support Kubernetes integration; OpenStack is also working to support Kubernetes.
GKE allows admins to specify containers and resource parameters. The service then manages the scheduling of those jobs. A welcome feature of GKE is the ability to specify containers in a declarative JSON format.
GKE includes a private Docker registry, giving IT teams the option to use public repositories, such as Docker Hub, as well as their choice of an image repository. Administrators can easily integrate Google's logging service with deployed containers. And the ability to reserve a range of IP addresses means clusters can be integrated over virtual private networks with private, on-premises networks.
Unlike AWS, Google charges for its container service, depending on the size of the cluster. Container management is free for up to five nodes in a cluster. A cluster of six or more nodes is billed at $0.15 per hour per cluster.
A peek at Azure Container Service
Microsoft is currently offering Azure Container Service in preview mode. Microsoft Azure allows IT teams to choose between Docker Swarm and Apache Mesos for cluster management. Apache Mesos abstracts features of OSes and applies them across clusters.
With Mesos, applications use resources that are running across clusters or across data centers. Customers can also use Marathon for service orchestration on Mesos. Chronos is a distributed job scheduler that is used with Mesos; it is often described as a CRON job scheduler for clusters.
Mesos is known to scale to the order of 10,000 nodes and uses ZooKeeper -- part of the Hadoop ecosystem -- to ensure fault tolerance.
Like AWS, Microsoft does not charge for container services. Customers are billed only for the metered resources used within the cluster.
Container service comparison: AWS vs. Google vs. Azure
Container portability in AWS still lags
Make sense of AWS containers and ECS
Container terms you need to know