The increasing complexity when setting up containers at scale is something that many developers can find challenging. In particular, they may encounter technology gaps such as how to integrate one’s entire developer toolkit and applications together across a multi-platform stack.
In this episode of The New Stack Analysts podcast, we explore how networking and security issues affect enterprises running containers in production, and the issues developers should consider when making containers a part of their infrastructure. The New Stack founder Alex Williams interviewed Vice President, Fellow, and Chief Technology Officer of IBM’s Cloud Platform Jason McGee for our latest EBook series on Container Networking, Security, and Storage.
This conversation may also be heard on YouTube .
With orchestration tools now comingbundled into container platforms such as Docker, the question of how these affect one’s network comes into play. In particular, enterprises connecting their containers to private networks should ensure that their incoming and outgoing traffic does not end up routed over public channels. “Any abstraction that gets introduced, by definition limits what you can do with the network,” McGee noted.
Ideally, it is the aim of IBM to reduce the number of roadblocks to getting set up, streamlining how developers approach working with containers. “I don’t know that there’s technical gaps as much as there’s integration challenges. Customers have a diverse environment. They’re not going to be all running Docker, Kubernetes, or OpenStack. Most applications have to mix or integrate these technologies together,” McGee said.
“These assumptions and abstractions introduce complexity into your lifebecause now you have to figure out how to connect stuff together,” McGee said.
Sponsor Note
Check out IBM Bluemix ― it’s a PaaS that offers native container hosting.
Sponsor Note
Twistlock is an end-to-end security solution that addresses the number one obstacle to adoption of containers. Twistlock enables developers and security operations teams to keep container-based applications safe.
Sponsor Note
Nuage Networks delivers massively scalable and highly programmable Software Defined Networking (SDN) solutions within and across the datacenter and out to the wide area network for large enterprises, web scale companies and cloud service providers.
Sponsor Note
Build a microservices infrastructure with mantl.io
Sponsor Note
Joyent delivers container-native infrastructure, offering organizations high-performance, yet simple public cloud and private cloud software solutions for today’s demanding real-time web and mobile applications.
Sponsor Note
Swarm provides Docker-native clustering/scheduling for running scalable multi-container distributed apps in production on any infrastructure; leveraging APIs that are already familiar to developers.
Further touching on the inclusion of built-in orchestration into the Docker platform , McGee went on to explain that ensuring one’s network is secure to outside traffic should be crucial to developers working with this new feature. McGee thenhighlightedthe ways in which today’s networking methodologies have shifted with the times, noting that rather than having a spec-driven test suite, today’s developers are testing against Swagger files.
It’s these cultural shifts and more which make up the issues facing containers, networking, and container security today. “We’re seeing a shift from infrastructure-centric, to application-centric. Historically, there was an infrastructure team and they controlled how the network, storage, and compute was set up, and the apps were designed to fit into that environment. What we’ve been seeing over a number of years, is that we’re trying to flip the model,” said McGee.
Overall, the challenge of container security remains one which must continually be addressed. McGee noted that some of these issues may stem from developers never considering them the first place. “There’s all these other concerns that most developers don’t think about. They’re not thinking about security, compliance, QOS, and what happens when some application consumes the whole pipe and takes everyone else down? There’s all these deep networking and storage concerns that don’t just go away magically because we’ve switched to an application-centric view.”
Docker is a sponsor of The New Stack.