Is It Time to Run Your Workloads in Containers?

Some early adopters of the container virtualization technology have been running their mission critical applications in containers at a massive scale. But is it time for you to run your workloads in containers? There are quite some misconceptions and confusion regarding the readiness of the container virtualization technology in the industry. As containers are more used by green-field applications, and those applications are more likely designed with a microservice architecture, people believe that they need to convert their applications into a microservice architecture before they can run their workloads in containers. In fact, a lot of the existing monolithic applications can be quickly containerized as they are, and gain the same level of agility and flexibility while reducing the infrastructure footprint significantly.

Security is another concern a lot of people have heard about regarding the container virtualization technology. That concern originates from the fact that the containers are not completely isolated from the host operating system, as they use the same kernel on the host system. A root (admin) user in the container may breakout of a container and gain the access to the host operating system. Over the last few years, the industry has made significant progress towards container security and isolation. Now containers can be running under a non-privileged user account. Other security measures such as run-time data encryption, container image signing, and image vulnerability scanning have made the container technology more secure that the traditional technology stack. Just like what you would do to secure your existing applications, data and infrastructure, you should follow the security best practices to manage your risk exposure in a container-based hosting environment.

People are also concerned about the amount of learning and transformation needed from the organization perspective in order to adopt the container technology. In comparison to the adoption of a Platform-as-a-Service (PaaS), the learning curve for the container virtualization technology is much more moderate. You can use your traditional tools and technology stack to code your applications, with the understanding on implications of running them in a distributed container environment later on. Learning a PaaS could take much more time and most likely you lose the control on the underlying technology stack. And more importantly, you may get locked into the PaaS and completely lose the flexibility on where to run your applications.

To get started with containers, you may not have to learn all of the details about the container virtualization technology or the command line interface (CLI). There are tools and products available in the marketplace to help you use container technology in a plug and play fashion. You just need to provide your source code repository location and access credentials. The system can build the container images for you and push those images into your private image repository. You can run your applications in containers by deploying those images to your private data center, or to a virtual private data center in the cloud. Enterprise ready features such as single sign on, role-based access control, workload orchestration, logging, and monitoring can greatly facilitate the adoption of container virtualization technology.

Before putting a big plan in place to migrate your workloads into containers, you may explore some of the products in the marketplace, and consider a proof-of-concept (POC) to go through the journey with a limited but representative set of your applications, and evaluate the potential costs and benefits. You may find out that it is actually not such a daunting task or big change to what you are doing today, while reaping significant benefits of the container virtualization technology.