While enterprises might say they have cloud computing, most are just exploring it. At least that is what one prospective client told me today at his office, perched some 50 floors above Manhattan’s busy streets overlooking the Hudson River and newly constructed Freedom Tower. Many enterprises have cloud pilots or first phase implementations but few have truly adopted cloud computing. I have, however, observed significant changes this year. One of those is a lot of discussion on Docker. I believe that the hype that we see with Docker, which only recently released its version 1.0, signals a transition from cloud exploration to adoption.
The conversation is changing from cost efficiency to time-to-market
As a pre-sales professional, I have talked for years about how cloud benefits both sides of the ledger, improving both cost efficiency and business agility. Cost has been a dominant conversation piece and business driver since the financial market crash of 2008. Opportunities to improve time-to-market, however, have remained a secondary topic and largely aspirational. In the past year, I have observed a lot more interest in enabling developers to improve business agility. Furthermore, not only are my prospects and clients talking about the high-level value of adopting cloud application paradigms but they are also talking about specific solutions like configuration management tools and Platform as a Service. Perhaps the most prevalent topic this year has been Docker.
Docker, Inc. CEO Solomon Hykes says “Docker became popular because it was easy to use on a single node with a single container, which made it easy to use for prototyping and development.” Docker containers allow applications to easily work across environments: development, test, quality assurance and production. They should work whether on a developer laptop or enterprise server. With cloud, an application is supposed to span multiple machines and continue running even if machines are swapped out or moved. Docker solves the problem of packaging applications so they can be moved from machine to machine. In essence, it is a DevOps framework.
What about Virtualization and Security?
In years past, I would often hear comments about how virtualization was cloud. Now I hear people asking if they should use Docker containers instead of virtualization. Container technology has actually been around for over a decade. Docker has just made it easier to use them. What is different about containers from hypervisors is that they do not include a full blow operating system (OS). Instead, they share an OS with a host. Therefore, containers have compelling advantages in that they can be faster and consume fewer resources than hypervisors. It is not just about efficiency either. Benefits include small artifacts, quick deployment and fast startup, e.g. an OS does not need to start for a container to boot. In a nutshell, Docker containers are lightweight isolated environments that are easier and faster to spin up and down than VMs. Containers sound great, right?
Have we forgotten that virtualization has a lot of value too? Virtualization enables a language runtime to work in multiple hardware environments. It allows features like live migration, which is helpful for load balancing and hardware maintenance. With virtualization, one can also run multiple kernels too. Today, it should be noted that virtualization supports more operating systems than Docker containers, most notably Windows.
Perhaps the greatest differentiating value with virtualization when compared to Docker containers is security. A container’s attack surface is the full kernel. Once the kernel is breached, a hacker could control all containers on a system. The hypervisor attack surface is much smaller. Given the security implications, containers are best suited for private development and test environments where security is less critical. Virtualization, or a combination of Docker and VMs, would be more appropriate for production and multi-tenant environments.
Alternatives? Watch for the Emergence of Cloud Operating Systems
What if one could get the advantages of Docker without the limitations of containers? Consider a Cloud OS like OSv, which is still in an alpha release phase. OSv is completely new and is not a Linux distribution. It is designed to run in the cloud, super streamlined to run a single application as a virtual machine. Benefits include: portability, low latency and simplified management.
Early benchmarks show some incredible results. Check out the OSv web site. One benchmark shows memcached handled 20% more requests per second on virtualized OSv than baremetal Linux. How fast they will be compared to a stripped down Linux is yet to be determined but these preliminary results are noteworthy. The emergence of cloud operating systems may show us a glimpse of the future.
Unlike other modern OSes, OSv does not multiplex hardware for different applications and relies in a hypervisor to do that. Applications run in OS’s kernel address space, which is much more efficient. There are other optimizations too, like OSv does not use spin-locks.
A Comparison of Traditional Virtual Machines, Docker and OSv Today
Docker and Cloud OSes are a sign that times are changing. We are at a tipping point, as enterprises transition from cloud exploration to adoption. Docker containers may win over developers who like its ease of use and operations staff who like having a full Linux distribution. Cloud OS’ may shift us to a world of very small, high-density virtual machine (VM) deployments where thousands of VMs run on large servers.
The figure below shows how Docker and OSv simplify an application stack. With Docker, an application can run without a hypervisor using lightweight containers. Of course, one might want to use Docker with virtualization too. With OSv, an application can run on a hypervisor-optimized language runtime without a full-blown OS.