Microservices can start up and shut down quickly, and compute, memory, and other resources can scale independently, experts say.
Containers and microservices can improve IT operations through faster application provisioning, improved operating system and application patching, better resource utilization, better application mobility, fewer operating systems to manage, and greater workload visibility. According to the whitepaper, Cisco is creating an Intercloud of container and microservices in a cloud native and hybrid continuous integration/continuous deployment models across OpenStack, VMware, and public clouds.
Cisco is also looking at using Linux containers in Fog Computing – cloud computing distributed farther out to the edge – a key delivery mechanism for its Internet of Everything initiative.
Linux containers can be used in place of a CLI to help applications configure network resources automatically, or give application developers access to network state, topology, VM port group and performance information for configuration management. This is key selecting the appropriate VLAN, opening ports, configuring load balancing, setting up port security through ACLs, and applying QoS and other network policies.
When a new containerized application is placed in production, the network should recognize the application requirements and apply them.
Cisco’s Nexus 9000 switching line, which runs under NX-OS, offers LXC as a way to program network forwarding tables. This is designed to give developers a greater amount of control over forwarding constructs and be able to directly command control over the switch’s forwarding logic, according to literature on the Cisco web site.
NX-OS also offers Cisco’s onePK development environment and its OpenFlow extensions as ways to program forwarding tables.
Widespread adoption of containers in the enterprise, as is the case with practically any bleeding edge technology, will lag behind service provider deployment and proven use cases, Cisco and Red Hat say. There are still some hurdles to overcome however, particularly in the area of security.
There are a few efforts underway to address kernel exploits at the host operating system level that affect all containers on the host. Vendors are improving techniques like mandatory access control to protect the host and containers from untrusted container processes.
The libseccomp Project, for example, eliminates syscalls to prevent a hacked container from compromising the kernel.
Vendors are also working to create frameworks for managing container images and orchestrating the container lifecycle. But this work will need to identify just one or a few of these frameworks to encourage container adoption, Cisco and Red Hat say.
One such framework is Docker’s libnetwork, which Cisco supports and contributes to, along with IBM, Joyent, Microsoft, Rancher, VMware and Weave. The Docker framework is a multi-platform library and Container Network Model for networking and porting distributed, container-based applications across multiple platforms.
Sign up for Computerworld eNewsletters.