Blog: Docker

DockerCon 2018 SF: "Choice, Agility, & Security" is the Docker Promise

Written by: , Aug. 2, 2018

Docker Containers Can Be Used with No Vendor Lock-in, On Any Stack, with Any OS

Steve Singh, CEO of Docker, presented the keynote address at DockerCon 2018, held this June in San Francisco. According to Singh, Docker changes both the way software is built and how it is shared. In the current era of cloud computing, containers are everywhere, running Linux & Windows agnostically, operating in private data centers & the public cloud, even coming soon to edge devices embedded with new chips.


Share this post

"DockerCon 2018 SF: “Choice, Agility, & Security” is the Docker Promise"

Nabla Containers: New Format from IBM Designed for Strong Isolation on Cloud Hosts

Written by: , Aug. 1, 2018

Framework Installs with Docker to Add Unikernel Techniques Based on Solo5 & runnc

IBM recently launched a new container standard that functions as a type of plugin alternative to Docker's native format with the intention of creating more isolated sandbox environments for cloud architecture. Similar to the gVisor framework released by Google this year, Nabla Containers seeks to reduce the number of attack vectors that can be targeted by exploits for apps operating in production at scale. Rather than functioning as a true competitor to Docker, Nabla basically works as an alternative format that can be installed on the same hardware and software platforms (i.e. public/private cloud hosts) to provide more robust security. Nabla uses library OS/unikernel techniques via the Solo5 project middleware that reduces the number of Linux system calls required to 9 when operating a container. The main difference is that Nabla uses runnc as "the OCI-interfacing container runtime," whereas gVisor (another new hardened container sandbox alternative) is built around runsc and Docker containers are based on runC as the universal container runtime. Docker donated the code for runC to the Open Container Project in 2015 "as a standalone tool, to be used as plumbing by infrastructure plumbers everywhere." The Solo5 project was originally started by Dan Williams at IBM Research during work to port the MirageOS to support the Linux KVM hypervisor. The main components of Solo5 are the kernel, ukvm, a testing suite, and a set of tools which support various virtualization requirements across different operating systems & hardware devices. Nabla Containers will mostly appeal to programmers and developers who have a drastic need to reduce the number of system calls permitted to a VM in production to implement higher levels of security, although this will require custom formatted disk images that are not cross-compatible with Docker's runC code.


Share this post

"Nabla Containers: New Format from IBM Designed for Strong Isolation on Cloud Hosts"

Apache Mesos 1.5 Released: Container Orchestration with DC/OS & Marathon

Written by: , Mar. 9, 2018

Resource Management, Programming Tools, Task Monitoring, Data Analytics, & Web Security

Apache Mesos is an open source project that abstracts the CPU, RAM, storage, and other computing resources available across multiple hardware instances in a data center in a unified manner so that systems administrators can operate the entire network as a single computer. Apache Mesos provides a set of unique APIs for resource management in cloud computing that can scale to over 10,000 nodes, integrating with other frameworks such as Hadoop, Chronos, Spark, Cassandra, & Kafka for complex web/mobile app deployments. Apache Mesos is used by Apple, Microsoft, PayPal, Twitter, Verizon, Samsung, Netflix, eBay, Bloomberg, AirBNB, Yelp, Uber, China Mobile, & many other companies for their data center management requirements. Benjamin Hindman, one of the principle founders of Mesos/Nexus at UC Berkeley, launched the start-up company Mesosphere in 2013 which produces DC/OS (Datacenter Operating System) as a production ready distribution of the code designed for enterprise use. Mesosphere DC/OS includes elastic cluster resource management tools that enable cloud orchestration at scale using Docker Swarm, Kubernetes, or Marathon. The most recent release of Apache Mesos (version 1.5) includes support for the Container Storage Interface (CSI) that allows the system to automatically create storage partitions based on preset application parameters with multi-cloud platform compatibility. The new release also includes better configuration support for Windows environments, a standalone container format, and improved container image garbage collection.


Share this post

"Apache Mesos 1.5 Released: Container Orchestration with DC/OS & Marathon"

Kata Containers, KubeVirt, & Virtlet: VM Solutions for Multi-Tenant Applications

Written by: , Dec. 20, 2017

OpenStack Releases New Platform Software Merging Intel Clear Containers & runV

One of the most interesting announcements made at the KubeCon in Austin this year was the unveiling of Kata Containers, a combination of the new Intel Clear Container software and's runV technology. Clear Containers are part of Intel's Open Source Initiative and linked to the Clear Linux project, a light-weight distro optimized for cloud servers and IoT devices. HyperHQ was founded by Xu Wang, Simon Xue, & Feng Gao in Beijing in 2014, producing a hybrid container/hypervisor technology that allows for virtual machines (VMs) to run in Docker/Kubernetes deployments with extremely fast boot times and better security isolation for multi-tenant requirements. Arjan van de Ven, who works with the Intel Clear Containers group, wrote that this framework can launch a secure container with a running VM in "under 150 milliseconds" and that "the per-container memory overhead is roughly 18 to 20MB (this means you can run over 3500 of these on a server with 128GB of RAM)." The further development of Kata Containers will be governed by the OpenStack Foundation as part of the Open Cloud Initiative and the project has already developed a significant amount of support from IT industry majors (99cloud, AWcloud, Canonical, China Mobile, City Network, CoreOS, Dell/EMC, EasyStack, Fiberhome, Google, Huawei,, Mirantis, NetApp, Red Hat, SUSE, Tencent, Ucloud, UnitedStack, & ZTE). Due to the increasing popularity of using Docker & Kubernetes as web standards on cloud servers in DevOps, there is a large demand from enterprise companies for these solutions which allow for multi-tenant apps to be run with better security in containers as well as allowing developers to build solutions with multiple operating systems running simultaneously in different pods. Other solutions to this problem are KubeVirt (a Kubernetes plugin for better VM support) and Virtlet (produced by Mirantis for use with OpenContrail and Calico). Programmers and systems administrators can use software defined networking tools and the Kubernetes Pod API to create innovative solutions for modernizing legacy software applications or new strategies for complex web & mobile apps hosted in a private/public cloud.


Share this post

"Kata Containers, KubeVirt, & Virtlet: VM Solutions for Multi-Tenant Applications"

Containers-as-a-Service (CaaS): Docker & Kubernetes Platform Comparison

Written by: , Dec. 16, 2017

Red Hat OpenShift, CoreOS Tectonic, Cloud Foundry, Fabric8, Canonical, & Mirantis Cloud

Docker was founded in 2010 by Solomon Hykes as an internal project of the PaaS company dotCloud and part of the Y Combinator start-up fund. In 2013, Benjamin Golub joined the company as CEO and the pair navigated a hugely successful pivot to focus on container software development, leading to a total of $237 million USD in venture capital seed funding in Silicon Valley. According to Sramana Mitra, Docker received funding from Goldman Sachs, Coatue, Northern Trust, Lightspeed Venture Partners, AME Cloud Ventures, Trinity Ventures, Sequoia Capital, Greylock Partners, Benchmark, Sequoia Capital, Jerry Yang, and Insight Venture Partners, ultimately leading to a valuation of the company of over $1.3 billion USD and "unicorn" status. Kubernetes was first announced in 2014 as an open source project growing out of Google's internal "Borg" platform, with version 1.0 released in 2015 under the management of the Cloud Native Computing Foundation (CNCF). Kubernetes automates cloud orchestration for containerized applications, allowing them to scale beyond the single server model to support the highest levels of enterprise web traffic. Both Docker and Kubernetes have seen huge adoption across all business sectors internationally in the last few years, becoming the foundation of best practices in DevOps as companies seek to modernize their legacy software applications and transition to fully embrace advanced cloud computing web server architecture. This year, Steve Singh moved from his role as Docker's Chairman of the Board to replace Golub as the CEO of the company.


Share this post

"Containers-as-a-Service (CaaS): Docker & Kubernetes Platform Comparison"

1 2