The chink in the Docker armour

Pavel Ershov

By Pavel Ershov, Vice President, Parallels Service Providers Business, Asia Pacific and Japan

Just two years ago, a start-up known as dotCloud was barely keeping afloat in the highly competitive and dynamic enterprise space. Today, dotCloud, now known as Docker, is making waves in the virtualization space with high profile partnerships including Amazon Web Services, IBM, Microsoft, and VMware. On the investment front, the company is backed by the likes of Sequoia Capital, Goldman Sachs, and Yahoo! founder, Jerry Yang.

It’s clear that Docker has come a long way and in IDC’s 2015 predictions[1], the analyst firm identified Docker as one of the new container technologies that would pose a challenge to current virtualization giants. Even as Docker rapidly gains momentum, as with all new technologies, the reality is that there are still vulnerabilities to be addressed.

Pavel Ershov
Pavel Ershov, Vice President, Parallels Service Providers Business, Asia Pacific and Japan

Capitalizing on Docker Opportunities

Docker is an open platform for developers and sysadmins to build, ship, and run distributed applications. Docker enables apps to be quickly assembled from components and eliminates the friction between development, QA, and production environments.

While application containers offer operational benefits that will continue to drive the development and adoption of the platform, the use of such technologies introduces security risks such as the lack of robust segregation established by hypervisors for virtual machines or the lack of understanding towards the use and management of application containers.

In our conversations with service providers, a common request I’ve heard time and time again is for a highly-secure and elastic virtualization infrastructure that combines containers and storage to capitalize on emerging, container-dependent technologies like Docker’s application packaging and orchestration platform. This ability to deliver Docker-based services represents an opportunity for service providers to attract new audiences and increase revenue. How then can service providers capitalize on such opportunities? 

Improving Docker Security

As part of Odin’s over all vision of becoming the heart of container infrastructure platforms which are best suited in environments where security and performance are the most critical requirements, we recently made the announcement to support Docker containers in our virtualisation solution, Virtuozzo.

At its most basic level, Docker has limited security isolation capabilities where it lacks sufficient container separation, allowing one customer to potentially access another customer’s data. This is a critical security issue because data could easily be compromised by unauthorised personnel, leading industry observers to conclude that Docker, in its current stage, is less secure than virtual machines and most cloud technologies. However, there are several ways to mitigate this risk – One of which is through effective partitioning.

The use of a virtualisation solution, such as Virtuozzo, effectively partitions the server resources, enabling users to create Docker containers inside of Virtuozzo containers. This “nested containers” feature is fast to start, instant to resize, highly elastic, and offers native hardware performance. Additionally, such containers improve Docker security through providing each user or tenant their own Docker container, while still experiencing optimal native performance.

So what does all of this mean for businesses? The benefits from utilising Docker and Virtuozzo in concert is particularly appealing to the service provider community as it allows more efficient usage of servers enabling them to help build robust offerings for businesses and cloud application developers.

Looking Ahead to the Application Container Future

While this is just one of several Docker-related scenarios, we’re confident that application containers will continue to gain momentum even in its nascent stages today. Looking ahead, the maturity of technology tools and processes would play a critical role in shaping the evolution of the container ecosystem and address issues to drive greater awareness and adoption of application containers in the enterprise space.

[1] IDC Predictions 2015: Accelerating Innovation – and Growth – on the 3rd Platform here (pdf).