Taking advantage of containers
- By Sanjeev Pulapaka, Munish Satia
The government is often unable to mirror the private sector’s efficient use of technology resources. One key reason is the government’s tendency to operate in silos, with different teams for IT development, infrastructure and operations. This problem is more prominent in government because public agencies separate responsibilities to avoid risk. Perhaps that same risk aversion causes agencies to avoid adopting newer, leaner processes for fear of compromising security, traceability and accountability.
That risk aversion and those silos can be resolved using a technological innovation called a container. Containers make it possible for agencies to invest in automated, efficient DevOps processes without sacrificing traceability, accountability or security. Perhaps even more important, containerization and a microservices architecture can be used together to permit efficient upgrades and the addition or substitution of features, potentially avoiding the need for expensive replacement of an entire system when a federal agency is assigned a new or changed mission.
There are some challenges, however, to adopting containerization. We have identified the four most significant challenges and have suggested best practices to help agencies overcome each.
What is containerization and what are its benefits?
Containerization is an approach that bundles applications as well as their dependencies into a software package called a container image. This image is executed as a container process (or, more simply, a container) running on a special software engine that interfaces between the container and the operating system. Containers can be moved easily between environments and operating systems/platforms, but once a container image is created, it cannot be changed. New containers can be added to an existing system or used to replace an outdated container. The figure below illustrates an executing container.
A software developer can create an image of tested software that can be moved easily without having to install and configure the dependencies specifically for each environment. This makes it efficient to migrate applications from one environment to another, from development to quality assurance to production or from in-house to the cloud, while ensuring traceability via the immutable nature of the container.
Containers have four distinct advantages that, taken together, provide significantly increased efficiency. They:
- Reduce the need for duplicate operating system code.
- Provide faster spin-up/launch of applications (seconds versus minutes).
- Consume orders-of-magnitude less capacity (megabytes versus gigabytes).
- Can be executed on shared virtual machines or stand-alone, physical “bare metal” servers.
Challenges to overcome
Containerization works particularly well in a multivendor environment because it provides increased portability and traceability. However, the technology introduces fresh challenges for government organizations, including:
Monolithic architecture and legacy technology. Many older technologies (Oracle Forms, Microsoft .NET) are not effectively compatible with containerization. The designs and architecture of some of these applications are monolithic and do not allow easy separation of the application into independent modules suitable for containerization. Furthermore, containerization could increase production problems because of the limited flexibility and scalability of the application.
Infrastructure constraints. Implementation of a containerized ecosystem for a large program could call for hundreds of thousands of containers. The sheer number and resulting complexity could increase risks that a security attack might succeed. It also increases the amount of network traffic, potentially degrading performance. Troubleshooting applications and diagnosing a problem among the vast number of containers can be a challenge.
Lack of streamlined processes. In government organizations, development and operations teams often work separately and use separate environments. Although many development teams in government use an agile approach, most operations teams do not. Thus, their processes don’t support continuous container-based handoffs and deployments. Consequently, resolving conflicts and quality issues can be delayed, offsetting the efficiency gains from containerization.
Organizational culture and knowledge. One of the biggest challenges in working with containers is a lack of staff knowledge about the technology. Other challenges are the culture and structure of teams. With containerization, developers deploy software while infrastructure teams mainly set up and maintain environments. Traditionally organized IT teams might not transition effectively to these new roles.
Before adopting containerization, agencies should first determine the results they are seeking and understand the changes the technology will bring. An initial effort should study the existing environment, present technology options to stakeholders, define a strategy and implementation plan, and test the selected technology. To inform that strategy and implementation plan, we’ve identified four best practices to overcome the challenges identified above:
Migrate to a microservices architecture. Government agencies should adopt a microservices architecture for migrating from any monolithic system structure to a modularized application architecture with modern technology. A microservices architecture approach to application development breaks an application into simple, well-defined modules that are not dependent on one another. The mutually independent nature of each microservice provides an excellent set of building blocks for containerization.
Set up the infrastructure required for container operations. The type of container and associated developer tools are among the first decisions that need to be made. The table below shows types of technologies and specific example tools. Agencies can select tools individually or adopt them as a cloud-based group called a containers-as-a-service platform. Common CaaS platforms include Amazon ECS, Red Hat OpenShift, Apcera and Google Compute Engine.
Types of container technologies and sample tools
Change development and operations processes. Containerization allows development teams to package all their code and necessary dependencies in one container and then automatically deploy that container across multiple environments (e.g., development, quality control and production), either on-premises or in the cloud. Consequently, the time spent installing and configuring dependencies is eliminated, dramatically reducing deployment time and increasing efficiency. (For more information, see “DevOps in the Federal Sector.”) Containerization also requires a new deployment process, depicted below.
Process for deploying applications using containers
Manage organizational impacts. Agencies should understand that adopting microservices and containerization is a journey that requires careful nurturing and support. Teams should be ready to think and operate differently by adopting an agile and continuous deployment mindset.
Despite its relative novelty, containerization is rapidly changing the technology landscape, and government agencies should seriously examine the technology sooner rather than later to take advantage of the benefits it offers. These benefits primarily include:
- Faster deployment of new applications.
- The ability to change or add one feature to an application without redesigning or replacing the whole application (when containerization is combined with a well-designed microservices architecture).
- Lower costs and risks associated with multiple computing environments.
Those benefits are particularly important to government agencies because laws and policies tend to change frequently, one facet at a time, while the government’s monolithic technology tends to be much less flexible and more expensive to change. Careful planning and investment, aligned with the best practices discussed in this article, will position agencies to use containerization in their mission to efficiently and effectively serve the American public.
Sanjeev Pulapaka is a solution architect at REI Systems.
Munish Satia is a senior technical architect at REI Systems.