Container Platforms and Best Practices
Junaid Ahmed
Spread the love

Introduction

The cloud is changing how applications are designed and secured. The modern way for developing applications (and to make them cloud-native) is to divide application functionalities into smaller, decentralized services. Application modernization is a need of time for businesses to remain competitive, agile and enabling modern.

Applications developed few years ago are most-likely based on monolithic architecture and become blocker / challenging towards the above goal. Organization embarking on this digital transformation journey, often have to involve in redefining processes, skilling people and modernization of applications as well as sometime introduce short term disruption to business.

However cloud native applications provide huge set of benefits, worth all the hassle mentioned above.

monolithic vs microservices

In this blog we will dive into what role Containers play in this modernization story, some best practices and available options to deploy containers whether on on-premises, cloud hosted Infrastructure and/or managed orchestration platforms.

Why Containerize Apps?

Containers are de-facto approach for application modernization today. Transforming existing applications by containerizing them can immediately bring elasticity, resiliency, speedy deployments and faster delivery.

Following diagram illustrates the high level architecture for a microservices based application, where application’s components are broken into (virtually) independent smaller modules. These modules or services are hosted on containers which run on an orchestration / management platform.

Microservices application architecture

Read more about application modernization and leveraging Kubernetes platform for your containers here.

In case you are wondering about the difference between a container and Kubernetes, refer to my previous blog on demystifying Kubernetes and Containers.

In short, Kubernetes and Containers complement each other.

Kubernetes has become the de facto standard for container scheduling and orchestration. it is the orchestration and management platform which hosts different types of containers. Kubernetes platform is required when you need to run large number (or diversified type) of containers for your organization. Just like a highly available hypervisor platform is required to run numerous VMs.

Features

Containers provide various features and benefits for modern needs, such as:

  1. Small in Size: Containers are small in size and hence not only are easier to deploy but scale as well.
  2. Portability: Containers are packaged instance of application’s code and dependencies, hence these can easily be ported across different platforms. As well as it provide an easier method for developers to rollout their code from dev to test to staging to production environments.
  3. Optimized Resource Utilization: Containers need fewer resources – CPU space and memory. Hence higher density of containers can be deployed on shared infrastructure to avail quick provisioning and deprovisioning etc..
  4. Continuous Integration & Delivery: Containers are ideal for modern development and application norms (DevOps, Microservices, etc.) due to their portability and consistency across platforms.

Benefits to Organization

Containerizing application can offers various benefits to organizations such as:

  • Improvement to the application landscape.
  • Scaling application deployments.
  • Increase application reliability and scalability.
  • Transition from a datacenter to the cloud.
  • Streamlining operations with a consistent hybrid cloud foundation.
  • Leverage CI/CD as an intrinsic aspect of application development.
  • Shorter release cycles and improved product quality by automating testing and IaC.

Which applications should be containerized?

Not every application is suitable for containerization. Each application require a thorough analysis in order to establish the supportability for containers and migration plan.

However on a broad level, following type of applications are candidate for modernization through containers:

  1. Java Applications – single binary/Jar files are easier to convert. Even multiple Java runtimes can be run side-by-side due to container isolation feature.
  2. Available Platform on Containers – Tomcat, Node.js, Drupal, Joomla, and many others are available as Docker containers.
  3. Third-party apps container images – various application vendors offer pre-build image based on containers, which provide an easier, faster and reliable way to deploy application.
  4. Stateless Applications – Most of the web applications (Tomcat, IIS etc.) leveraging backend for storing persistent information are good target.
  5. Stateful Applications – in special cases, stateful applications can also be deployed with the help of third party add-ons. However this is not the case where true value of containers is.

Which applications should not be containerize?

  1. Desktop / Rich GUI based applications
  2. Applications with local persistent data
  3. Applications with different OS kernels in dev & production environment

Approach / Best Practice

  • Application Shortlisting:
    1. Assess, evaluate and shortlist right kind of applications suitable for conversion to microservices architecture.
  • Design / Packaging / Deployment:
    1. Design:
      • Design and build your application (stateless) for resiliency and scalability.
      • Preferably leverage Container-as-a-service options using Kubernetes platform such as Azure AKS, Google GKE, Amazon EKS etc. (carefully evaluate the vendor lock-in which comes as part of it)
      • Kubernetes has become the de facto standard for container scheduling and orchestration. Preferably adopt ‘pure’ open-source Kubernetes, unless you have specialized expert team in-house.
      • Keep the integrations / tools as limited as possible. Remove any unnecessary complexity while designing the platform and application architecture.
      • Work out the enterprise integrations.
      • Package a single app per container (3 containers for PHP-FPM applications)
      • In case of using Docker platform, Optimize for the Docker build cache
    2. Storage:
      • Select a container-compatible storage platform that can deliver required availability, performance and seamlessly integrate with development / DevOps processes.
    3. Networking:
      • Eliminate any manual networking by leveraging network automation capabilities in container orchestration platform.
    4. Images:
      • Keep the image as small as possible
      • Tag your images
      • Use public image, only as the last option.
    5. Security:
      • Secure the container environment (Security must be in-built into DevOps process) to identify vulnerabilities, control images in real time.
      • Scan and secure images for vulnerabilities
    6. Monitoring:
      • Configure thorough monitoring for container and underlying infrastructure to ensure availability, performance and security.
  • Management / Operations:
    • Consider team and human capabilities while choosing the container management/orchestration platform.
    • Properly handle PID 1, signal handling, and zombie processes
    • Integrate container lifecycle management with CICD process. Leverage IaC as much as possible.
    • Stay updated with the platform changes and updates.

Which Container platform is best

While there are various platforms available to deploy and manage containers, following are some of the common options:

Container Engine Solutions

Solution NameLicensing ModelDescription
Docker Community Edition (CE)Open-SourceDocker CE includes the complete Docker platform and is ideal for those just starting to build container applications.

A free, open-source version of Docker, available on the Docker Store. Docker CE can run on the following: 
Mac, Windows 10, CentOS, Debian, Fedora, Ubuntu and Cloud platforms like AWS, Azure, or Google.
Docker Enterprise Edition (EE)LicensedBuilt for business-critical deployments, available in three tiers: 
1. Basic tier: provides support and certification, as well as the Docker platform.
2. Standard tier: provides advanced features for image and container management, role-based access control, and more.
3. Advanced tier: provides all of the above plus continuous vulnerability monitoring and Docker security scanning.
Container Engine Solutions. Courtesy aquasec.com

Container Orchestration Platforms

SolutionLicensing ModelDescription
Kubernetes (K8s)Open sourceAn open-source platform for deploying and managing containerized applications.
Red Hat OpenShiftSupport billed by Red Hat, infrastructure by partnersOpenShift provides a variety of containerization software products based on Red Hat’s open-source software.

OpenShift offers built-in monitoring, consistent security, centralized policy management. It is also compatible with Kubernetes.
VMware Tanzu Application ServiceLicenseVMware Tanzu offers a variety of solutions designed to help you build, run, and manage containerized applications using Kubernetes.

Notable Tanzu solutions include turnkey microservices operations and security, native support for native Windows and .NET, and integration with CI/CD tools.
VMware Tanzu Kubernetes GridLicenseIntegrated Edition is designed to support original Kubernetes (without adding abstraction layers or proprietary extensions) deployment to multi-cloud environments. 

This ensures you can use the native version of Kubernetes CLI.
SUSE CaaS PlatformLicenseAn enterprise-grade solution for container management that simplifies the entire pipeline.

It comes with a wide range of features, including automated lifecycle management.
Orchestration platforms. Courtesy aquasec.com

Container as a Service

SolutionLicensing ModelDescription
Azure Container Service (ACS)Pay per useAzure Container Instances provides a fast and simple option for running containers in Azure. There is no need to manage VMs or adopt higher-level services.
Amazon Elastic Container Service (ECS)Pay per useAmazon Elastic Container Service (ECS) is a cloud-based service utilizing. ECS manages containers and lets you run applications in the AWS cloud without configuring an environment for the deployed code.
Amazon Elastic Kubernetes Services (EKS)Pay per useAmazon Elastic Container Service for Kubernetes (EKS) provides cloud-based container management. EKS natively integrates with Kubernetes.
Amazon FargatePay per useAmazon Fargate lets you o run containers on Amazon Web Services (AWS) without managing the underlying infrastructure.
Azure Kubernetes Service (AKS)Free CaaS service

Pay per use for:
1. Nodes (PAYG or reserve for 1 or 3 years)
2. Uptime SLA per cluster		Azure Kubernetes Service (AKS) is a free container service that simplifies the deployment, management, and operations of Kubernetes as a fully managed Kubernetes container orchestrator service.
Google Kubernetes Engine (GKE)Pay per useGoogle Kubernetes Engine (GKE) is an orchestration and management solution based on the open source version of Kubernetes. 
RancherPay per useRancher is a software stack for developing containerized applications. Rancher provides tools that help address various Kubernetes challenges.
Container as a Service platforms. Courtesy aquasec.com

Conclusion

Containers are de facto approach to modernize the applications using microservices architecture. It require a container engine to deploy containers. There are variety of options available to host the container engines including orchestrators (i.e. Kubernetes) and managed platforms (i.e. AKS, GKE, AKE etc.).

Containerizing applications is also referred as application modernization which requires organization to involve in a basic shift from the traditional approach for development, operations and management of monolithic applications. However it is worth to go through this journey by modernizing applications to cloud. Organizations should be aware of important considerations and best practices while walking up this path.

It is imperative to assess each application thoroughly to identify its suitability and compatibility for being modernized from monolithic architecture to modern microservices architecture using containers. Some application vendors offer pre-build container images that may speed up the whole process.

While designing the modern application design, organizations must not forget about platform, security, monitoring, networking, operations and on-going management. Probably the best way to start is to leverage the Container as a Service offerings from public clouds such as Azure AKS, Amazon AKE and Google GKE (while being aware of the vendor lock-ins).

2
Hi, I am Junaid Ahmed - and I am obsessed with all things cloud: infra, apps, data and AI. With an extensive background and expertise (15+ years) around Microsoft technologies, I am an expert on Microsoft cloud, hybrid and on-premises technologies. I have been enjoying consulting organizations in stepping closer to their business goals and visions. Be it digital/business transformation, or optimization, I help organizations in their journey for cloud adoption, application modernization, application enlightnement. My latest craving and enthusiasm is Data Sciences, ML and AI which is keeping me at unrest and helping me to prepare for the next big thing of my professional career. I’m always happy to connect with like-minded people, executives, cloud architects and enthusiasts. Shoot me a message – I look forward to hearing from you!

You May Also Like

Kubernetes In 2022

What on the Earth is Kubernetes

Junaid Ahmed
Application Modernization

Application Modernization

Junaid Ahmed
Monolithic vs Microservices Architecture

Monolithic vs Microservices Architecture

Muhammad Saad Khan

One Thought on “Container, Platforms and Best Practices”

Comments are closed.