In this keynote from Deltaware Data Solutions' 2016 Emerging Technology Summit, Stephen Foskett gives essential background on the emerging trend of containerization of enterprise applications. What are containers and how will they affect enterprise IT? Why is Docker so important? Foskett addresses both the technical and architectural questions, discussing which applications will be containerized, the benefits and costs, and what it means for IT operations.

1. What’s the Deal with Containers,
Anyway?
Stephen Foskett
stephen@fosketts.net
@SFoskett
© Foskett Services
1

2. Stephen Foskett
is the organizer of Tech Field Day,
proprietor of Gestalt IT,
strangely interested in storage,
baseball believer,
all-around nerd, car nut,
Microsoft MVP and VMware vExpert,
former first-chair bass clarinet player and punk rock frontman,
obsessive about lightbulbs, lover of a good Manhattan,
watch blogger, Apple blogger, vegetarian blogger,
dad to three kids with anagram names,
grammar obsessive, avid reader,
King of the Andals and the First Men,
humanist, frequent traveler,
and (apparently) lover of his own voice
© Foskett Services 2

3. Contain Yourself!
• Containers are everywhere suddenly
• What’s the deal?
• Why now?
© Foskett Services 3

4. What is a Container, Anyway?
• A container is an
operating system user
space that:
▫ Is contained: Has strict
boundaries; limited
libraries and tools
▫ Contains an
application: Custom-
designed to run a
specific application
• Operating System-level
virtualization
© Foskett Services 4

5. The OS Stack
• System Space
▫ Kernel (device
management, memory
management)
▫ Device Drivers
(storage, networking,
video)
• User Space
▫ Libraries and resources
▫ Utilities
▫ Applications
© Foskett Services 5

6. Entering User Space
• GNU/Linux: GNU is user-space, Linux is system
space
• Citrix WinFrame/Microsoft Terminal Services:
Multiple user spaces
• Linux control groups (cgroups) manages
multiple user spaces
© Foskett Services 6

7. Container History
• UNIX v7 Chroot (1979)
• Citrix WinFrame/Microsoft Terminal Services
(1995)
• FreeBSD Jails (2000)
• Linux-VServer (2001)
• Solaris Containers/Zones (2004) (AIX/HP-UX
later)
• OpenVZ/Virtuozzo (2005)
• Linux Containers/LXC (2008)
• Docker (2013)
© Foskett Services 7

8. What Docker Got Right
• Developer focus
▫ Modern tools, friendly configuration,
API’s/integration
• Docker Hub
▫ “App store”
• Easy storage
▫ Layered storage
▫ AUFS/OverlayFS
• Openness and extensibility (eventually)
▫ Networking and storage
• Coopetition/Cooption
▫ Swarm
© Foskett Services 8

9. How Docker Works
© Foskett Services 9

10. Images and Containers
• An image is a filesystem and runtime
parameters
• You run an image and it becomes a container
© Foskett Services 10

11. Best Practices
• Simple images
▫ Only the libraries and utilities you need
▫ Minimize the number of layers (usability and
performance)
• Simple containers
▫ One application per container (one process on
Linux!)
▫ Multi-container applications are cool!
▫ Active storage in external volumes
© Foskett Services 11

12. Dockerfiles
• Dockerfile
▫ Describes a docker instance in standard terms
▫ Typically based on an existing image
▫ Usually includes specific application installs (apt-
get or yum)
▫ Run a command
▫ Create an image and store it in the Hub
• Docker Compose
▫ Describes a multi-container application instance
▫ Ports, volumes, configuration variables
© Foskett Services 12

13. Layered Storage
• Most Docker images have 3-5 layers of storage
• Like tracing paper – writes only hit the top layer
• Copy-on-write is a core Docker value
• “Content-addressable” hash-based storage since
1.10
• Focused on capacity optimization and fast
startup
© Foskett Services 13

14. Docker Storage Options
• Union Filesystems:
▫ AUFS
▫ OverlayFS
• Snapshot-Based:
▫ Devicemapper (LVM block storage)
▫ Btrfs
▫ ZFS
• Pluggable storage drivers
© Foskett Services 14

15. Docker Data Volume Storage
• Docker containers can use external(ish) storage
as a “Data Volume”
▫ Mounting a directory inside a container
▫ No copy-on-write or layers
▫ Can be external storage (SAN/NAS)
© Foskett Services 15

16. Docker Data Volume Containers
• Can also create “Data Volume Containers”
▫ A regular Docker container with data volumes
▫ Shares data volumes with other containers
▫ Like a file server but in Docker
© Foskett Services 16

17. Persistence
• Docker’s approach is for containers not to be
persistent
▫ “Cattle” approach - start up additional
containers based on the same image
▫ No mobility - kill containers and start new ones
elsewhere
• But container data is persistent (until you rm
it)
• Proper data persistence requires data volumes
or a data volume container
© Foskett Services 17

18. Internal Networking
• Docker Engine networking is extremely simple
▫ Bridge network to containers
▫ Built-in DNS server
• Overlay networks
▫ Key-value store
▫ 802.1q VLANs
▫ VXLAN in Swarm
• Network plugins
© Foskett Services 18

19. External Networking
• Network Port Mapping to local host
• Routing: Ip_forward/iptables
© Foskett Services 19

20. Docker Swarm Mode
• Integrated clustering
▫ Automatic clustering and management
▫ Decentralized design
▫ Scaling (up and down)
▫ Overlay networking
▫ Rolling updates
• Docker is late to the party (Kubernetes, Mesos)
but made scale-out applications incredibly easy
© Foskett Services 20

21. What Can We Do with
Containers?
© Foskett Services 21

22. Consistent Application Environment
One application per container;
one container per application
• Probably the most-overlooked aspect of Docker
• Never again worry about OS level, patches,
incompatible applications and utilities
• Never any "competition" from other
applications
© Foskett Services 22

23. Security
• Many security issues come from unused utilities
and application components
• Escalation of privileges affects the entire
system
But…
• Containerized applications shouldn't have many
unused utilities
• Nothing else running means nothing else to
infect
© Foskett Services 23

24. Scalable Application Platforms
• Scaling applications is incredibly difficult,
especially once you get past the single-server
barrier
• It's still difficult with containers but containers
make it so easy that developers might finally
create segmented/containerized scalable
applications!
• Imagine "worker" tasks in containers
contributing to a decentralized, scalable whole
© Foskett Services 24

25. The Future is Containerized!
• Containerized applications have many benefits
• Developers love containers (especially Docker!)
• Microsoft loves containers and cloud
• Many benefits for Devs and Ops alike!
© Foskett Services 25

26. Thank You!
Stephen Foskett
stephen@fosketts.net
twitter.com/sfoskett
blog.fosketts.net
TechFieldDay.com
26