Building a case for containers


10 December 2014
Pavel Ershov of Parallels

Data centres today are beginning to outgrow the traditional hypervisor method of virtualisation. Just as Linux was the upstart operating system that took over the web and found mainstream acceptance, containers are the next wave of web-scale technology to move into the collective awareness of CIOs, CTOs and IT professionals.

Hosting service providers have been using the technology to lower operational costs and increase efficiency for years. But in the enterprise, containers remain a bit of a mystery.

There are five myths surrounding containers that we would like to debunk.

1.   Containers are not reliable enough to support mission-critical workloads

Hosting service providers have been using the technology to lower operational costs and increase efficiency with virtual private servers (VPSs) for over a decade. VPSs are used to provide companies with web and other services such as the processing of credit card transactions, all of which are incredibly mission critical for a business.

2.   Containers are not secure

In the past three years – Parallels, Google and a host of other companies have been working to push all the necessary security technologies upstream. As a result, today’s upstream kernel has enough security technology to ensure containers are highly secure and isolated.

As with most computer systems, security also relies on following best practices. The technology itself is granular - you can set up a fully-secure, fully-isolated operating system container, or you can also set up a very porous one. There can be good reasons for doing the latter, but sometimes it is the result of oversight or not following best practices.

3.   Running containers inside virtual machines adds efficiency

The belief here is generally that you can overcome the first and second myths by running containers inside virtual machines. While you can do this, you won’t actually add efficiency since you lose the density and elasticity of the container system – arguably the two biggest benefits of the technology.

When you run containers in a virtual machine, the final properties are dependent on the hypervisor, which supports less density and is inelastic. Additionally, you add a second layer of virtualisation technology, creating more physical and management overheads and three separate technology layers to manage.

4.   Anything a container can do, a hypervisor can do

In the abstract, this is true because they’re both computing environments. But thinking practically, if you give hypervisors and containers similar density and elasticity, you strip down the guest and host of a hypervisor to a point where they become mere shells of themselves. And even after doing this, you still don’t have the granular and just-enough virtualization properties of containers. It’s a bit like beating a square peg into a round hole; with a big enough hammer you can do it, but it may not be the best way of achieving the desired outcome.

5.   A container is a container

With all of the hype lately about containers, it’s not surprising that there’s a lot of misinformation being communicated about the technology. Perhaps the best example is how often we hear the phrase “Docker containers”. The truth is – Docker itself is not a container. It is making strides in helping the technology reach a broader audience, but Docker is actually an application packaging and transport system. It relies on the just-enough virtualisation properties of containers to function.

There will always be people willing to compromise on density, elasticity and granularity to ensure that hypervisors are used for specific workloads. However, there are a growing number of use cases that call for mixed environments. And while both technologies have their place, containers are making strides to unseat hypervisors as the dominant virtualisation technology because they can go places, and do things that hypervisors are just not able to. 

  • Pavel Ershov is regional vice president and general manager, Service Providers Business, Parallels Asia Pacific.