In light of the recent Equifax breach, Gene Kim and speakers from the upcoming DevOps Enterprise Summit San Francisco (DOES17) dissected the situation and discussed the technical leadership lessons learned while offering their own expert advice for handling crisis situations. The following are more highlights from the discussion ...
There are many options when it comes to container orchestration platforms and services. Figuring out which one is best for a particular organization’s needs and applications can be a challenge. Which platform for containerization you choose can significantly influence your business success, so the selection process should be carefully considered.
Successful adoption of containers is not a trivial task. Managing them requires a different process and knowledge base, compared with virtual machines. The difference is significant, and many tricks and best practices with VM lifecycle management cannot be applied to containers. Ops teams need to educate themselves on this to avoid costly missteps.
The traditional operations skill set is obsolete when it comes to efficient containerization in the cloud. Cloud providers now mainly deliver management of infrastructure hardware and networks, and Ops teams are requested to make software deployment automation by scripting and using container-oriented tools.
Systems integrators and consulting companies can provide their expertise and maximize the benefits of containers. But if you want an in-house team to manage the whole process, it's time to start building your own expertise – hire experienced DevOps professionals, learn best practices, and create a new knowledge base.
Investing Time and Effort
Don't expect to get containerized structure instantly. Some up-front time must be invested, especially if your architecture needs to be restructured to run microservices. To migrate from VMs for example, monolith applications should be decomposed into small logical pieces distributed among a set of interconnected containers. This requires specific knowledge to accomplish successfully.
In addition, for large organizations, it can be vital to select a solution that handles heterogeneous types of workloads using VMs and containers within one platform, because enterprise-wide container adoption can be a gradual process.
Containerized environments are extremely dynamic, with the ability to change much more quickly than environments in VMs. This agility is a huge container benefit, but it can also be a challenge to achieve the appropriate level of security, while simultaneously enabling the required quick and easy access for developers.
A set of security risks should be considered with containerization:
■ Basic container technology doesn't easily deal with interservice authentication, network configurations, partitions, and other concerns regarding network security when calling internal components inside a microservice application.
■ Using publicly available container templates packaged by untrusted or unknown third parties is risky. Vulnerabilities can be intentionally or unintentionally added to this type of container.
Traditional security approaches should be complemented with continuously enhancing strategies to keep pace with today's dynamic IT environment. A key point here is that a wide choice of tools and orchestration platforms continues to evolve. They offer certified, proven templates, help to secure containers and ease the configuration process.
The IT market now offers a wide choice of solutions for container orchestration, making adoption easier, but skilled hands are required so the benefits can be fully leveraged and unexpected consequences avoided.