Running containerized applications securely in production
Research shows that 46% of deployed containers run for one hour and 27% run for about five minutes. In such a fast-paced, disposable computing environment, cloud operators struggle to keep their workloads and container environments under control. Giuseppe de Candia explains how to take the chaos out of these short-lived computing engines and the security implications to consider along the way.
|Running containerized applications securely in production
|O’Reilly Software Architecture Conference
|Engineering the Future of Software
|San Francisco, California
|November 14-16, 2016
A recent study by New Relic shows that 46% of deployed containers run for one hour and 27% run for about five minutes—talk about short lived. In such a fast-paced, disposable computing environment, cloud operators have a difficult time dealing with workloads and keeping the container environment from turning into unmanageable chaos. Today, more and more applications are being packaged into containers and deployed in microservices architecture. Containerization and microservices go in hand in hand. When applications are scaled out across multiple host systems to keep up with growing demands, the ability to manage each host system and abstract away the complexity of the underlying platform becomes attractive. At a macro level, being able to provide a seamless network for multicloud (say on-premises private with a public cloud) becomes imperative. Cloud operators must consider how to schedule containers to prevent resource contention, how to implement container isolation to ensure security containment (in case of a breach), what it means to network containers together, what it means for provisioning, load balancing, and availability, and how to perform analysis and troubleshooting of containers in spite of the short life span. However, the downside of networking in microservices architecture is that it often creates more components to manage and more endpoints to secure. Thus, keeping configurations consistent and maintaining security policies becomes even more challenging than it already is. This is where advanced schedulers and network virtualization come into play. Advanced scheduling technologies, such as Kubernetes, allow much more control over the containers running on the infrastructure. Containers can be labeled, grouped, and given their own subnet for communication. Giuseppe de Candia explains how to take the chaos out of these short-lived computing engines and the security implications to consider along the way. Topics include: