The idea of containers has been around for a long time in various forms on various operating systems. It has been part of the Linux kernel since version 2.6.24 was released in 2008. However, containers did not become mainstream until a couple years ago when Docker was first released in March 2013. Docker introduced container management tools and a packaging format, which made container technologies accessible to developers without Linux kernel expertise. By doing so Docker led the way to making containers mainstream as well as one of the hottest trends in application development and deployment because it simplified the way applications are packaged. While this has big advantages, containers are still early in their lifecycle and lack operational maturity. The ease of use with which Docker images can be created leads to image sprawl, previously seen with VMs, and exacerbates the problem of managing security and compliance of these images. Container environments do not integrate well to existing developer tools, complicating team development due to a lack of staging and versioning for preproduction and production promotion. Also, containers do not integrate with existing monitoring tools, complicating management. However, new tools are being developed targeting Docker as an application delivery format and execution environment by an ever-growing Docker community. Many of the benefits are on the development side of the house, with the promise of DevOps benefits. Running in production can be a different story.
Containers are showing promise as a building block for private and hybrid cloud environments; however, they are still early in their lifecycle and lack operational maturity. Containers often deliver microservices and are spun up and taken down to manage loads, yielding a much smaller lifespan than VMs and creating their own problems—much like VM sprawl early in the lifecycle of modern virtualization. While extremely useful and powerful, container environments need to be managed and this requires better integration to traditional management tools or entirely new management tools. Many startups and established products are working to solve the container management problem.
A recently out of stealth startup, Sysdig, has created an open source container visibility tool. They also have a richer, commercial cloud-based version, Sysdig Cloud, with full monitoring, alerting and dashboards. Sysdig is bringing much needed visibility to the world of containers. The lightweight nature of Sysdig means no agents or other instrumentation junking up containers. EMA recently named Sysdig a Vendor to Watch.
Pace a single Sysdig container on a host and it can discover other containers on that host. All the complexity to manage containers is in the Sysdig container, other containers are untouched. Sysdig achieves this container visibility with a kernel module—sysdig-probe— that uses a name space (the same Linux feature that makes containers possible) to create a small window into each container. The kernel module code is open source and available on GitHub, so it is transparent and can be publicly reviewed for its security characteristics.
If you are planning to utilize containers, be sure to put some thought into how to manage them in production. You should expect to have the same control, visibility, dashboards, analytics and other management tools available with traditional VMs. Running faster and leaner is not better if you are running blind.
