Comparing server virtualization and containers

Apcera is a San Francisco-based company building the next-generation container management platform, and they believe that cloud computing is an ever-evolving way of interfacing with technology. With Apcera’s platform, they aim to solve the hard problems that enterprises face in embracing the new world of containers to unlock the potential of modern architectures and cloud technology in a simple and secure way. With strong capabilities around containerizing legacy applications and workloads, Apcera gives enterprises investment protection while delivering industry-leading agility and time-to-value, all with full security and control.

We caught up with Mark Thiele, CSO at Apcera, to discuss the concept of containers in the enterprise, what challenges enterprises are facing in container adoption, how to solve them and what’s next for containers as we head into 2017.

Thiele: Apcera is the world’s first policy-driven enterprise-grade container management platform supporting deployment, orchestration, and governance of cloud-native and legacy workloads across multiple clouds (public or private). Complete out of the box, Apcera provides container workflow, orchestration, scheduling, storage, networking, plus a container engine, delivering a complete, enterprise-ready solution for businesses. Apcera is the only platform that addresses the critical security needs of enterprises by placing governance and policy at the core of the system. Policy is pervasive, foundational, and more than just role-based access control. Policy reaches every layer of the system - including physical access to the networking layer, as well as the discovery and awareness of communication protocols. This enables enterprises to accelerate cloud adoption, taking advantage of the speed, performance, scalability, and cost-effectiveness of combining cloud environments, while ensuring IT operational governance and compliance for mission-critical applications and data. Apcera competitors include RedHat OpenShift and Pivotal Cloud Foundry. 

Thiele: Containers can be tricky to understand the first time you meet them because they have two aspects: a packaging format and a runtime aspect. Containers (or more properly container images) are meant to be self-contained bundles that encompass the minimal set of things needed for an application to be run. This includes the application software, libraries, config files, etc. and any dependencies it may have. Because a container image can easily be moved around as one entity, containers offer an unprecedented level of portability. A container image can be created on a developer’s laptop and then be fed to a test environment and ultimately run in production as part of a development and deployment pipeline.

The second aspect of containers is the runtime component. Containers allow you to divide up a single operating system into a set of segregated runtime environments. Each runtime environment looks to the software running in that container like a separate operating system environment with its own processes, network components, storage, etc. Even though these environments look separate from within the container, containers share as many resources as possible amongst them (for example, the operating system files) so they are extremely resource efficient. This efficiency allows both for better utilization of the underlying hardware than standard virtualization technology and also makes for extremely fast startup times.

If we put these two aspects together, a container gets spun up with the contents of a portable container image and presto, you have your desired application running in a segregated context. You now have repeatability (if you automated the creation of the image), portability and high levels of efficiency from the same technology.

Thiele: There are several reasons why container adoption is skyrocketing. Developers love containers because they can package their software and its dependencies in a simple, portable format. Operations personnel love containers because they can automate the creation of this format and easily feed it into a deployment pipeline. Businesses love containers because they save money thanks to the significantly greater levels of utilization on the same hardware compared to VMs.

Thiele: As enterprises adopt cloud infrastructure and leverage modern architectures, they can’t afford to turn their back on existing applications -- and investments. The challenge, however, is that legacy applications are expensive to maintain, inflexible due to infrastructure requirements and dependencies, and not built for the cloud. While modern, cloud-native workloads can be easily containerized in test and dev scenarios, to date, there has been no true solution for easily bringing legacy workloads into the modern era, at enterprise scale.

Enterprises are also proceeding with an abundance of caution around containers because the security concerns around containers are less well understood than those of VMs. Given this, it is crucial that any container management platform an enterprise adopts be engineered with security at its core. 

Thiele: Apcera is the first and only enterprise-grade container management platform that can deploy, orchestrate and govern containers and legacy applications across all environments, securely and at scale.

- Legacy and cloud native: Enterprises can now easily modernize applications, not only simplifying, but also enabling the deployment of legacy, cloud native and microservices applications.

- Secure by default: With the Apcera platform, there are no open doors. The system can only function as permitted by policy; workloads only run where enterprises want and can use only instructed and intended resources.

- Advanced networking: Network nano-segmentation delivers container-level application of policy, allowing workloads to move across infrastructures at the speed of deployment and orchestration in a fully secure and compliant manner, while policy-based firewalls remain at the container level. Nano-segmentation provides the most powerful governance and application security available, through a real-time, software-defined network that manages all network communication across a multi-cloud infrastructure.

- True hybrid mobility: Enterprises can now treat their entire infrastructures as a single cluster. The Apcera platform enables fast and seamless portability across on-premises, cloud or hybrid environments without breaking dependencies or governance.

Thiele: The two technologies are very different. Virtualization is about virtualizing the physical server hardware so that multiple operating systems can run on the same physical server. Containers are about packaging and isolating software so that multiple applications can run on the same operating system in a more segregated fashion, hence the name container.

Applications running in containers can be deployed much faster than applications delivered as virtual machines. Container images are just few megabytes, while virtual machines are usually several gigabytes. Also, applications running in containers can be started in seconds, whereas virtual machines often take minutes.

Thiele: Probably not, since they are different technologies developed for very different purposes, and provide different layer of abstraction. Virtualization abstracts the operating system from the hardware, while containers abstract the application from the operating system. It is pretty common to find people running containers in virtualized environments.

Thiele: Like Apple’s App store allowed many indie developers to distribute their iPhone applications to all of us, containers registries are helping indie developers and organizations of any size distribute their enterprise software.

Also, using containers for an app development environment (and the accompanying best practices around CI/CD) are equally attractive to all kinds of developers. 

Thiele: The market’s attention to containers is growing at an exponential rate, the vendor landscape is getting new players everyday and the tooling around containers is maturing.  However, large enterprises are still facing the challenge of integrating their legacy applications into these modern architectures. Apcera is here to bridge the gap and help enterprises be more agile to deliver software faster but at the same time more secure and stable.