Container technologies for cloud-native apps

A deep dive exploring the layers that go into a container-based platform for enterprise applications

Container technologies allow enterprises to develop highly differentiated applications and services more quickly, with better quality and geographic reach, to create compelling customer experiences.

They have quickly become an important element of digital business transformation because they promise faster software delivery, tremendous scale, higher resilience, greater flexibility, and broader implementation options. Everything about enterprise app infrastructures, development styles and architectures is changing, and containers play a key role in each area.

The basis of infrastructure platforms, both on-premise and in the cloud, is moving from virtual machines (VMs) to infrastructure and container services as developers want to consume smaller fit-for-purpose app components via application programming interfaces (APIs). Development styles are speeding toward true continuous integration and continuous delivery – DevOps – and app architectures are moving from multi-tiered monoliths to more agile collections of microservices.

Holistic view

Architecting a container-based platform for enterprise applications requires a holistic view of various capabilities and how they fit together. Regardless of whether enterprise app professionals use the container-native or integrated-platform pattern, they must still choose components and assemble them seamlessly. The reference architecture of container-based application platforms can be defined as consisting of eight layers, each with specific componentised technical capabilities.

Many open source options for the container-native pattern normally focus on one capability component (or a few) for assembly, while options for integrated patterns usually embed the container engine, container orchestration, external integration and operations management layers together.

The first layer is the container engine, which provides the foundational execution environment. This environment should support predefined configuration file formats of mainstream container images, such as those from Docker, App Container and the Open Container Initiative. The environment should not only support container runtimes, such as runC, Docker containerd, rkt, and cri-o, but also runtimes of VMs, such as runV, Clear Containers and LXD.17. It should then be able to execute a set of standard build-ship-run operations for container images and instances. These can range from building an image from configuration files to tagging an image in the repository.

Key capabilities

The second layer, container orchestration, enables key capabilities for enterprise adoption. Task scheduling with high-availability (HA) support components such as Mesos and Marathon ensures efficient, robust cluster resource use for running applications. App configuration management components such as Docker Compose and the Topology and Orchestration Specification for Cloud Applications (TOSCA) simplify service composition and app configuration. Service discovery and configuration management components such as etcd can register and discover services across container instances to allow storage and lookup for service configurations.

Container cluster management components like Docker Swarm and Fleet handle cluster membership, detect and recover failed container instances, and propagate custom events. Container networking components such as Docker Networking, Weave Net and Canal provide abstract, unified networking features. Container storage management components such as Fuxi manage data volumes for containers. Only a few, such as Kubernetes, cover all capabilities in this layer.

Diversified use scenarios

Next is the external integration layer, which allows extensive support for diversified use scenarios. Big data integration components help mainstream big data frameworks, such as Apache Hadoop YARN or Apache Spark, leverage the power of containers to maximise performance in the cloud while using their own schedulers. Message queue integration components deploy third-party message queue and streaming platforms, such as Apache Kafka, into the container environment. And infrastructure-as-a-service (IaaS) integration components help IaaS platforms such as OpenStack embrace container orchestration.

The fourth layer is for operations management, which streamlines operations or maintenance processes. Container monitoring and data collection components such as Logstash, OpenTracing and Fluentd monitor containers, trace API invocation in distributed environments, and collect data in a unified manner. Metrics storage, analysis and alerting components such as Prometheus and Elasticsearch analyse aggregated data using persisted data model metrics and send alert notifications. Management portal components such as Kibana and Grafana provide dimensional dashboards of analytics results for operational management.

Next up is the container infrastructure layer, which allows adaptability of operating environments. Container operating system (OS) components such as Red Hat Enterprise Linux Atomic and VMware Photon OS provide minimalist OS features that support containerised application execution. And generic bare-metal hypervisors such as ESXi, KVM and Hyper-V, which are generic components for virtualisation and cloud deployment, allow virtualisation on physical servers for hardware resource pooling.

Unified control and value co-creation

The container image management layer ensures unified control and value co-creation. Private image repository components provide centralised and scalable building, discovery, distribution and change management of container images; firms can deploy components such as Docker Registry and CoreOS Quay Enterprise on-premise or use cloud-based services such as Docker Cloud, Google Container Registry and Amazon EC2 Container Registry. Public image marketplace components, such as Docker Store and CoreOS Quay, provide a trusted platform with reputation indicators for sharing container images.

The penultimate layer concerns container security, which safeguards end-to-end security. This layer provides protection for the complete technology stack, from container infrastructure to container operations management and image management, and for the entire container lifecycle from image creation to runtime execution, including image signing and verification, role-based access control, security policy management, and enterprise LDAP integration. For example, Docker Content Trust enforces client-side signing and verification of image tags and CoreOS Clair provides static analysis of vulnerabilities in container runtimes.

Application lifecycle acceleration

The final layer is DevOps automation, which allows application lifecycle acceleration. This layer not only helps enterprises simplify the deployment of components in other layers, but also integrates with existing cloud environments and DevOps tools to ensure seamless collaboration. For example, Docker Machine can help install Docker Engine on virtual hosts atop major cloud service providers, enabling management capabilities.

Enterprise application professionals must assess the capability coverage for each layer against business requirements. They must take the lead in mapping business needs to technology requirements and evaluate the ability of each component to address these requirements. For example, if your large-scale web applications translate to proven clustering management capabilities over 5,000 nodes, Mesos might be a better choice than Kubernetes. However, the Kubernetes project has more than 950 contributors on GitHub , offering a more active ecosystem.

This is an extract from the Forrester report Vendor landscape: container solutions for cloud-native applications by Charlie Dai and Dave Bartoletti.

Read more on Cloud applications

Data Center
Data Management