Advanced Computing in the Age of AI | Monday, July 22, 2024

Container Push Refocuses on Trusted Platforms 

Red Hat, among the most vigorous proponents of delivering applications via Linux containers, acknowledges that enterprise adoption of container technology hinges on trusting the platform. Only then would true portability of applications be achieved and, with it, greater use of container technologies like Docker in production environments.

Red Hat described its vision for working out the security and support kinks in container platforms in a blog post this week. Company executives argued that the keys to building trust in the application-deliver platform center on container content and security along with lifecycle support. Despite all the noise and heavy investment in container technology, the open-source specialist maintains little attention has been paid to these issues.

"It seems like there is a new entrant into the container space every time we turn around as containers quickly move into the mainstream," wrote Matt Hicks, senior director of OpenShift engineering at Red Hat. "Unfortunately, answering questions about security and lifecycle support are not questions every vendor is prepared or equipped to answer as they jump to take advantage of consumer hype."

While promoting its own versions of Linux, the open source giant is advocating a Linux operating system for both host and application runtimes inside Linux containers. Moreover, it should be optimized for the host OS. Not coincidently, that's mostly what Red Hat Enterprise Linux Atomic Host is designed to do.

RHEL Atomic Host along with CoreOS and a new entrant, VMware's Photon project unveiled this week to help run "cloud-native" applications, all focus on delivering a lightweight runtime environment while addressing emerging security and lifecycle issues. "Given that this core runtime environment forms the foundation of a container-based deployment, rock-solid, trusted security for mission critical workloads is essential," Hicks stressed.

Red Hat further asserts that secure container applications are mostly defined by the software running in containers. Hence, Atomic Host provides application runtimes along with tools to spot and patch security vulnerabilities.

Meanwhile, CoreOS and a handful of other lightweight container specialists are addressing the lifecycle issue through future update models and more consistent ways to deliver updates to hosts, Hicks noted.

Meanwhile, VMware's open-source Photon project aims to help customers build, run and manage secure cloud applications. VMware said Photon would support most Linux container formats, including Docker, along with lightweight footprint (about 300 MB) for running containers. It also promised smooth migration of container workloads from development to production—a key feature as container deployment lags behind current hype—along with vSphere security, management and orchestration of container technology.

VMware said it launched Photon after developing integrations using several container approaches along with Linux distributions. After delivering on those initial projects, "we recognized the need to expand our customers’ capabilities for developing and running cloud-native apps," the company said in announcing Photon.

"Our customers let us know they wanted to take advantage of new technologies such as containers that allow them to easily package their applications as well as scale them in real-time, so we aimed to provide easy portability of containerized applications between [on-premise] and public cloud."

Photon "reinforces our belief that the operating system is a critical piece of the container equation, and that true Linux container contenders will have a Linux operating system," Red Hat's Hicks asserted. The growing emphasis on container security and lifecycle support will pave the ways for certification programs that "will help containers move from hype to true enterprise adoption."


About the author: George Leopold

George Leopold has written about science and technology for more than 30 years, focusing on electronics and aerospace technology. He previously served as executive editor of Electronic Engineering Times. Leopold is the author of "Calculated Risk: The Supersonic Life and Times of Gus Grissom" (Purdue University Press, 2016).