It’s trite to say that Linux containers and virtual machines will coexist for a long time, but it’s probably true. The reason is simple: As cool as containers are, some applications run well in virtual machines, and their owners have no reason (yet) to change.
We’re not talking about stodgy old companies, either. Lachlan Evenson, who leads cloud platform engineering at social-media software developer Lithium Technologies, is someone who’s happy to keep his virtual machines running.
“We have processes on VMs that are completely automated,” he said during a Wednesday panel session at Container World.
Containers do provide advantages in developmental speed and in portability — and the Lithium team appreciates that, when it comes to building new applications. But if an application is running perfectly well on a virtual machine, with no need for anything like “agility,” introducing containers seems a pointless risk.
“A lot of people go, ‘Do I have to rip everything out?’ and the answer is no,” Evenson said. “I don’t want the front page saying how containers ruined my life.”
Bait-and-Switch in the Cloud
On the flip side, some enterprises have been tricked into using containers whether they realize it or not, because containers are the norm in public clouds.
“You’d be surprised how many IaaSs, [offering] what you think are virtual machines, are actually running containers,” said James Bottomley, CTO of server virtualization at Odin.
Cloud vendors embraced containers early on, partly because they conserve resources compared to virtual machines. But as Bottomley and Evenson each noted: Prior to the rise of Docker, cloud customers — enterprise developers and IT operators — thought of workloads in terms of virtual machines. Cloud marketing responded accordingly.
Bottomley and David Hunter, chief technologist at Hewlett Packard Enterprise, agreed that containers should eventually win in the application space, driven by waves of new applications. For example, enterprises are getting more obsessed with building apps to mine the data that’s out in the networks and the cloud. “Instead of using IT to just run your business, now people are looking at how to make money out of it,” Hunter said.
Bottomley also suggested there’s a security issue that could tilt enterprises toward containers.
“There are a lot of zero-day bugs that are starting to be found in the operating systems and all of these libraries,” he said. “Somebody has to pull these images apart and find out if they have vulnerabilities,” and the pain of doing that “could be enough that we’ll say, ‘Tear the whole thing down.’ ”
The counter-argument would be that virtual machines tend to be safer than containers because they present less of an attack surface to hackers. Multiple containers can ride on one host’s Linux kernel, meaning anyone hacking into the host might get access to all the containers inside. One way to isolate containers within a host is to pack them into a virtual machine.
Peace of Mind (Not Really)
Containers come with a phony sense of simplicity, Evenson said. They’re certainly simple for the developer. He related the story of setting up a Docker repository and going off to vacation, returning to find the repo stuffed with container images, because they were so easy to create.
But once an application is completed, “it then becomes the infrastructure guy’s problem to have it running in production, and that’s where the handoff is not so clean,” he said.
That’s why so much attention lately has gone toward bringing containers into production environments.
The panel also touched on the lament that no technology can fix: Enterprises and customers want the speed of containers, but that doesn’t mean they like that speed. “They demand all these new features, but then they want them tested for five years,” Bottomley said. The same was true of virtual machines when they first emerged, Hunter pointed out.