freshidea - Fotolia

Making sense of AWS containers, EC2 Container Service

Some enterprises are diving head first into cloud containers, but the technology -- an old form of virtualization brought back into vogue -- has its pros and cons.

The containerization craze is now a cloud norm. Users are increasingly turning to containers to boost the portability of their cloud applications and improve efficiency, with Docker being the pack leader.

Container-based virtualization, however, is not a new technology. Docker helped bring containers back into vogue, but the latest generation of container technology is not without its quirks. As with other technologies, IT administrators should consider cost, security and other individual needs before docking with Docker.

Let's answer some frequently asked questions about AWS containers to help your enterprise make the right call.

What are containers and what purposes do they serve?

Container-based virtualization allows users to run multiple applications on the same operating system, while sharing its resources. In that sense, a container is different from a VM, which operates on an individual OS.

Container-based virtualization allows users to run multiple applications on the same operating system, while sharing its resources. In that sense, a container is different from a VM, which operates on an individual OS. Linux-based Docker containers can respond more quickly to spikes in computing demand, booting up in fractions of seconds by using the kernel of the host OS. This capability is of particular interest to development teams looking to activate and test code.

In addition to being able to launch quickly, containers' lightweight nature means a host server can run hundreds of containers at a time, provided the resources are available. Additionally, containers are incredibly portable because of their ability to run without a hypervisor. As long as the destination server has the same OS as the original server, containers can seamlessly transport.

All of this has IT professionals giddy about the future of the technology, as its infant stages are already transforming the look of data centers and cloud operations.

How are containers used within AWS?

Amazon Web Services (AWS) users can opt to run instances within Elastic Compute Cloud (EC2) or look into using containers. Amazon EC2 Container Service (ECS) manages Docker containers within AWS, allowing users to easily scale up or down and evaluate and monitor CPU usage. These AWS containers run on a managed cluster of EC2 instances, with ECS automating installation and operation of the cluster infrastructure. AWS brings its common functionality -- load balancing, auto scaling, Identity and Access Management and familiarity with other AWS products -- to containers through ECS.

Users can create task definitions with ECS to link containers for a particular service or microservice, which can be useful for both simple and complex workloads. Then, they can create a service to act as an Auto Scaling group for their tasks. In short, ECS takes the guesswork out of managing containerized applications by adjusting them to meet CPU and memory needs.

What are the drawbacks of using containers and ECS

While containers are essentially based on Type 2 virtualization, their latest incarnations are a work in progress. Security is a primary concern as it applies to Docker containers. Docker processes have root access to the file system, a no-no in the cloud, as it can compromise operations on that server.

AWS mitigates some of the networking and security concerns regarding Docker, allowing users to set up a Virtual Private Cloud (VPC) or security group to limit access to resources. This, however, does not eliminate the root access dilemma; the VPC simply acts as an isolation layer.

ECS has more advanced security features than Docker itself, which still leaves security-conscious cloud customers worried. AWS customers also seem to prefer third-party schedulers to the two available in ECS, meaning Amazon has work to do in that category.

What's the next step for container technology in AWS?

It has been difficult to predict the direction in which AWS is evolving, even as customers outline clear needs. The promise of portability is alluring, but being able to run identical containers on all machines might prove easier said than done. Regarding security, Docker containers do not achieve the same level of isolation as a VM, though installing a container on top of a VM can help mitigate some risk.

But the full limitations of container technology are not yet known. Being able to isolate certain elements of applications into microservices can protect the application as a whole, but the worries seem to outnumber the assurances.

Amazon ECS was the first cloud service to support Docker, but there is room for improvement. Reporting on ECS is limited to logging, which can result in container sprawl -- having too many containers to track, with unnecessary costs attached. The AWS Management Console and third-party tools can report on compute usage and costs, but both can get out of hand without keeping a watchful eye.

Customers have also had issues running Elastic Beanstalk with ECS. But with all the attention on containers, Docker and AWS will seek to shore up these issues and meet cloud customers' growing needs.

Next Steps

Five cons of container technology

Docker on AWS: It's not you, it's me

Container as a service Docker deployments appease DevOps woes

Dig Deeper on AWS instances strategy and setup