Showing results for 
Search instead for 
Did you mean: 
Create Post

Keeping It Contained

Level 11

Technology moves fast in today's world. We go from zero to breakneck speed on a new concept before we can even catch a breath. New software enables new business models and those new models drive our understanding of people forward in ways we couldn't imagine before. I can catch a taxi with my phone, perform a DNA analysis from the comfort of my home, and collect all kinds of information about my world with a few clicks. Keeping up gets harder every day.

It's important to recognize new technology that has the potential to change the way IT professionals do their job. Years ago, virtualization changed the server landscape. The way that server administrators performed their duties was forever changed. Now instead of managing huge tracts of hardware, server admins had to focus on the fine details of managing software and resources. Making the software perform became the focus instead of worrying about the details of the server itself.

Today, we're poised to see the same transition in application software. We've spent years telling our IT departments how important it is to isolate workloads. Thanks to virtualization, we transitioned away from loading all of our applications onto huge fast servers and instead moved that software into discreet virtual machines designed to run one or two applications at most. It was a huge shift.

Yet we still find ourselves worried about the implications of running multiple virtual operating systems on top of a server. We've isolated things by creating a bunch of little copies of the kernel running an OS and running them in parallel. It solves many of our problems but creates a few more. Like resource contention and attack surfaces. What is needed is a way to reduce overhead even further.

Containment Facility

That's where containers come into play. Containers are a software construct that run on top of a Linux kernel. They allow us to create isolated instances inside of a single operating system and have those systems running in parallel. It's like a virtual OS instance, but instead of a whole copy of the operating system running in the container it is just the environment itself. It's fast to deploy and easy to restart. If your application service halts or crashes, just destroy the container and restart it. No need to reprovision or rebuild anything. The container admin program takes care of the heavy lifting and your service returns.

Containers have been used in development organizations for some time now to help speed the need to rapidly configure hundreds or thousands of instances to run a single command once or twice. It's a great way to provide huge amounts of test data for code to ensure it will run correctly in a variety of circumstances. Beyond development there are even more uses for containers. Imagine having a huge database application. Rather than building query functions into the app itself, the queries can run as containers that are spun up according to direction as needed and destroyed as soon as the data is returned. This would reduce the memory footprint of the database significantly and off-load some of the most CPU-intensive actions to a short-lived construct.

When application developers start utilizing containers even more, I imagine we will see even more security being built into software. If a process is forked into a container it can be isolated. Containers can be configured to self-destruct when a breach is detected, immediately ejecting the offending party. Data can be contained and communication lines secured to ensure that the larger body of sensitive material can be protected from interception. Applications can even be more responsive to outages and other unforeseen circumstances thanks to rapid reconfiguration of resources on the fly.

Containers are on the verge of impacting our IT world in ways we can't possibly begin to imagine. The state of containers today is where virtualization was a decade ago. In those 10 years, virtualization has supplanted regular server operations. Imagine where containers will be in even just five years?

You owe it to yourself to do some investigative work on containers. And don't forget to check out the Thwack forums where IT professionals just like you talk about their challenges and solutions to interesting problems. Maybe someone has the container solution to a problem you have waiting for you right now!



I can see opportunities in building queries or polling constructs in containers...depending on the started io constraints, it may be better than spinning up multiple powershell instances for many queries. Then if you could remotely fire off a container (for polling on a remote server), it may be cheaper than the current method used with powershell in orion....or if your agent on the remote server fired off the container to perform a now local query.  This would be an extension, hopefully faster and more efficient of what nagios does with their agent...

I see many possibilities.  But I have a nagging feeling there are some pitfalls too...


That was an interesting read. It's not something I'd heard of. And to be honest, I can't see it being implemented anytime soon where I work.

Level 11

Worth noting, containers are also coming to Windows, in Server 2016.

Windows Containers


To be honest, I'm not convinced that containers will dominate enterprise IT in the way that virtualization has. Virtualization addressed a litany of problems that were pervasive in the on-prem data center world: low hardware utilization, space constraints, server mobility, and separating hardware from servers. And while I understand what container tech is aiming for, it feels like a solution in search of a problem. We've kicked it around for a few years now, and aside from the big tech companies that can realize benefits of containerization (for example, Google is rumored to spin up over 1,000,000,000 containers a week), most companies don't have a well-defined need for this technology.

Of course, by committing these thoughts to Thwack, I fully acknowledge that I'll be wrong in a year or two. But at this point in time, containers are the HoloLens of enterprise tech: yeah, it's cool and all. But really? I mean, really.

Well considering that we are just now upgrading to 2012...It will be many moons for us before 2016.

Sounds cool though.



MVP​ I heard if you know someone in WSS you may can get a 2016 test server.

Nice read. I will definitely be looking in to these "containers".

While we're on the virtual topic, what happened to virtualizing applications? It seems like our desktop guys played with it for a few minutes and then let it go. Is anyone running virtual apps out there?

I'll dare to cast a slightly negative parallel: containers scaled to larger sizes, and applied to the business hierarchy, end up being potential problems. 

While we each become experts with the small containers we create or work with, we lose insight into the containers created or maintained by others. 

Now size that concept up and you're looking at corporate silos that have their own separate experts and that do not promote information sharing between those who support them.

They're a good way to create efficiency and easily duplicated tasks and management items.  Take care not to get so wrapped up in the tree's branches and twigs that you lose sight of your forest.

I like the idea of containers but sometimes organizations get so involved in "Container Management" it is nearly impossible to get anything does with out a list of signatures, hours of boards, and weeks of delay.  To make some easy changes will take 15 minutes, but the time spent getting ready to make changes to the contain seems almost counter productive. 

Management and Change Control will need to be developed to deal with the onset of Container-ville.

Level 11

Not in to developing and had not heard about containers.  Something worth investigating and learning more. 

Level 14

I can say that I like the security concepts of containers, if they pan out.

I've been reading about containers for what seems to be like 2 years now. There is plenty of buzz around this technology but I can't say I have shook hands of anyone who has it in place. I have no official position on containers as of yet, but as a IT Business Continuity Professional I am intrigued.

Right now, in my little world... I see containers as I do IPv6. "Powerful technology that opens the doors for a lot of opportunity, but the juice may not be worth the squeeze just yet!"

Level 21

While we may both be wrong, I have a tendency to want to agree with you on this _stump​.  At the very best I see it being narrow spectrum of organizations.

Level 21

network defender​ the security bit is the part I find most intriguing as well. 

About the Author
A nerd that happens to live and breathe networking of all kinds. Also known to dip into voice, security, wireless, and servers from time to time. Warning - snark abounds.