INDUSTRY WATCH
application containers to be transferred
in any way between the on-premise data
centre and one or more public clouds.
At present, only a small number of users
have implemented this cross-data centre
and cross-cloud architecture. Many more
look set to follow soon, however.
2. Lifecycle management
Andreas Neeb, Chief Architect
Financial Services Vertical
at Red Hat
concept, which is based on interlinking
development and IT operations.
Container scheduling is required to make
the transition from the development
stage into live operation. Among
other things, this looks at how the
containers are distributed across target
infrastructures and what resources
are available to them on the systems
in place. These may be servers in an
on-premise data centre, but also servers
in a public cloud or even several public
clouds such as Amazon Web Services,
Google Cloud, and Microsoft Azure. The
aim of container scheduling is to ensure
that containers can optimally utilise the
available computing resources such as
processing power, memory, SSDs, and
hard drive and network capacities.
Businesses that develop container
applications very often plan for such
applications to run in a public cloud,
if not immediately then at least at a
later date. In this respect, developers
are harnessing the advantages of
containers, which abstract from the
underlying infrastructure. This means
it is irrelevant for the container where
it runs β whether directly on a server,
in a virtualised environment, or in a
public cloud. As a result, the container
management solution must allow
72
INTELLIGENTCIO
A container management solution
should not only start containers and
ensure optimised resource utilisation
β which is the job of container
scheduling. It should also monitor
proper operation, identify and fix
malfunctions at an early stage, and
ensure availability. This also includes
restarting a container that has stopped
running for whatever reason on the
current server or moving it if necessary
to another server in the on-premise
data centre on in a public cloud.
To this end, a developer can also
supply a simple test, for example,
which performs an external check
to determine whether the container
is working properly. The container
management solution receives this
test as an input parameter and
can then check at predetermined
intervals whether the container is still
performing its service as intended.
Also very useful at this stage are
functions for a more comprehensive
health check of containers, the
implementation of which developers
can integrate directly into their
application in the form of APIs. This
is possible, for example, using API
management software, which enables
infrastructure administrators to manage
the application container lifecycle from
provisioning and configuration through
to software management.
Where the APIs are integrated directly
into a container application platform
and therefore also into a management
solution, and outside access is
blocked, regulatory and compliance
requirements can also be achieved using
this configuration.
3. Security
βIN MANY
CASES
CONTAINER
NATIVE
STORAGE IS
MORE COST-
EFFECTIVE
THAN
TRADITIONAL
HARDWARE-
BASED OR PURE
CLOUD-BASED
STORAGE
SOLUTIONS.β
As application containers become
increasingly prevalent in businesses, this
poses specific IT security challenges.
To address these, basic security
measures need to be implemented as
part of container management. The
aim here is to ensure the security of
container images and container content
throughout the entire application
lifecycle. When creating container
images, it is important, for example,
that only trustworthy content is used,
that the origin of all components
and libraries in container images can
be readily determined, that isolated
environments are used, and that regular
security scans are performed.
From the outset, role and rights
management for containers must
be in place, which is embedded in a
container management solution. The
container management tool can, in
this case, use the LDAP-based solutions
already in place in an enterprise.
www.intelligentcio.com