BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
With trends like microservices and containers converging to create a tantalizing array of opportunities for better architecture, enterprises are faced with many decisions about how to future-prep their application portfolios. This exercise has led to a lot of soul-searching on the part of CIOs, CSOs and DevOps teams. While there are certainly many benefits being presented, substantial hurdles remain. Here are a few areas where a shift in mindset, along with the emergence of clearer answers, will go a long way toward smoothing the path for the enterprise.
Container security is still a black box
There appears to be a significant lack of communication between the development community and the business community when it comes to the perceived weaknesses of container technology. Anthony Bettini, founder and CEO of FlawCheck, based in San Francisco, said CSOs aren't buying in because they don't have enough good information. "IT security wants to know what containerization is and if it is safe. Developers don't have good answers." Bettini mentioned many recent surveys that showed more than 50% of enterprises stated security issues surrounding containerization as their main area of concern.
His own company recently dug deeper to reveal the real issue at hand. "Isolation is the security topic that gets the most attention in the developer community. But it's not isolation that is the sticking point for the enterprise decision makers; it is concerns about vulnerability and malware within the container. This is what is holding enterprises back," Bettini said. In fact, isolation was only a concern for about 16% of organizations surveyed, while vulnerability and malware ranked at a whopping 42%.
Cryptography and implementation weaknesses due to design flaws are a couple of the areas that could be exploited, and Bettini said it is only a matter of time before hackers start targeting Docker and container technology. When enterprises see these concerns addressed effectively in the design stage, they are more likely to allow developers to actually deploy container-based processes into a production environment.
Change requires a shift in perspective
Peter Lawrey, CEO at Higher Frequency Trading Ltd, speaking at QCon about financial trading systems, pointed out some sectors in the enterprise space simply aren't seeing the available opportunities because they are so focused on their core software.
"The software driving value for the financial sector, such as trading, is often highly customized. It is created for low latency and high performance and needs to be very fast. But that doesn't mean every piece of software in the organization requires the same blazing speed," Lawrey said. "The truth is that there are a lot of tools and functionality like build, deployment, management and monitoring that don't need to be extremely fast. These are common across software packages and don't require customization. Only a portion of your code, say 10% 20%, needs to be tuned to death."
If the enterprise is willing to start making changes around the periphery, there is the opportunity to make substantial gains at low risk. And this can be accomplished without abandoning any best practices. In fact, microservices may have the ability to provide better alignment. "With microservices, you are bringing together best practices that have been around for a long time. In fact, banks are using many of these techniques already. By rebranding or taking a different view on things, they can see this and realize where the quick wins are," Lawrey said. Revamping methodology rather than simply looking at a piece of software as a solution is the key. Focusing on the principles and the process enables slow adopters to make incremental changes without necessarily investing in newer products.
Testing must keep pace with continuous delivery
Arun GuptaJava Champion and vice president of developer advocacy at Couchbase
Alon Girmonsky, CEO of BlazeMeter, based in Mountain View, Calif., pointed out creating a more modular architecture with microservices and containers comes with its own challenges. Instead of transitioning code to a staging environment once per product lifecycle, testing is occurring all the time. "Now, you have perhaps a hundred developers in an organization each committing code two or three times a day. Every time, a container is launched and tests are being run. And when you have a set of microservices, you have to test each and every one of them. You must have testing infrastructure that can live within a container," Girmonsky said.
More tests and more frequent testing make full automation and easy monitoring essential. Knowing what good performance looks like in a containerized world and how to model the architecture in an understandable way will be important steps in making technologies like Docker ready for full-scale adoption in production.
Breaking down the monolith requires a holistic approach
Of course, DevOps is struggling with this new reality as well. Arun Gupta, Java champion and vice president of developer advocacy at Couchbase, based in San Francisco, said this disruptive technology could actually bring dev and ops even closer together. "It actually reduces the disconnect between development and staging. Right now, you may have something that works on a laptop, but fails in ops. It's not uncommon for development to say, 'That's not my problem. Ops has to fix it.' But with Docker's 'run anywhere' approach, the solution is baked in from development through testing, staging and production," Gupta said.
In the end, everything from security and performance to deployment and management comes down to taking a more forward-thinking approach during the design stage. As developers get better at uncovering and addressing the real concerns of security and operations, the pace of adoption for container technology and microservices can finally pick up speed and bring a new architecture to maturity for the enterprise.
Container-as-a-service Docker deployment eases DevOps pain
What is the key to IBM's container strategy?
Revolutionize desktop OS with Docker tools