Software container infrastructure, such as Linux Containers (LXC), is fast becoming a core facilitator of the DevOps revolution and agile development in general.
Containers are lightweight and fast, and they can help developers keep up in today’s fast-paced software development and release environment.
An application architecture based on Linux Containers not only requires the tools to build and run containers, but also an underlying foundation that is secure, reliable, and enterprise-grade, with an established lifecycle designed to meet the ongoing requirements of an enterprise developer over the long term.
These requirements include mitigation of security concerns, ongoing product enhancements, proactive diagnostics, and access to support.
“For all of its convenience, Linux-based container technology, and the container management tools that make use of it, such as Docker, have certain limitations and questions around things like security, content,” says Colin McCabe, director, consulting and training, Red Hat.
“Fortunately, many of these can be addressed with the right approach.”
Going forward, Red Hat recommends three things developers need to keep in mind when using the Linux Containers virtualisation method, and the container technology that makes use of it:
1. Secure your containers
In the enterprise, the security of containerised applications is primarily defined by the software running inside containers.
“This means that containers should be treated like any other shippable media,” McCabe adds. “This often involves securing the containers using strong encryption and ensuring that access is restricted.”
Meanwhile, McCabe believes the underlying operating system can also provide the operational tools to detect, find and patch security vulnerabilities before they can disrupt operations.
“Security is always evolving, so without the ability to respond and resolve security issues efficiently, the system as a whole can be exposed beyond the single container or host being vulnerable,” McCabe adds.
2. Ensure your destinations are enterprise grade
Delivering Linux-based containers successfully generally requires both a Linux operating system for the host, and application runtimes inside containers optimised for the host operating systems.
“This underlying operating system supporting the containers needs to be of an enterprise grade for supportability as well as security, regardless of the destination,” McCabe adds.
3. Don’t get caught out
For McCabe, containers offer a great deal of flexibility, but it’s important to choose a completely open view of deployment options.
“Developers should try not to get caught up in a proprietary destination or toolset, otherwise you may find your containers locked out of future destinations,” McCabe adds.
“At the same time, it is important to make sure the infrastructure used is issued by a vendor that will support and provide updates, such as security patches, and make sure that container-to-host operating system compatibility is maintained.”