Containers are usually associated with smaller companies and start-ups on the bleeding edge of technology running distributed Linux applications at massive scale while deploying to production multiple times a day. Although that is still a popular use case, containers have made great strides in becoming more enterprise and Microsoft friendly. There is some evidence that large companies are adopting containers at a greater rate, for example the following research from DataDog (https://www.datadoghq.com/docker-adoption/). This trend makes sense since larger environments will see a greater saving on resource usage compared to smaller environments.
The next sections will describe a brief summary for the benefits, maturity, the challenges and risks associated with Containers for consideration.
Firstly, let’s have a look at the benefits of using containers to see why enterprises would even consider using containers.
- Containers are much smaller than virtual machines, launch much faster and are quick to create.
- Quickly creating or destroying containers as load changes leads to increased application density as opposed to virtual machines that are left running and consuming resources.
- Container platforms come with a rich API, Docker being the most popular and can be fully automated. Coupled with their speed and integration with source control management they are ideal for DevOps to speed up deployment cycles.
- Containerised applications help to create consistent environments by deploying the same container to different environments albeit with different application configurations.
Compared to traditional users of containers, enterprises have different requirements for their applications and containers. Enterprises have a greater focus on security, risk aversion, data protection and maintaining monolithic applications. A large number of enterprises are primarily Microsoft environments, which traditionally have put containers out of their reach.
To highlight the contrast in resource usage between containers and virtual machines the table below compares a Windows 2016 virtual machine and an ASP.NET Core container.
Recently there were significant steps forward in the maturity of container technology making them more suitable for enterprise customers and Microsoft environments.
- With the addition of Windows Server Containers in Server 2016 and full Docker support containers are not confined to Linux anymore. Container orchestration frameworks like Kubernetes now supports Windows containers as well.
- Microservice architecture became very popular as means to reduce development complexity and enabling application scaling. A distributed architecture like microservices is especially suitable for containers since each service can run in its own container. The Microsoft .NET Core framework makes it easier to implement microservice architectures using ASP.NET by decoupling web applications and services from Internet Information Services.
- Cloud hosted container services like Azure Container Services enable customers to host Windows and Linux containers without standing up hosting infrastructure on premise. It also provides a private registry to store container images securely.
- Resource orchestrators like Azure Service Fabric also supports containers, enabling dynamically scalable and resilient container applications running on Windows Server.
Challenges and Risks
Moving to a containerised environment is not without challenges and risks.
- Most enterprises still have a large contingent of monolithic applications and most of them cannot easily be containerised due to their architecture or programming language. Greenfield projects using newer programming languages and microservice architecture are much better suited to containerisation.
- Developers and administrators must be trained in the use of containers. Containers are not a specifically difficult technology to master but it does require a change in the way applications are architected, developed and deployed.
- Containers do not offer the same level of isolation between applications as virtual machines do and security vendors have not fully caught up with the use of containers. Public container images can contain vulnerabilities or even worse malicious software. For enterprise users it is advised to thoroughly scan images and approved images should be placed in a private image registry.
- There is also the issue of data retention, if containers are destroyed, application data must be retained somehow.
Since containers can be created with little effort it can lead to container sprawl with potentially sensitive data in the containers spread across your environment. Container orchestrations like Kubernetes can assist in the control and management of containers.